Probleme cheval de troie

virtual.be Messages postés 63 Date d'inscription Statut Membre Dernière intervention -
Utilisateur anonyme - 22 juin 2008 à 12:37

Bonjour,

Depuis quelque temps mon antivirus Avira me detecte un cheval de troie nommé TR/Mondera.65536.1
L'antivirus me le signal a chaque ouverture de fichiers ou programmes.
J'ai aussi des spam presque toutes les minutes !

je vous colle un hijackthis, merci pour votre aide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:10, on 12/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: The hdtip - {70EC7CA3-2FFC-4E43-97DE-3C91B2F65D36} - C:\WINDOWS\hdtip.dll (file missing)
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\JEAN\lsass.exe
O4 - HKLM\..\Run: [04e92ee5] rundll32.exe "C:\WINDOWS\system32\soadtqin.dll",b
O4 - HKLM\..\Run: [BM07da1d79] Rundll32.exe "C:\WINDOWS\system32\aoxqaqyn.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.aldi.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCDB924D-4A0B-435E-9B58-580F69CE4393}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: asparagine - {65bbf06c-ea06-4818-92a3-f3550d0e1004} - C:\WINDOWS\system32\rkvdr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Afficher la suite

A voir également:

Probleme cheval de troie
Comment supprimer cheval de troie gratuitement - Télécharger - Antivirus & Antimalwares
Ordinateur bloqué cheval de troie - Accueil - Arnaque
Cheval de troie virus - Accueil - Virus
Jeux de petit chevaux gratuit à télécharger - Télécharger - Jeux vidéo
Skyrim retrouver son cheval - Forum Jeux PC

40 réponses

Réponse 21 / 40

virtual.be Messages postés 63 Date d'inscription Statut Membre Dernière intervention

voila le rapport

je vais réessayer combofix

EDIT: combofix me fais la meme erreur: you cannot rename ...

-->- Recherche:

C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\JEAN\Bureau\HijackThis.lnk: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\JEAN\Bureau\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Réponse 22 / 40

virtual.be Messages postés 63 Date d'inscription Statut Membre Dernière intervention

petit up

Utilisateur anonyme

Ok maintenant fais ceci:

Défragmenter le disque dur:

*Pour l'exécuter, cliquez sur le bouton Démarrer, sur Tous les programmes, sur Accessoires, Outils systèmes puis sur Défragmenteur de disque.
*Cliquez sur le bouton Analyser. Le logiciel examine alors votre disque dur.
*Cliquez sur le bouton Afficher le rapport. (enregistre le et poste le moi stp) (que si tu as XP).
*Cliquez sur le bouton Défragmenter.

Réponse 23 / 40

virtual.be Messages postés 63 Date d'inscription Statut Membre Dernière intervention

Voila le rapport de main.txt:

Deckard's System Scanner v20071014.68
Run by JEAN on 2008-06-16 07:37:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-16 07:39:20
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\JEAN\Local Settings\Temporary Internet Files\Content.IE5\S56VW9AN\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O2 - BHO: {07c3a95b-6390-5e58-6364-61ca3f5540f0} - {0f0455f3-ac16-4636-85e5-0936b59a3c70} - C:\WINDOWS\system32\smolkdwf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} - C:\WINDOWS\system32\ddcDvSlm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {F97B1075-39B7-46AA-8073-74FA82697612} - C:\WINDOWS\system32\khfFUOee.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {70EC7CA3-2FFC-4E43-97DE-3C91B2F65D36} - (no file)
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [04e92ee5] rundll32.exe "C:\WINDOWS\system32\aiksqbcv.dll",b
O4 - HKLM\..\Run: [BM07da1d79] Rundll32.exe "C:\WINDOWS\system32\hwuwpjbo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37899.1981365741
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{BCDB924D-4A0B-435E-9B58-580F69CE4393}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll
O20 - Winlogon Notify: ddcDvSlm - C:\WINDOWS\system32\ddcDvSlm.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe

Réponse 24 / 40

Utilisateur anonyme

Re ,

alors.

C:\Documents and Settings\JEAN\Local Settings\Temporary Internet Files\Content.IE5\S56VW9AN\dss[1].exe

Ne télécharge pas DSS dans les fichier temporaires stp ...
tu le changeras de place.

********************************************

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

1)Télécharge OTMoveIt2 ( de Old Timer )

2)Une fois téléchargé double-clique sur OTMoveIt2.exe pour le lancer.

Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

3)puis copie les lignes en gras qui se trouvent en dessous :

C:\WINDOWS\system32\smolkdwf.dll
C:\WINDOWS\system32\ddcDvSlm.dll
C:\WINDOWS\system32\khfFUOee.dll
C:\WINDOWS\system32\aiksqbcv.dll
C:\WINDOWS\system32\hwuwpjbo.dll
C:\WINDOWS\system32\eeOUFfhk.ini2
C:\WINDOWS\system32\wilbirgr.dll
C:\WINDOWS\system32\bsudmsow.dll
C:\WINDOWS\system32\xvdfswxu.dll
C:\WINDOWS\system32\aoxqaqyn.dll
C:\WINDOWS\system32\oytpucvc.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f0455f3-ac16-4636-85e5-0936b59a3c70}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E716C4-D172-4FCB-9C66-21BEF1DD2D44}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F97B1075-39B7-46AA-8073-74FA82697612}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\04e92ee5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM07da1d79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A1E716C4-D172-4FCB-9C66-21BEF1DD2D44}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDvSlm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3
C:\Program Files\PartyGaming
C:\Documents and Settings\JEAN\Application Data\Malwarebytes
C:\Documents and Settings\All Users\Application Data\Malwarebytes
C:\Program Files\Malwarebytes' Anti-Malware
Emptytemp

et colle-les dans le cadre de gauche de OTMoveIt : "Paste List Of Files/Folders to Move."
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
4) Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

5) Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )

/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître , dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau.

********************************************

ENSUITE , tu va re-télécharger Malware byte's et me refaire une analyse stp .

fiat500 / Boy / regardez un peu mieux : No action taken.

********************************************

Virtual.be ,, Suis A LA LETTRE ceci :

→ Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

→ Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau.

→ A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

→ Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

→ Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

→ MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

→ Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

→ MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

→ A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

→ Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine . ►► FAIT LE

→ MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

→ Ferme MBAM en cliquant sur Quitter.

→ Poste le rapport dans ta réponse

Tutorial : https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

A+++

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 40

virtual.be Messages postés 63 Date d'inscription Statut Membre Dernière intervention

J'ai une question : comment on remet la barre bleu du dessus dans le gestionnaire des taches ? elle a disparue un jour et je ne sais plus la remettre.

j'ai le rapport de OTmoveit2

DllUnregisterServer procedure not found in C:\WINDOWS\system32\smolkdwf.dll
C:\WINDOWS\system32\smolkdwf.dll NOT unregistered.
C:\WINDOWS\system32\smolkdwf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddcDvSlm.dll
C:\WINDOWS\system32\ddcDvSlm.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ddcDvSlm.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\khfFUOee.dll
C:\WINDOWS\system32\khfFUOee.dll NOT unregistered.
C:\WINDOWS\system32\khfFUOee.dll moved successfully.
File/Folder C:\WINDOWS\system32\aiksqbcv.dll not found.
File/Folder C:\WINDOWS\system32\hwuwpjbo.dll not found.
C:\WINDOWS\system32\eeOUFfhk.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wilbirgr.dll
C:\WINDOWS\system32\wilbirgr.dll NOT unregistered.
C:\WINDOWS\system32\wilbirgr.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\bsudmsow.dll
C:\WINDOWS\system32\bsudmsow.dll NOT unregistered.
C:\WINDOWS\system32\bsudmsow.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\xvdfswxu.dll
C:\WINDOWS\system32\xvdfswxu.dll NOT unregistered.
C:\WINDOWS\system32\xvdfswxu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\aoxqaqyn.dll
C:\WINDOWS\system32\aoxqaqyn.dll NOT unregistered.
C:\WINDOWS\system32\aoxqaqyn.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\oytpucvc.dll
C:\WINDOWS\system32\oytpucvc.dll NOT unregistered.
C:\WINDOWS\system32\oytpucvc.dll moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f0455f3-ac16-4636-85e5-0936b59a3c70} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f0455f3-ac16-4636-85e5-0936b59a3c70} \\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} \\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F97B1075-39B7-46AA-8073-74FA82697612} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F97B1075-39B7-46AA-8073-74FA82697612} \\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\04e92ee5 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\04e92ee5 not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM07da1d79 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM07da1d79 not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} \ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDvSlm >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDvSlm \\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3 \\ not found.
C:\Program Files\PartyGaming\tmpUpgrade moved successfully.
C:\Program Files\PartyGaming\PartyPoker\tmpUpgrade moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Temp moved successfully.
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\fr_FR\images moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\fr_FR\Articles moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\fr_FR moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\images moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\en_US moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Images moved successfully.
C:\Program Files\PartyGaming\PartyPoker moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language\en_US\articles moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language\en_US moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language moved successfully.
C:\Program Files\PartyGaming\PartyCasino moved successfully.
C:\Program Files\PartyGaming moved successfully.
C:\Documents and Settings\JEAN\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine moved successfully.
C:\Documents and Settings\JEAN\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs moved successfully.
C:\Documents and Settings\JEAN\Application Data\Malwarebytes\Malwarebytes' Anti-Malware moved successfully.
C:\Documents and Settings\JEAN\Application Data\Malwarebytes moved successfully.
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware moved successfully.
C:\Documents and Settings\All Users\Application Data\Malwarebytes moved successfully.
C:\Program Files\Malwarebytes' Anti-Malware\Languages moved successfully.
C:\Program Files\Malwarebytes' Anti-Malware moved successfully.
< Emptytemp >
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06162008_170359

Réponse 26 / 40

Utilisateur anonyme

Re ,

Redémarre , et fait MBAM.

J'attends le rapport.

quand a la barre bleue on verra ça a la fin ;))

A++

Réponse 27 / 40

virtual.be Messages postés 63 Date d'inscription Statut Membre Dernière intervention

Voila le rapport MBAM, il en a supprimé mais au redemarrage Avira antivir m'en a trouver d'autres :s

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 861

19:09:19 16/06/2008
mbam-log-6-16-2008 (19-09-19).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 105788
Temps écoulé: 1 hour(s), 14 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\iifgExxV.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\itpdltrw.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\twijbwah.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ddcDvSlm.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{292064dc-1d48-40aa-9ee7-6bc61142d568} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{292064dc-1d48-40aa-9ee7-6bc61142d568} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a1e716c4-d172-4fcb-9c66-21bef1dd2d44} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e716c4-d172-4fcb-9c66-21bef1dd2d44} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcdvslm (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\04e92ee5 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a1e716c4-d172-4fcb-9c66-21bef1dd2d44} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM07da1d79 (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

Réponse 28 / 40

Utilisateur anonyme

Re ,

Vide la quarantaine de Malwarebyte's Anti-Malware: Clique sur le raccourci de Malwarebytes' Anti-Malware , puis sur Quarantaine, sélectionne les divers éléments en cliquant sur Tout puis clique sur Supprime.

*****************************************

+ nouveau rapport DSS.

A+

Réponse 29 / 40

virtual.be Messages postés 63 Date d'inscription Statut Membre Dernière intervention

Et voila. Mais cette fois je n'ai pas eu de extra.txt juste main.txt

Deckard's System Scanner v20071014.68
Run by JEAN on 2008-06-16 19:29:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-16 19:29:28
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\JEAN\Bureau\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: {cb23a599-55f4-7e88-5284-0c292e217717} - {717712e2-92c0-4825-88e7-4f55995a32bc} - C:\WINDOWS\system32\mwlyftod.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {F4736DE3-9437-4BA8-BB71-3556E0376022} - C:\WINDOWS\system32\khfFUOee.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {70EC7CA3-2FFC-4E43-97DE-3C91B2F65D36} - (no file)
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37899.1981365741
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{BCDB924D-4A0B-435E-9B58-580F69CE4393}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe

Réponse 30 / 40

Utilisateur anonyme

Re ,

Va falloir utiliser Combofix là.

Désactive toute tes protections et coupe l'accès à internet durant le scan.

Et fais ceci :

http://www.commentcamarche.net/forum/affich 6864650 probleme cheval de troie#22

A++

Réponse 31 / 40

virtual.be Messages postés 63 Date d'inscription Statut Membre Dernière intervention

ComboFix 08-06-15.4 - JEAN 2008-06-16 19:41:14.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.636 [GMT 2:00]
Endroit: C:\Documents and Settings\JEAN\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\JEAN\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\JEAN\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\JEAN\Application Data\Adssite Advanced Toolbar\selected.xml
C:\WINDOWS\BM07da1d79.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\chutgmye.ini
C:\WINDOWS\system32\eeOUFfhk.ini
C:\WINDOWS\system32\eeOUFfhk.ini2
C:\WINDOWS\system32\ehykvtkb.ini
C:\WINDOWS\system32\jyikrahk.ini
C:\WINDOWS\system32\klmhadct.dll
C:\WINDOWS\system32\lsfpfgcj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mwlyftod.dll
C:\WINDOWS\system32\mxsbakbx.ini
C:\WINDOWS\system32\niqtdaos.ini
C:\WINDOWS\system32\nyalectu.ini
C:\WINDOWS\system32\qdkcwvwr.ini
C:\WINDOWS\system32\rehyvqet.ini
C:\WINDOWS\system32\rosrkcpe.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))))))))
.

2008-06-16 17:24 . 2008-06-16 17:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 17:24 . 2008-06-16 17:24 <REP> d-------- C:\Documents and Settings\JEAN\Application Data\Malwarebytes
2008-06-16 17:24 . 2008-06-16 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 17:04 . 2008-06-16 17:04 <REP> d-------- C:\_OTMoveIt
2008-06-16 07:37 . 2008-06-16 07:37 <REP> d-------- C:\Deckard
2008-06-15 10:39 . 2008-06-16 09:35 2,070 ---hs---- C:\WINDOWS\system32\vcbqskia.ini
2008-06-14 11:29 . 2008-06-11 15:00 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-14 11:29 . 2008-06-11 15:00 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 19:20 . 2008-06-12 19:20 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-05-28 19:20 . 2008-05-28 19:20 <REP> d-------- C:\Documents and Settings\JEAN\Application Data\Apple Computer
2008-05-24 14:13 . 2008-05-24 14:13 <REP> d-------- C:\Logs
2008-05-21 13:14 . 2008-05-21 13:29 <REP> d-------- C:\Documents and Settings\JEAN\Application Data\Teeworlds
2008-05-17 17:00 . 2006-09-05 19:59 97,088 -ra------ C:\WINDOWS\system32\drivers\se58mdm.sys
2008-05-17 17:00 . 2006-09-05 19:59 9,360 -ra------ C:\WINDOWS\system32\drivers\se58mdfl.sys
2008-05-17 17:00 . 2006-09-05 20:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cmnt.sys
2008-05-17 17:00 . 2006-09-05 20:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cm.sys
2008-05-17 16:41 . 2008-05-17 16:41 <REP> d-------- C:\Program Files\Disc2Phone
2008-05-17 16:38 . 2008-05-17 16:39 <REP> d-------- C:\Program Files\QuickTime
2008-05-17 16:37 . 2008-05-17 16:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-17 16:36 . 2006-09-05 19:58 61,536 -ra------ C:\WINDOWS\system32\drivers\se58bus.sys
2008-05-17 16:36 . 2006-09-05 19:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58whnt.sys
2008-05-17 16:36 . 2006-09-05 19:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58wh.sys
2008-05-17 16:35 . 2008-06-10 19:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-17 16:35 . 2008-05-17 16:36 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 13:42 --------- d-----w C:\Program Files\World of Warcraft
2008-06-15 11:45 --------- d-----w C:\Program Files\Trend Micro
2008-06-12 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 13:36 2,728 ----a-w C:\Documents and Settings\JEAN\Application Data\wklnhst.dat
2008-06-07 13:25 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-23 18:40 --------- d-----w C:\Documents and Settings\JEAN\Application Data\ATI
2008-04-23 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-04-23 18:33 --------- d-----w C:\Program Files\ATI Technologies
2008-04-23 18:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 12:08 --------- d-----w C:\Program Files\Valve
2007-10-30 13:21 67,040 ----a-w C:\Documents and Settings\JEAN\Application Data\GDIPFONTCACHEV1.DAT
2006-12-08 13:08 0 -c--a-w C:\Program Files\Deployment.xml
2006-12-08 13:03 0 -c----w C:\Program Files\WinBootstrapper.msi
2006-12-08 12:58 0 -c--a-w C:\Program Files\WinBootstrapper1.cab
2006-11-27 20:31 49 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb41.dat
2006-11-27 20:31 382 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb1942.dat
2006-11-26 09:23 20,480 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb4827.dat
2006-11-16 06:32 0 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb5436.dat
2006-11-11 19:29 9,216 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb8467.dat
2006-11-11 19:29 0 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb6334.dat
2003-08-14 17:13 40,960 -c--a-w C:\Program Files\Uninstall_PCM.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4736DE3-9437-4BA8-BB71-3556E0376022}]
C:\WINDOWS\system32\khfFUOee.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2002-08-28 13:43 73728 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [2003-06-27 15:39 506368 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-06-27 09:36 5798912 C:\WINDOWS\CNYHKey.exe]
"Cmaudio"="cmicnfg.cpl" [2003-10-14 18:31 2269184 C:\WINDOWS\CMICNFG.CPL]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-28 16:37 394240]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02 860672]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-06-29 00:01 2512128]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-26 17:30 262401]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-17 16:38 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^JEAN^Menu Démarrer^Programmes^Démarrage^Morpheus.lnk]
path=C:\Documents and Settings\JEAN\Menu Démarrer\Programmes\Démarrage\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JEAN^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\JEAN\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynDNS Updater]
C:\Program Files\DynDNS Updater\DynDNS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
--a------ 2001-03-26 06:35 429568 C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-10 18:49 50688 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a--c--- 2003-06-18 12:00 204800 C:\Program Files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2003-06-24 15:23 61440 C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-17 16:38 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-07-26 04:03 49263 C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weflirt]
--a------ 2007-10-12 17:39 6574080 C:\Program Files\Weflirt\weflirt.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2VoipServer.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\blatt72\\counter-strike\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\blatt72\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13660:TCP"= 13660:TCP:BitComet 13660 TCP
"13660:UDP"= 13660:UDP:BitComet 13660 UDP
"8332:TCP"= 8332:TCP:BitComet 8332 TCP
"8332:UDP"= 8332:UDP:BitComet 8332 UDP

R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 16:29]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 08:04]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 08:47]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 16:27]
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 16:41]
S3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2005-07-29 16:06]
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2005-08-15 12:43]
S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2003-08-07 16:36]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 19:49:12
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-16 19:58:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 17:58:05

Pre-Run: 32,313,667,584 octets libres
Post-Run: 32,288,198,656 octets libres

196 --- E O F --- 2008-05-17 13:23:31

Réponse 32 / 40

virtual.be Messages postés 63 Date d'inscription Statut Membre Dernière intervention

ComboFix 08-06-15.4 - JEAN 2008-06-17 7:36:44.2 - NTFSx86
Endroit: C:\Documents and Settings\JEAN\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\JEAN\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\vcbqskia.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_OTMoveIt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359.log
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359.res
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\news.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Documents and Settings\JEAN\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-6-14-2008 (14-15-09).txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\changes.rtf
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\albanian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\bulgarian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\catalan.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\danish.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\dutch.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\english.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\finnish.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\french.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\german.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\hungarian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\italian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\norwegian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\romanian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\serbian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\slovak.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\slovenian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\spanish.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\swedish.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\license.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\mbam.chm
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\mbam.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\unins000.dat
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\unins000.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\unins000.msg
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\zlib.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\announce.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\INSTALL.LOG
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\format.ini
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\Language\allLangVersion.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\Language\en_US\version.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\Language\version.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\lobbyconfig.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\pc_uninstall.bat
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\ProductVersion.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\version.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\announce.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Images\but_help.jpg
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Images\system_but_bingo.jpg
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\100152.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\100174.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\100178.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\100180.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\100198.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\100202.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\2.html
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\4.html
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\54866.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\54870.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\62958.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\63194.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\64759.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\65478.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\75180.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\94062.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\94148.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\94150.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\94360.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\95752.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\99950.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\images\system_but_gammon.jpg
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\fr_FR\Articles\100178.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\fr_FR\Articles\54870.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\fr_FR\Articles\64745.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\fr_FR\Articles\75180.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\fr_FR\Articles\94062.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\fr_FR\images\system_but_gammon.jpg
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Notes.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\PokerTrainer.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\tmpUpgrade\INSTALL.LOG
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\tmpUpgrade\upgradepp113-114man.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\TourneyDescription.html
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Uninstall.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\usertab.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\tmpUpgrade\upgradePG114-115man.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\tmpUpgrade\upgradePG115-116man.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\aoxqaqyn.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\bsudmsow.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\eeOUFfhk.ini2
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\khfFUOee.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\oytpucvc.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\smolkdwf.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\wilbirgr.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\xvdfswxu.dll
C:\WINDOWS\system32\vcbqskia.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.

2008-06-17 07:33 . 2008-06-17 07:34 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-16 17:24 . 2008-06-16 17:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 17:24 . 2008-06-16 17:24 <REP> d-------- C:\Documents and Settings\JEAN\Application Data\Malwarebytes
2008-06-16 17:24 . 2008-06-16 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 07:37 . 2008-06-16 07:37 <REP> d-------- C:\Deckard
2008-06-14 11:29 . 2008-06-11 15:00 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-14 11:29 . 2008-06-11 15:00 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 19:20 . 2008-06-12 19:20 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-05-28 19:20 . 2008-05-28 19:20 <REP> d-------- C:\Documents and Settings\JEAN\Application Data\Apple Computer
2008-05-24 14:13 . 2008-05-24 14:13 <REP> d-------- C:\Logs
2008-05-21 13:14 . 2008-05-21 13:29 <REP> d-------- C:\Documents and Settings\JEAN\Application Data\Teeworlds
2008-05-17 17:00 . 2006-09-05 19:59 97,088 -ra------ C:\WINDOWS\system32\drivers\se58mdm.sys
2008-05-17 17:00 . 2006-09-05 19:59 9,360 -ra------ C:\WINDOWS\system32\drivers\se58mdfl.sys
2008-05-17 17:00 . 2006-09-05 20:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cmnt.sys
2008-05-17 17:00 . 2006-09-05 20:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cm.sys
2008-05-17 16:41 . 2008-05-17 16:41 <REP> d-------- C:\Program Files\Disc2Phone
2008-05-17 16:38 . 2008-05-17 16:39 <REP> d-------- C:\Program Files\QuickTime
2008-05-17 16:37 . 2008-05-17 16:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-17 16:36 . 2006-09-05 19:58 61,536 -ra------ C:\WINDOWS\system32\drivers\se58bus.sys
2008-05-17 16:36 . 2006-09-05 19:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58whnt.sys
2008-05-17 16:36 . 2006-09-05 19:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58wh.sys
2008-05-17 16:35 . 2008-06-10 19:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-17 16:35 . 2008-05-17 16:36 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 13:42 --------- d-----w C:\Program Files\World of Warcraft
2008-06-15 11:45 --------- d-----w C:\Program Files\Trend Micro
2008-06-12 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 13:36 2,728 ----a-w C:\Documents and Settings\JEAN\Application Data\wklnhst.dat
2008-06-07 13:25 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-23 18:40 --------- d-----w C:\Documents and Settings\JEAN\Application Data\ATI
2008-04-23 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-04-23 18:33 --------- d-----w C:\Program Files\ATI Technologies
2008-04-23 18:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 12:08 --------- d-----w C:\Program Files\Valve
2007-10-30 13:21 67,040 ----a-w C:\Documents and Settings\JEAN\Application Data\GDIPFONTCACHEV1.DAT
2006-12-08 13:08 0 -c--a-w C:\Program Files\Deployment.xml
2006-12-08 13:03 0 -c----w C:\Program Files\WinBootstrapper.msi
2006-12-08 12:58 0 -c--a-w C:\Program Files\WinBootstrapper1.cab
2006-11-27 20:31 49 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb41.dat
2006-11-27 20:31 382 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb1942.dat
2006-11-26 09:23 20,480 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb4827.dat
2006-11-16 06:32 0 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb5436.dat
2006-11-11 19:29 9,216 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb8467.dat
2006-11-11 19:29 0 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb6334.dat
2003-08-14 17:13 40,960 -c--a-w C:\Program Files\Uninstall_PCM.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-16_19.57.44.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-21 06:57:16 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:57:16 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:57:17 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:57:17 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:57:18 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:57:18 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:57:18 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:57:18 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:57:18 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:57:22 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:57:22 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:57:23 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:57:23 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:57:23 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:57:25 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:57:26 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-17 11:03:45 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\spru040c.dll
+ 2008-04-21 06:57:26 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:57:27 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-21 06:43:36 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:43:36 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:30:24 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:30:24 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2008-05-07 04:55:47 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:11:24 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:59 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2008-06-16 17:47:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-17 05:43:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 15:52:45 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:02:27 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:02:27 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-02-16 09:02:34 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:02:28 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-02-16 09:02:34 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:02:27 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2004-08-19 22:55:31 274,944 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-04-14 15:52:45 272,768 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
- 2008-02-16 09:02:34 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:02:27 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 09:02:34 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:02:28 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 09:02:34 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:02:28 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:02:35 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:02:28 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:02:35 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:02:28 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2008-02-16 09:02:35 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:02:29 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 09:02:35 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:02:29 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 09:02:35 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:02:29 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 22:32:38 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:02:34 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:02:36 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:02:34 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 09:02:37 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:02:34 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:02:37 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:02:35 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 09:02:37 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:02:35 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:32 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:15:36 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-02-16 09:02:38 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:02:37 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 09:02:38 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:02:38 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 09:02:39 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:02:39 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 09:02:39 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:02:40 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-19 22:55:31 274,944 ------w C:\WINDOWS\system32\drivers\bthport.sys
+ 2008-04-14 15:52:45 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
- 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:02:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:02:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:02:28 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:02:35 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:02:28 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-02-16 09:02:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:02:29 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 09:02:35 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:02:29 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-02-16 09:02:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:02:29 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-02-16 22:32:38 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:02:34 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:02:34 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 09:02:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:02:34 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:02:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:02:35 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-02-16 09:02:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:02:35 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-29 22:43:32 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:15:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
- 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:02:37 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-12-10 12:10:04 15,664 -c----w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-02-16 09:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-02-16 09:02:39 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-21 07:02:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
- 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 11:03:45 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2002-08-28 13:43 73728 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [2003-06-27 15:39 506368 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-06-27 09:36 5798912 C:\WINDOWS\CNYHKey.exe]
"Cmaudio"="cmicnfg.cpl" [2003-10-14 18:31 2269184 C:\WINDOWS\CMICNFG.CPL]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-28 16:37 394240]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02 860672]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-06-29 00:01 2512128]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-26 17:30 262401]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-17 16:38 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^JEAN^Menu Démarrer^Programmes^Démarrage^Morpheus.lnk]
path=C:\Documents and Settings\JEAN\Menu Démarrer\Programmes\Démarrage\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JEAN^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\JEAN\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynDNS Updater]
C:\Program Files\DynDNS Updater\DynDNS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
--a------ 2001-03-26 06:35 429568 C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-10 18:49 50688 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a--c--- 2003-06-18 12:00 204800 C:\Program Files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2003-06-24 15:23 61440 C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-17 16:38 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-07-26 04:03 49263 C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weflirt]
--a------ 2007-10-12 17:39 6574080 C:\Program Files\Weflirt\weflirt.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2VoipServer.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\blatt72\\counter-strike\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\blatt72\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13660:TCP"= 13660:TCP:BitComet 13660 TCP
"13660:UDP"= 13660:UDP:BitComet 13660 UDP
"8332:TCP"= 8332:TCP:BitComet 8332 TCP
"8332:UDP"= 8332:UDP:BitComet 8332 UDP

R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 16:29]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 08:04]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 08:47]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 16:27]
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 16:41]
S3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2005-07-29 16:06]
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2005-08-15 12:43]
S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2003-08-07 16:36]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 07:44:15
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-17 7:54:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 05:54:16
ComboFix2.txt 2008-06-16 17:58:11

Pre-Run: 32,129,511,424 octets libres
Post-Run: 32,113,401,856 octets libres

408 --- E O F --- 2008-06-17 05:39:58

Réponse 33 / 40

virtual.be Messages postés 63 Date d'inscription Statut Membre Dernière intervention

Deckard's System Scanner v20071014.68
Run by JEAN on 2008-06-17 07:58:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-17 07:58:02
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\JEAN\Bureau\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37899.1981365741
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe

Réponse 34 / 40

Utilisateur anonyme

Re ,

Hijackthis ce trouve ici : C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Renomme le stp.

Au final tu dois avoir ceci : C:\Program Files\Trend Micro\HijackThis\HJT.exe

ok ? :)

*****************************************************

→ Relance hijackthis , en menu principal choisis ' Do a system scan only' Et fixe ces/cette ligne(s) : ( coche la case à leurs gauches )

R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

Ferme toutes les fenêtres (hormis Hijackthis), y compris ton navigateur web.

→ clique sur ' fixchecked '

****************************************************

→ Télécharge clean : http://www.malekal.com/download/clean.zip

→ Dézippe-le ( clique droit , extraire tout)

→ Lance clean.cmd ( ou clean ), Choisi l'option 1 et poste moi le rapport.

(- Où est le rapport clean ? : « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )

Note : Tu auras peut-être un message qui t'invitera a uploader un fichier , fait-le dès que tu pourras.

Tutorial : http://bibou0007.com/outils-specifiques-f78/tuto-clean-t1007.htm

****************************************************

a++

Réponse 35 / 40

virtual.be Messages postés 63 Date d'inscription Statut Membre Dernière intervention

il y a un probleme parce que a C:\Program Files\Trend Micro apres je n'ai plus de fichier !

Réponse 36 / 40

Utilisateur anonyme

Re ,

Télécharge TrendMicro™ HijackThis™
Laisse le s'installer dans son repertoire par défaut.

A+++

Réponse 37 / 40

virtual.be Messages postés 63 Date d'inscription Statut Membre Dernière intervention

Je n'ai trouver que sa dans C/rapport_clean.txt

mar. 17/06/2008 a 16:22:29,92

*** Recherche des fichiers dans C:
C:\StubInstaller.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files

Réponse 38 / 40

Utilisateur anonyme

Re ,

C'est le bon.

→ Redémarre en MSE

Autre tutorials pour MSE:

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253

→ Re-lance clean -> Choisis l'option 2

---Clean va travailler.---

→ Un rapport Va etre généré , poste le moi ;)

( Le rapport est aussi sauvegardé dans C:\Rapport_clean.txt )

*************

+ un nouveau rapport Hijackthis en mode normal .

A+

Réponse 39 / 40

virtual.be Messages postés 63 Date d'inscription Statut Membre Dernière intervention

Et voila, desolé pour le retard !

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec jeu. 19/06/2008 a 15:01:47,06

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:
tentative de suppression de C:\StubInstaller.exe

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

Réponse 40 / 40

Utilisateur anonyme

Re !

reposte un rapport Hijackthis stp

A+

Discussions similaires

expressions francaises

Cheval de troie comment le supprimer?

virus: comment supprimer ccxprocess (virus cheval de troie)

cheval dans oblivion

comment se debarasser d un cheval de troie

Votre réponse

Discussions similaires