Virus dangereux
blackss
Messages postés
106
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour, tous
jai reçus c'est 2 virus :
vulnerabilite https://securelist.fr/ c:\WINDOWS\Microsoft.net\Framework\v2.0.50727\aspnet_wp.exe moyenement dangereux
vulnerabilitehttps://securelist.fr/ c:\WINDOWS\system32\Macromed\Flash\Fash9b.ocx tres dangereux
aider moi svp urgent
jai reçus c'est 2 virus :
vulnerabilite https://securelist.fr/ c:\WINDOWS\Microsoft.net\Framework\v2.0.50727\aspnet_wp.exe moyenement dangereux
vulnerabilitehttps://securelist.fr/ c:\WINDOWS\system32\Macromed\Flash\Fash9b.ocx tres dangereux
aider moi svp urgent
A voir également:
- Virus dangereux
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
7 réponses
à lire jusqu'en bas
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
IMPORTANT
Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---clik droit sur ce dernier
et choisis "renommer" : tapes eden et valide . FAIRE AVANT TOUT LANCEMENT DE HIJACKTHIS
Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
IMPORTANT
Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---clik droit sur ce dernier
et choisis "renommer" : tapes eden et valide . FAIRE AVANT TOUT LANCEMENT DE HIJACKTHIS
Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm
merci pour ton aide voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:14:04, on 2008-09-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\program Files\Clock\Clock.exe
C:\program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program Files\Topdesk\topdesk.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{F52A8F89-06B0-4B10-BF7A-053B53AEBE78}\sign.exe
C:\program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange\browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\system32\msjava32.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\Drive\vsdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Vistadrv] "C:\Windows\Drive\vsdrv.exe"
O4 - HKCU\..\Run: [Signature] "C:\Windows\Drive\sign.exe"
O4 - HKCU\..\Run: [Horlorge] "C:\program Files\Clock\Clock.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\program Files\Windows Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon.dll" Manager.exe
O4 - HKCU\..\Run: [3D] "C:\program Files\Topdesk\topdesk.exe"
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\Drive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Signature] C:\Windows\Drive\sign.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Horlorge] C:\program Files\Clock\Clock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\program Files\Windows Sidebar\sidebar.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Radio Fr Solo 2.1
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217965862638&h=f62aceedee01913b908807ea7248ba8b/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24368A92-8C59-4422-B684-B2DD37A56BF9}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F28C925-6ACB-4651-AF88-9F88910FFA3E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF941B1A-4AB9-4BEA-B64E-4CC48FE88EE6}: NameServer = 192.168.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAE5727E-AB9F-41EB-8BB5-0A77115488F4}: NameServer = 192.168.1.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (file missing)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:14:04, on 2008-09-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\program Files\Clock\Clock.exe
C:\program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program Files\Topdesk\topdesk.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{F52A8F89-06B0-4B10-BF7A-053B53AEBE78}\sign.exe
C:\program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange\browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\system32\msjava32.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\Drive\vsdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Vistadrv] "C:\Windows\Drive\vsdrv.exe"
O4 - HKCU\..\Run: [Signature] "C:\Windows\Drive\sign.exe"
O4 - HKCU\..\Run: [Horlorge] "C:\program Files\Clock\Clock.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\program Files\Windows Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon.dll" Manager.exe
O4 - HKCU\..\Run: [3D] "C:\program Files\Topdesk\topdesk.exe"
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\Drive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Signature] C:\Windows\Drive\sign.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Horlorge] C:\program Files\Clock\Clock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\program Files\Windows Sidebar\sidebar.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Radio Fr Solo 2.1
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217965862638&h=f62aceedee01913b908807ea7248ba8b/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24368A92-8C59-4422-B684-B2DD37A56BF9}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F28C925-6ACB-4651-AF88-9F88910FFA3E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF941B1A-4AB9-4BEA-B64E-4CC48FE88EE6}: NameServer = 192.168.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAE5727E-AB9F-41EB-8BB5-0A77115488F4}: NameServer = 192.168.1.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (file missing)
je te donne un 2eme rapport javais pas renomer ce que tu m'avait dit a quoi ça sert de le renomer ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:00, on 2008-09-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\program Files\Clock\Clock.exe
C:\program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program Files\Topdesk\topdesk.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{E7CB5AFE-2FD1-4D22-82E7-1182F8964A5F}\sign.exe
C:\program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange\browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\system32\msjava32.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\Drive\vsdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Vistadrv] "C:\Windows\Drive\vsdrv.exe"
O4 - HKCU\..\Run: [Signature] "C:\Windows\Drive\sign.exe"
O4 - HKCU\..\Run: [Horlorge] "C:\program Files\Clock\Clock.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\program Files\Windows Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon.dll" Manager.exe
O4 - HKCU\..\Run: [3D] "C:\program Files\Topdesk\topdesk.exe"
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\Drive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Signature] C:\Windows\Drive\sign.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Horlorge] C:\program Files\Clock\Clock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\program Files\Windows Sidebar\sidebar.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Radio Fr Solo 2.1
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217965862638&h=f62aceedee01913b908807ea7248ba8b/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24368A92-8C59-4422-B684-B2DD37A56BF9}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F28C925-6ACB-4651-AF88-9F88910FFA3E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF941B1A-4AB9-4BEA-B64E-4CC48FE88EE6}: NameServer = 192.168.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAE5727E-AB9F-41EB-8BB5-0A77115488F4}: NameServer = 192.168.1.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (file missing)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:00, on 2008-09-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\program Files\Clock\Clock.exe
C:\program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program Files\Topdesk\topdesk.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{E7CB5AFE-2FD1-4D22-82E7-1182F8964A5F}\sign.exe
C:\program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange\browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\system32\msjava32.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\Drive\vsdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Vistadrv] "C:\Windows\Drive\vsdrv.exe"
O4 - HKCU\..\Run: [Signature] "C:\Windows\Drive\sign.exe"
O4 - HKCU\..\Run: [Horlorge] "C:\program Files\Clock\Clock.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\program Files\Windows Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon.dll" Manager.exe
O4 - HKCU\..\Run: [3D] "C:\program Files\Topdesk\topdesk.exe"
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\Drive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Signature] C:\Windows\Drive\sign.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Horlorge] C:\program Files\Clock\Clock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\program Files\Windows Sidebar\sidebar.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [3D] C:\program Files\Topdesk\topdesk.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Radio Fr Solo 2.1
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217965862638&h=f62aceedee01913b908807ea7248ba8b/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24368A92-8C59-4422-B684-B2DD37A56BF9}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F28C925-6ACB-4651-AF88-9F88910FFA3E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF941B1A-4AB9-4BEA-B64E-4CC48FE88EE6}: NameServer = 192.168.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAE5727E-AB9F-41EB-8BB5-0A77115488F4}: NameServer = 192.168.1.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (file missing)
j'analyse ton rapport pendant ce temps la fait ceci stp
Scanner le PC avec un BitDefender en ligne (uniquement sous Internet Explorer) :
https://www.bitdefender.com/toolbox/
Utilisation :
* Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
* Ensuite, cliquer sur "Cliquez ici pour scanner".
* Patienter jusqu'à la fin du scan qui peut durer assez longtemps...
Copier/coller le rapport entier sur le forum.
Scanner le PC avec un BitDefender en ligne (uniquement sous Internet Explorer) :
https://www.bitdefender.com/toolbox/
Utilisation :
* Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
* Ensuite, cliquer sur "Cliquez ici pour scanner".
* Patienter jusqu'à la fin du scan qui peut durer assez longtemps...
Copier/coller le rapport entier sur le forum.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voila le rapport
BitDefender Online Scanner
Scan report generated at: Tue, Sep 23, 2008 - 19:15:07
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:45:42
Files
223819
Folders
4807
Boot Sectors
0
Archives
2577
Packed Files
14307
Results
Identified Viruses
3
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
1784270
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 10 2008 19:37:42)
Scan plugins
16
Archive plugins
43
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\AdVantage\AdVantage.exe
Detected with: Adware.Generic.29552
C:\Program Files\AdVantage\AdVantage.exe
Deleted
C:\Program Files\AdVantage\TR.dll
Detected with: Application.Memedia.B
C:\Program Files\AdVantage\TR.dll
Disinfection failed
C:\Program Files\AdVantage\TR.dll
Deleted
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP623\A0113963.exe=>(Instyler o)=>(Instyler Module 224)
Infected with: Trojan.Generic.264931
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP623\A0113963.exe=>(Instyler o)=>(Instyler Module 224)
Deleted
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP623\A0113963.exe=>(Instyler o)
Update failed
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119086.exe
Detected with: Adware.Generic.29552
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119086.exe
Deleted
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119087.dll
Detected with: Application.Memedia.B
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119087.dll
Disinfection failed
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119087.dll
Deleted
BitDefender Online Scanner
Scan report generated at: Tue, Sep 23, 2008 - 19:15:07
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:45:42
Files
223819
Folders
4807
Boot Sectors
0
Archives
2577
Packed Files
14307
Results
Identified Viruses
3
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
1784270
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 10 2008 19:37:42)
Scan plugins
16
Archive plugins
43
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\AdVantage\AdVantage.exe
Detected with: Adware.Generic.29552
C:\Program Files\AdVantage\AdVantage.exe
Deleted
C:\Program Files\AdVantage\TR.dll
Detected with: Application.Memedia.B
C:\Program Files\AdVantage\TR.dll
Disinfection failed
C:\Program Files\AdVantage\TR.dll
Deleted
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP623\A0113963.exe=>(Instyler o)=>(Instyler Module 224)
Infected with: Trojan.Generic.264931
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP623\A0113963.exe=>(Instyler o)=>(Instyler Module 224)
Deleted
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP623\A0113963.exe=>(Instyler o)
Update failed
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119086.exe
Detected with: Adware.Generic.29552
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119086.exe
Deleted
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119087.dll
Detected with: Application.Memedia.B
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119087.dll
Disinfection failed
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119087.dll
Deleted
jai le rapport mai je pe pas faire couper coller
BitDefender Online Scanner
Scan report generated at: Tue, Sep 23, 2008 - 19:15:07
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:45:42
Files
223819
Folders
4807
Boot Sectors
0
Archives
2577
Packed Files
14307
Results
Identified Viruses
3
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
1784270
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 10 2008 19:37:42)
Scan plugins
16
Archive plugins
43
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\AdVantage\AdVantage.exe
Detected with: Adware.Generic.29552
C:\Program Files\AdVantage\AdVantage.exe
Deleted
C:\Program Files\AdVantage\TR.dll
Detected with: Application.Memedia.B
C:\Program Files\AdVantage\TR.dll
Disinfection failed
C:\Program Files\AdVantage\TR.dll
Deleted
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP623\A0113963.exe=>(Instyler o)=>(Instyler Module 224)
Infected with: Trojan.Generic.264931
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP623\A0113963.exe=>(Instyler o)=>(Instyler Module 224)
Deleted
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP623\A0113963.exe=>(Instyler o)
Update failed
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119086.exe
Detected with: Adware.Generic.29552
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119086.exe
Deleted
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119087.dll
Detected with: Application.Memedia.B
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119087.dll
Disinfection failed
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119087.dll
Deleted
BitDefender Online Scanner
Scan report generated at: Tue, Sep 23, 2008 - 19:15:07
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:45:42
Files
223819
Folders
4807
Boot Sectors
0
Archives
2577
Packed Files
14307
Results
Identified Viruses
3
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
1784270
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 10 2008 19:37:42)
Scan plugins
16
Archive plugins
43
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\AdVantage\AdVantage.exe
Detected with: Adware.Generic.29552
C:\Program Files\AdVantage\AdVantage.exe
Deleted
C:\Program Files\AdVantage\TR.dll
Detected with: Application.Memedia.B
C:\Program Files\AdVantage\TR.dll
Disinfection failed
C:\Program Files\AdVantage\TR.dll
Deleted
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP623\A0113963.exe=>(Instyler o)=>(Instyler Module 224)
Infected with: Trojan.Generic.264931
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP623\A0113963.exe=>(Instyler o)=>(Instyler Module 224)
Deleted
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP623\A0113963.exe=>(Instyler o)
Update failed
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119086.exe
Detected with: Adware.Generic.29552
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119086.exe
Deleted
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119087.dll
Detected with: Application.Memedia.B
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119087.dll
Disinfection failed
C:\System Volume Information\_restore{D84C33C0-3A50-40A9-B62E-4B620230C09C}\RP629\A0119087.dll
Deleted
jai le rapport mai je pe pas faire couper coller
bonjour
A LIRE JUSQU'EN BAS
Télécharges ComboFix à partir d'un de ces liens :
En premier
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
A LIRE JUSQU'EN BAS
Télécharges ComboFix à partir d'un de ces liens :
En premier
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
bonjou
excuse moi de te repondre que maintenant mai je vien juste de rentrer chez moi je croyait que tu m'avait laisser tomber avec mon probleme je te remerci de continuer a m'aider voila le rapport
ComboFix 08-09-22.06 - Administrateur 2008-09-24 14:19:26.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1507 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Documents and Settings\Administrateur\Cookies\administrateur@ad.yieldmanager[3].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@reussissonsensemble[1].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@youtube[3].txt
C:\WINDOWS\system32\netwbix32.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-24 au 2008-09-24 ))))))))))))))))))))))))))))))))))))
.
2008-09-23 18:26 . 2008-09-23 19:15 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-23 14:10 . 2008-09-23 14:10 <REP> d-------- C:\Program Files\Common Files
2008-09-23 14:07 . 2008-09-23 14:08 <REP> d-------- C:\Program Files\Avanquest update
2008-09-23 14:06 . 2008-09-23 14:11 <REP> d-------- C:\Program Files\Motorola Phone Tools
2008-09-23 14:06 . 2008-09-23 14:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-23 14:06 . 2008-09-23 14:06 92,064 --a------ C:\Documents and Settings\Administrateur\mqdmmdm.sys
2008-09-23 14:06 . 2008-09-23 14:06 79,328 --a------ C:\Documents and Settings\Administrateur\mqdmserd.sys
2008-09-23 14:06 . 2008-09-23 14:06 66,656 --a------ C:\Documents and Settings\Administrateur\mqdmbus.sys
2008-09-23 14:06 . 2008-09-23 14:06 25,600 --a------ C:\Documents and Settings\Administrateur\usbsermptxp.sys
2008-09-23 14:06 . 2003-12-26 09:22 24,192 --a------ C:\WINDOWS\system32\drivers\USBSER.SYS
2008-09-23 14:06 . 2003-12-26 09:22 24,192 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-09-23 14:06 . 2008-09-23 14:06 22,768 --a------ C:\Documents and Settings\Administrateur\usbsermpt.sys
2008-09-23 14:06 . 2008-09-23 14:06 9,232 --a------ C:\Documents and Settings\Administrateur\mqdmmdfl.sys
2008-09-23 14:06 . 2008-09-23 14:06 6,208 --a------ C:\Documents and Settings\Administrateur\mqdmcmnt.sys
2008-09-23 14:06 . 2008-09-23 14:06 5,936 --a------ C:\Documents and Settings\Administrateur\mqdmwhnt.sys
2008-09-23 14:06 . 2008-09-23 14:06 4,048 --a------ C:\Documents and Settings\Administrateur\mqdmcr.sys
2008-09-23 11:08 . 2008-09-23 11:08 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-23 11:08 . 2008-09-23 11:08 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-09-23 03:53 . 2008-09-23 03:53 <REP> d-------- C:\Program Files\Fichiers communs\Motorola Shared
2008-09-23 03:53 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-09-23 03:53 . 2007-02-27 14:31 21,504 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-09-22 02:53 . 2008-09-22 02:56 <REP> d-------- C:\Program Files\Lphant
2008-09-22 02:53 . 2008-09-23 18:43 <REP> d-------- C:\Program Files\AdVantage
2008-09-20 04:41 . 2008-09-20 04:41 <REP> d-------- C:\Program Files\Sunbelt Software
2008-09-19 16:44 . 2006-07-05 13:56 116,385 --a------ C:\WINDOWS\system32\msjava32.dat
2008-09-19 16:43 . 2006-11-26 21:40 327,680 --a------ C:\WINDOWS\system32\msjava32.dll
2008-09-19 16:43 . 2006-11-26 21:40 294,912 --a------ C:\WINDOWS\system32\MovieCTL.dll
2008-09-19 15:51 . 2008-09-19 16:01 <REP> d-------- C:\chat.dragon
2008-09-19 07:29 . 2008-09-19 07:49 2,292 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-19 07:28 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-19 07:28 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-19 07:28 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-19 07:28 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-19 07:28 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-19 07:28 . 2008-09-18 12:11 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-19 07:28 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-19 07:28 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-19 07:28 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-19 07:28 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-19 06:44 . 2008-09-19 07:14 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-19 06:44 . 2008-09-19 06:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-19 06:44 . 2008-09-19 06:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-19 06:44 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-19 06:44 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-18 02:14 . 2008-09-19 14:33 <REP> d-------- C:\Program Files\Trend Micro
2008-09-17 12:59 . 2008-09-18 22:40 2,300 --a------ C:\Documents and Settings\Orph.egd
2008-09-16 20:22 . 2008-09-16 20:22 <REP> d-------- C:\Temp
2008-09-16 20:21 . 2008-09-24 14:21 322 --a------ C:\WINDOWS\lgfwup.ini
2008-09-16 20:20 . 2008-09-24 14:21 <REP> d-------- C:\Program Files\lg_fwupdate
2008-09-16 20:20 . 1998-07-22 00:00 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2008-09-16 20:20 . 1998-07-22 00:00 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL
2008-09-16 20:20 . 2006-02-17 14:19 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2008-09-16 20:14 . 2008-09-16 20:16 <REP> d-------- C:\Program Files\CyberLink
2008-09-16 20:09 . 2008-09-16 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-09-16 20:06 . 2008-09-16 20:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-16 20:04 . 2008-09-16 20:09 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-09-16 01:41 . 2008-09-16 01:41 <REP> d-------- C:\Program Files\SAGEM
2008-09-16 01:40 . 2008-09-16 01:40 <REP> d-------- C:\Program Files\Securitoo
2008-09-16 01:00 . 2008-09-16 01:00 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-15 22:53 . 2007-11-26 14:46 316 --a------ C:\WINDOWS\yes_messenger.ini
2008-09-10 01:05 . 2008-09-10 01:05 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-09-09 20:12 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll
2008-09-09 12:52 . 2008-09-09 12:52 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2008-09-09 12:52 . 2008-09-09 12:52 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-09 12:18 . 2008-09-09 12:18 <REP> d-------- C:\Program Files\Codemasters
2008-09-05 03:33 . 2008-09-05 03:33 <REP> d-------- C:\Program Files\Foxit Software
2008-09-05 02:24 . 2008-09-05 03:20 <REP> d-------- C:\Program Files\NOS
2008-09-05 02:24 . 2008-09-05 03:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-05 01:00 . 2008-09-14 11:49 <REP> d-------- C:\Program Files\Radio Fr Solo
2008-09-05 01:00 . 2008-09-14 11:49 1,208 --a------ C:\WINDOWS\Radio_Fr.ini
2008-09-04 22:48 . 2008-09-04 22:50 <REP> d-------- C:\WINDOWS\NV468704.TMP
2008-09-04 19:11 . 2008-09-04 19:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ItsLabel
2008-09-04 18:07 . 2008-09-05 15:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EoRezo
2008-09-04 17:19 . 2008-09-04 17:19 <REP> d-------- C:\Program Files\directx
2008-09-04 17:16 . 2008-09-04 17:16 <REP> d-------- C:\Program Files\Slitherine
2008-09-02 19:52 . 2008-09-23 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-02 19:52 . 2008-09-02 21:16 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-02 19:52 . 2008-09-02 21:16 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-02 19:52 . 2008-09-24 14:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-02 19:52 . 2008-09-24 14:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-02 19:52 . 2008-09-24 14:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-02 19:52 . 2008-09-24 14:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-29 20:35 . 2008-08-29 22:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe(2)
2008-08-27 14:36 . 2008-08-27 14:59 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-24 16:29 . 2008-08-24 16:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-08-24 16:23 . 2008-08-24 17:18 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-08-24 13:31 . 2008-08-24 17:18 <REP> d-------- C:\Program Files\Cheatbook Database 2008
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 12:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 00:38 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-09-19 18:31 --------- d-----w C:\Program Files\DivX
2008-09-16 18:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-15 23:45 --------- d-----w C:\Program Files\Orange
2008-09-15 23:02 --------- d-----w C:\Program Files\Lavasoft
2008-09-15 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-09 23:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-05 01:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-04 04:28 --------- d-----w C:\Program Files\FoxitReader
2008-09-02 17:52 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-30 11:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-08-30 01:31 164 ----a-w C:\install.dat
2008-08-29 23:24 --------- d-----w C:\Program Files\Everest
2008-08-29 22:16 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AdobeUM
2008-08-24 14:23 --------- d-----w C:\Program Files\Nero
2008-08-18 13:39 1,181 ----a-w C:\Documents and Settings\Administrateur\STATS.DAT
2008-08-17 14:38 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Win Novation
2008-08-14 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-08-13 18:07 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-08-13 17:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-08-13 17:58 --------- d-----w C:\Program Files\Real
2008-08-13 17:57 --------- d-----w C:\Program Files\Google
2008-08-13 15:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-12 10:08 --------- d-----w C:\Program Files\Conduit
2008-08-11 11:14 --------- d-----w C:\Program Files\FreeGamePick.com
2008-08-11 01:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\DeepBurner
2008-08-11 01:49 --------- d-----w C:\Program Files\Astonsoft
2008-08-11 00:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\DivX
2008-08-10 11:33 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-08-10 11:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-08-10 00:13 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-08-10 00:12 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-09 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-09 22:35 --------- d-----w C:\Program Files\Yahoo!
2008-08-07 17:54 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-08-07 13:27 --------- d-----w C:\Program Files\Electronic Arts
2008-08-07 02:38 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-07 02:37 --------- d-----w C:\Program Files\Windows Live
2008-08-05 21:08 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-05 20:43 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-05 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-05 19:50 --------- d-----w C:\Program Files\Sun
2008-08-05 19:50 --------- d-----w C:\Program Files\Java
2008-08-05 19:50 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-08-05 17:49 --------- d-----w C:\Program Files\Fichiers communs\France Telecom
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:18 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:30 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2004-02-27 03:01 643,072 ----a-w C:\Documents and Settings\Bin32\CrySystem.dll
2004-02-27 03:01 1,441,792 ----a-w C:\Documents and Settings\Bin32\XRenderOGL.dll
2004-02-27 02:58 548,864 ----a-w C:\Documents and Settings\Bin32\XRenderNULL.dll
2004-02-27 02:58 32,768 ----a-w C:\Documents and Settings\Bin32\FarCry_WinSV.exe
2004-02-27 02:57 1,228,983 ----a-w C:\Documents and Settings\Bin32\FarCry.exe
2004-02-27 02:56 4,182,016 ----a-w C:\Documents and Settings\Bin32\Editor.exe
2004-02-27 02:51 1,667,072 ----a-w C:\Documents and Settings\Bin32\CryGame.dll
2004-02-27 02:50 90,112 ----a-w C:\Documents and Settings\Bin32\CryInput.dll
2004-02-27 02:49 147,456 ----a-w C:\Documents and Settings\Bin32\CryMovie.dll
2004-02-27 02:49 131,072 ----a-w C:\Documents and Settings\Bin32\CryNetwork.dll
2004-02-27 02:49 1,019,904 ----a-w C:\Documents and Settings\Bin32\CryPhysics.dll
2004-02-27 02:46 630,784 ----a-w C:\Documents and Settings\Bin32\Cry3DEngine.dll
2004-02-27 02:45 274,432 ----a-w C:\Documents and Settings\Bin32\CrySoundSystem.dll
2004-02-27 02:45 270,336 ----a-w C:\Documents and Settings\Bin32\CryFont.dll
2004-02-27 02:44 471,040 ----a-w C:\Documents and Settings\Bin32\CryAnimation.dll
2004-02-27 02:44 204,800 ----a-w C:\Documents and Settings\Bin32\CryEntitySystem.dll
2004-02-27 02:42 2,768,896 ----a-w C:\Documents and Settings\Bin32\XRenderD3D9.dll
2004-02-27 02:40 417,792 ----a-w C:\Documents and Settings\Bin32\CryAISystem.dll
2004-02-27 02:39 217,088 ----a-w C:\Documents and Settings\Bin32\ResourceCompilerPC.dll
2004-02-27 02:39 135,168 ----a-w C:\Documents and Settings\Bin32\CryScriptSystem.dll
2004-02-26 11:41 413,696 ----a-w C:\Documents and Settings\Bin32\FarCryConfigurator.exe
2004-02-23 23:18 172,032 ----a-w C:\Documents and Settings\Bin32\FarCryConfigSpa.dll
2004-02-23 23:18 172,032 ----a-w C:\Documents and Settings\Bin32\FarCryConfigIta.dll
2004-02-23 23:18 172,032 ----a-w C:\Documents and Settings\Bin32\FarCryConfigGer.dll
2004-02-23 23:18 172,032 ----a-w C:\Documents and Settings\Bin32\FarCryConfigFre.dll
2004-02-23 23:18 172,032 ----a-w C:\Documents and Settings\Bin32\FarCryConfigEng.dll
2004-02-11 17:23 1,106 ----a-w C:\Documents and Settings\Mods\PackerForDistrib.bat
2003-11-04 08:24 323,584 ----a-w C:\Documents and Settings\Bin32\crysound.dll
2003-10-09 14:42 86,016 ----a-w C:\Documents and Settings\Bin32\LuaCompiler.exe
2003-10-01 15:43 390,144 ----a-r C:\Documents and Settings\Register\regsetup.exe
2003-09-12 12:15 790,528 ----a-w C:\Documents and Settings\Bin32\fxc.exe
2003-07-07 11:14 876,544 ----a-w C:\Documents and Settings\Bin32\cg.dll
2006-07-29 18:18 112 --sha-w C:\WINDOWS\Drive\unistl.cmd
2007-11-02 18:09 56 --sh--r C:\WINDOWS\system32\13D592AEF1.sys
.
------- Sigcheck -------
2006-11-29 21:40 1722368 3d1366302bcd4a1d75060989a146c815 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vistadrv"="C:\Windows\Drive\vsdrv.exe" [2006-07-30 121089]
"Signature"="C:\Windows\Drive\sign.exe" [2006-11-11 435200]
"Horlorge"="C:\program Files\Clock\Clock.exe" [2006-11-11 142848]
"Sidebar"="C:\program Files\Windows Sidebar\sidebar.exe" [2006-11-12 1248768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"UberIcon"="C:\Program Files\UberIcon\UberIcon.dll" [2005-08-12 65536]
"3D"="C:\program Files\Topdesk\topdesk.exe" [2006-11-06 195584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vistadrv"="C:\WINDOWS\Drive\vsdrv.exe" [2006-07-30 121089]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-09-16 249856]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"3D"="C:\program Files\Topdesk\topdesk.exe" [2006-11-06 195584]
"Vistadrv"="C:\Windows\Drive\vsdrv.exe" [2006-07-30 121089]
"Signature"="C:\Windows\Drive\sign.exe" [2006-11-11 435200]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-11-11 241664]
"Horlorge"="C:\program Files\Clock\Clock.exe" [2006-11-11 142848]
"Sidebar"="C:\program Files\Windows Sidebar\sidebar.exe" [2006-11-12 1248768]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Lphant\\eLePhantClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14787:TCP"= 14787:TCP:BitComet 14787 TCP
"14787:UDP"= 14787:UDP:BitComet 14787 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-17 104456]
R3 KEYBOARDWDFilter;KEYBOARDWDFilter;C:\WINDOWS\System32\Drivers\KEYBOARDWD.SYS [2006-07-17 6528]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [ ]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [ ]
S3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [ ]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-LinksFolderName - (no file)
Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
HKCU-Run-MsgCenterExe - C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
HKLM-Run-EoEngine - (no file)
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
Notify-WgaLogon - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\x3ue2f90.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://lo.st
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 14:22:04
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{BAA75D6A-AFE7-4715-BF11-384F8493E583}\sign.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-09-24 14:24:23 - La machine a redémarré [Administrateur]
ComboFix-quarantined-files.txt 2008-09-24 12:24:19
Avant-CF: 23,352,311,808 octets libres
Après-CF: 23,539,048,448 octets libres
320 --- E O F --- 2008-09-24 03:01:01
excuse moi de te repondre que maintenant mai je vien juste de rentrer chez moi je croyait que tu m'avait laisser tomber avec mon probleme je te remerci de continuer a m'aider voila le rapport
ComboFix 08-09-22.06 - Administrateur 2008-09-24 14:19:26.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1507 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Documents and Settings\Administrateur\Cookies\administrateur@ad.yieldmanager[3].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@reussissonsensemble[1].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@youtube[3].txt
C:\WINDOWS\system32\netwbix32.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-24 au 2008-09-24 ))))))))))))))))))))))))))))))))))))
.
2008-09-23 18:26 . 2008-09-23 19:15 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-23 14:10 . 2008-09-23 14:10 <REP> d-------- C:\Program Files\Common Files
2008-09-23 14:07 . 2008-09-23 14:08 <REP> d-------- C:\Program Files\Avanquest update
2008-09-23 14:06 . 2008-09-23 14:11 <REP> d-------- C:\Program Files\Motorola Phone Tools
2008-09-23 14:06 . 2008-09-23 14:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-23 14:06 . 2008-09-23 14:06 92,064 --a------ C:\Documents and Settings\Administrateur\mqdmmdm.sys
2008-09-23 14:06 . 2008-09-23 14:06 79,328 --a------ C:\Documents and Settings\Administrateur\mqdmserd.sys
2008-09-23 14:06 . 2008-09-23 14:06 66,656 --a------ C:\Documents and Settings\Administrateur\mqdmbus.sys
2008-09-23 14:06 . 2008-09-23 14:06 25,600 --a------ C:\Documents and Settings\Administrateur\usbsermptxp.sys
2008-09-23 14:06 . 2003-12-26 09:22 24,192 --a------ C:\WINDOWS\system32\drivers\USBSER.SYS
2008-09-23 14:06 . 2003-12-26 09:22 24,192 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-09-23 14:06 . 2008-09-23 14:06 22,768 --a------ C:\Documents and Settings\Administrateur\usbsermpt.sys
2008-09-23 14:06 . 2008-09-23 14:06 9,232 --a------ C:\Documents and Settings\Administrateur\mqdmmdfl.sys
2008-09-23 14:06 . 2008-09-23 14:06 6,208 --a------ C:\Documents and Settings\Administrateur\mqdmcmnt.sys
2008-09-23 14:06 . 2008-09-23 14:06 5,936 --a------ C:\Documents and Settings\Administrateur\mqdmwhnt.sys
2008-09-23 14:06 . 2008-09-23 14:06 4,048 --a------ C:\Documents and Settings\Administrateur\mqdmcr.sys
2008-09-23 11:08 . 2008-09-23 11:08 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-23 11:08 . 2008-09-23 11:08 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-09-23 03:53 . 2008-09-23 03:53 <REP> d-------- C:\Program Files\Fichiers communs\Motorola Shared
2008-09-23 03:53 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-09-23 03:53 . 2007-02-27 14:31 21,504 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-09-22 02:53 . 2008-09-22 02:56 <REP> d-------- C:\Program Files\Lphant
2008-09-22 02:53 . 2008-09-23 18:43 <REP> d-------- C:\Program Files\AdVantage
2008-09-20 04:41 . 2008-09-20 04:41 <REP> d-------- C:\Program Files\Sunbelt Software
2008-09-19 16:44 . 2006-07-05 13:56 116,385 --a------ C:\WINDOWS\system32\msjava32.dat
2008-09-19 16:43 . 2006-11-26 21:40 327,680 --a------ C:\WINDOWS\system32\msjava32.dll
2008-09-19 16:43 . 2006-11-26 21:40 294,912 --a------ C:\WINDOWS\system32\MovieCTL.dll
2008-09-19 15:51 . 2008-09-19 16:01 <REP> d-------- C:\chat.dragon
2008-09-19 07:29 . 2008-09-19 07:49 2,292 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-19 07:28 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-19 07:28 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-19 07:28 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-19 07:28 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-19 07:28 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-19 07:28 . 2008-09-18 12:11 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-19 07:28 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-19 07:28 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-19 07:28 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-19 07:28 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-19 06:44 . 2008-09-19 07:14 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-19 06:44 . 2008-09-19 06:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-19 06:44 . 2008-09-19 06:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-19 06:44 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-19 06:44 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-18 02:14 . 2008-09-19 14:33 <REP> d-------- C:\Program Files\Trend Micro
2008-09-17 12:59 . 2008-09-18 22:40 2,300 --a------ C:\Documents and Settings\Orph.egd
2008-09-16 20:22 . 2008-09-16 20:22 <REP> d-------- C:\Temp
2008-09-16 20:21 . 2008-09-24 14:21 322 --a------ C:\WINDOWS\lgfwup.ini
2008-09-16 20:20 . 2008-09-24 14:21 <REP> d-------- C:\Program Files\lg_fwupdate
2008-09-16 20:20 . 1998-07-22 00:00 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2008-09-16 20:20 . 1998-07-22 00:00 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL
2008-09-16 20:20 . 2006-02-17 14:19 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2008-09-16 20:14 . 2008-09-16 20:16 <REP> d-------- C:\Program Files\CyberLink
2008-09-16 20:09 . 2008-09-16 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-09-16 20:06 . 2008-09-16 20:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-16 20:04 . 2008-09-16 20:09 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-09-16 01:41 . 2008-09-16 01:41 <REP> d-------- C:\Program Files\SAGEM
2008-09-16 01:40 . 2008-09-16 01:40 <REP> d-------- C:\Program Files\Securitoo
2008-09-16 01:00 . 2008-09-16 01:00 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-15 22:53 . 2007-11-26 14:46 316 --a------ C:\WINDOWS\yes_messenger.ini
2008-09-10 01:05 . 2008-09-10 01:05 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-09-09 20:12 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll
2008-09-09 12:52 . 2008-09-09 12:52 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2008-09-09 12:52 . 2008-09-09 12:52 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-09 12:18 . 2008-09-09 12:18 <REP> d-------- C:\Program Files\Codemasters
2008-09-05 03:33 . 2008-09-05 03:33 <REP> d-------- C:\Program Files\Foxit Software
2008-09-05 02:24 . 2008-09-05 03:20 <REP> d-------- C:\Program Files\NOS
2008-09-05 02:24 . 2008-09-05 03:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-05 01:00 . 2008-09-14 11:49 <REP> d-------- C:\Program Files\Radio Fr Solo
2008-09-05 01:00 . 2008-09-14 11:49 1,208 --a------ C:\WINDOWS\Radio_Fr.ini
2008-09-04 22:48 . 2008-09-04 22:50 <REP> d-------- C:\WINDOWS\NV468704.TMP
2008-09-04 19:11 . 2008-09-04 19:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ItsLabel
2008-09-04 18:07 . 2008-09-05 15:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EoRezo
2008-09-04 17:19 . 2008-09-04 17:19 <REP> d-------- C:\Program Files\directx
2008-09-04 17:16 . 2008-09-04 17:16 <REP> d-------- C:\Program Files\Slitherine
2008-09-02 19:52 . 2008-09-23 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-02 19:52 . 2008-09-02 21:16 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-02 19:52 . 2008-09-02 21:16 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-02 19:52 . 2008-09-24 14:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-02 19:52 . 2008-09-24 14:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-02 19:52 . 2008-09-24 14:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-02 19:52 . 2008-09-24 14:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-29 20:35 . 2008-08-29 22:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe(2)
2008-08-27 14:36 . 2008-08-27 14:59 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-24 16:29 . 2008-08-24 16:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-08-24 16:23 . 2008-08-24 17:18 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-08-24 13:31 . 2008-08-24 17:18 <REP> d-------- C:\Program Files\Cheatbook Database 2008
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 12:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 00:38 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-09-19 18:31 --------- d-----w C:\Program Files\DivX
2008-09-16 18:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-15 23:45 --------- d-----w C:\Program Files\Orange
2008-09-15 23:02 --------- d-----w C:\Program Files\Lavasoft
2008-09-15 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-09 23:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-05 01:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-04 04:28 --------- d-----w C:\Program Files\FoxitReader
2008-09-02 17:52 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-30 11:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-08-30 01:31 164 ----a-w C:\install.dat
2008-08-29 23:24 --------- d-----w C:\Program Files\Everest
2008-08-29 22:16 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AdobeUM
2008-08-24 14:23 --------- d-----w C:\Program Files\Nero
2008-08-18 13:39 1,181 ----a-w C:\Documents and Settings\Administrateur\STATS.DAT
2008-08-17 14:38 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Win Novation
2008-08-14 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-08-13 18:07 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-08-13 17:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-08-13 17:58 --------- d-----w C:\Program Files\Real
2008-08-13 17:57 --------- d-----w C:\Program Files\Google
2008-08-13 15:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-12 10:08 --------- d-----w C:\Program Files\Conduit
2008-08-11 11:14 --------- d-----w C:\Program Files\FreeGamePick.com
2008-08-11 01:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\DeepBurner
2008-08-11 01:49 --------- d-----w C:\Program Files\Astonsoft
2008-08-11 00:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\DivX
2008-08-10 11:33 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-08-10 11:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-08-10 00:13 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-08-10 00:12 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-09 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-09 22:35 --------- d-----w C:\Program Files\Yahoo!
2008-08-07 17:54 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-08-07 13:27 --------- d-----w C:\Program Files\Electronic Arts
2008-08-07 02:38 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-07 02:37 --------- d-----w C:\Program Files\Windows Live
2008-08-05 21:08 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-05 20:43 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-05 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-05 19:50 --------- d-----w C:\Program Files\Sun
2008-08-05 19:50 --------- d-----w C:\Program Files\Java
2008-08-05 19:50 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-08-05 17:49 --------- d-----w C:\Program Files\Fichiers communs\France Telecom
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:18 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:30 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2004-02-27 03:01 643,072 ----a-w C:\Documents and Settings\Bin32\CrySystem.dll
2004-02-27 03:01 1,441,792 ----a-w C:\Documents and Settings\Bin32\XRenderOGL.dll
2004-02-27 02:58 548,864 ----a-w C:\Documents and Settings\Bin32\XRenderNULL.dll
2004-02-27 02:58 32,768 ----a-w C:\Documents and Settings\Bin32\FarCry_WinSV.exe
2004-02-27 02:57 1,228,983 ----a-w C:\Documents and Settings\Bin32\FarCry.exe
2004-02-27 02:56 4,182,016 ----a-w C:\Documents and Settings\Bin32\Editor.exe
2004-02-27 02:51 1,667,072 ----a-w C:\Documents and Settings\Bin32\CryGame.dll
2004-02-27 02:50 90,112 ----a-w C:\Documents and Settings\Bin32\CryInput.dll
2004-02-27 02:49 147,456 ----a-w C:\Documents and Settings\Bin32\CryMovie.dll
2004-02-27 02:49 131,072 ----a-w C:\Documents and Settings\Bin32\CryNetwork.dll
2004-02-27 02:49 1,019,904 ----a-w C:\Documents and Settings\Bin32\CryPhysics.dll
2004-02-27 02:46 630,784 ----a-w C:\Documents and Settings\Bin32\Cry3DEngine.dll
2004-02-27 02:45 274,432 ----a-w C:\Documents and Settings\Bin32\CrySoundSystem.dll
2004-02-27 02:45 270,336 ----a-w C:\Documents and Settings\Bin32\CryFont.dll
2004-02-27 02:44 471,040 ----a-w C:\Documents and Settings\Bin32\CryAnimation.dll
2004-02-27 02:44 204,800 ----a-w C:\Documents and Settings\Bin32\CryEntitySystem.dll
2004-02-27 02:42 2,768,896 ----a-w C:\Documents and Settings\Bin32\XRenderD3D9.dll
2004-02-27 02:40 417,792 ----a-w C:\Documents and Settings\Bin32\CryAISystem.dll
2004-02-27 02:39 217,088 ----a-w C:\Documents and Settings\Bin32\ResourceCompilerPC.dll
2004-02-27 02:39 135,168 ----a-w C:\Documents and Settings\Bin32\CryScriptSystem.dll
2004-02-26 11:41 413,696 ----a-w C:\Documents and Settings\Bin32\FarCryConfigurator.exe
2004-02-23 23:18 172,032 ----a-w C:\Documents and Settings\Bin32\FarCryConfigSpa.dll
2004-02-23 23:18 172,032 ----a-w C:\Documents and Settings\Bin32\FarCryConfigIta.dll
2004-02-23 23:18 172,032 ----a-w C:\Documents and Settings\Bin32\FarCryConfigGer.dll
2004-02-23 23:18 172,032 ----a-w C:\Documents and Settings\Bin32\FarCryConfigFre.dll
2004-02-23 23:18 172,032 ----a-w C:\Documents and Settings\Bin32\FarCryConfigEng.dll
2004-02-11 17:23 1,106 ----a-w C:\Documents and Settings\Mods\PackerForDistrib.bat
2003-11-04 08:24 323,584 ----a-w C:\Documents and Settings\Bin32\crysound.dll
2003-10-09 14:42 86,016 ----a-w C:\Documents and Settings\Bin32\LuaCompiler.exe
2003-10-01 15:43 390,144 ----a-r C:\Documents and Settings\Register\regsetup.exe
2003-09-12 12:15 790,528 ----a-w C:\Documents and Settings\Bin32\fxc.exe
2003-07-07 11:14 876,544 ----a-w C:\Documents and Settings\Bin32\cg.dll
2006-07-29 18:18 112 --sha-w C:\WINDOWS\Drive\unistl.cmd
2007-11-02 18:09 56 --sh--r C:\WINDOWS\system32\13D592AEF1.sys
.
------- Sigcheck -------
2006-11-29 21:40 1722368 3d1366302bcd4a1d75060989a146c815 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vistadrv"="C:\Windows\Drive\vsdrv.exe" [2006-07-30 121089]
"Signature"="C:\Windows\Drive\sign.exe" [2006-11-11 435200]
"Horlorge"="C:\program Files\Clock\Clock.exe" [2006-11-11 142848]
"Sidebar"="C:\program Files\Windows Sidebar\sidebar.exe" [2006-11-12 1248768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"UberIcon"="C:\Program Files\UberIcon\UberIcon.dll" [2005-08-12 65536]
"3D"="C:\program Files\Topdesk\topdesk.exe" [2006-11-06 195584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vistadrv"="C:\WINDOWS\Drive\vsdrv.exe" [2006-07-30 121089]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-09-16 249856]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"3D"="C:\program Files\Topdesk\topdesk.exe" [2006-11-06 195584]
"Vistadrv"="C:\Windows\Drive\vsdrv.exe" [2006-07-30 121089]
"Signature"="C:\Windows\Drive\sign.exe" [2006-11-11 435200]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-11-11 241664]
"Horlorge"="C:\program Files\Clock\Clock.exe" [2006-11-11 142848]
"Sidebar"="C:\program Files\Windows Sidebar\sidebar.exe" [2006-11-12 1248768]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Lphant\\eLePhantClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14787:TCP"= 14787:TCP:BitComet 14787 TCP
"14787:UDP"= 14787:UDP:BitComet 14787 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-17 104456]
R3 KEYBOARDWDFilter;KEYBOARDWDFilter;C:\WINDOWS\System32\Drivers\KEYBOARDWD.SYS [2006-07-17 6528]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [ ]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [ ]
S3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [ ]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-LinksFolderName - (no file)
Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
HKCU-Run-MsgCenterExe - C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
HKLM-Run-EoEngine - (no file)
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
Notify-WgaLogon - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\x3ue2f90.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://lo.st
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 14:22:04
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{BAA75D6A-AFE7-4715-BF11-384F8493E583}\sign.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-09-24 14:24:23 - La machine a redémarré [Administrateur]
ComboFix-quarantined-files.txt 2008-09-24 12:24:19
Avant-CF: 23,352,311,808 octets libres
Après-CF: 23,539,048,448 octets libres
320 --- E O F --- 2008-09-24 03:01:01
