Rapport hijackis

Résolu
jo11 -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour, pourriez m'analyser le rapport hijackis merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:33, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Borland\InterBase\Bin\ibguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Borland\InterBase\Bin\ibserver.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C1B9D7F9-6B21-44B2-BE34-DDB11C5C75D9} - C:\WINDOWS\system32\yayxyyVp.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: atfxqogp - {636F6360-35BA-4603-B7B8-847380EAAC76} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Photo Express SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {167BC9BE-5F33-462C-912F-B7BD63FBD0A2} - C:\Program Files\smemo\smemo.exe
O9 - Extra 'Tools' menuitem: Surf Memo - {167BC9BE-5F33-462C-912F-B7BD63FBD0A2} - C:\Program Files\smemo\smemo.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Surf Memo - {34C95457-A0D0-45D6-84C3-8C6DFFB02C65} - C:\Program Files\smemo\smemo.exe
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Surf Memo - {9BDE782C-01DB-4AB7-B0B6-981403BFFC97} - C:\Program Files\smemo\smemo.exe
O9 - Extra button: (no name) - {A974395D-A34F-468A-9808-4666987C8D29} - C:\Program Files\smemo\smemo.exe
O9 - Extra 'Tools' menuitem: Surf Memo - {A974395D-A34F-468A-9808-4666987C8D29} - C:\Program Files\smemo\smemo.exe
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Surf Memo - {B32141FB-E7AC-4224-A693-473E8494D452} - C:\Program Files\smemo\smemo.exe
O9 - Extra button: Surf Memo - {B4977C0E-3D4E-4541-9660-3AEC9A2C17C9} - C:\Program Files\smemo\smemo.exe
O9 - Extra button: (no name) - {CE69C487-9E65-42D2-AAA4-26AB87A58B36} - C:\Program Files\smemo\smemo.exe
O9 - Extra 'Tools' menuitem: Surf Memo - {CE69C487-9E65-42D2-AAA4-26AB87A58B36} - C:\Program Files\smemo\smemo.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {E5487183-4684-4942-A871-FF1E668EB016} - C:\Program Files\smemo\smemo.exe
O9 - Extra 'Tools' menuitem: Surf Memo - {E5487183-4684-4942-A871-FF1E668EB016} - C:\Program Files\smemo\smemo.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC288A89-2B2D-4A8F-9699-EEBDB7845302}: NameServer = 84.103.237.140 86.64.145.140
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: yayxyyVp - C:\WINDOWS\SYSTEM32\yayxyyVp.dll
O21 - SSODL: vregfwlx - {7BDFCCA0-372B-44C4-A515-3A24CD71BC52} - (no file)
O21 - SSODL: vltdfabw - {924F5A51-8080-43FE-A977-B3029FD63FDE} - (no file)
O21 - SSODL: VolumeSDRAM - {1ced0517-1d71-465e-8234-c33e8f3d2b1d} - C:\WINDOWS\Resources\VolumeSDRAM.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\Program Files\Borland\InterBase\Bin\ibguard.exe
O23 - Service: InterBaseServer - Inprise Corporation - C:\Program Files\Borland\InterBase\Bin\ibserver.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O24 - Desktop Component 1: (no name) - http://webmail.tele2.fr/

--
End of file - 14120 bytes
Configuration: Windows XP
Internet Explorer 7.0

29 réponses

  • 1
  • 2
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    tu as bien du batailler ?!

    peux tu me dire a quoi correspond ce programme :

    C:\Program Files\smemo

    puis

    passe ceci stp

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    * Double-clique VundoFix.exe afin de le lancer
    * Clique sur le bouton Scan for Vundo
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    et repost un log hijackthis

    @+
    0
    1. jo11
       
      salut le programme c'est un logiciel qui enregistre l'historique de navigation sur internet "sufmemo" par contre j'ai lance vundofix , j'ai lance le scan et la reponse est fichier pas infecte;si tu as un autre solution merci d'avance
      0
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok jo11,

    passe ceci

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Post egalement un nouveau rapport hijack this stp

    @+
    0
  3. Utilisateur anonyme
     
    salut g!rly et jo11

    juste pour suivre

    bon courage
    0
  4. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut shion-ares ;-)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jo11
     
    salut voici mon rapport voici mon rapport combofix
    0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut

    bah il est ou ? lol
    0
    1. jo11
       
      salut je suis en train de patiner ,j'ai le rapport dans le bloc note et je ne me rappele comment je le joins au texte si tu peut m'aider merci d'avance
      0
      1. g!rly Messages postés 18462 Statut Contributeur 407 > jo11
         
        tu le copie et le colle

        copier > controle c

        coller > controle v

        une fois le texte selectionné bien sur
        0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    tu as vraissemblablement un probleme pour le coller ici

    tu le copie et le colle

    copier > controle c

    coller > controle v

    une fois le texte selectionné bien sur
    0
    1. jo11
       
      merci le voila



      ComboFix 08-06-01.6 - VAQUE 2008-06-02 22:56:17.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.553 [GMT 2:00]
      Endroit: C:\Documents and Settings\VAQUE\Mes documents\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\VAQUE\ravmonlog
      C:\WINDOWS\system32\AutoRun.inf
      C:\WINDOWS\system32\ninjaext.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_NWSAPAGENT
      -------\Service_NwSapAgent


      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
      .

      2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\Malwarebytes
      2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-06-02 14:58 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-06-02 14:58 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-05-29 23:22 . 2008-05-29 23:22 <REP> d-------- C:\Program Files\Lavasoft
      2008-05-29 23:21 . 2008-05-29 23:21 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-05-29 13:47 . 2008-05-29 13:47 <REP> d-------- C:\VundoFix Backups
      2008-05-28 23:27 . 2008-05-28 23:27 <REP> d-------- C:\Program Files\Trend Micro
      2008-05-28 19:04 . 2008-05-28 19:04 86 --a------ C:\WINDOWS\wininit.ini
      2008-05-28 17:32 . 2008-05-28 11:46 94,208 --a------ C:\WINDOWS\eesg.exe
      2008-05-28 17:26 . 2008-05-28 17:26 32,384 --a------ C:\WINDOWS\system32\yayxyyVp.dll.vir
      2008-05-27 14:17 . 2008-05-27 14:17 <REP> d-------- C:\Program Files\smemo
      2008-05-26 18:37 . 2008-05-26 18:37 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\CyberLink
      2008-05-24 17:13 . 2008-05-24 17:13 <REP> d-------- C:\Program Files\Panda Security
      2008-05-18 20:40 . 2008-05-18 20:40 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\ItsLabel
      2008-05-18 18:30 . 2008-05-18 18:43 <REP> d-------- C:\Program Files\Steam
      2008-05-18 18:29 . 2008-05-22 22:31 <REP> d-------- C:\Program Files\EoRezo
      2008-05-18 18:29 . 2008-05-22 22:31 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\EoRezo
      2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
      2008-05-09 18:10 . 2008-05-09 18:10 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
      2008-05-09 18:07 . 2008-05-09 18:07 3,431 --a------ C:\WINDOWS\mozver.dat
      2008-05-03 17:43 . 2008-05-29 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-06-02 20:34 --------- d-----w C:\Program Files\SpeedFan
      2008-06-02 18:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-06-01 17:50 --------- d-----w C:\Program Files\Metin2_France
      2008-05-29 22:24 --------- d-----w C:\Program Files\RogueRemover
      2008-05-29 20:56 --------- d-----w C:\Program Files\TuneUp Utilities 2006
      2008-05-29 18:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-05-29 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-05-23 08:51 --------- d-----w C:\Program Files\CCleaner
      2008-05-09 16:10 --------- d-----w C:\Program Files\Fichiers communs\Real
      2008-05-09 16:07 --------- d-----w C:\Program Files\Google
      2008-05-03 15:39 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\Lavasoft
      2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
      2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
      2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
      2008-04-26 12:20 --------- d-----w C:\Program Files\MP4Tool
      2008-04-26 12:18 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\ArcSoft
      2008-04-19 18:42 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\Micro Application
      2008-04-19 18:22 --------- d-----w C:\Program Files\Micro Application
      2008-04-19 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Micro Application
      2008-04-18 19:14 --------- d-----w C:\Program Files\ArcSoft
      2008-04-18 19:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-04-18 19:12 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
      2008-04-15 16:58 --------- d-----w C:\Program Files\Picasa2
      2008-04-14 18:47 --------- d-----w C:\Program Files\MSECache
      2008-04-07 19:14 --------- d-----w C:\Program Files\eMule
      2008-04-07 17:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2007-03-22 14:06 382 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb6334.dat
      2007-03-22 12:55 194 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb8467.dat
      2007-03-22 12:55 18,432 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb41.dat
      2007-02-11 17:47 774,144 ----a-w C:\Program Files\RngInterstitial.dll
      2006-12-14 18:00 21 -c--a-w C:\Program Files\Fichiers communs\appop.log
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 14:00 68856]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 22:45 1211176]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 15:46 7696384]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-09 18:09 185896]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm
      "MSACM.CEGSM"= mobilev.acm
      "VIDC.DVSD"= miroDV2avi.DLL
      "VIDC.PIM1"= pclepim1.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
      C:\WINDOWS\system32\cpmrotate.dll

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
      "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
      "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "C:\\WINDOWS\\system32\\dpvsetup.exe"=
      "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
      "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\Shareaza\\Shareaza.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
      "18583:TCP"= 18583:TCP:NortonAV
      "13757:TCP"= 13757:TCP:NortonAV

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
      "AllowInboundEchoRequest"= 1 (0x1)

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
      R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-03-13 12:00]
      R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
      R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2004-06-04 15:03]
      R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-06-04 15:03]
      S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 12:35]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b864bbee-7044-11dc-b5be-00173182621f}]
      \Shell\AutoRun\command - J:\setupSNK.exe

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-05-27 17:01:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-06-02 23:00:58
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
      "ImagePath"=""
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Borland\InterBase\Bin\ibguard.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Borland\InterBase\Bin\ibserver.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Nikon\NkView5\NkvMon.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
      C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
      C:\WINDOWS\system32\imapi.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-06-02 23:04:55 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-06-02 21:04:52

      Pre-Run: 37,465,894,912 octets libres
      Post-Run: 37,438,349,312 octets libres

      194 --- E O F --- 2008-05-28 11:38:55
      ComboFix 08-06-01.6 - VAQUE 2008-06-02 22:56:17.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.553 [GMT 2:00]
      Endroit: C:\Documents and Settings\VAQUE\Mes documents\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\VAQUE\ravmonlog
      C:\WINDOWS\system32\AutoRun.inf
      C:\WINDOWS\system32\ninjaext.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_NWSAPAGENT
      -------\Service_NwSapAgent


      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
      .

      2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\Malwarebytes
      2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-06-02 14:58 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-06-02 14:58 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-05-29 23:22 . 2008-05-29 23:22 <REP> d-------- C:\Program Files\Lavasoft
      2008-05-29 23:21 . 2008-05-29 23:21 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-05-29 13:47 . 2008-05-29 13:47 <REP> d-------- C:\VundoFix Backups
      2008-05-28 23:27 . 2008-05-28 23:27 <REP> d-------- C:\Program Files\Trend Micro
      2008-05-28 19:04 . 2008-05-28 19:04 86 --a------ C:\WINDOWS\wininit.ini
      2008-05-28 17:32 . 2008-05-28 11:46 94,208 --a------ C:\WINDOWS\eesg.exe
      2008-05-28 17:26 . 2008-05-28 17:26 32,384 --a------ C:\WINDOWS\system32\yayxyyVp.dll.vir
      2008-05-27 14:17 . 2008-05-27 14:17 <REP> d-------- C:\Program Files\smemo
      2008-05-26 18:37 . 2008-05-26 18:37 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\CyberLink
      2008-05-24 17:13 . 2008-05-24 17:13 <REP> d-------- C:\Program Files\Panda Security
      2008-05-18 20:40 . 2008-05-18 20:40 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\ItsLabel
      2008-05-18 18:30 . 2008-05-18 18:43 <REP> d-------- C:\Program Files\Steam
      2008-05-18 18:29 . 2008-05-22 22:31 <REP> d-------- C:\Program Files\EoRezo
      2008-05-18 18:29 . 2008-05-22 22:31 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\EoRezo
      2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
      2008-05-09 18:10 . 2008-05-09 18:10 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
      2008-05-09 18:07 . 2008-05-09 18:07 3,431 --a------ C:\WINDOWS\mozver.dat
      2008-05-03 17:43 . 2008-05-29 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-06-02 20:34 --------- d-----w C:\Program Files\SpeedFan
      2008-06-02 18:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-06-01 17:50 --------- d-----w C:\Program Files\Metin2_France
      2008-05-29 22:24 --------- d-----w C:\Program Files\RogueRemover
      2008-05-29 20:56 --------- d-----w C:\Program Files\TuneUp Utilities 2006
      2008-05-29 18:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-05-29 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-05-23 08:51 --------- d-----w C:\Program Files\CCleaner
      2008-05-09 16:10 --------- d-----w C:\Program Files\Fichiers communs\Real
      2008-05-09 16:07 --------- d-----w C:\Program Files\Google
      2008-05-03 15:39 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\Lavasoft
      2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
      2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
      2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
      2008-04-26 12:20 --------- d-----w C:\Program Files\MP4Tool
      2008-04-26 12:18 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\ArcSoft
      2008-04-19 18:42 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\Micro Application
      2008-04-19 18:22 --------- d-----w C:\Program Files\Micro Application
      2008-04-19 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Micro Application
      2008-04-18 19:14 --------- d-----w C:\Program Files\ArcSoft
      2008-04-18 19:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-04-18 19:12 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
      2008-04-15 16:58 --------- d-----w C:\Program Files\Picasa2
      2008-04-14 18:47 --------- d-----w C:\Program Files\MSECache
      2008-04-07 19:14 --------- d-----w C:\Program Files\eMule
      2008-04-07 17:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2007-03-22 14:06 382 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb6334.dat
      2007-03-22 12:55 194 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb8467.dat
      2007-03-22 12:55 18,432 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb41.dat
      2007-02-11 17:47 774,144 ----a-w C:\Program Files\RngInterstitial.dll
      2006-12-14 18:00 21 -c--a-w C:\Program Files\Fichiers communs\appop.log
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 14:00 68856]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 22:45 1211176]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 15:46 7696384]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-09 18:09 185896]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm
      "MSACM.CEGSM"= mobilev.acm
      "VIDC.DVSD"= miroDV2avi.DLL
      "VIDC.PIM1"= pclepim1.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
      C:\WINDOWS\system32\cpmrotate.dll

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
      "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
      "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "C:\\WINDOWS\\system32\\dpvsetup.exe"=
      "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
      "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\Shareaza\\Shareaza.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
      "18583:TCP"= 18583:TCP:NortonAV
      "13757:TCP"= 13757:TCP:NortonAV

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
      "AllowInboundEchoRequest"= 1 (0x1)

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
      R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-03-13 12:00]
      R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
      R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2004-06-04 15:03]
      R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-06-04 15:03]
      S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 12:35]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b864bbee-7044-11dc-b5be-00173182621f}]
      \Shell\AutoRun\command - J:\setupSNK.exe

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-05-27 17:01:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-06-02 23:00:58
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
      "ImagePath"=""
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Borland\InterBase\Bin\ibguard.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Borland\InterBase\Bin\ibserver.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Nikon\NkView5\NkvMon.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
      C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
      C:\WINDOWS\system32\imapi.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-06-02 23:04:55 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-06-02 21:04:52

      Pre-Run: 37,465,894,912 octets libres
      Post-Run: 37,438,349,312 octets libres

      194 --- E O F --- 2008-05-28 11:38:55
      ComboFix 08-06-01.6 - VAQUE 2008-06-02 22:56:17.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.553 [GMT 2:00]
      Endroit: C:\Documents and Settings\VAQUE\Mes documents\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\VAQUE\ravmonlog
      C:\WINDOWS\system32\AutoRun.inf
      C:\WINDOWS\system32\ninjaext.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_NWSAPAGENT
      -------\Service_NwSapAgent


      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
      .

      2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\Malwarebytes
      2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-06-02 14:58 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-06-02 14:58 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-05-29 23:22 . 2008-05-29 23:22 <REP> d-------- C:\Program Files\Lavasoft
      2008-05-29 23:21 . 2008-05-29 23:21 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-05-29 13:47 . 2008-05-29 13:47 <REP> d-------- C:\VundoFix Backups
      2008-05-28 23:27 . 2008-05-28 23:27 <REP> d-------- C:\Program Files\Trend Micro
      2008-05-28 19:04 . 2008-05-28 19:04 86 --a------ C:\WINDOWS\wininit.ini
      2008-05-28 17:32 . 2008-05-28 11:46 94,208 --a------ C:\WINDOWS\eesg.exe
      2008-05-28 17:26 . 2008-05-28 17:26 32,384 --a------ C:\WINDOWS\system32\yayxyyVp.dll.vir
      2008-05-27 14:17 . 2008-05-27 14:17 <REP> d-------- C:\Program Files\smemo
      2008-05-26 18:37 . 2008-05-26 18:37 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\CyberLink
      2008-05-24 17:13 . 2008-05-24 17:13 <REP> d-------- C:\Program Files\Panda Security
      2008-05-18 20:40 . 2008-05-18 20:40 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\ItsLabel
      2008-05-18 18:30 . 2008-05-18 18:43 <REP> d-------- C:\Program Files\Steam
      2008-05-18 18:29 . 2008-05-22 22:31 <REP> d-------- C:\Program Files\EoRezo
      2008-05-18 18:29 . 2008-05-22 22:31 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\EoRezo
      2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
      2008-05-09 18:10 . 2008-05-09 18:10 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
      2008-05-09 18:07 . 2008-05-09 18:07 3,431 --a------ C:\WINDOWS\mozver.dat
      2008-05-03 17:43 . 2008-05-29 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-06-02 20:34 --------- d-----w C:\Program Files\SpeedFan
      2008-06-02 18:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-06-01 17:50 --------- d-----w C:\Program Files\Metin2_France
      2008-05-29 22:24 --------- d-----w C:\Program Files\RogueRemover
      2008-05-29 20:56 --------- d-----w C:\Program Files\TuneUp Utilities 2006
      2008-05-29 18:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-05-29 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-05-23 08:51 --------- d-----w C:\Program Files\CCleaner
      2008-05-09 16:10 --------- d-----w C:\Program Files\Fichiers communs\Real
      2008-05-09 16:07 --------- d-----w C:\Program Files\Google
      2008-05-03 15:39 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\Lavasoft
      2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
      2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
      2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
      2008-04-26 12:20 --------- d-----w C:\Program Files\MP4Tool
      2008-04-26 12:18 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\ArcSoft
      2008-04-19 18:42 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\Micro Application
      2008-04-19 18:22 --------- d-----w C:\Program Files\Micro Application
      2008-04-19 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Micro Application
      2008-04-18 19:14 --------- d-----w C:\Program Files\ArcSoft
      2008-04-18 19:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-04-18 19:12 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
      2008-04-15 16:58 --------- d-----w C:\Program Files\Picasa2
      2008-04-14 18:47 --------- d-----w C:\Program Files\MSECache
      2008-04-07 19:14 --------- d-----w C:\Program Files\eMule
      2008-04-07 17:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2007-03-22 14:06 382 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb6334.dat
      2007-03-22 12:55 194 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb8467.dat
      2007-03-22 12:55 18,432 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb41.dat
      2007-02-11 17:47 774,144 ----a-w C:\Program Files\RngInterstitial.dll
      2006-12-14 18:00 21 -c--a-w C:\Program Files\Fichiers communs\appop.log
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 14:00 68856]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 22:45 1211176]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 15:46 7696384]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-09 18:09 185896]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm
      "MSACM.CEGSM"= mobilev.acm
      "VIDC.DVSD"= miroDV2avi.DLL
      "VIDC.PIM1"= pclepim1.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
      C:\WINDOWS\system32\cpmrotate.dll

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
      "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
      "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "C:\\WINDOWS\\system32\\dpvsetup.exe"=
      "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
      "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\Shareaza\\Shareaza.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
      "18583:TCP"= 18583:TCP:NortonAV
      "13757:TCP"= 13757:TCP:NortonAV

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
      "AllowInboundEchoRequest"= 1 (0x1)

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
      R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-03-13 12:00]
      R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
      R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2004-06-04 15:03]
      R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-06-04 15:03]
      S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 12:35]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b864bbee-7044-11dc-b5be-00173182621f}]
      \Shell\AutoRun\command - J:\setupSNK.exe

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-05-27 17:01:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-06-02 23:00:58
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
      "ImagePath"=""
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Borland\InterBase\Bin\ibguard.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Borland\InterBase\Bin\ibserver.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Nikon\NkView5\NkvMon.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
      C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
      C:\WINDOWS\system32\imapi.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-06-02 23:04:55 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-06-02 21:04:52

      Pre-Run: 37,465,894,912 octets libres
      Post-Run: 37,438,349,312 octets libres

      194 --- E O F --- 2008-05-28 11:38:55
      ComboFix 08-06-01.6 - VAQUE 2008-06-02 22:56:17.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.553 [GMT 2:00]
      Endroit: C:\Documents and Settings\VAQUE\Mes documents\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\VAQUE\ravmonlog
      C:\WINDOWS\system32\AutoRun.inf
      C:\WINDOWS\system32\ninjaext.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_NWSAPAGENT
      -------\Service_NwSapAgent


      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
      .

      2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\Malwarebytes
      2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-06-02 14:58 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-06-02 14:58 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-05-29 23:22 . 2008-05-29 23:22 <REP> d-------- C:\Program Files\Lavasoft
      2008-05-29 23:21 . 2008-05-29 23:21 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-05-29 13:47 . 2008-05-29 13:47 <REP> d-------- C:\VundoFix Backups
      2008-05-28 23:27 . 2008-05-28 23:27 <REP> d-------- C:\Program Files\Trend Micro
      2008-05-28 19:04 . 2008-05-28 19:04 86 --a------ C:\WINDOWS\wininit.ini
      2008-05-28 17:32 . 2008-05-28 11:46 94,208 --a------ C:\WINDOWS\eesg.exe
      2008-05-28 17:26 . 2008-05-28 17:26 32,384 --a------ C:\WINDOWS\system32\yayxyyVp.dll.vir
      2008-05-27 14:17 . 2008-05-27 14:17 <REP> d-------- C:\Program Files\smemo
      2008-05-26 18:37 . 2008-05-26 18:37 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\CyberLink
      2008-05-24 17:13 . 2008-05-24 17:13 <REP> d-------- C:\Program Files\Panda Security
      2008-05-18 20:40 . 2008-05-18 20:40 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\ItsLabel
      2008-05-18 18:30 . 2008-05-18 18:43 <REP> d-------- C:\Program Files\Steam
      2008-05-18 18:29 . 2008-05-22 22:31 <REP> d-------- C:\Program Files\EoRezo
      2008-05-18 18:29 . 2008-05-22 22:31 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\EoRezo
      2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
      2008-05-09 18:10 . 2008-05-09 18:10 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
      2008-05-09 18:07 . 2008-05-09 18:07 3,431 --a------ C:\WINDOWS\mozver.dat
      2008-05-03 17:43 . 2008-05-29 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-06-02 20:34 --------- d-----w C:\Program Files\SpeedFan
      2008-06-02 18:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-06-01 17:50 --------- d-----w C:\Program Files\Metin2_France
      2008-05-29 22:24 --------- d-----w C:\Program Files\RogueRemover
      2008-05-29 20:56 --------- d-----w C:\Program Files\TuneUp Utilities 2006
      2008-05-29 18:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-05-29 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-05-23 08:51 --------- d-----w C:\Program Files\CCleaner
      2008-05-09 16:10 --------- d-----w C:\Program Files\Fichiers communs\Real
      2008-05-09 16:07 --------- d-----w C:\Program Files\Google
      2008-05-03 15:39 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\Lavasoft
      2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
      2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
      2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
      2008-04-26 12:20 --------- d-----w C:\Program Files\MP4Tool
      2008-04-26 12:18 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\ArcSoft
      2008-04-19 18:42 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\Micro Application
      2008-04-19 18:22 --------- d-----w C:\Program Files\Micro Application
      2008-04-19 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Micro Application
      2008-04-18 19:14 --------- d-----w C:\Program Files\ArcSoft
      2008-04-18 19:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-04-18 19:12 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
      2008-04-15 16:58 --------- d-----w C:\Program Files\Picasa2
      2008-04-14 18:47 --------- d-----w C:\Program Files\MSECache
      2008-04-07 19:14 --------- d-----w C:\Program Files\eMule
      2008-04-07 17:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2007-03-22 14:06 382 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb6334.dat
      2007-03-22 12:55 194 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb8467.dat
      2007-03-22 12:55 18,432 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb41.dat
      2007-02-11 17:47 774,144 ----a-w C:\Program Files\RngInterstitial.dll
      2006-12-14 18:00 21 -c--a-w C:\Program Files\Fichiers communs\appop.log
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 14:00 68856]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 22:45 1211176]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 15:46 7696384]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-09 18:09 185896]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm
      "MSACM.CEGSM"= mobilev.acm
      "VIDC.DVSD"= miroDV2avi.DLL
      "VIDC.PIM1"= pclepim1.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
      C:\WINDOWS\system32\cpmrotate.dll

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
      "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
      "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "C:\\WINDOWS\\system32\\dpvsetup.exe"=
      "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
      "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\Shareaza\\Shareaza.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
      "18583:TCP"= 18583:TCP:NortonAV
      "13757:TCP"= 13757:TCP:NortonAV

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
      "AllowInboundEchoRequest"= 1 (0x1)

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
      R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-03-13 12:00]
      R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
      R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2004-06-04 15:03]
      R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-06-04 15:03]
      S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 12:35]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b864bbee-7044-11dc-b5be-00173182621f}]
      \Shell\AutoRun\command - J:\setupSNK.exe

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-05-27 17:01:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-06-02 23:00:58
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
      "ImagePath"=""
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Borland\InterBase\Bin\ibguard.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Borland\InterBase\Bin\ibserver.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Nikon\NkView5\NkvMon.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
      C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
      C:\WINDOWS\system32\imapi.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-06-02 23:04:55 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-06-02 21:04:52

      Pre-Run: 37,465,894,912 octets libres
      Post-Run: 37,438,349,312 octets libres

      194 --- E O F --- 2008-05-28 11:38:55
      ComboFix 08-06-01.6 - VAQUE 2008-06-02 22:56:17.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.553 [GMT 2:00]
      Endroit: C:\Documents and Settings\VAQUE\Mes documents\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\VAQUE\ravmonlog
      C:\WINDOWS\system32\AutoRun.inf
      C:\WINDOWS\system32\ninjaext.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_NWSAPAGENT
      -------\Service_NwSapAgent


      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
      .

      2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\Malwarebytes
      2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-06-02 14:58 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-06-02 14:58 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-05-29 23:22 . 2008-05-29 23:22 <REP> d-------- C:\Program Files\Lavasoft
      2008-05-29 23:21 . 2008-05-29 23:21 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-05-29 13:47 . 2008-05-29 13:47 <REP> d-------- C:\VundoFix Backups
      2008-05-28 23:27 . 2008-05-28 23:27 <REP> d-------- C:\Program Files\Trend Micro
      2008-05-28 19:04 . 2008-05-28 19:04 86 --a------ C:\WINDOWS\wininit.ini
      2008-05-28 17:32 . 2008-05-28 11:46 94,208 --a------ C:\WINDOWS\eesg.exe
      2008-05-28 17:26 . 2008-05-28 17:26 32,384 --a------ C:\WINDOWS\system32\yayxyyVp.dll.vir
      2008-05-27 14:17 . 2008-05-27 14:17 <REP> d-------- C:\Program Files\smemo
      2008-05-26 18:37 . 2008-05-26 18:37 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\CyberLink
      2008-05-24 17:13 . 2008-05-24 17:13 <REP> d-------- C:\Program Files\Panda Security
      2008-05-18 20:40 . 2008-05-18 20:40 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\ItsLabel
      2008-05-18 18:30 . 2008-05-18 18:43 <REP> d-------- C:\Program Files\Steam
      2008-05-18 18:29 . 2008-05-22 22:31 <REP> d-------- C:\Program Files\EoRezo
      2008-05-18 18:29 . 2008-05-22 22:31 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\EoRezo
      2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
      2008-05-09 18:10 . 2008-05-09 18:10 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
      2008-05-09 18:07 . 2008-05-09 18:07 3,431 --a------ C:\WINDOWS\mozver.dat
      2008-05-03 17:43 . 2008-05-29 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-06-02 20:34 --------- d-----w C:\Program Files\SpeedFan
      2008-06-02 18:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-06-01 17:50 --------- d-----w C:\Program Files\Metin2_France
      2008-05-29 22:24 --------- d-----w C:\Program Files\RogueRemover
      2008-05-29 20:56 --------- d-----w C:\Program Files\TuneUp Utilities 2006
      2008-05-29 18:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-05-29 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-05-23 08:51 --------- d-----w C:\Program Files\CCleaner
      2008-05-09 16:10 --------- d-----w C:\Program Files\Fichiers communs\Real
      2008-05-09 16:07 --------- d-----w C:\Program Files\Google
      2008-05-03 15:39 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\Lavasoft
      2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
      2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
      2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
      2008-04-26 12:20 --------- d-----w C:\Program Files\MP4Tool
      2008-04-26 12:18 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\ArcSoft
      2008-04-19 18:42 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\Micro Application
      2008-04-19 18:22 --------- d-----w C:\Program Files\Micro Application
      2008-04-19 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Micro Application
      2008-04-18 19:14 --------- d-----w C:\Program Files\ArcSoft
      2008-04-18 19:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-04-18 19:12 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
      2008-04-15 16:58 --------- d-----w C:\Program Files\Picasa2
      2008-04-14 18:47 --------- d-----w C:\Program Files\MSECache
      2008-04-07 19:14 --------- d-----w C:\Program Files\eMule
      2008-04-07 17:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2007-03-22 14:06 382 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb6334.dat
      2007-03-22 12:55 194 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb8467.dat
      2007-03-22 12:55 18,432 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb41.dat
      2007-02-11 17:47 774,144 ----a-w C:\Program Files\RngInterstitial.dll
      2006-12-14 18:00 21 -c--a-w C:\Program Files\Fichiers communs\appop.log
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 14:00 68856]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 22:45 1211176]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 15:46 7696384]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-09 18:09 185896]
      "QuickTime Task"="C:\Pr
      0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut jo11,

    post un nouveau rapport hijack this stp

    @+
    0
  10. jo11
     
    salut je t'envoie le dernier rapport hijackis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:51:02, on 03/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Borland\InterBase\Bin\ibguard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Borland\InterBase\Bin\ibserver.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Micro Application\Code de la Route 2008\CDR.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Photo Express SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {167BC9BE-5F33-462C-912F-B7BD63FBD0A2} - C:\Program Files\smemo\smemo.exe
    O9 - Extra 'Tools' menuitem: Surf Memo - {167BC9BE-5F33-462C-912F-B7BD63FBD0A2} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Surf Memo - {34C95457-A0D0-45D6-84C3-8C6DFFB02C65} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Surf Memo - {9BDE782C-01DB-4AB7-B0B6-981403BFFC97} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: (no name) - {A974395D-A34F-468A-9808-4666987C8D29} - C:\Program Files\smemo\smemo.exe
    O9 - Extra 'Tools' menuitem: Surf Memo - {A974395D-A34F-468A-9808-4666987C8D29} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Surf Memo - {B32141FB-E7AC-4224-A693-473E8494D452} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: Surf Memo - {B4977C0E-3D4E-4541-9660-3AEC9A2C17C9} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: (no name) - {CE69C487-9E65-42D2-AAA4-26AB87A58B36} - C:\Program Files\smemo\smemo.exe
    O9 - Extra 'Tools' menuitem: Surf Memo - {CE69C487-9E65-42D2-AAA4-26AB87A58B36} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: (no name) - {E5487183-4684-4942-A871-FF1E668EB016} - C:\Program Files\smemo\smemo.exe
    O9 - Extra 'Tools' menuitem: Surf Memo - {E5487183-4684-4942-A871-FF1E668EB016} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BC288A89-2B2D-4A8F-9699-EEBDB7845302}: NameServer = 86.64.145.140 84.103.237.140
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InterBaseGuardian - Inprise Corporation - C:\Program Files\Borland\InterBase\Bin\ibguard.exe
    O23 - Service: InterBaseServer - Inprise Corporation - C:\Program Files\Borland\InterBase\Bin\ibserver.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
    O24 - Desktop Component 1: (no name) - http://webmail.tele2.fr/
    0
  11. g!rly Messages postés 18462 Statut Contributeur 407
     
    OK

    LA SUITE :

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\yayxyyVp.dll.vir
    C:\WINDOWS\wininit.ini
    C:\WINDOWS\eesg.exe
    C:\WINDOWS\system32\lsdelete.exe
    C:\WINDOWS\system32\cpmrotate.dll

    Folder::
    C:\VundoFix Backups
    C:\Program Files\EoRezo
    C:\Documents and Settings\VAQUE\Application Data\EoRezo

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
  12. jo11
     
    resalut je t'envoie le rapport combofiComboFix 08-06-01.6 - VAQUE 2008-06-02 22:56:17.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.553 [GMT 2:00]
    Endroit: C:\Documents and Settings\VAQUE\Mes documents\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\VAQUE\ravmonlog
    C:\WINDOWS\system32\AutoRun.inf
    C:\WINDOWS\system32\ninjaext.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NWSAPAGENT
    -------\Service_NwSapAgent

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\Malwarebytes
    2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-02 14:58 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-02 14:58 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-29 23:22 . 2008-05-29 23:22 <REP> d-------- C:\Program Files\Lavasoft
    2008-05-29 23:21 . 2008-05-29 23:21 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-29 13:47 . 2008-05-29 13:47 <REP> d-------- C:\VundoFix Backups
    2008-05-28 23:27 . 2008-05-28 23:27 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-28 19:04 . 2008-05-28 19:04 86 --a------ C:\WINDOWS\wininit.ini
    2008-05-28 17:32 . 2008-05-28 11:46 94,208 --a------ C:\WINDOWS\eesg.exe
    2008-05-28 17:26 . 2008-05-28 17:26 32,384 --a------ C:\WINDOWS\system32\yayxyyVp.dll.vir
    2008-05-27 14:17 . 2008-05-27 14:17 <REP> d-------- C:\Program Files\smemo
    2008-05-26 18:37 . 2008-05-26 18:37 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\CyberLink
    2008-05-24 17:13 . 2008-05-24 17:13 <REP> d-------- C:\Program Files\Panda Security
    2008-05-18 20:40 . 2008-05-18 20:40 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\ItsLabel
    2008-05-18 18:30 . 2008-05-18 18:43 <REP> d-------- C:\Program Files\Steam
    2008-05-18 18:29 . 2008-05-22 22:31 <REP> d-------- C:\Program Files\EoRezo
    2008-05-18 18:29 . 2008-05-22 22:31 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\EoRezo
    2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
    2008-05-09 18:10 . 2008-05-09 18:10 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-05-09 18:07 . 2008-05-09 18:07 3,431 --a------ C:\WINDOWS\mozver.dat
    2008-05-03 17:43 . 2008-05-29 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-02 20:34 --------- d-----w C:\Program Files\SpeedFan
    2008-06-02 18:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-06-01 17:50 --------- d-----w C:\Program Files\Metin2_France
    2008-05-29 22:24 --------- d-----w C:\Program Files\RogueRemover
    2008-05-29 20:56 --------- d-----w C:\Program Files\TuneUp Utilities 2006
    2008-05-29 18:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-05-29 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-23 08:51 --------- d-----w C:\Program Files\CCleaner
    2008-05-09 16:10 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-05-09 16:07 --------- d-----w C:\Program Files\Google
    2008-05-03 15:39 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\Lavasoft
    2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2008-04-26 12:20 --------- d-----w C:\Program Files\MP4Tool
    2008-04-26 12:18 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\ArcSoft
    2008-04-19 18:42 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\Micro Application
    2008-04-19 18:22 --------- d-----w C:\Program Files\Micro Application
    2008-04-19 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Micro Application
    2008-04-18 19:14 --------- d-----w C:\Program Files\ArcSoft
    2008-04-18 19:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-18 19:12 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
    2008-04-15 16:58 --------- d-----w C:\Program Files\Picasa2
    2008-04-14 18:47 --------- d-----w C:\Program Files\MSECache
    2008-04-07 19:14 --------- d-----w C:\Program Files\eMule
    2008-04-07 17:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-03-22 14:06 382 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb6334.dat
    2007-03-22 12:55 194 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb8467.dat
    2007-03-22 12:55 18,432 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb41.dat
    2007-02-11 17:47 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2006-12-14 18:00 21 -c--a-w C:\Program Files\Fichiers communs\appop.log
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 14:00 68856]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 22:45 1211176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 15:46 7696384]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-09 18:09 185896]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "MSACM.CEGSM"= mobilev.acm
    "VIDC.DVSD"= miroDV2avi.DLL
    "VIDC.PIM1"= pclepim1.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
    C:\WINDOWS\system32\cpmrotate.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "18583:TCP"= 18583:TCP:NortonAV
    "13757:TCP"= 13757:TCP:NortonAV

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-03-13 12:00]
    R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
    R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2004-06-04 15:03]
    R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-06-04 15:03]
    S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 12:35]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b864bbee-7044-11dc-b5be-00173182621f}]
    \Shell\AutoRun\command - J:\setupSNK.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-27 17:01:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-02 23:00:58
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
    "ImagePath"=""
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Borland\InterBase\Bin\ibguard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Borland\InterBase\Bin\ibserver.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    C:\WINDOWS\system32\imapi.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-02 23:04:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-02 21:04:52

    Pre-Run: 37,465,894,912 octets libres
    Post-Run: 37,438,349,312 octets libres

    194 --- E O F --- 2008-05-28 11:38:55
    x merci d'avance pour ton aide
    0
  13. jo11
     
    voila je t' envoie le rapport hijackis Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:46:54, on 03/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Borland\InterBase\Bin\ibguard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Borland\InterBase\Bin\ibserver.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Photo Express SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {167BC9BE-5F33-462C-912F-B7BD63FBD0A2} - C:\Program Files\smemo\smemo.exe
    O9 - Extra 'Tools' menuitem: Surf Memo - {167BC9BE-5F33-462C-912F-B7BD63FBD0A2} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Surf Memo - {34C95457-A0D0-45D6-84C3-8C6DFFB02C65} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Surf Memo - {9BDE782C-01DB-4AB7-B0B6-981403BFFC97} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: (no name) - {A974395D-A34F-468A-9808-4666987C8D29} - C:\Program Files\smemo\smemo.exe
    O9 - Extra 'Tools' menuitem: Surf Memo - {A974395D-A34F-468A-9808-4666987C8D29} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Surf Memo - {B32141FB-E7AC-4224-A693-473E8494D452} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: Surf Memo - {B4977C0E-3D4E-4541-9660-3AEC9A2C17C9} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: (no name) - {CE69C487-9E65-42D2-AAA4-26AB87A58B36} - C:\Program Files\smemo\smemo.exe
    O9 - Extra 'Tools' menuitem: Surf Memo - {CE69C487-9E65-42D2-AAA4-26AB87A58B36} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: (no name) - {E5487183-4684-4942-A871-FF1E668EB016} - C:\Program Files\smemo\smemo.exe
    O9 - Extra 'Tools' menuitem: Surf Memo - {E5487183-4684-4942-A871-FF1E668EB016} - C:\Program Files\smemo\smemo.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BC288A89-2B2D-4A8F-9699-EEBDB7845302}: NameServer = 86.64.145.145 84.103.237.145
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InterBaseGuardian - Inprise Corporation - C:\Program Files\Borland\InterBase\Bin\ibguard.exe
    O23 - Service: InterBaseServer - Inprise Corporation - C:\Program Files\Borland\InterBase\Bin\ibserver.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
    O24 - Desktop Component 1: (no name) - http://webmail.tele2.fr/
    0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut jo

    tu m´a posté le meme rapport qu´au debut

    regarde a la racine de c:\ tu dois avoir un fichier txt se nomant combofix2.txt c´est celui ci que tu veux me poster...

    @+
    0
  15. jo11
     
    salut je t'envoie leComboFix 08-06-01.6 - VAQUE 2008-06-03 23:28:12.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.632 [GMT 2:00]
    Endroit: C:\Documents and Settings\VAQUE\Mes documents\ComboFix.exe
    Command switches used :: C:\Documents and Settings\VAQUE\Mes documents\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\eesg.exe
    C:\WINDOWS\system32\cpmrotate.dll
    C:\WINDOWS\system32\lsdelete.exe
    C:\WINDOWS\system32\yayxyyVp.dll.vir
    C:\WINDOWS\wininit.ini
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\Malwarebytes
    2008-06-02 14:58 . 2008-06-02 14:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-02 14:58 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-02 14:58 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-29 23:22 . 2008-05-29 23:22 <REP> d-------- C:\Program Files\Lavasoft
    2008-05-29 23:21 . 2008-05-29 23:21 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-28 23:27 . 2008-05-28 23:27 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-27 14:17 . 2008-05-27 14:17 <REP> d-------- C:\Program Files\smemo
    2008-05-26 18:37 . 2008-05-26 18:37 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\CyberLink
    2008-05-24 17:13 . 2008-05-24 17:13 <REP> d-------- C:\Program Files\Panda Security
    2008-05-18 20:40 . 2008-05-18 20:40 <REP> d-------- C:\Documents and Settings\VAQUE\Application Data\ItsLabel
    2008-05-18 18:30 . 2008-05-18 18:43 <REP> d-------- C:\Program Files\Steam
    2008-05-09 18:10 . 2008-05-09 18:10 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-05-09 18:07 . 2008-05-09 18:07 3,431 --a------ C:\WINDOWS\mozver.dat
    2008-05-03 17:43 . 2008-05-29 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-03 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-06-03 10:24 --------- d-----w C:\Program Files\TuneUp Utilities 2006
    2008-06-03 10:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-02 20:34 --------- d-----w C:\Program Files\SpeedFan
    2008-06-01 17:50 --------- d-----w C:\Program Files\Metin2_France
    2008-05-29 22:24 --------- d-----w C:\Program Files\RogueRemover
    2008-05-29 18:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-05-23 08:51 --------- d-----w C:\Program Files\CCleaner
    2008-05-09 16:10 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-05-09 16:07 --------- d-----w C:\Program Files\Google
    2008-05-03 15:39 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\Lavasoft
    2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2008-04-26 12:20 --------- d-----w C:\Program Files\MP4Tool
    2008-04-26 12:18 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\ArcSoft
    2008-04-19 18:42 --------- d-----w C:\Documents and Settings\VAQUE\Application Data\Micro Application
    2008-04-19 18:22 --------- d-----w C:\Program Files\Micro Application
    2008-04-19 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Micro Application
    2008-04-18 19:14 --------- d-----w C:\Program Files\ArcSoft
    2008-04-18 19:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-18 19:12 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
    2008-04-15 16:58 --------- d-----w C:\Program Files\Picasa2
    2008-04-14 18:47 --------- d-----w C:\Program Files\MSECache
    2008-04-07 19:14 --------- d-----w C:\Program Files\eMule
    2008-04-07 17:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2007-03-22 14:06 382 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb6334.dat
    2007-03-22 12:55 194 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb8467.dat
    2007-03-22 12:55 18,432 ----a-w C:\Documents and Settings\VAQUE\Application Data\internaldb41.dat
    2007-02-11 17:47 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2006-12-14 18:00 21 -c--a-w C:\Program Files\Fichiers communs\appop.log
    .

    ((((((((((((((((((((((((((((( snapshot@2008-06-02_23.04.41.81 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-02 21:00:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-03 21:14:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-03 21:15:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_55c.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 14:00 68856]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 22:45 1211176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 15:46 7696384]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-09 18:09 185896]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

    C:\Documents and Settings\VAQUE\Menu D‚marrer\Programmes\D‚marrage\
    Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-07 15:04:44 229376]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]
    NkvMon.exe.lnk - C:\Program Files\Nikon\NkView5\NkvMon.exe [2006-12-30 21:08:20 233472]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-21 14:00:45 124912]
    Photo Express SE Calendar Checker.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2006-12-15 10:40:14 61440]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "MSACM.CEGSM"= mobilev.acm
    "VIDC.DVSD"= miroDV2avi.DLL
    "VIDC.PIM1"= pclepim1.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "18583:TCP"= 18583:TCP:NortonAV
    "13757:TCP"= 13757:TCP:NortonAV

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-03-13 12:00]
    R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
    R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2004-06-04 15:03]
    R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-06-04 15:03]
    S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 12:35]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b864bbee-7044-11dc-b5be-00173182621f}]
    \Shell\AutoRun\command - J:\setupSNK.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-27 17:01:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-03 23:30:59
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\vsdatant]
    "ImagePath"=""
    .
    Temps d'accomplissement: 2008-06-03 23:31:57
    ComboFix-quarantined-files.txt 2008-06-03 21:31:43
    ComboFix2.txt 2008-06-03 21:08:31
    ComboFix3.txt 2008-06-02 21:04:56

    Pre-Run: 37,680,144,384 octets libres
    Post-Run: 37,666,725,888 octets libres

    176 --- E O F --- 2008-05-28 11:38:55
    dernier rapport combofix
    0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok jo11,

    salut,

    peux tu faire analyser ceci, juste pour voir stp

    C:\Program Files\smemo\smemo.exe

    sur ce site :

    https://www.virustotal.com/gui/

    post le resultat

    puis

    Télécharge Clean:

    -> http://www.malekal.com/download/clean.zip

    -> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.

    Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

    -> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

    http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914

    post les deux rapports stp

    @+
    0
  17. jo11
     
    salut je t'envoie le rapport d'an | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
    Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
    Fichier smemo.exe_ reçu le 2008.06.06 09:17:15 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

    Résultat: 0/32 (0%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: ___.
    L'heure estimée de démarrage est entre ___ et ___ .
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.5.30.1 2008.06.05 -
    AntiVir 7.8.0.26 2008.06.06 -
    Authentium 5.1.0.4 2008.06.05 -
    Avast 4.8.1195.0 2008.06.06 -
    AVG 7.5.0.516 2008.06.05 -
    BitDefender 7.2 2008.06.06 -
    CAT-QuickHeal 9.50 2008.06.05 -
    ClamAV 0.92.1 2008.06.06 -
    DrWeb 4.44.0.09170 2008.06.05 -
    eSafe 7.0.15.0 2008.06.05 -
    eTrust-Vet 31.6.5853 2008.06.06 -
    Ewido 4.0 2008.06.05 -
    F-Prot 4.4.4.56 2008.06.05 -
    F-Secure 6.70.13260.0 2008.06.06 -
    Fortinet 3.14.0.0 2008.06.06 -
    GData 2.0.7306.1023 2008.06.06 -
    Ikarus T3.1.1.26.0 2008.06.06 -
    Kaspersky 7.0.0.125 2008.06.06 -
    McAfee 5311 2008.06.05 -
    Microsoft 1.3604 2008.06.06 -
    NOD32v2 3162 2008.06.05 -
    Norman 5.80.02 2008.06.05 -
    Panda 9.0.0.4 2008.06.05 -
    Prevx1 V2 2008.06.06 -
    Rising 20.47.40.00 2008.06.06 -
    Sophos 4.30.0 2008.06.06 -
    Sunbelt 3.0.1145.1 2008.06.05 -
    Symantec 10 2008.06.06 -
    TheHacker 6.2.92.337 2008.06.06 -
    VBA32 3.12.6.7 2008.06.05 -
    VirusBuster 4.3.26:9 2008.06.05 -
    Webwasher-Gateway 6.6.2 2008.06.06 -
    Information additionnelle
    File size: 1858560 bytes
    MD5...: 2b6fbe8793fb012e862e8b63b4398b8b
    SHA1..: cba1063087d33e9bdcf9ffb4cc5b7787c79ada93
    SHA256: d00538b8685b18a164001f199aeb4c474e4b3875c55a6d4723af64565ca38f52
    SHA512: 2d91edec250c3900da56b47a2fb54de21fdc8635f18515b02e52db58a73487a8
    46cc8b2635e4cc24181684bb95cdec0b8aa41d37b8a8b2de59c03047efed13e1
    PEiD..: BobSoft Mini Delphi -> BoB / BobSoft
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x54fbec
    timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
    machinetype.......: 0x14c (I386)

    ( 8 sections )
    name viradd virsiz rawdsiz ntrpy md5
    CODE 0x1000 0x14ed88 0x14ee00 6.54 5c61167ddc2f0e7a30499f374608cc25
    DATA 0x150000 0x2bf4 0x2c00 4.46 16cfbfc75fe2737761b68091b896b599
    BSS 0x153000 0x1a355 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    .idata 0x16e000 0x32d2 0x3400 5.04 13bdbc32487330616b553359355c0a2b
    .tls 0x172000 0x1c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    .rdata 0x173000 0x18 0x200 0.21 6bbc5136b589ed1823ae175221e7dcde
    .reloc 0x174000 0x15bfc 0x15c00 6.65 55b8710d68e56ded64669f5b67102158
    .rsrc 0x18a000 0x5ac00 0x5ac00 5.03 8ff880cc568cde7206fc671706fb3040

    ( 25 imports )
    > kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
    > user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
    > advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
    > oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
    > kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
    > advapi32.dll: RegSetValueExA, RegQueryValueExW, RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey
    > kernel32.dll: lstrcpyA, lstrcmpA, WritePrivateProfileStringA, WriteFile, WinExec, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, QueryPerformanceFrequency, QueryPerformanceCounter, MultiByteToWideChar, MulDiv, MoveFileA, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, IsValidCodePage, IsBadReadPtr, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProfileStringA, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA, GetExitCodeThread, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindNextChangeNotification, FindFirstFileA, FindFirstChangeNotificationA, FindCloseChangeNotification, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CreateDirectoryA, CompareStringA, CloseHandle
    > version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
    > gdi32.dll: UnrealizeObject, TextOutA, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetTextAlign, SetStretchBltMode, SetRectRgn, SetROP2, SetPixelV, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyPolyline, PlayEnhMetaFile, PatBlt, OffsetWindowOrgEx, OffsetClipRgn, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetTextColor, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetNearestColor, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetCurrentObject, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, FillRgn, ExtTextOutA, ExtCreatePen, ExcludeClipRect, EnumFontsA, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRoundRectRgn, CreateRectRgnIndirect, CreateRectRgn, CreatePenIndirect, CreatePen, CreatePatternBrush, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, CloseEnhMetaFile, BitBlt, AbortDoc
    > user32.dll: WindowFromPoint, WinHelpA, WaitMessage, ValidateRect, UpdateWindow, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenuEx, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRectEmpty, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendNotifyMessageA, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LockWindowUpdate, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, IsCharAlphaNumericA, IsCharAlphaA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenuDefaultItem, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCaretPos, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EnumChildWindows, EndPaint, EndDeferWindowPos, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawStateA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DrawCaption, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DeferWindowPos, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClipCursor, ClientToScreen, ChildWindowFromPointEx, ChildWindowFromPoint, CheckMenuItem, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, BeginDeferWindowPos, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout
    > kernel32.dll: Sleep
    > oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VarBstrFromBool, VarBstrFromDate, VarBstrFromCy, VarBoolFromStr, VarCyFromStr, VarDateFromStr, VarR8FromStr, VarI4FromStr, VarNot, VarNeg, VariantChangeTypeEx, VariantCopyInd, VariantCopy, VariantClear, VariantInit
    > ole32.dll: ReleaseStgMedium, DoDragDrop, RevokeDragDrop, RegisterDragDrop, OleUninitialize, OleInitialize, CoCreateInstance, CoDisconnectObject, CoUninitialize, CoInitialize
    > oleaut32.dll: GetErrorInfo, SysFreeString
    > comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_LoadImageA, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
    > imm32.dll: ImmGetVirtualKey
    > winspool.drv: OpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter
    > shell32.dll: ShellExecuteA, SHGetFileInfoA
    > wininet.dll: FindNextUrlCacheEntryA, FindFirstUrlCacheEntryA, DeleteUrlCacheEntry
    > shell32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder
    > comdlg32.dll: PrintDlgA, GetSaveFileNameA, GetOpenFileNameA
    > winmm.dll: PlaySoundA
    > kernel32.dll: MulDiv
    > hhctrl.ocx: HtmlHelpA
    > user32.dll: DdeCmpStringHandles, DdeFreeStringHandle, DdeQueryStringA, DdeCreateStringHandleA, DdeGetLastError, DdeFreeDataHandle, DdeUnaccessData, DdeAccessData, DdeCreateDataHandle, DdeClientTransaction, DdeNameService, DdePostAdvise, DdeSetUserHandle, DdeQueryConvInfo, DdeDisconnect, DdeConnect, DdeUninitialize, DdeInitializeA

    ( 0 exports )

    ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

    VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com alyse avec virustotal encore merci
    0
  18. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut jo11,

    le rapport montre que le fichier n´a pas ete analyser...

    peux tu le faire analyser ici stp :

    https://virusscan.jotti.org/

    C:\Program Files\smemo\smemo.exe

    puis

    Télécharge Clean:

    -> http://www.malekal.com/download/clean.zip

    -> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.

    Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

    -> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

    http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914

    post les deux rapports stp

    @+
    0
  19. jo11
     
    salut je t'envoie le rapport Scan taken on 06 Jun 2008 20:36:56 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing

    Powered by

    de virusscan
    0
  20. g!rly Messages postés 18462 Statut Contributeur 407
     
    bon tres bien jo11,

    je vais commencer a croire que ce programme est saint ;-)

    comment va ton pc ?

    post un nouveau rapport hijack this stp

    @+
    0
  • 1
  • 2