A voir également:
- Virus Help
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Faux message virus ordinateur - Accueil - Arnaque
- Tinyurl.com virus - Forum Virus
- Virus mcafee - Accueil - Piratage
13 réponses
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
30 juil. 2008 à 15:48
30 juil. 2008 à 15:48
Bonjour julia81
Ton ordinateur est très infecté !
Tu peux faire le scan BitDefender si tu veux, mais ça ne supprimera pas tout... Pour commencer, supprime ta version de hijackthis qui n'est plus à jour (menu démarrer --> panneau de configuration --> ajout/suppression de programmes), et télécharge hijackthis nouvelle version sur ton bureau :
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Ensuite, fais ceci :
Télécharge et installe Malwarebyte's Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
- Lance Malwarebyte's Anti-Malware, laisse les Mises à jour se télécharger et referme le programme
Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec".
Choisis ta session habituelle
Lance Malwarebyte's Anti-Malware
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
- A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
- Suppression des éléments détectés --> clique sur Supprimer la sélection
- S'il t'es demandé de redémarrer, clique sur Yes
Poste le rapport de scan après la suppression ici
Ton ordinateur est très infecté !
Tu peux faire le scan BitDefender si tu veux, mais ça ne supprimera pas tout... Pour commencer, supprime ta version de hijackthis qui n'est plus à jour (menu démarrer --> panneau de configuration --> ajout/suppression de programmes), et télécharge hijackthis nouvelle version sur ton bureau :
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Ensuite, fais ceci :
Télécharge et installe Malwarebyte's Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
- Lance Malwarebyte's Anti-Malware, laisse les Mises à jour se télécharger et referme le programme
Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec".
Choisis ta session habituelle
Lance Malwarebyte's Anti-Malware
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
- A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
- Suppression des éléments détectés --> clique sur Supprimer la sélection
- S'il t'es demandé de redémarrer, clique sur Yes
Poste le rapport de scan après la suppression ici
lordkoxx
Messages postés
550
Date d'inscription
mardi 29 juillet 2008
Statut
Membre
Dernière intervention
3 janvier 2019
73
30 juil. 2008 à 15:29
30 juil. 2008 à 15:29
clic sur ce lien céest un logiciel qui te permet de faire une analyse antivirus en ligne, si il y a quoi que ce soit il le trouvera
http://www.bitdefender.fr/scan_fr/scan8/ie.html
http://www.bitdefender.fr/scan_fr/scan8/ie.html
merci anthony, j'ai suivi tes conseils voici le rapport:
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1008
Windows 5.1.2600 Service Pack 2
21:50:01 30/07/2008
mbam-log-7-30-2008 (21-50-01).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 127612
Temps écoulé: 32 minute(s), 51 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 35
Fichier(s) infecté(s): 171
Processus mémoire infecté(s):
C:\Program Files\DriveCleaner Free\UDC.exe (Rogue.DriveCleaner) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Program Files\DriveCleaner Free\mfc71.dll (Rogue.DriveCleaner) -> Delete on reboot.
C:\Program Files\DriveCleaner Free\msvcp71.dll (Rogue.DriveCleaner) -> Delete on reboot.
C:\Program Files\DriveCleaner Free\msvcr71.dll (Rogue.DriveCleaner) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\udcpchk.udcpchk (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\udcpchk.udcpchk.1 (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{943b96a4-9bf6-42fe-8d0b-4bca71c3632f} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5954b2db-09a7-4023-847c-107539dc560d} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4f43b1f3-0ce8-493b-96d2-990cec05edbb} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f323594-30e9-4e1e-8262-ca7b4d0a65a1} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c2ccbfaf-1474-4e53-8130-0cc12b31856b} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{95012afd-f4f1-4a96-bf3b-4f5d6c54d593} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hottvplayer.htplayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hottvplayer.htplayer.1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fd31bf07-70e3-4b98-8f70-0970af614275} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcr1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shcp1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcr1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\shcp1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 pro (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\drivecleaner free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\drivecleaner free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HotTVPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drivecleaner free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcr1cj0er1q (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smshcp1cj0er1q (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\SystemDoctor (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\archives-stars-nues (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\Suspicious (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\Infected (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\SystemDoctor Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\SystemDoctor Free\Logs (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\WinAntiVirus Pro 2006\history.db (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\unins000.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\unins000.exe (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\UDC.exe (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\remnag.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\UDC.xml (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Activate.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\up.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\vbpv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\lapv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\bnlink.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\pv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\license.rtf (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\readme.rtf (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\atl71.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\mfc71.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\msvcp71.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\msvcr71.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\uninstall.ico (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\UDC6V.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\support.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\manual.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\updater.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\err.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\AV.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\sr.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\ResErrors.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Schedule.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\ScanReport.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\diagnosis.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\AE_CD_Cr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\AReadr4.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\AReadr5.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\ASDSEEpv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\ASPack.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\Babylon.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\BDelphi5.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\CatchUp.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\CBuildr5.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\CCGA.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\CManager.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\CuteFTP4.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\CuteHTML.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\DAcceler.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\DiscJug.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\ECDCreat4.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\Far.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\FFTsks.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\FlashFXP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\FrntPage.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\FrontPEx.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\FtpEXP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\FtpVoya.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\GetRight.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\GoZilla.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\GravMRU.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\HomeSite.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\HotDogPr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\H_TxtPad.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\IconExtr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\iMesh.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\ImgReady3.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\InsShExp.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\JASC_P_P.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\KaZaA.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\LView.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MacDir.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MacDrWea.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MicAng.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MicDes.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MMUnDisk.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MM_CON.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\Morpheus.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MPaint.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MPicPub.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MPImaGal.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MSExplorer.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MSoffice.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MSRegEdit.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MSWMP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MSWordPad.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\Nero.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\NetShow.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\NTBackup.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\PhotShel.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\PHPCoder.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\PowerZIP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\RapidBr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\RealAuPl.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\RealDown.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\SecurCRT.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\SL_BlWin.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\SmartClr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\Sonique.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\StuffIt.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\TelepPro.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\UGifAnim.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\UltraEd.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\UMedStud.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\UPhImpV.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\UPhotoEx.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\UVidStud.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\VNC.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\WebFeret.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\WebReap.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\WinACE.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\WinGate.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\WinRAR.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\WinZIP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\WiseInst.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\YahooPl.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\ZipMagic.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\pfilelst.xda (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\wordslst.xda (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor Free\ResErrors.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor Free\st.dat (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\SystemDoctor\err.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\Thumbs.db (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\14.06148 (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\archives-stars-nues\archives-stars-nues.ico (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\zlib.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\vscan.tsi (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\rhcr1cj0er1q.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\shcp1cj0er1q.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006\AVScheduler.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\WinAntiVirus Pro 2006\Logs\update.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\SystemDoctor Free\Logs\update.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcv1cj0er1q.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yijcekr_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yijcekr_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
peux tu me dire ce que je dois faire maintenant (j'ai perdu un module de démarrage un rundll, il me manque un module au démarrage, j'ai un message d'erreur systématique au démarrage.
Faut-il que je restaure le système? Help, je suis pas une pro!
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1008
Windows 5.1.2600 Service Pack 2
21:50:01 30/07/2008
mbam-log-7-30-2008 (21-50-01).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 127612
Temps écoulé: 32 minute(s), 51 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 35
Fichier(s) infecté(s): 171
Processus mémoire infecté(s):
C:\Program Files\DriveCleaner Free\UDC.exe (Rogue.DriveCleaner) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Program Files\DriveCleaner Free\mfc71.dll (Rogue.DriveCleaner) -> Delete on reboot.
C:\Program Files\DriveCleaner Free\msvcp71.dll (Rogue.DriveCleaner) -> Delete on reboot.
C:\Program Files\DriveCleaner Free\msvcr71.dll (Rogue.DriveCleaner) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\udcpchk.udcpchk (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\udcpchk.udcpchk.1 (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{943b96a4-9bf6-42fe-8d0b-4bca71c3632f} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5954b2db-09a7-4023-847c-107539dc560d} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4f43b1f3-0ce8-493b-96d2-990cec05edbb} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f323594-30e9-4e1e-8262-ca7b4d0a65a1} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c2ccbfaf-1474-4e53-8130-0cc12b31856b} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{95012afd-f4f1-4a96-bf3b-4f5d6c54d593} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hottvplayer.htplayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hottvplayer.htplayer.1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fd31bf07-70e3-4b98-8f70-0970af614275} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcr1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shcp1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcr1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\shcp1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 pro (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\drivecleaner free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\drivecleaner free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HotTVPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drivecleaner free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcr1cj0er1q (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smshcp1cj0er1q (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\SystemDoctor (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\archives-stars-nues (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\Suspicious (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\Infected (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\SystemDoctor Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\SystemDoctor Free\Logs (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\rhcr1cj0er1q\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\WinAntiVirus Pro 2006\history.db (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\unins000.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\unins000.exe (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\UDC.exe (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\remnag.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\UDC.xml (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Activate.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\up.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\vbpv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\lapv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\bnlink.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\pv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\license.rtf (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\readme.rtf (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\atl71.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\mfc71.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\msvcp71.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\msvcr71.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\uninstall.ico (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\UDC6V.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\support.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\manual.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\updater.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\err.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\AV.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\sr.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\ResErrors.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Schedule.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\ScanReport.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\diagnosis.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\AE_CD_Cr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\AReadr4.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\AReadr5.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\ASDSEEpv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\ASPack.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\Babylon.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\BDelphi5.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\CatchUp.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\CBuildr5.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\CCGA.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\CManager.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\CuteFTP4.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\CuteHTML.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\DAcceler.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\DiscJug.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\ECDCreat4.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\Far.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\FFTsks.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\FlashFXP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\FrntPage.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\FrontPEx.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\FtpEXP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\FtpVoya.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\GetRight.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\GoZilla.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\GravMRU.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\HomeSite.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\HotDogPr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\H_TxtPad.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\IconExtr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\iMesh.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\ImgReady3.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\InsShExp.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\JASC_P_P.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\KaZaA.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\LView.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MacDir.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MacDrWea.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MicAng.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MicDes.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MMUnDisk.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MM_CON.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\Morpheus.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MPaint.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MPicPub.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MPImaGal.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MSExplorer.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MSoffice.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MSRegEdit.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MSWMP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\MSWordPad.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\Nero.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\NetShow.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\NTBackup.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\PhotShel.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\PHPCoder.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\PowerZIP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\RapidBr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\RealAuPl.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\RealDown.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\SecurCRT.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\SL_BlWin.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\SmartClr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\Sonique.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\StuffIt.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\TelepPro.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\UGifAnim.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\UltraEd.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\UMedStud.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\UPhImpV.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\UPhotoEx.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\UVidStud.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\VNC.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\WebFeret.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\WebReap.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\WinACE.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\WinGate.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\WinRAR.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\WinZIP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\WiseInst.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\YahooPl.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\ZipMagic.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\pfilelst.xda (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Appbase\wordslst.xda (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor Free\ResErrors.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor Free\st.dat (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\SystemDoctor\err.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\Thumbs.db (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\14.06148 (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\archives-stars-nues\archives-stars-nues.ico (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\zlib.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\vscan.tsi (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\rhcr1cj0er1q.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcr1cj0er1q\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\shcp1cj0er1q.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcp1cj0er1q\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006\AVScheduler.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\WinAntiVirus Pro 2006\Logs\update.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\SystemDoctor Free\Logs\update.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcv1cj0er1q.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yijcekr_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yijcekr_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
peux tu me dire ce que je dois faire maintenant (j'ai perdu un module de démarrage un rundll, il me manque un module au démarrage, j'ai un message d'erreur systématique au démarrage.
Faut-il que je restaure le système? Help, je suis pas une pro!
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
30 juil. 2008 à 22:43
30 juil. 2008 à 22:43
MalwareByte's a supprimé beaucoup de choses, mais il reste des fichiers infectés... Et surtout ne fais pas de restauration du système pour l'instant, sinon tous les fichiers infectés supprimés vont revenir ! Pour le message c'est normal, il devrait disparaitre tout seul quand on aura fini la désinfection (sinon rappelle le moi, on le fera disparaitre).
Je vais te demander trois nouveaux scans avec les rapports qui vont avec stp (courage, c'est long mais ça va aller, tout est expliqué en détail ;) n'hésite pas à imprimer ces consignes si besoin) :
1) Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
• Puis, ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
2) Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu ==> AVG et Norton en ce qui te concerne) le temps de la manipulation :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre ...
Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------
Ensuite :
double-clique sur C-Fix.exe ( = combofix.exe ) .
Appuie sur la touche Y (Yes) pour démarrer le scan .
Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi.
---> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer
Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp
3) Une fois cela fait, j'aurai besoin d'un nouveau rapport hijackthis, mais ta version est obsolète.
Désinstalle Hijackthis (Menu démarrer --> panneau de configuration --> ajout/suppression de programmes), puis télécharge la nouvelle version sur ton bureau :
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Installe le, lance le et clique sur "Do a system scan and save a logfile".
Fais un copier-coller du rapport entier sur le forum
Je vais te demander trois nouveaux scans avec les rapports qui vont avec stp (courage, c'est long mais ça va aller, tout est expliqué en détail ;) n'hésite pas à imprimer ces consignes si besoin) :
1) Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
• Puis, ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
2) Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu ==> AVG et Norton en ce qui te concerne) le temps de la manipulation :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre ...
Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------
Ensuite :
double-clique sur C-Fix.exe ( = combofix.exe ) .
Appuie sur la touche Y (Yes) pour démarrer le scan .
Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi.
---> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer
Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp
3) Une fois cela fait, j'aurai besoin d'un nouveau rapport hijackthis, mais ta version est obsolète.
Désinstalle Hijackthis (Menu démarrer --> panneau de configuration --> ajout/suppression de programmes), puis télécharge la nouvelle version sur ton bureau :
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Installe le, lance le et clique sur "Do a system scan and save a logfile".
Fais un copier-coller du rapport entier sur le forum
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
IMfoor-matique
Messages postés
11
Date d'inscription
mercredi 30 juillet 2008
Statut
Membre
Dernière intervention
30 juillet 2008
1
30 juil. 2008 à 22:46
30 juil. 2008 à 22:46
--
OOH pt**** ta fait comment pour te choper autant de virus 00
OOH pt**** ta fait comment pour te choper autant de virus 00
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
30 juil. 2008 à 22:55
30 juil. 2008 à 22:55
.
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
>
julia81
31 juil. 2008 à 13:32
31 juil. 2008 à 13:32
De rien ;)
A ce soir.
A ce soir.
Anthony, j'ai fait tout ce que tu m'as dit.
Voici le rapport sDFix:
[b]SDFix: Version 1.210 [/b]
Run by pascal on 31/07/2008 at 21:02
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\pascal\Bureau\SDfix\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt246.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A8.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2AA.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt234.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt243.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt245.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt248.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt236.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt254.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt266.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt26E.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt244.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt270.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt272.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt238.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt23A.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A2.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt23B.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2E7.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt24F.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt253.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt256.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt268.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt279.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt25C.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt271.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt27B.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt27D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt287.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt289.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt28B.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt28D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt28F.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt291.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt293.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt295.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt297.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt299.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt29C.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt29E.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A0.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A4.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A6.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A9.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2AC.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2AE.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B1.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B3.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B5.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B7.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B9.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2BC.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2BE.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C0.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C2.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C4.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C6.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C8.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2CA.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2CC.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2CE.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D0.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D2.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D4.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D9.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2DB.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2DD.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2DF.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2E1.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2E3.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2E9.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2EB.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2EE.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F0.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F2.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F4.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F6.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F8.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2FA.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2FC.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2FE.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt300.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt302.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt304.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt306.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt308.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt30A.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt30C.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt316.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt23D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt23F.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt249.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt24D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt250.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt274.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt276.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt284.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt25E.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt286.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt28A.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt26D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt28E.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt292.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt296.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt29A.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt29D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A1.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A5.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2AB.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2AF.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B2.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B6.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2BA.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2BD.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt241.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt24C.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt251.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt257.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt259.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt25D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt260.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt262.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt264.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt267.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt26A.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt26C.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt273.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt277.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt27A.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt27E.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt280.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt282.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt28C.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt294.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt29B.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A3.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2AD.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B4.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2BB.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C1.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C5.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C9.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2CD.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D1.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D5.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt252.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt247.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt258.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt25B.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt261.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt265.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt26B.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt275.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt27C.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt281.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt285.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt290.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt29F.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B0.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2BF.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C7.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2CF.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D6.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D8.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2DC.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2E0.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2E4.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2E6.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2EA.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2ED.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F1.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F5.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F9.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2FD.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt301.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt305.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt309.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt30D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt30F.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt311.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt313.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt315.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt318.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt32B.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt32D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt32F.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt320.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt331.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt333.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt335.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt337.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\lowpower.exe.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\dssec.exe.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\atmadm2.exe.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\vista_sp1.exe.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\media.php.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\removalfile.bat - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 21:13:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\pascal\Bureau\SDfix\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sun 23 Jan 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Mon 13 Aug 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Sun 23 Jan 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Sun 23 Jan 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Sun 23 Jan 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Sat 14 Jul 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT1A2.tmp"
Tue 11 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 9 Feb 2005 64,000 A..H. --- "C:\Documents and Settings\pascal\Bureau\soph\~WRL3759.tmp"
Sun 18 Jan 2004 460,288 A..H. --- "C:\Documents and Settings\pascal\Bureau\pascal\~WRL0002.tmp"
Fri 17 Nov 2006 989,096 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\BIT26A.tmp"
[b]Finished![/b]
le rapport combofix (j'ai eu un blème au démarrage car norton s'est réactivé automatiquement et voulait supprimer le rapoort de combofix avant son édition, ça a ramé un moment, j'espère qu'il a pu agir correctement quand même):
ComboFix 08-07-31.01 - pascal 2008-07-31 21:43:49.2 - [color=red][b]FAT32[/b][/color]x86
Endroit: C:\Documents and Settings\pascal\Bureau\C-Fix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner Free
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner Free\ Page d'accueil deDriveCleaner.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner Free\DriveCleaner.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner Free\Désinstaller de DriveCleaner.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner Free\Mode d'emploi en ligne de DriveCleaner.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner Free\Support en ligne de DriveCleaner.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\pascal\err.log
C:\Documents and Settings\pascal\Menu Démarrer\Programmes\Antivirus 2008 PRO
C:\Documents and Settings\pascal\Menu Démarrer\Programmes\Antivirus 2008 PRO\antivirus-2008pro.lnk
C:\Documents and Settings\pascal\ResErrors.log
C:\Program Files\hottvplayer
C:\Program Files\hottvplayer\hottv.ico
C:\Program Files\hottvplayer\Ogg\ogg.dll
C:\Program Files\hottvplayer\Ogg\ogg_demux.dll
C:\Program Files\hottvplayer\Ogg\theora_decoder.dll
C:\Program Files\hottvplayer\Ogg\vorbis.dll
C:\Program Files\hottvplayer\Ogg\vorbis_decoder.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\gnhweeqh.ini
C:\WINDOWS\system32\ihuvyaxm.ini
C:\WINDOWS\system32\lUxayccf.ini
C:\WINDOWS\system32\lUxayccf.ini2
C:\WINDOWS\system32\okinlgou.ini
C:\WINDOWS\system32\qdtdfuso.ini
C:\WINDOWS\system32\stera.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FOPN
-------\Legacy_IPRIP
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_Iprip
((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.
2008-07-31 19:47 . 2008-07-31 19:47 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-31 19:40 . 2008-07-30 12:52 <REP> d-------- C:\SDFix
2008-07-30 20:49 . 2008-07-30 20:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 20:49 . 2008-07-30 20:49 <REP> d-------- C:\Documents and Settings\pascal\Application Data\Malwarebytes
2008-07-30 20:49 . 2008-07-30 20:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 20:49 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-30 20:49 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-15 21:23 . 2008-07-15 21:11 16,384 --a------ C:\WINDOWS\rwinsta.exe
2008-07-07 18:32 . 2008-07-07 18:32 33,792 --a------ C:\WINDOWS\rundll32.exe.exe
2008-07-06 20:02 . 2004-08-05 05:00 33,792 --a------ C:\WINDOWS\system32\LMMIB2.DLL
2008-07-06 19:52 . 2008-07-06 19:52 <REP> d-------- C:\Program Files\Registry Easy
2008-06-28 08:38 . 2008-06-28 08:38 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-06-27 21:56 . 2008-06-27 21:56 <REP> d-------- C:\Program Files\PhotoFiltre
2008-06-26 20:48 . 2008-06-26 20:48 <REP> d-------- C:\Program Files\Paint.NET
2008-06-26 20:44 . 2008-06-26 20:44 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-26 20:44 . 2008-06-26 20:44 <REP> d-------- C:\Program Files\MSBuild
2008-06-26 20:43 . 2008-06-26 20:43 <REP> d-------- C:\Program Files\Reference Assemblies
2008-06-26 20:43 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-26 20:40 . 2008-06-26 20:40 <REP> d-------- C:\Program Files\MSXML 6.0
2008-06-26 20:15 . 2008-06-26 20:15 2,869,264 --a------ C:\dotNetFx35setup.exe
2008-06-25 20:33 . 2008-06-25 20:33 <REP> d--h----- C:\$AVG8.VAULT$
2008-06-25 15:41 . 2008-06-25 15:41 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-25 15:41 . 2008-06-25 15:41 <REP> d-------- C:\Program Files\AVG
2008-06-25 15:41 . 2008-06-25 15:41 <REP> d-------- C:\Documents and Settings\pascal\Application Data\AVGTOOLBAR
2008-06-25 15:41 . 2008-06-25 15:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-25 15:41 . 2008-07-05 08:25 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-25 15:41 . 2008-06-25 15:41 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.old
2008-06-25 15:41 . 2008-07-05 08:25 10,520 --a------ C:\WINDOWS\system32\AVGRSSTX.DLL
2008-06-24 20:24 . 2008-06-24 20:33 406,530,048 --a------ C:\OFFICE.iso
2008-06-24 20:12 . 2008-06-24 20:12 <REP> d-------- C:\Program Files\Microsoft Works
2008-06-11 19:05 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 19:05 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\MSWSOCK.DLL
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-27 15:12 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-07-27 15:12 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-25 09:37 20480]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"Orange Desktop Search"="C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2006-11-02 15:08 4937512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15 45056]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-12 13:39 58992]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-17 19:31 7286784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-17 19:31 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 18:14 36975]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-09-29 16:07 114688]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-09-21 13:48 425984]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 16:21 393216]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-03-21 06:42 100056]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"ORAHSSStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-01-04 10:40 462848]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-01-04 10:45 90112]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-26 16:02 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-27 17:04 282624]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-05 08:25 1232152]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 16:42 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-11-17 19:31 1519616 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-05 08:25]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 08:25]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-07-25 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - pascal.job
- C:\PROGRA~1\NORTON~1\Navw32.exe [2005-08-30 15:39]
2008-07-31 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-24 11:22]
2008-07-31 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2008-07-27 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe []
.
- - - - ORPHANS REMOVED - - - -
BHO-{879F0D82-6C99-4340-9952-BF8CBFC89F5F} - C:\WINDOWS\system32\fccyaxUl.dll
HKCU-Run-eMuleAutoStart - C:\Program Files\eMule\emule.exe
HKLM-Run-320d18a1 - C:\WINDOWS\system32\hqeewhng.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\pascal\Application Data\Mozilla\Firefox\Profiles\nivi1k0k.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 21:45:08
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
Temps d'accomplissement: 2008-07-31 21:54:17
ComboFix-quarantined-files.txt 2008-07-31 19:54:12
Pre-Run: 80,985,063,424 octets libres
Post-Run: 80,971,268,096 octets libres
220 --- E O F --- 2008-07-18 11:58:25
et le Hijack derniere version:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:03, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\OrangeHSS\browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.leaderphoto.com/uploaders/aurigma_4_5_50/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.leaderphoto.com/uploaders/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.leaderphoto.com/XUpload.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
Voici le rapport sDFix:
[b]SDFix: Version 1.210 [/b]
Run by pascal on 31/07/2008 at 21:02
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\pascal\Bureau\SDfix\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt246.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A8.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2AA.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt234.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt243.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt245.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt248.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt236.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt254.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt266.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt26E.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt244.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt270.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt272.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt238.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt23A.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A2.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt23B.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2E7.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt24F.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt253.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt256.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt268.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt279.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt25C.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt271.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt27B.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt27D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt287.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt289.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt28B.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt28D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt28F.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt291.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt293.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt295.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt297.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt299.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt29C.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt29E.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A0.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A4.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A6.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A9.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2AC.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2AE.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B1.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B3.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B5.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B7.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B9.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2BC.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2BE.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C0.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C2.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C4.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C6.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C8.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2CA.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2CC.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2CE.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D0.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D2.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D4.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D9.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2DB.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2DD.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2DF.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2E1.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2E3.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2E9.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2EB.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2EE.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F0.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F2.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F4.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F6.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F8.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2FA.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2FC.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2FE.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt300.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt302.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt304.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt306.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt308.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt30A.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt30C.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt316.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt23D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt23F.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt249.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt24D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt250.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt274.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt276.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt284.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt25E.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt286.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt28A.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt26D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt28E.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt292.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt296.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt29A.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt29D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A1.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A5.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2AB.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2AF.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B2.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B6.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2BA.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2BD.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt241.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt24C.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt251.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt257.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt259.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt25D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt260.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt262.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt264.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt267.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt26A.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt26C.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt273.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt277.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt27A.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt27E.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt280.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt282.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt28C.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt294.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt29B.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2A3.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2AD.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B4.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2BB.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C1.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C5.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C9.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2CD.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D1.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D5.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt252.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt247.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt258.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt25B.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt261.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt265.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt26B.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt275.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt27C.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt281.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt285.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt290.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt29F.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2B0.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2BF.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2C7.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2CF.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D6.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2D8.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2DC.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2E0.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2E4.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2E6.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2EA.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2ED.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F1.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F5.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2F9.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt2FD.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt301.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt305.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt309.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt30D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt30F.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt311.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt313.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt315.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt318.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt32B.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt32D.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt32F.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt320.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt331.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt333.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt335.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\.tt337.tmp - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\lowpower.exe.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\dssec.exe.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\atmadm2.exe.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\vista_sp1.exe.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\media.php.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\removalfile.bat - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 21:13:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\pascal\Bureau\SDfix\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sun 23 Jan 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Mon 13 Aug 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Sun 23 Jan 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Sun 23 Jan 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Sun 23 Jan 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Sat 14 Jul 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT1A2.tmp"
Tue 11 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 9 Feb 2005 64,000 A..H. --- "C:\Documents and Settings\pascal\Bureau\soph\~WRL3759.tmp"
Sun 18 Jan 2004 460,288 A..H. --- "C:\Documents and Settings\pascal\Bureau\pascal\~WRL0002.tmp"
Fri 17 Nov 2006 989,096 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\BIT26A.tmp"
[b]Finished![/b]
le rapport combofix (j'ai eu un blème au démarrage car norton s'est réactivé automatiquement et voulait supprimer le rapoort de combofix avant son édition, ça a ramé un moment, j'espère qu'il a pu agir correctement quand même):
ComboFix 08-07-31.01 - pascal 2008-07-31 21:43:49.2 - [color=red][b]FAT32[/b][/color]x86
Endroit: C:\Documents and Settings\pascal\Bureau\C-Fix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner Free
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner Free\ Page d'accueil deDriveCleaner.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner Free\DriveCleaner.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner Free\Désinstaller de DriveCleaner.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner Free\Mode d'emploi en ligne de DriveCleaner.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner Free\Support en ligne de DriveCleaner.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\pascal\err.log
C:\Documents and Settings\pascal\Menu Démarrer\Programmes\Antivirus 2008 PRO
C:\Documents and Settings\pascal\Menu Démarrer\Programmes\Antivirus 2008 PRO\antivirus-2008pro.lnk
C:\Documents and Settings\pascal\ResErrors.log
C:\Program Files\hottvplayer
C:\Program Files\hottvplayer\hottv.ico
C:\Program Files\hottvplayer\Ogg\ogg.dll
C:\Program Files\hottvplayer\Ogg\ogg_demux.dll
C:\Program Files\hottvplayer\Ogg\theora_decoder.dll
C:\Program Files\hottvplayer\Ogg\vorbis.dll
C:\Program Files\hottvplayer\Ogg\vorbis_decoder.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\gnhweeqh.ini
C:\WINDOWS\system32\ihuvyaxm.ini
C:\WINDOWS\system32\lUxayccf.ini
C:\WINDOWS\system32\lUxayccf.ini2
C:\WINDOWS\system32\okinlgou.ini
C:\WINDOWS\system32\qdtdfuso.ini
C:\WINDOWS\system32\stera.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FOPN
-------\Legacy_IPRIP
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_Iprip
((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.
2008-07-31 19:47 . 2008-07-31 19:47 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-31 19:40 . 2008-07-30 12:52 <REP> d-------- C:\SDFix
2008-07-30 20:49 . 2008-07-30 20:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 20:49 . 2008-07-30 20:49 <REP> d-------- C:\Documents and Settings\pascal\Application Data\Malwarebytes
2008-07-30 20:49 . 2008-07-30 20:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 20:49 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-30 20:49 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-15 21:23 . 2008-07-15 21:11 16,384 --a------ C:\WINDOWS\rwinsta.exe
2008-07-07 18:32 . 2008-07-07 18:32 33,792 --a------ C:\WINDOWS\rundll32.exe.exe
2008-07-06 20:02 . 2004-08-05 05:00 33,792 --a------ C:\WINDOWS\system32\LMMIB2.DLL
2008-07-06 19:52 . 2008-07-06 19:52 <REP> d-------- C:\Program Files\Registry Easy
2008-06-28 08:38 . 2008-06-28 08:38 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-06-27 21:56 . 2008-06-27 21:56 <REP> d-------- C:\Program Files\PhotoFiltre
2008-06-26 20:48 . 2008-06-26 20:48 <REP> d-------- C:\Program Files\Paint.NET
2008-06-26 20:44 . 2008-06-26 20:44 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-26 20:44 . 2008-06-26 20:44 <REP> d-------- C:\Program Files\MSBuild
2008-06-26 20:43 . 2008-06-26 20:43 <REP> d-------- C:\Program Files\Reference Assemblies
2008-06-26 20:43 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-26 20:40 . 2008-06-26 20:40 <REP> d-------- C:\Program Files\MSXML 6.0
2008-06-26 20:15 . 2008-06-26 20:15 2,869,264 --a------ C:\dotNetFx35setup.exe
2008-06-25 20:33 . 2008-06-25 20:33 <REP> d--h----- C:\$AVG8.VAULT$
2008-06-25 15:41 . 2008-06-25 15:41 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-25 15:41 . 2008-06-25 15:41 <REP> d-------- C:\Program Files\AVG
2008-06-25 15:41 . 2008-06-25 15:41 <REP> d-------- C:\Documents and Settings\pascal\Application Data\AVGTOOLBAR
2008-06-25 15:41 . 2008-06-25 15:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-25 15:41 . 2008-07-05 08:25 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-25 15:41 . 2008-06-25 15:41 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.old
2008-06-25 15:41 . 2008-07-05 08:25 10,520 --a------ C:\WINDOWS\system32\AVGRSSTX.DLL
2008-06-24 20:24 . 2008-06-24 20:33 406,530,048 --a------ C:\OFFICE.iso
2008-06-24 20:12 . 2008-06-24 20:12 <REP> d-------- C:\Program Files\Microsoft Works
2008-06-11 19:05 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 19:05 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\MSWSOCK.DLL
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-27 15:12 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-07-27 15:12 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-25 09:37 20480]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"Orange Desktop Search"="C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2006-11-02 15:08 4937512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15 45056]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-12 13:39 58992]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-17 19:31 7286784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-17 19:31 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 18:14 36975]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-09-29 16:07 114688]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-09-21 13:48 425984]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 16:21 393216]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-03-21 06:42 100056]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"ORAHSSStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-01-04 10:40 462848]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-01-04 10:45 90112]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-26 16:02 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-27 17:04 282624]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-05 08:25 1232152]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 16:42 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-11-17 19:31 1519616 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-05 08:25]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 08:25]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-07-25 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - pascal.job
- C:\PROGRA~1\NORTON~1\Navw32.exe [2005-08-30 15:39]
2008-07-31 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-24 11:22]
2008-07-31 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2008-07-27 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe []
.
- - - - ORPHANS REMOVED - - - -
BHO-{879F0D82-6C99-4340-9952-BF8CBFC89F5F} - C:\WINDOWS\system32\fccyaxUl.dll
HKCU-Run-eMuleAutoStart - C:\Program Files\eMule\emule.exe
HKLM-Run-320d18a1 - C:\WINDOWS\system32\hqeewhng.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\pascal\Application Data\Mozilla\Firefox\Profiles\nivi1k0k.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 21:45:08
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
Temps d'accomplissement: 2008-07-31 21:54:17
ComboFix-quarantined-files.txt 2008-07-31 19:54:12
Pre-Run: 80,985,063,424 octets libres
Post-Run: 80,971,268,096 octets libres
220 --- E O F --- 2008-07-18 11:58:25
et le Hijack derniere version:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:03, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\OrangeHSS\browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.leaderphoto.com/uploaders/aurigma_4_5_50/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.leaderphoto.com/uploaders/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.leaderphoto.com/XUpload.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
1 août 2008 à 00:35
1 août 2008 à 00:35
MalwareByte's, SDFix et Combofix ont tous les trois détecté des fichiers infectés et les ont supprimés.
Les rapports Combofix et hijackthis ne montre pas d'autres infections.
"il me demande de débogger des lignes lors des connexions internet"
==> Comment ça ?
Par contre, tu peux encore faire trois choses qui devraient régler le message d'erreur au démarrage et fluidifier le fonctionnement de ton ordinateur :
1) Relance Hijackthis (pour la dernière fois), fais "scan system only" et coche ces lignes (pas dangereuses mains inutiles) :
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.leaderphoto.com/uploaders/aurigma_4_5_50/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.leaderphoto.com/uploaders/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.leaderphoto.com/XUpload.ocx
Ensuite, clique sur "Fix checked"
==> ça va supprimer des entrées inutiles, mais aussi empêcher les programmes superflus de se lancer dès le démarrage (Windows Live Messenger par exemple --> pour l'utiliser, il te suffira de le lancer à partir du menu démarrer ou d'un raccourci sur ton bureau)
2) Il faut absolument que tu désinstalles Norton ! Tu as déja AVG qui est bien plus performant, et deux antivirus risquent de se neutraliser et de créer des problèmes...
Désactive Norton, puis va dans menu démarrer --> panneau de configuration --> ajout/suppression de programmes --> désinstalle tous les produits Symantec et Norton
Puis clique sur ce lien et utilise l'utilitaire pour retirer les traces :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
3) Télécharge et installe CCleaner (attention à l'installation, pense à DECOCHER l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner) : https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Utilise la fonction Nettoyeur de ce logiciel, puis la fonction Registre plusieurs fois de suite pour effectuer des nettoyages (tu peux garder ce logiciel et l'utiliser régulièrement).
Les rapports Combofix et hijackthis ne montre pas d'autres infections.
"il me demande de débogger des lignes lors des connexions internet"
==> Comment ça ?
Par contre, tu peux encore faire trois choses qui devraient régler le message d'erreur au démarrage et fluidifier le fonctionnement de ton ordinateur :
1) Relance Hijackthis (pour la dernière fois), fais "scan system only" et coche ces lignes (pas dangereuses mains inutiles) :
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.leaderphoto.com/uploaders/aurigma_4_5_50/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.leaderphoto.com/uploaders/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.leaderphoto.com/XUpload.ocx
Ensuite, clique sur "Fix checked"
==> ça va supprimer des entrées inutiles, mais aussi empêcher les programmes superflus de se lancer dès le démarrage (Windows Live Messenger par exemple --> pour l'utiliser, il te suffira de le lancer à partir du menu démarrer ou d'un raccourci sur ton bureau)
2) Il faut absolument que tu désinstalles Norton ! Tu as déja AVG qui est bien plus performant, et deux antivirus risquent de se neutraliser et de créer des problèmes...
Désactive Norton, puis va dans menu démarrer --> panneau de configuration --> ajout/suppression de programmes --> désinstalle tous les produits Symantec et Norton
Puis clique sur ce lien et utilise l'utilitaire pour retirer les traces :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
3) Télécharge et installe CCleaner (attention à l'installation, pense à DECOCHER l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner) : https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Utilise la fonction Nettoyeur de ce logiciel, puis la fonction Registre plusieurs fois de suite pour effectuer des nettoyages (tu peux garder ce logiciel et l'utiliser régulièrement).
Anthony,
je te remercie pour ton aide grace à tous tes conseils, j'ai récupéré mon écran de veille, tous les paramètres du bireau et je n'ai plus le message de perte du rundll au démarreage.
merci merci merci,.
par contre depuis que j'ai choppé ce sale virus, ma connexion internet rame à fond: 3 jours pour passer d'une page à l'autre et un message d'erreur quasi sytématique à l'ouverture d'une page "erreur survenue ligne330 ou autre chiffre, voulez vous effectuer un débogage".
que puis je faire pour restaurer une connexion correcte et virer ce message d'erreur (j'ai uenconnxion wanadoo via livebox en wifi".
merci de ton aide
je te remercie pour ton aide grace à tous tes conseils, j'ai récupéré mon écran de veille, tous les paramètres du bireau et je n'ai plus le message de perte du rundll au démarreage.
merci merci merci,.
par contre depuis que j'ai choppé ce sale virus, ma connexion internet rame à fond: 3 jours pour passer d'une page à l'autre et un message d'erreur quasi sytématique à l'ouverture d'une page "erreur survenue ligne330 ou autre chiffre, voulez vous effectuer un débogage".
que puis je faire pour restaurer une connexion correcte et virer ce message d'erreur (j'ai uenconnxion wanadoo via livebox en wifi".
merci de ton aide
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
2 août 2008 à 06:15
2 août 2008 à 06:15
Franchement, je ne vois pas trop quoi te proposer d'autre :( D'après les rapports qui sont ici, ton ordinateur est maintenant sain... Ta connection ne devrait plus ramer autant
Depuis quand as-tu ce message d'erreur ? Depuis le début de l'infection, ou suite à une étape de la désinfection ?
Depuis quand as-tu ce message d'erreur ? Depuis le début de l'infection, ou suite à une étape de la désinfection ?
salut,
Ce message s'affiche depuis que j'ai choppé mon virus et il subsiste malgré la désinfection réussie.
En fait, dès que je vais sur le web, il met 3 plombes à m'ouvrir une page et m'affiche une fenêtre "erreur survenue ligne ..., voulez vous effectuer un déboggage", si je clique oui, je rentre dans le srcipt et j'y pige rien, si je clique non, il rame et ne m'affiche plus les images.
hormis ce pb, tout a été restauré de façon impec.
Sais tu d'où peut provenir ce pb.
merci de ton aide
Ce message s'affiche depuis que j'ai choppé mon virus et il subsiste malgré la désinfection réussie.
En fait, dès que je vais sur le web, il met 3 plombes à m'ouvrir une page et m'affiche une fenêtre "erreur survenue ligne ..., voulez vous effectuer un déboggage", si je clique oui, je rentre dans le srcipt et j'y pige rien, si je clique non, il rame et ne m'affiche plus les images.
hormis ce pb, tout a été restauré de façon impec.
Sais tu d'où peut provenir ce pb.
merci de ton aide
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
4 août 2008 à 15:59
4 août 2008 à 15:59
Essaye de faire un scan avec un antivirus en ligne pour voir, par exemple kaspersky (seulement avec Internet Explorer)
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
