Probème trojan
dalcan
Messages postés
15
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,voici mon probème PC lent vidéo au ralenti etc... J ai scaner mon pc avec noton pas de resultat je l ai donc désinstaller et mis à la place antivir puis avast . Avast me reconnais 1 ou 2 trojan mais il ne l ai met pas en quarantaine ,j ai fini par installer a-squared et la miracle plusieurs problèmes en quarantaine voici le rapport ,mais bon toujours des souçis UC à 100% sauf quand je stop l'arborescence du procesus (epm-dm.exe) .merci
Version - a-squared Free 3.5
Dernière mise à jour : 27/10/2008 18:08:06
Paramètres des balayages :
Éléments : Mémoire, Traces, Cookies, C:\, D:\
Balaye dans les archives : Marche
Analyse heuristique : Marche
Balaye dans les ADS : Marche
Début du balayage : 27/10/2008 18:18:04
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> ApplicationName Objets détectés : Trace.Registry.Autumn Waterfalls Screen Saver!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> AppToUninstall Objets détectés : Trace.Registry.Autumn Waterfalls Screen Saver!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> DisplayName Objets détectés : Trace.Registry.Autumn Waterfalls Screen Saver!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> UninstallString Objets détectés : Trace.Registry.Autumn Waterfalls Screen Saver!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> Checksum Objets détectés : Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> MaximiseeOuverture Objets détectés : Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> PositionOuverture Objets détectés : Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> TailleOuverture Objets détectés : Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> Checksum Objets détectés : Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> MaximiseeOuverture Objets détectés : Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> PositionOuverture Objets détectés : Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> TailleOuverture Objets détectés : Trace.Registry.WinSOS!A2
C:\Documents and Settings\gregory\Cookies\gregory@smartadserver[1].txt Objets détectés : Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\gregory\Cookies\gregory@weborama[1].txt Objets détectés : Trace.TrackingCookie.weborama!A2
C:\Documents and Settings\gregory\Cookies\gregory@bluestreak[1].txt Objets détectés : Trace.TrackingCookie.bluestreak!A2
C:\Documents and Settings\gregory\Cookies\gregory@serving-sys[2].txt Objets détectés : Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\gregory\Cookies\gregory@bs.serving-sys[1].txt Objets détectés : Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\gregory\Cookies\gregory@zedo[2].txt Objets détectés : Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\gregory\Cookies\gregory@metriweb[1].txt Objets détectés : Trace.TrackingCookie.metriweb!A2
C:\Documents and Settings\gregory\Cookies\gregory@doubleclick[1].txt Objets détectés : Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\gregory\Cookies\gregory@advertising[2].txt Objets détectés : Trace.TrackingCookie.advertising!A2
C:\Documents and Settings\gregory\Cookies\gregory@atdmt[2].txt Objets détectés : Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\gregory\Cookies\gregory@commentcamarche[1].txt Objets détectés : Trace.TrackingCookie.com!A2
C:\Documents and Settings\gregory\Cookies\gregory@media.adrevolver[3].txt Objets détectés : Trace.TrackingCookie.media!A2
C:\Program Files\alot\alotUninst.exe Objets détectés : Riskware.AdTool.Win32.Toolbar.c!A2
Analysé
Fichiers : 226776
Traces : 564292
Cookies : 103
Processus : 37
Objets trouvés
Fichiers : 1
Traces : 12
Cookies : 12
Processus : 0
Clés de Registre : 0
Fin du balayage : 28/10/2008 00:19:13
Temps du balayage : 6:01:09
C:\Program Files\alot\alotUninst.exe En quarantaine Riskware.AdTool.Win32.Toolbar.c!A2
C:\Documents and Settings\gregory\Cookies\gregory@media.adrevolver[3].txt En quarantaine Trace.TrackingCookie.media!A2
C:\Documents and Settings\gregory\Cookies\gregory@commentcamarche[1].txt En quarantaine Trace.TrackingCookie.com!A2
C:\Documents and Settings\gregory\Cookies\gregory@atdmt[2].txt En quarantaine Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\gregory\Cookies\gregory@advertising[2].txt En quarantaine Trace.TrackingCookie.advertising!A2
C:\Documents and Settings\gregory\Cookies\gregory@doubleclick[1].txt En quarantaine Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\gregory\Cookies\gregory@metriweb[1].txt En quarantaine Trace.TrackingCookie.metriweb!A2
C:\Documents and Settings\gregory\Cookies\gregory@zedo[2].txt En quarantaine Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\gregory\Cookies\gregory@bs.serving-sys[1].txt En quarantaine Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\gregory\Cookies\gregory@serving-sys[2].txt En quarantaine Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\gregory\Cookies\gregory@bluestreak[1].txt En quarantaine Trace.TrackingCookie.bluestreak!A2
C:\Documents and Settings\gregory\Cookies\gregory@weborama[1].txt En quarantaine Trace.TrackingCookie.weborama!A2
C:\Documents and Settings\gregory\Cookies\gregory@smartadserver[1].txt En quarantaine Trace.TrackingCookie.smartadserver!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> Checksum En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> MaximiseeOuverture En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> PositionOuverture En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> TailleOuverture En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> Checksum En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> MaximiseeOuverture En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> PositionOuverture En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> TailleOuverture En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> ApplicationName En quarantaine Trace.Registry.Autumn Waterfalls Screen Saver!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> AppToUninstall En quarantaine Trace.Registry.Autumn Waterfalls Screen Saver!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> DisplayName En quarantaine Trace.Registry.Autumn Waterfalls Screen Saver!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> UninstallString En quarantaine Trace.Registry.Autumn Waterfalls Screen Saver!A2
En quarantaine
Fichiers : 1
Traces : 12
Cookies : 12
Version - a-squared Free 3.5
Dernière mise à jour : 27/10/2008 18:08:06
Paramètres des balayages :
Éléments : Mémoire, Traces, Cookies, C:\, D:\
Balaye dans les archives : Marche
Analyse heuristique : Marche
Balaye dans les ADS : Marche
Début du balayage : 27/10/2008 18:18:04
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> ApplicationName Objets détectés : Trace.Registry.Autumn Waterfalls Screen Saver!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> AppToUninstall Objets détectés : Trace.Registry.Autumn Waterfalls Screen Saver!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> DisplayName Objets détectés : Trace.Registry.Autumn Waterfalls Screen Saver!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> UninstallString Objets détectés : Trace.Registry.Autumn Waterfalls Screen Saver!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> Checksum Objets détectés : Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> MaximiseeOuverture Objets détectés : Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> PositionOuverture Objets détectés : Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> TailleOuverture Objets détectés : Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> Checksum Objets détectés : Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> MaximiseeOuverture Objets détectés : Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> PositionOuverture Objets détectés : Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> TailleOuverture Objets détectés : Trace.Registry.WinSOS!A2
C:\Documents and Settings\gregory\Cookies\gregory@smartadserver[1].txt Objets détectés : Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\gregory\Cookies\gregory@weborama[1].txt Objets détectés : Trace.TrackingCookie.weborama!A2
C:\Documents and Settings\gregory\Cookies\gregory@bluestreak[1].txt Objets détectés : Trace.TrackingCookie.bluestreak!A2
C:\Documents and Settings\gregory\Cookies\gregory@serving-sys[2].txt Objets détectés : Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\gregory\Cookies\gregory@bs.serving-sys[1].txt Objets détectés : Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\gregory\Cookies\gregory@zedo[2].txt Objets détectés : Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\gregory\Cookies\gregory@metriweb[1].txt Objets détectés : Trace.TrackingCookie.metriweb!A2
C:\Documents and Settings\gregory\Cookies\gregory@doubleclick[1].txt Objets détectés : Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\gregory\Cookies\gregory@advertising[2].txt Objets détectés : Trace.TrackingCookie.advertising!A2
C:\Documents and Settings\gregory\Cookies\gregory@atdmt[2].txt Objets détectés : Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\gregory\Cookies\gregory@commentcamarche[1].txt Objets détectés : Trace.TrackingCookie.com!A2
C:\Documents and Settings\gregory\Cookies\gregory@media.adrevolver[3].txt Objets détectés : Trace.TrackingCookie.media!A2
C:\Program Files\alot\alotUninst.exe Objets détectés : Riskware.AdTool.Win32.Toolbar.c!A2
Analysé
Fichiers : 226776
Traces : 564292
Cookies : 103
Processus : 37
Objets trouvés
Fichiers : 1
Traces : 12
Cookies : 12
Processus : 0
Clés de Registre : 0
Fin du balayage : 28/10/2008 00:19:13
Temps du balayage : 6:01:09
C:\Program Files\alot\alotUninst.exe En quarantaine Riskware.AdTool.Win32.Toolbar.c!A2
C:\Documents and Settings\gregory\Cookies\gregory@media.adrevolver[3].txt En quarantaine Trace.TrackingCookie.media!A2
C:\Documents and Settings\gregory\Cookies\gregory@commentcamarche[1].txt En quarantaine Trace.TrackingCookie.com!A2
C:\Documents and Settings\gregory\Cookies\gregory@atdmt[2].txt En quarantaine Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\gregory\Cookies\gregory@advertising[2].txt En quarantaine Trace.TrackingCookie.advertising!A2
C:\Documents and Settings\gregory\Cookies\gregory@doubleclick[1].txt En quarantaine Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\gregory\Cookies\gregory@metriweb[1].txt En quarantaine Trace.TrackingCookie.metriweb!A2
C:\Documents and Settings\gregory\Cookies\gregory@zedo[2].txt En quarantaine Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\gregory\Cookies\gregory@bs.serving-sys[1].txt En quarantaine Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\gregory\Cookies\gregory@serving-sys[2].txt En quarantaine Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\gregory\Cookies\gregory@bluestreak[1].txt En quarantaine Trace.TrackingCookie.bluestreak!A2
C:\Documents and Settings\gregory\Cookies\gregory@weborama[1].txt En quarantaine Trace.TrackingCookie.weborama!A2
C:\Documents and Settings\gregory\Cookies\gregory@smartadserver[1].txt En quarantaine Trace.TrackingCookie.smartadserver!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> Checksum En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> MaximiseeOuverture En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> PositionOuverture En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\ballon --> TailleOuverture En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> Checksum En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> MaximiseeOuverture En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> PositionOuverture En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_USERS\S-1-5-21-1696092843-2752671257-2311570335-1005\Software\WINSOS\WINSOS\choixlangues --> TailleOuverture En quarantaine Trace.Registry.WinSOS!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> ApplicationName En quarantaine Trace.Registry.Autumn Waterfalls Screen Saver!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> AppToUninstall En quarantaine Trace.Registry.Autumn Waterfalls Screen Saver!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> DisplayName En quarantaine Trace.Registry.Autumn Waterfalls Screen Saver!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1 --> UninstallString En quarantaine Trace.Registry.Autumn Waterfalls Screen Saver!A2
En quarantaine
Fichiers : 1
Traces : 12
Cookies : 12
A voir également:
- Probème trojan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Virus trojan al11 ✓ - Forum Virus
8 réponses
slt,
télécharger sur le bureau
Navilog.zip
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1
un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
télécharger sur le bureau
Navilog.zip
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1
un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
parfait
relance navilog choisi l'option 2 et colle le rapport
puis dis tes soucis actuels et colle un rapport hijakhcits
https://www.malekal.com/tutoriel-hijackthis/
relance navilog choisi l'option 2 et colle le rapport
puis dis tes soucis actuels et colle un rapport hijakhcits
https://www.malekal.com/tutoriel-hijackthis/
voila je suis de retour ,voici les deux rapports.j ai toujours des problèmes UC (epm-dm.exe)qui tourne à 80% et internet qui m affiche (le programe ne répond pas)ou encore mes documents au format pdf qui ne s'ouvrent pas .merci d'avance .Clean Navipromo version 3.6.7 commencé le 29/10/2008 à 17:57:58,56
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "gregory"
Mise à jour le 22.10.2008 à 20h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : FAT32
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\gregory\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\gregory\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\gregory\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\gregory\menud+~1\progra~1" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\gregory\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
* Dans "C:\Documents and Settings\gregory\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !
*** Nettoyage terminé le 29/10/2008 à 18:06:36,57 ***
e progamme ne répond pas ) ou encore des fichiers pdf qui ne s'ouvrent pas .merciLogfile of HijackThis v1.99.1
Scan saved at 18:16:24, on 29/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\notepad.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\gregory\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P36 "EPSON Stylus DX4800 Series (Copie 1)" /O5 "LPT1:" /M "Stylus DX4800"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB003" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS4\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "gregory"
Mise à jour le 22.10.2008 à 20h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : FAT32
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\gregory\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\gregory\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\gregory\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\gregory\menud+~1\progra~1" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\gregory\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
* Dans "C:\Documents and Settings\gregory\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !
*** Nettoyage terminé le 29/10/2008 à 18:06:36,57 ***
e progamme ne répond pas ) ou encore des fichiers pdf qui ne s'ouvrent pas .merciLogfile of HijackThis v1.99.1
Scan saved at 18:16:24, on 29/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\notepad.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\gregory\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P36 "EPSON Stylus DX4800 Series (Copie 1)" /O5 "LPT1:" /M "Stylus DX4800"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB003" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS4\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
pour les pdf installe ceci:
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html
ou ceci
https://www.clubic.com/telecharger-fiche13808-foxit-reader.html
_______
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
__________________
remets un rapport hijakchits avec la version 2.0.2 ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html
ou ceci
https://www.clubic.com/telecharger-fiche13808-foxit-reader.html
_______
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
__________________
remets un rapport hijakchits avec la version 2.0.2 ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
voila j ai effectuer dans l'ordre les opérations demandés ,voici les deux rapports .Merci de votre aide.ComboFix 08-10-29.07 - gregory 2008-10-29 19:44:57.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.227 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\gregory\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\gregory\Application Data\inst.exe
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.
2008-10-29 19:30 . 2008-10-29 19:30 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2008-10-29 15:11 . 2008-10-29 15:11 <REP> d-------- C:\Program Files\Navilog1
2008-10-28 11:42 . 2008-10-28 11:42 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-10-27 17:53 . 2008-10-27 17:53 <REP> d-------- C:\Documents and Settings\gregory\Application Data\InstallShield
2008-10-27 17:39 . 2008-10-27 17:39 <REP> d-------- C:\Program Files\a-squared Free
2008-10-27 13:23 . 2008-10-27 13:23 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-10-27 11:26 . 2008-10-27 11:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-10-25 14:48 . 2008-10-25 14:48 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-10-24 12:53 . 2008-10-24 12:53 <REP> d-------- C:\Program Files\Windows Sidebar
2008-10-24 12:53 . 2008-10-28 17:44 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-24 12:53 . 2008-10-28 17:44 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-24 12:45 . 2008-10-24 12:45 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-10-24 11:13 . 2008-10-24 11:13 <REP> d-------- C:\Program Files\Trojan Remover
2008-10-23 23:05 . 2008-10-15 18:35 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 14:25 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2008-10-20 17:22 . 2008-10-20 17:22 <REP> d-------- C:\Documents and Settings\gregory\Application Data\Malwarebytes
2008-10-20 17:20 . 2008-10-20 17:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-10-20 01:47 . 2008-10-20 01:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-10-17 13:51 . 2008-10-17 13:51 <REP> d-------- C:\WINDOWS\__SkypeIEToolbar_Cache
2008-10-16 12:07 . 2006-05-17 23:41 219,648 --a------ C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-10-16 10:48 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 10:46 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 10:46 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 10:46 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 10:46 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 10:46 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 20:46 . 2008-10-14 20:46 <REP> d-------- C:\Program Files\Fighters
2008-10-14 20:46 . 2008-10-14 20:46 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fighters
2008-10-11 11:54 . 2008-10-11 11:54 <REP> d-------- C:\Program Files\Uniblue
2008-10-09 15:14 . 2008-10-09 15:14 <REP> d-------- C:\Documents and Settings\gregory\Application Data\vlc
2008-10-08 21:55 . 2008-10-08 21:55 <REP> d-------- C:\Program Files\WeFi
2008-10-08 21:54 . 2008-10-08 21:54 <REP> d-------- C:\Documents and Settings\gregory\Application Data\Camfrog
2008-10-08 21:53 . 2008-10-08 21:53 <REP> d-------- C:\Program Files\Camfrog
2008-10-08 21:53 . 2008-10-08 21:53 <REP> d-------- C:\Program Files\alot
2008-10-08 21:53 . 2008-10-08 21:53 <REP> d-------- C:\Documents and Settings\gregory\Application Data\alot
2008-10-08 00:26 . 2008-10-08 00:26 <REP> d-------- C:\WINDOWS\system32\fr
2008-10-08 00:26 . 2008-10-08 00:26 <REP> d-------- C:\WINDOWS\system32\bits
2008-10-08 00:26 . 2008-10-08 00:26 <REP> d-------- C:\WINDOWS\l2schemas
2008-10-08 00:22 . 2008-10-08 00:22 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-10-08 00:13 . 2008-10-08 00:13 <REP> d-------- C:\WINDOWS\EHome
2008-10-07 22:04 . 2008-10-07 22:04 <REP> d-------- C:\Documents and Settings\gregory\Application Data\Uniblue
2008-10-05 20:26 . 2008-10-05 20:26 <REP> d-------- C:\Program Files\CCleaner
2008-10-01 17:02 . 2008-10-20 20:15 3,532 --a------ C:\drmHeader.bin
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 14:05 47,360 ----a-w C:\Documents and Settings\gregory\Application Data\pcouffin.sys
2008-10-26 13:43 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-10-20 22:05 2,690 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-08 19:27 1,660 ----a-w C:\Documents and Settings\gregory\Application Data\wklnhst.dat
2008-10-03 18:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-23 13:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-23 13:21 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-09-23 11:25 --------- d-----w C:\Program Files\Inventel
2008-09-19 10:48 --------- d-----w C:\Program Files\Wireless LAN Utility
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 10:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-05-22 14:03 114,920 ----a-w C:\Documents and Settings\gregory\pays.zip
2008-03-02 18:28 32 ----a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\ezsid.dat
2007-05-31 15:39 1,388 ----a-w C:\Documents and Settings\gregory\Application Data\ViewerApp.dat
2007-04-10 18:30 87,608 ----a-w C:\Documents and Settings\gregory\Application Data\ezpinst.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Camfrog"="C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 36352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX4800 Series (Copie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"epm-dm"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-27 29744]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE" [2005-04-07 98304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-29 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-06-30 707376]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-10-19 2782352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\gregory\Menu D‚marrer\Programmes\D‚marrage\
WKCALREM.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceCheck"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
backup=C:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^gregory^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\gregory\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^gregory^Menu Démarrer^Programmes^Démarrage^wkcalrem.LNK]
path=C:\Documents and Settings\gregory\Menu Démarrer\Programmes\Démarrage\wkcalrem.LNK
backup=C:\WINDOWS\pss\wkcalrem.LNKStartup
[HKLM\~\startupfolder\C:^Documents and Settings^gregory^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk]
path=C:\Documents and Settings\gregory\Menu Démarrer\Programmes\Démarrage\Y'z ToolBar.lnk
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATnotes.exe]
--a------ 2005-01-05 15:45 1015808 C:\Program Files\ATnotes\ATnotes.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:34 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
--a------ 2003-09-16 14:28 20480 C:\Program Files\Launch Manager\CtrlVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPM-DM]
--a------ 2005-06-01 14:17 192512 c:\Acer\ePM\epm-dm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePowerManagement]
--a------ 2005-03-15 10:03 2893824 C:\Acer\ePM\ePM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2005-06-29 17:26 352256 C:\Program Files\acer\eRecovery\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-09-27 21:36 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-01-23 10:31 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-01-23 10:36 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 05:00 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2005-07-25 13:36 32768 C:\Program Files\Launch Manager\LaunchAp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-06-30 00:54 269104 C:\Program Files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2005-06-06 11:52 69632 C:\Program Files\Launch Manager\HotkeyApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2005-07-25 10:45 241664 C:\Program Files\Launch Manager\OSDCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2005-03-09 18:59 49152 C:\Program Files\Arcade\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey]
--a------ 2002-08-30 15:02 94208 C:\Program Files\Launch Manager\Powerkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\preload]
--a------ 2005-05-19 17:09 32768 C:\WINDOWS\RUNXMLPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-29 20:28 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-03-30 01:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-02-04 11:11 708698 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-02-04 11:12 102490 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
-ra------ 2006-06-30 00:43 707376 C:\WINDOWS\vVX1000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2005-07-25 13:34 81920 C:\Program Files\Launch Manager\WButton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\System32\\[Emoticons-plus.com] Winkaa 2.0.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 78208]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 69632]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamSvc.exe [2006-06-30 187184]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 8704]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-06-30 1965872]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [ ]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [ ]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-27 29744]
S3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 2343]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [ ]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dfe77ec-030f-11dc-9c89-0014a4481921}]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4869ed2-baa2-11db-9c6d-0060b3f2b750}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-29 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 17:26]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
MSConfigStartUp-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-Nero PhotoShow Media Manager - C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
MSConfigStartUp-Orange Link - C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe
MSConfigStartUp-RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-TomTomHOME - C:\Program Files\TomTom HOME\TomTomHOME.exe
MSConfigStartUp-UberIcon - C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
MSConfigStartUp-WOOKIT - C:\PROGRA~1\WANADOO\Shell.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\gregory\Application Data\Mozilla\Firefox\Profiles\qul8mf8q.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 19:51:34
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\A2SERVICE.EXE
C:\PROGRAM FILES\A-SQUARED FREE\A2SERVICE.EXE
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-29 19:54:46 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-29 18:54:36
Avant-CF: 5 030 805 504 octets libres
Après-CF: 5,419,761,664 octets libres
287 --- E O F --- 2008-10-24 01:00:38
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:39, on 29/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\gregory\Local Settings\Temporary Internet Files\Content.IE5\LKFUG9TX\HiJackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P36 "EPSON Stylus DX4800 Series (Copie 1)" /O5 "LPT1:" /M "Stylus DX4800"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB003" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WKCALREM.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS4\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.227 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\gregory\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\gregory\Application Data\inst.exe
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.
2008-10-29 19:30 . 2008-10-29 19:30 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2008-10-29 15:11 . 2008-10-29 15:11 <REP> d-------- C:\Program Files\Navilog1
2008-10-28 11:42 . 2008-10-28 11:42 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-10-27 17:53 . 2008-10-27 17:53 <REP> d-------- C:\Documents and Settings\gregory\Application Data\InstallShield
2008-10-27 17:39 . 2008-10-27 17:39 <REP> d-------- C:\Program Files\a-squared Free
2008-10-27 13:23 . 2008-10-27 13:23 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-10-27 11:26 . 2008-10-27 11:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-10-25 14:48 . 2008-10-25 14:48 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-10-24 12:53 . 2008-10-24 12:53 <REP> d-------- C:\Program Files\Windows Sidebar
2008-10-24 12:53 . 2008-10-28 17:44 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-24 12:53 . 2008-10-28 17:44 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-24 12:45 . 2008-10-24 12:45 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-10-24 11:13 . 2008-10-24 11:13 <REP> d-------- C:\Program Files\Trojan Remover
2008-10-23 23:05 . 2008-10-15 18:35 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 14:25 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2008-10-20 17:22 . 2008-10-20 17:22 <REP> d-------- C:\Documents and Settings\gregory\Application Data\Malwarebytes
2008-10-20 17:20 . 2008-10-20 17:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-10-20 01:47 . 2008-10-20 01:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-10-17 13:51 . 2008-10-17 13:51 <REP> d-------- C:\WINDOWS\__SkypeIEToolbar_Cache
2008-10-16 12:07 . 2006-05-17 23:41 219,648 --a------ C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-10-16 10:48 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 10:46 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 10:46 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 10:46 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 10:46 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 10:46 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 20:46 . 2008-10-14 20:46 <REP> d-------- C:\Program Files\Fighters
2008-10-14 20:46 . 2008-10-14 20:46 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fighters
2008-10-11 11:54 . 2008-10-11 11:54 <REP> d-------- C:\Program Files\Uniblue
2008-10-09 15:14 . 2008-10-09 15:14 <REP> d-------- C:\Documents and Settings\gregory\Application Data\vlc
2008-10-08 21:55 . 2008-10-08 21:55 <REP> d-------- C:\Program Files\WeFi
2008-10-08 21:54 . 2008-10-08 21:54 <REP> d-------- C:\Documents and Settings\gregory\Application Data\Camfrog
2008-10-08 21:53 . 2008-10-08 21:53 <REP> d-------- C:\Program Files\Camfrog
2008-10-08 21:53 . 2008-10-08 21:53 <REP> d-------- C:\Program Files\alot
2008-10-08 21:53 . 2008-10-08 21:53 <REP> d-------- C:\Documents and Settings\gregory\Application Data\alot
2008-10-08 00:26 . 2008-10-08 00:26 <REP> d-------- C:\WINDOWS\system32\fr
2008-10-08 00:26 . 2008-10-08 00:26 <REP> d-------- C:\WINDOWS\system32\bits
2008-10-08 00:26 . 2008-10-08 00:26 <REP> d-------- C:\WINDOWS\l2schemas
2008-10-08 00:22 . 2008-10-08 00:22 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-10-08 00:13 . 2008-10-08 00:13 <REP> d-------- C:\WINDOWS\EHome
2008-10-07 22:04 . 2008-10-07 22:04 <REP> d-------- C:\Documents and Settings\gregory\Application Data\Uniblue
2008-10-05 20:26 . 2008-10-05 20:26 <REP> d-------- C:\Program Files\CCleaner
2008-10-01 17:02 . 2008-10-20 20:15 3,532 --a------ C:\drmHeader.bin
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 14:05 47,360 ----a-w C:\Documents and Settings\gregory\Application Data\pcouffin.sys
2008-10-26 13:43 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-10-20 22:05 2,690 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-08 19:27 1,660 ----a-w C:\Documents and Settings\gregory\Application Data\wklnhst.dat
2008-10-03 18:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-23 13:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-23 13:21 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-09-23 11:25 --------- d-----w C:\Program Files\Inventel
2008-09-19 10:48 --------- d-----w C:\Program Files\Wireless LAN Utility
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 10:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-05-22 14:03 114,920 ----a-w C:\Documents and Settings\gregory\pays.zip
2008-03-02 18:28 32 ----a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\ezsid.dat
2007-05-31 15:39 1,388 ----a-w C:\Documents and Settings\gregory\Application Data\ViewerApp.dat
2007-04-10 18:30 87,608 ----a-w C:\Documents and Settings\gregory\Application Data\ezpinst.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Camfrog"="C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 36352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX4800 Series (Copie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"epm-dm"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-27 29744]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE" [2005-04-07 98304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-29 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-06-30 707376]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-10-19 2782352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\gregory\Menu D‚marrer\Programmes\D‚marrage\
WKCALREM.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceCheck"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
backup=C:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^gregory^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\gregory\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^gregory^Menu Démarrer^Programmes^Démarrage^wkcalrem.LNK]
path=C:\Documents and Settings\gregory\Menu Démarrer\Programmes\Démarrage\wkcalrem.LNK
backup=C:\WINDOWS\pss\wkcalrem.LNKStartup
[HKLM\~\startupfolder\C:^Documents and Settings^gregory^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk]
path=C:\Documents and Settings\gregory\Menu Démarrer\Programmes\Démarrage\Y'z ToolBar.lnk
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATnotes.exe]
--a------ 2005-01-05 15:45 1015808 C:\Program Files\ATnotes\ATnotes.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:34 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
--a------ 2003-09-16 14:28 20480 C:\Program Files\Launch Manager\CtrlVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPM-DM]
--a------ 2005-06-01 14:17 192512 c:\Acer\ePM\epm-dm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePowerManagement]
--a------ 2005-03-15 10:03 2893824 C:\Acer\ePM\ePM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2005-06-29 17:26 352256 C:\Program Files\acer\eRecovery\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-09-27 21:36 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-01-23 10:31 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-01-23 10:36 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 05:00 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2005-07-25 13:36 32768 C:\Program Files\Launch Manager\LaunchAp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-06-30 00:54 269104 C:\Program Files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2005-06-06 11:52 69632 C:\Program Files\Launch Manager\HotkeyApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2005-07-25 10:45 241664 C:\Program Files\Launch Manager\OSDCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2005-03-09 18:59 49152 C:\Program Files\Arcade\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey]
--a------ 2002-08-30 15:02 94208 C:\Program Files\Launch Manager\Powerkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\preload]
--a------ 2005-05-19 17:09 32768 C:\WINDOWS\RUNXMLPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-29 20:28 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-03-30 01:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-02-04 11:11 708698 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-02-04 11:12 102490 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
-ra------ 2006-06-30 00:43 707376 C:\WINDOWS\vVX1000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2005-07-25 13:34 81920 C:\Program Files\Launch Manager\WButton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\System32\\[Emoticons-plus.com] Winkaa 2.0.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 78208]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 69632]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamSvc.exe [2006-06-30 187184]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 8704]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-06-30 1965872]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [ ]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [ ]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-27 29744]
S3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 2343]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [ ]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dfe77ec-030f-11dc-9c89-0014a4481921}]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4869ed2-baa2-11db-9c6d-0060b3f2b750}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-29 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 17:26]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
MSConfigStartUp-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-Nero PhotoShow Media Manager - C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
MSConfigStartUp-Orange Link - C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe
MSConfigStartUp-RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-TomTomHOME - C:\Program Files\TomTom HOME\TomTomHOME.exe
MSConfigStartUp-UberIcon - C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
MSConfigStartUp-WOOKIT - C:\PROGRA~1\WANADOO\Shell.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\gregory\Application Data\Mozilla\Firefox\Profiles\qul8mf8q.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 19:51:34
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\A2SERVICE.EXE
C:\PROGRAM FILES\A-SQUARED FREE\A2SERVICE.EXE
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-29 19:54:46 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-29 18:54:36
Avant-CF: 5 030 805 504 octets libres
Après-CF: 5,419,761,664 octets libres
287 --- E O F --- 2008-10-24 01:00:38
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:39, on 29/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\gregory\Local Settings\Temporary Internet Files\Content.IE5\LKFUG9TX\HiJackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P36 "EPSON Stylus DX4800 Series (Copie 1)" /O5 "LPT1:" /M "Stylus DX4800"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB003" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WKCALREM.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS4\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
fix cette ligne
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
______________
tu as quel antivirus actuellement? mets en un : antivir par exemple en gratuit
______________
encore des soucis????
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
______________
tu as quel antivirus actuellement? mets en un : antivir par exemple en gratuit
______________
encore des soucis????
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
désinstalle norton puis réinstalle le car je me demande si il n'y a pas un souci avec:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
desactive le tea timer de spybot
____________
si tu désactive norton cela marche normal?
_____________
scan ce ficher sur virus total et colle le rapport: https://www.virustotal.com/gui/
c:\acer\epm\epm-dm.exe
____________
si tu désactive norton cela marche normal?
_____________
scan ce ficher sur virus total et colle le rapport: https://www.virustotal.com/gui/
c:\acer\epm\epm-dm.exe
j ai scaner spybot Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier SpybotSD.exe reçu le 2008.10.24 14:38:02 (CET)
Situation actuelle: terminé
Résultat: 1/36 (2.78%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.24.3 2008.10.24 -
AntiVir 7.9.0.7 2008.10.24 -
Authentium 5.1.0.4 2008.10.24 -
Avast 4.8.1248.0 2008.10.24 -
AVG 8.0.0.161 2008.10.24 -
BitDefender 7.2 2008.10.24 -
CAT-QuickHeal 9.50 2008.10.24 -
ClamAV 0.93.1 2008.10.24 -
DrWeb 4.44.0.09170 2008.10.24 -
eSafe 7.0.17.0 2008.10.23 -
eTrust-Vet 31.6.6164 2008.10.22 -
Ewido 4.0 2008.10.24 -
F-Prot 4.4.4.56 2008.10.24 -
F-Secure 8.0.14332.0 2008.10.24 Suspicious:W32/QDown.v!Gemini
Fortinet 3.113.0.0 2008.10.24 -
GData 19 2008.10.24 -
Ikarus T3.1.1.44.0 2008.10.24 -
K7AntiVirus 7.10.505 2008.10.23 -
Kaspersky 7.0.0.125 2008.10.24 -
McAfee 5414 2008.10.24 -
Microsoft 1.4005 2008.10.24 -
NOD32 3551 2008.10.24 -
Norman 5.80.02 2008.10.23 -
Panda 9.0.0.4 2008.10.24 -
PCTools 4.4.2.0 2008.10.24 -
Prevx1 V2 2008.10.24 -
Rising 21.00.42.00 2008.10.24 -
SecureWeb-Gateway 6.7.6 2008.10.24 -
Sophos 4.34.0 2008.10.24 -
Sunbelt 3.1.1749.1 2008.10.23 -
Symantec 10 2008.10.24 -
TheHacker 6.3.1.0.126 2008.10.23 -
TrendMicro 8.700.0.1004 2008.10.24 -
VBA32 3.12.8.8 2008.10.22 -
ViRobot 2008.10.24.1436 2008.10.24 -
VirusBuster 4.5.11.0 2008.10.23 -
Information additionnelle
File size: 4891472 bytes
MD5...: 3b1b5d09d3c9c4cd39d4db06ed7a0855
SHA1..: 5d1d23e68c8e4b9aff8d26b51de8d211a1749776
SHA256: c83b1cc03edfbf0bccd5774dc52ff63c6010d59efb65e8db844c5b3bad7bf643
SHA512: de83c7b203d7413ae9ba656e5779d9336565a947aa98d10ad538cac351caa4fb
5824f6eac90cbd71a351196e876a3e76f2e7b9d6ef207b9cd2a7627804aa1b2e
PEiD..: -
TrID..: File type identification
InstallShield setup (43.3%)
Win32 EXE PECompact compressed (generic) (41.8%)
Win32 Executable Generic (8.5%)
Win16/32 Executable Delphi generic (2.0%)
Generic Win/DOS Executable (2.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x7af3b8
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2a8684 0x2a8800 6.60 6d78f10b64d8cbdd23841638670d2300
.itext 0x2aa000 0x5560 0x5600 6.46 d95f5504a9ef595dbc0aabef00b396d8
.data 0x2b0000 0x2cb38 0x2cc00 7.35 68cba8d672c86cc12c88644326d2cc1c
.bss 0x2dd000 0x7fd8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x2e5000 0x4e9e 0x5000 5.13 375672047935640741dccedaad1a095d
.tls 0x2ea000 0x54 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x2eb000 0x18 0x200 0.21 1e4e7cc2f15b54a2d16519ce7470f844
.reloc 0x2ec000 0x273f8 0x27400 6.69 925edbf16875940be999124da7260ba4
.rsrc 0x314000 0x1a1828 0x1a1a00 6.18 823b996fd90a973986fcbe94464ca293
( 34 imports )
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> user32.dll: GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
> kernel32.dll: GetACP, Sleep, VirtualFree, VirtualAlloc, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, RemoveDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, CreateDirectoryA, ExitProcess, ExitThread, CreateThread, CompareStringA, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> user32.dll: CreateWindowExW, CreateWindowExA, WindowFromPoint, WaitMessage, VkKeyScanW, ValidateRect, UpdateWindow, UnregisterClassW, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAscii, SystemParametersInfoA, SubtractRect, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowRgn, SetWindowsHookExW, SetWindowsHookExA, SetWindowTextW, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRectEmpty, SetRect, SetPropA, SetParent, SetMenuItemInfoW, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindowEx, ScrollWindow, ScrollDC, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassW, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageW, PostMessageA, PeekMessageW, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyW, MapVirtualKeyA, LockWindowUpdate, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsClipboardFormatAvailable, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthW, GetWindowTextW, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMessageA, GetMenuStringW, GetMenuStringA, GetMenuState, GetMenuItemInfoW, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardFormatNameA, GetClipboardData, GetClientRect, GetClassNameW, GetClassNameA, GetClassLongA, GetClassInfoW, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowExA, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumDisplaySettingsA, EnumClipboardFormats, EnumChildWindows, EndPaint, EndDeferWindowPos, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextW, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DeferWindowPos, DefWindowProcW, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIconIndirect, CreateIcon, CopyImage, CloseClipboard, ClientToScreen, ChildWindowFromPoint, CheckMenuItem, CharNextW, CallWindowProcW, CallWindowProcA, CallNextHookEx, BeginPaint, BeginDeferWindowPos, CharPrevA, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharUpperA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
> gdi32.dll: UnrealizeObject, TranslateCharsetInfo, TextOutA, StretchDIBits, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetTextAlign, SetStretchBltMode, SetROP2, SetPixelV, SetPixel, SetPaletteEntries, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PlayEnhMetaFile, PatBlt, OffsetRgn, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32W, GetTextExtentPoint32A, GetTextColor, GetTextAlign, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetNearestPaletteIndex, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetCurrentObject, GetClipBox, GetBrushOrgEx, GetBkColor, GetBitmapBits, GdiFlush, ExtTextOutW, ExtTextOutA, ExtSelectClipRgn, ExcludeClipRect, EndPage, EndDoc, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgnIndirect, CreateRectRgn, CreatePenIndirect, CreatePen, CreatePatternBrush, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, CloseEnhMetaFile, BitBlt
> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> mpr.dll: WNetOpenEnumA, WNetGetUniversalNameA, WNetGetConnectionA, WNetEnumResourceA, WNetCloseEnum
> kernel32.dll: lstrlenW, lstrcpynW, lstrcpyA, lstrcmpA, WritePrivateProfileStringA, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, UnmapViewOfFile, TerminateThread, TerminateProcess, SuspendThread, Sleep, SizeofResource, SetVolumeLabelA, SetThreadPriority, SetThreadLocale, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, SearchPathA, ResumeThread, ResetEvent, RemoveDirectoryA, ReleaseSemaphore, ReadFile, RaiseException, QueryPerformanceFrequency, QueryPerformanceCounter, QueryDosDeviceA, OutputDebugStringA, OpenProcess, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LocalFree, LocalFileTimeToFileTime, LocalAlloc, LoadResource, LoadLibraryExA, LoadLibraryA, LeaveCriticalSection, IsBadWritePtr, IsBadReadPtr, InitializeCriticalSection, HeapFree, HeapAlloc, GlobalUnlock, GlobalSize, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVolumeInformationA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemTime, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetShortPathNameA, GetProfileStringA, GetProfileIntA, GetProcessHeap, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameW, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameW, GetFullPathNameA, GetFileTime, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageW, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExpandEnvironmentStringsA, ExitThread, EnumResourceNamesA, EnumCalendarInfoA, EnterCriticalSection, DuplicateHandle, DosDateTimeToFileTime, DeleteFileA, DeleteCriticalSection, CreateThread, CreateSemaphoreA, CreateProcessA, CreateFileMappingW, CreateFileMappingA, CreateFileW, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringW, CompareStringA, CloseHandle, BackupRead
> advapi32.dll: SetFileSecurityA, ReportEventA, RegisterEventSourceA, RegUnLoadKeyA, RegSetValueExA, RegSetKeySecurity, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegOpenKeyA, RegLoadKeyA, RegGetKeySecurity, RegFlushKey, RegEnumValueA, RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, LookupAccountSidA, LookupAccountNameA, GetUserNameA, GetLengthSid, GetFileSecurityA, DeregisterEventSource, AdjustTokenPrivileges
> kernel32.dll: Sleep
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
> oleaut32.dll: GetErrorInfo, SysFreeString
> ole32.dll: CreateStreamOnHGlobal, IsAccelerator, ReleaseStgMedium, OleDraw, OleSetMenuDescriptor, OleGetClipboard, OleSetClipboard, DoDragDrop, RevokeDragDrop, RegisterDragDrop, OleUninitialize, OleInitialize, CreateDataAdviseHolder, CoTaskMemFree, CoTaskMemAlloc, CLSIDFromString, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
> comctl32.dll: _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_LoadImageA, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
> winspool.drv: OpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter
> shell32.dll: ShellExecuteA, SHGetFileInfoA, SHFileOperationA, ExtractIconA, ExtractAssociatedIconA, DragQueryFileA, DragFinish, DragAcceptFiles
> wininet.dll: UnlockUrlCacheEntryFile, FindNextUrlCacheEntryA, FindFirstUrlCacheEntryA, FindCloseUrlCache, DeleteUrlCacheEntry
> shell32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder, SHBrowseForFolderA
> comdlg32.dll: PrintDlgA, GetSaveFileNameA, GetOpenFileNameA
> winmm.dll: timeGetTime, timeEndPeriod, timeBeginPeriod, sndPlaySoundA, mciSendCommandA, mciGetErrorStringA
> GDI32.DLL: GetRandomRgn
> kernel32.dll: GetProcAddress, LoadLibraryA, GetModuleHandleA
> wsock32.dll: WSACleanup, WSAStartup, gethostbyname, gethostbyaddr, inet_ntoa, inet_addr
> netapi32.dll: Netbios
> sqlite3.dll: sqlite3_finalize, sqlite3_column_int64, sqlite3_column_type, sqlite3_column_text, sqlite3_column_double, sqlite3_column_bytes, sqlite3_column_blob, sqlite3_step, sqlite3_column_decltype, sqlite3_column_name, sqlite3_column_count, sqlite3_prepare, sqlite3_free, sqlite3_errcode, sqlite3_errmsg, sqlite3_close, sqlite3_open
> advapi32.dll: GetKernelObjectSecurity
> kernel32.dll: GetVersionExA
> ole32.dll: CoCreateGuid
> advapi32.dll: CryptGetProvParam, CryptImportKey, CryptExportKey, CryptReleaseContext, CryptDestroyKey, CryptGetUserKey, CryptAcquireContextA
> crypt32.dll: CertSetCertificateContextProperty, CertGetCertificateContextProperty, CertOpenStore, CertDuplicateCertificateContext, CertEnumCertificatesInStore, CertDeleteCertificateFromStore, CertFreeCertificateContext, CertAddEncodedCertificateToStore, CertCloseStore, CertFindCertificateInStore, CertOpenSystemStoreA
> advapi32.dll: StartServiceA, StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerA, QueryServiceStatus, QueryServiceConfigA, OpenServiceA, OpenSCManagerA, DeleteService, CreateServiceA, ControlService, CloseServiceHandle, ChangeServiceConfigA
> user32.dll: SwitchToThisWindow
( 0 exports )
ThreatExpert info: https://www.symantec.com?md5=3b1b5d09d3c9c4cd39d4db06ed7a0855
ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier SpybotSD.exe reçu le 2008.10.24 14:38:02 (CET)
Situation actuelle: terminé
Résultat: 1/36 (2.78%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.24.3 2008.10.24 -
AntiVir 7.9.0.7 2008.10.24 -
Authentium 5.1.0.4 2008.10.24 -
Avast 4.8.1248.0 2008.10.24 -
AVG 8.0.0.161 2008.10.24 -
BitDefender 7.2 2008.10.24 -
CAT-QuickHeal 9.50 2008.10.24 -
ClamAV 0.93.1 2008.10.24 -
DrWeb 4.44.0.09170 2008.10.24 -
eSafe 7.0.17.0 2008.10.23 -
eTrust-Vet 31.6.6164 2008.10.22 -
Ewido 4.0 2008.10.24 -
F-Prot 4.4.4.56 2008.10.24 -
F-Secure 8.0.14332.0 2008.10.24 Suspicious:W32/QDown.v!Gemini
Fortinet 3.113.0.0 2008.10.24 -
GData 19 2008.10.24 -
Ikarus T3.1.1.44.0 2008.10.24 -
K7AntiVirus 7.10.505 2008.10.23 -
Kaspersky 7.0.0.125 2008.10.24 -
McAfee 5414 2008.10.24 -
Microsoft 1.4005 2008.10.24 -
NOD32 3551 2008.10.24 -
Norman 5.80.02 2008.10.23 -
Panda 9.0.0.4 2008.10.24 -
PCTools 4.4.2.0 2008.10.24 -
Prevx1 V2 2008.10.24 -
Rising 21.00.42.00 2008.10.24 -
SecureWeb-Gateway 6.7.6 2008.10.24 -
Sophos 4.34.0 2008.10.24 -
Sunbelt 3.1.1749.1 2008.10.23 -
Symantec 10 2008.10.24 -
TheHacker 6.3.1.0.126 2008.10.23 -
TrendMicro 8.700.0.1004 2008.10.24 -
VBA32 3.12.8.8 2008.10.22 -
ViRobot 2008.10.24.1436 2008.10.24 -
VirusBuster 4.5.11.0 2008.10.23 -
Information additionnelle
File size: 4891472 bytes
MD5...: 3b1b5d09d3c9c4cd39d4db06ed7a0855
SHA1..: 5d1d23e68c8e4b9aff8d26b51de8d211a1749776
SHA256: c83b1cc03edfbf0bccd5774dc52ff63c6010d59efb65e8db844c5b3bad7bf643
SHA512: de83c7b203d7413ae9ba656e5779d9336565a947aa98d10ad538cac351caa4fb
5824f6eac90cbd71a351196e876a3e76f2e7b9d6ef207b9cd2a7627804aa1b2e
PEiD..: -
TrID..: File type identification
InstallShield setup (43.3%)
Win32 EXE PECompact compressed (generic) (41.8%)
Win32 Executable Generic (8.5%)
Win16/32 Executable Delphi generic (2.0%)
Generic Win/DOS Executable (2.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x7af3b8
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2a8684 0x2a8800 6.60 6d78f10b64d8cbdd23841638670d2300
.itext 0x2aa000 0x5560 0x5600 6.46 d95f5504a9ef595dbc0aabef00b396d8
.data 0x2b0000 0x2cb38 0x2cc00 7.35 68cba8d672c86cc12c88644326d2cc1c
.bss 0x2dd000 0x7fd8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x2e5000 0x4e9e 0x5000 5.13 375672047935640741dccedaad1a095d
.tls 0x2ea000 0x54 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x2eb000 0x18 0x200 0.21 1e4e7cc2f15b54a2d16519ce7470f844
.reloc 0x2ec000 0x273f8 0x27400 6.69 925edbf16875940be999124da7260ba4
.rsrc 0x314000 0x1a1828 0x1a1a00 6.18 823b996fd90a973986fcbe94464ca293
( 34 imports )
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> user32.dll: GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
> kernel32.dll: GetACP, Sleep, VirtualFree, VirtualAlloc, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, RemoveDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, CreateDirectoryA, ExitProcess, ExitThread, CreateThread, CompareStringA, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> user32.dll: CreateWindowExW, CreateWindowExA, WindowFromPoint, WaitMessage, VkKeyScanW, ValidateRect, UpdateWindow, UnregisterClassW, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAscii, SystemParametersInfoA, SubtractRect, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowRgn, SetWindowsHookExW, SetWindowsHookExA, SetWindowTextW, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRectEmpty, SetRect, SetPropA, SetParent, SetMenuItemInfoW, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindowEx, ScrollWindow, ScrollDC, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassW, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageW, PostMessageA, PeekMessageW, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyW, MapVirtualKeyA, LockWindowUpdate, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsClipboardFormatAvailable, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthW, GetWindowTextW, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMessageA, GetMenuStringW, GetMenuStringA, GetMenuState, GetMenuItemInfoW, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardFormatNameA, GetClipboardData, GetClientRect, GetClassNameW, GetClassNameA, GetClassLongA, GetClassInfoW, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowExA, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumDisplaySettingsA, EnumClipboardFormats, EnumChildWindows, EndPaint, EndDeferWindowPos, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextW, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DeferWindowPos, DefWindowProcW, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIconIndirect, CreateIcon, CopyImage, CloseClipboard, ClientToScreen, ChildWindowFromPoint, CheckMenuItem, CharNextW, CallWindowProcW, CallWindowProcA, CallNextHookEx, BeginPaint, BeginDeferWindowPos, CharPrevA, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharUpperA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
> gdi32.dll: UnrealizeObject, TranslateCharsetInfo, TextOutA, StretchDIBits, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetTextAlign, SetStretchBltMode, SetROP2, SetPixelV, SetPixel, SetPaletteEntries, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PlayEnhMetaFile, PatBlt, OffsetRgn, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32W, GetTextExtentPoint32A, GetTextColor, GetTextAlign, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetNearestPaletteIndex, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetCurrentObject, GetClipBox, GetBrushOrgEx, GetBkColor, GetBitmapBits, GdiFlush, ExtTextOutW, ExtTextOutA, ExtSelectClipRgn, ExcludeClipRect, EndPage, EndDoc, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgnIndirect, CreateRectRgn, CreatePenIndirect, CreatePen, CreatePatternBrush, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, CloseEnhMetaFile, BitBlt
> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> mpr.dll: WNetOpenEnumA, WNetGetUniversalNameA, WNetGetConnectionA, WNetEnumResourceA, WNetCloseEnum
> kernel32.dll: lstrlenW, lstrcpynW, lstrcpyA, lstrcmpA, WritePrivateProfileStringA, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, UnmapViewOfFile, TerminateThread, TerminateProcess, SuspendThread, Sleep, SizeofResource, SetVolumeLabelA, SetThreadPriority, SetThreadLocale, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, SearchPathA, ResumeThread, ResetEvent, RemoveDirectoryA, ReleaseSemaphore, ReadFile, RaiseException, QueryPerformanceFrequency, QueryPerformanceCounter, QueryDosDeviceA, OutputDebugStringA, OpenProcess, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LocalFree, LocalFileTimeToFileTime, LocalAlloc, LoadResource, LoadLibraryExA, LoadLibraryA, LeaveCriticalSection, IsBadWritePtr, IsBadReadPtr, InitializeCriticalSection, HeapFree, HeapAlloc, GlobalUnlock, GlobalSize, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVolumeInformationA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemTime, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetShortPathNameA, GetProfileStringA, GetProfileIntA, GetProcessHeap, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameW, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameW, GetFullPathNameA, GetFileTime, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageW, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExpandEnvironmentStringsA, ExitThread, EnumResourceNamesA, EnumCalendarInfoA, EnterCriticalSection, DuplicateHandle, DosDateTimeToFileTime, DeleteFileA, DeleteCriticalSection, CreateThread, CreateSemaphoreA, CreateProcessA, CreateFileMappingW, CreateFileMappingA, CreateFileW, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringW, CompareStringA, CloseHandle, BackupRead
> advapi32.dll: SetFileSecurityA, ReportEventA, RegisterEventSourceA, RegUnLoadKeyA, RegSetValueExA, RegSetKeySecurity, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegOpenKeyA, RegLoadKeyA, RegGetKeySecurity, RegFlushKey, RegEnumValueA, RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, LookupAccountSidA, LookupAccountNameA, GetUserNameA, GetLengthSid, GetFileSecurityA, DeregisterEventSource, AdjustTokenPrivileges
> kernel32.dll: Sleep
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
> oleaut32.dll: GetErrorInfo, SysFreeString
> ole32.dll: CreateStreamOnHGlobal, IsAccelerator, ReleaseStgMedium, OleDraw, OleSetMenuDescriptor, OleGetClipboard, OleSetClipboard, DoDragDrop, RevokeDragDrop, RegisterDragDrop, OleUninitialize, OleInitialize, CreateDataAdviseHolder, CoTaskMemFree, CoTaskMemAlloc, CLSIDFromString, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
> comctl32.dll: _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_LoadImageA, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
> winspool.drv: OpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter
> shell32.dll: ShellExecuteA, SHGetFileInfoA, SHFileOperationA, ExtractIconA, ExtractAssociatedIconA, DragQueryFileA, DragFinish, DragAcceptFiles
> wininet.dll: UnlockUrlCacheEntryFile, FindNextUrlCacheEntryA, FindFirstUrlCacheEntryA, FindCloseUrlCache, DeleteUrlCacheEntry
> shell32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder, SHBrowseForFolderA
> comdlg32.dll: PrintDlgA, GetSaveFileNameA, GetOpenFileNameA
> winmm.dll: timeGetTime, timeEndPeriod, timeBeginPeriod, sndPlaySoundA, mciSendCommandA, mciGetErrorStringA
> GDI32.DLL: GetRandomRgn
> kernel32.dll: GetProcAddress, LoadLibraryA, GetModuleHandleA
> wsock32.dll: WSACleanup, WSAStartup, gethostbyname, gethostbyaddr, inet_ntoa, inet_addr
> netapi32.dll: Netbios
> sqlite3.dll: sqlite3_finalize, sqlite3_column_int64, sqlite3_column_type, sqlite3_column_text, sqlite3_column_double, sqlite3_column_bytes, sqlite3_column_blob, sqlite3_step, sqlite3_column_decltype, sqlite3_column_name, sqlite3_column_count, sqlite3_prepare, sqlite3_free, sqlite3_errcode, sqlite3_errmsg, sqlite3_close, sqlite3_open
> advapi32.dll: GetKernelObjectSecurity
> kernel32.dll: GetVersionExA
> ole32.dll: CoCreateGuid
> advapi32.dll: CryptGetProvParam, CryptImportKey, CryptExportKey, CryptReleaseContext, CryptDestroyKey, CryptGetUserKey, CryptAcquireContextA
> crypt32.dll: CertSetCertificateContextProperty, CertGetCertificateContextProperty, CertOpenStore, CertDuplicateCertificateContext, CertEnumCertificatesInStore, CertDeleteCertificateFromStore, CertFreeCertificateContext, CertAddEncodedCertificateToStore, CertCloseStore, CertFindCertificateInStore, CertOpenSystemStoreA
> advapi32.dll: StartServiceA, StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerA, QueryServiceStatus, QueryServiceConfigA, OpenServiceA, OpenSCManagerA, DeleteService, CreateServiceA, ControlService, CloseServiceHandle, ChangeServiceConfigA
> user32.dll: SwitchToThisWindow
( 0 exports )
ThreatExpert info: https://www.symantec.com?md5=3b1b5d09d3c9c4cd39d4db06ed7a0855
ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy
ok lance hijakchtis, et selectionne ces lignes et fais fix cheked:
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
_______________
encore des soucis?
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
_______________
encore des soucis?
pour virer ce qui a été utilisé:
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
ps : pas besoin de m´envoyer le rapport si tout a ete supprimé
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
ps : pas besoin de m´envoyer le rapport si tout a ete supprimé
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "gregory"
Mise à jour le 22.10.2008 à 20h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : FAT32
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\gregory\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\gregory\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\gregory\menud+~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\gregory\locals~1\applic~1" *
*** Recherche fichiers ***
C:\WINDOWS\pack.epk trouvé !
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
lewftcorki.dat trouvé !
* Dans "C:\Documents and Settings\gregory\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 29/10/2008 à 15:17:30,89 ***
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "gregory"
Mise à jour le 22.10.2008 à 20h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : FAT32
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\gregory\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\gregory\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\gregory\menud+~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\gregory\locals~1\applic~1" *
*** Recherche fichiers ***
C:\WINDOWS\pack.epk trouvé !
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
lewftcorki.dat trouvé !
* Dans "C:\Documents and Settings\gregory\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 29/10/2008 à 15:41:24,89 ***