antivir A0021323.exeRésolu/Fermé

Question

Bonjour à tous et merci pour votre aide ,

depuis plusieurs semaines antivir me détecte un fichier : A0021323.exe contenant un virus ou un trojan , je sais plus.

comment résoudre ce problème ?

si vous pouvez m'aider ...

j'ai esssayé en mode sans echec mais ça ne change rien .

help !

Utilisateur anonyme · Answer

Salut ,


peux tu poster le rapport de antivir stp

@+

alainbrest · Answer

je vais voir.

en attendant , il s'agit de TR\Xema.cd trojan

je n'ai pas trouvé le rapport d'antivir

peut tu me dire où il  se cache ?

Utilisateur anonyme · Answer

ok laisse ,


Télécharge HijackThis (outils de dignostic) ici : 

->  Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
->  http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe 
->  ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation 

-> Clique sur Install ensuite sur I Accept 

-> Clique sur Do a scan system and save log file 

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

alainbrest · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:47, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\WINDOWS\system32	opdesk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\documents and settings\alain\local settings\application data\oemiwkk.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV	bLive.dll
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV	bLive.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV	bLive.dll
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32	opdesk.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [oemiwkk] "c:\documents and settings\alain\local settings\application data\oemiwkk.exe" oemiwkk
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\binesources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

alainbrest · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:47, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\WINDOWS\system32	opdesk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\documents and settings\alain\local settings\application data\oemiwkk.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV	bLive.dll
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV	bLive.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV	bLive.dll
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32	opdesk.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [oemiwkk] "c:\documents and settings\alain\local settings\application data\oemiwkk.exe" oemiwkk
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\binesources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

Utilisateur anonyme · Answer

oui c est bien ça ...

Télécharge cet outil de SiRi: 

http://siri.urz.free.fr/Softs/RHosts.exe
http://siri.urz.free.fr/RHosts.php 

Double cliquer dessus pour l'exécuter 

et cliquer sur " Restore original Hosts " 

ps : c est normal que rien ne se passe 


ensuite :


Fais un clic droit sur ce lien : (IL-MAFIOSO) 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau. 
Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Une fois l'installation terminée, le fix s'exécutera automatiquement. 
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). 

Laisse-toi guider. Au menu principal, choisis 1 et valides. 
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord) 

Patiente jusqu'au message : 
*** Analyse Termine le ..... *** 
Appuie sur une touche comme demandé, le blocnote va s'ouvrir. 
Copie-colle l'intégralité dans une réponse. Referme le blocnote. 
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt) 


Tuto: http://www.malekal.com/Adware.Magic_Control.php

alainbrest · Answer

pas moyen d'executer le lien navilog que tu donnes.

Utilisateur anonyme · Answer

EN EFFET 

surement un souicis , l auteur y travail ...


Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 




-> Double clique sur combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

alainbrest · Answer

ComboFix 08-10-11.04 - alain 2008-10-12 21:48:26.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.154 [GMT 2:00] Lancé depuis: C:\Documents and Settings\alain\Mes documents\ComboFix.exe * Un nouveau point de restauration a été créé [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\alain\Local Settings\Application Data\kgqywck.dat C:\Documents and Settings\alain\Local Settings\Application Data\kgqywck.exe C:\Documents and Settings\alain\Local Settings\Application Data\kgqywck_nav.dat C:\Documents and Settings\alain\Local Settings\Application Data\kgqywck_navps.dat C:\Documents and Settings\alain\Local Settings\Application Data\oemiwkk.dat C:\Documents and Settings\alain\Local Settings\Application Data\oemiwkk.exe C:\Documents and Settings\alain\Local Settings\Application Data\oemiwkk_nav.dat C:\Documents and Settings\alain\Local Settings\Application Data\oemiwkk_navps.dat C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\msnmsgs.exe C:\WINDOWS\system32\sysdm.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-12 au 2008-10-12 )))))))))))))))))))))))))))))))))))) . 2008-10-12 21:19 . 2008-10-12 21:19 d-------- C:\Program Files\Trend Micro 2008-10-10 21:38 . 2008-10-10 21:38 d-------- C:\WINDOWS\system32\DRM 2008-10-08 19:47 . 2008-10-08 19:48 d-------- C:\Program Files\iTunes 2008-10-08 19:47 . 2008-10-08 19:47 d-------- C:\Program Files\iPod 2008-10-08 19:47 . 2008-10-08 19:48 d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-03 11:54 . 2008-10-03 11:54 d-------- C:\Program Files\Pacman 2005 2008-09-26 18:42 . 2008-06-30 17:30 188,547 --a------ C:\wubildr 2008-09-26 18:42 . 2008-06-30 17:30 8,192 --a------ C:\wubildr.mbr 2008-09-26 18:36 . 2008-09-26 18:36 d-------- C:\ubuntu 2008-09-23 11:05 . 2008-05-09 12:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll 2008-09-23 11:05 . 2008-05-09 12:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll 2008-09-23 11:05 . 2008-05-09 12:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll 2008-09-23 11:05 . 2008-05-09 12:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll 2008-09-23 11:05 . 2008-05-08 13:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe 2008-09-23 11:05 . 2008-05-09 10:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe 2008-09-23 11:05 . 2008-05-09 12:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll 2008-09-23 10:36 . 2008-09-23 10:36 d-------- C:\WINDOWS\system32\xircom 2008-09-23 10:36 . 2008-09-23 10:36 d-------- C:\WINDOWS\system32 pp 2008-09-23 10:36 . 2008-09-23 10:36 d-------- C:\Program Files\microsoft frontpage 2008-09-23 10:28 . 2008-09-23 10:28 d-------- C:\WINDOWS\system32\fr 2008-09-23 10:28 . 2008-09-23 10:28 d-------- C:\WINDOWS\system32\bits 2008-09-23 10:28 . 2008-09-23 10:28 d-------- C:\WINDOWS\l2schemas 2008-09-23 10:26 . 2008-09-23 10:29 d-------- C:\WINDOWS\ServicePackFiles 2008-09-23 10:20 . 2008-09-23 10:29 d-------- C:\WINDOWS\EHome 2008-09-23 10:03 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers etwlan5.img 2008-09-23 10:03 . 2008-04-13 19:34 11,264 --------- C:\WINDOWS\system32\spnpinst.exe 2008-09-21 14:49 . 2008-09-21 14:49 d-------- C:\Documents and Settings\alain\Application Data\fr.specialk.widjets.650E238E6C8F1B8509D0BF1E479F06D523A86A64.1 2008-09-21 14:48 . 2008-09-21 14:48 d-------- C:\Program Files\SpecialK 2008-09-21 14:48 . 2008-09-21 14:48 d-------- C:\Program Files\Fichiers communs\Adobe AIR 2008-09-21 08:56 . 2008-09-21 08:58 1,905 --a------ C:\WINDOWS\diagwrn.xml 2008-09-21 08:56 . 2008-09-21 08:58 1,905 --a------ C:\WINDOWS\diagerr.xml 2008-09-21 08:49 . 2008-10-05 20:35 d-------- C:\Program Files\VVSN 2008-09-21 08:48 . 2008-09-21 08:48 d-------- C:\Program Files\DAEMON Tools 2008-09-21 08:48 . 2008-09-21 08:48 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2008-09-20 22:51 . 2008-10-07 10:29 d-------- C:\Program Files\DAEMON Tools Pro 2008-09-20 21:41 . 2008-09-20 21:41 d-------- C:\Program Files\Alcohol Soft 2008-09-20 21:34 . 2008-09-20 21:34 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-09-20 20:03 . 2008-09-20 20:03 d-------- C:\Program Files\7-Zip 2008-09-20 19:35 . 2008-09-20 19:35 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-09-20 19:33 . 2008-09-20 19:33 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-09-20 19:32 . 2008-09-20 19:32 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-20 19:31 . 2008-09-20 19:35 d-------- C:\Documents and Settings\alain\Contacts 2008-09-20 19:30 . 2008-09-20 19:33 d-------- C:\Program Files\Windows Live 2008-09-20 19:30 . 2008-09-20 19:30 d-------- C:\Program Files\Messenger Plus! Live 2008-09-19 22:50 . 2008-09-19 22:51 d-------- C:\Program Files\Live_TV 2008-09-19 12:39 . 2008-09-19 12:39 d-------- C:\Program Files\MaxiCompte 2008-09-14 20:38 . 2008-09-14 20:38 d-------- C:\WINDOWS\system32\Adobe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-09 08:31 --------- d-----w C:\Program Files\eMule 2008-10-08 10:28 --------- d-----w C:\Program Files\Winamp 2008-10-08 10:27 --------- d-----w C:\Documents and Settings\alain\Application Data\Winamp 2008-10-05 18:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-10-05 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-24 19:58 --------- d-----w C:\Program Files\SmartSync Pro 2008-09-20 17:34 --------- d-----w C:\Program Files\MSN Messenger 2008-09-10 19:26 --------- d-----w C:\Program Files\Bonjour 2008-09-10 19:25 --------- d-----w C:\Program Files\QuickTime 2008-09-10 19:24 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-09-10 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-04 21:18 --------- d-----w C:\Program Files\Lavasoft 2008-09-04 21:18 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-09-04 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-04 21:04 --------- d-----w C:\Program Files\MSBuild 2008-08-31 17:20 --------- d-----w C:\Program Files et framework 1.0 2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll 2008-08-24 13:58 --------- d-----w C:\Program Files\Biblia Universalis 2008-08-24 13:52 --------- d-----w C:\Program Files heo30 2008-08-23 18:22 --------- d-----w C:\Documents and Settings\alain\Application Data\Apple Computer 2008-08-23 18:20 --------- d-----w C:\Program Files\Apple Software Update 2008-08-23 18:13 --------- d-----w C:\Program Files\Safari 2008-08-21 14:43 --------- d-----w C:\Program Files\Zattoo 2008-08-18 19:30 --------- d-----w C:\Program Files\Microsoft Works 2008-08-18 12:46 --------- d-----w C:\Program Files\DivX 2008-08-17 10:37 --------- d-----w C:\Program Files\eCatch 2008-08-17 09:27 --------- d-----w C:\Program Files\WinHTTrack 2008-08-16 20:04 --------- d-----w C:\Program Files\Java 2008-08-16 19:39 --------- d-----w C:\Program Files\IncrediMail 2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll 2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll 2008-07-29 19:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe 2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe 2008-07-29 17:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll 2008-07-29 17:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll 2008-07-29 17:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll 2008-07-29 17:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2008-07-29 17:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll 2008-07-29 17:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe 2008-07-29 17:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll 2008-07-25 09:17 41,984 ----a-w C:\WINDOWS\system32 etfxperf.dll 2008-07-25 09:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2008-07-25 09:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll 2008-07-25 09:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2008-07-25 09:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2008-02-28 132392] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 36864] "Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089] "TransBar"="C:\Windows\System32\TransBar.exe" [2004-08-28 65536] "Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 307200] "TopDesk"="C:\WINDOWS\system32 opdesk.exe" [2004-08-28 195584] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456] "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "LVCOMSX"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 252704] "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-09 90112] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 155648] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 45056] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2008-04-04 185896] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-10-04 266497] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-07 2620336] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-07 904880] "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-10-07 140568] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-05-20 188416] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "RTHDCPL"="RTHDCPL.EXE" [2006-09-11 C:\WINDOWS\RTHDCPL.exe] "AlcWzrd"="ALCWZRD.EXE" [2006-05-03 C:\WINDOWS\alcwzrd.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2008-04-14 138240] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-06-23 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248] HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe"= "%windir%\system32\sessmgr.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\eMule\emule.exe"= "C:\Program Files\IncrediMail\bin\IncMail.exe"= "C:\Program Files\IncrediMail\bin\ImApp.exe"= "C:\Program Files\IncrediMail\bin\ImpCnt.exe"= "C:\Program Files\Fichiers communs\Nero\Nero Web\SetupX.exe"= "C:\Program Files\VideoLAN\VLC\vlc.exe"= "C:\Program Files\Zattoo\zattood.exe"= "C:\Program Files\Zattoo\Zattoo2.exe"= "C:\WINDOWS\system32\mmc.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20001:UDP"= 20001:UDP:MicroSAN "80:TCP"= 80:TCP:Web R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS drpman.sys [2008-04-11 368736] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2004-08-28 9728] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2004-08-28 11264] R0 ZetSFD;ZetSFD;C:\WINDOWS\system32\DRIVERS\ZetSFD.sys [2007-08-08 12800] R2 SFSZ;DataPlow SFS for Zetera Storage Devices;C:\WINDOWS\system32\drivers\sfsz.sys [2007-08-14 345984] R2 Z-SANService;Z-SAN Service;C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe [2007-08-08 376891] R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS [2002-06-24 45568] R3 ZetBus;Zetera Virtual Bus;C:\WINDOWS\system32\DRIVERS\ZetBus.sys [2007-08-08 15488] R3 ZetMPD;ZetMPD;C:\WINDOWS\system32\DRIVERS\ZetMPD.sys [2007-08-08 5120] S2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] *Newly Created Service* - HELPSVC . Contenu du dossier 'Tâches planifiées' 2008-10-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-10-12 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-SaveLinksOrder - (no file) Toolbar-Locked - (no file) Toolbar-ITBarLayout - (no file) Toolbar-ITBarLayout - (no file) Toolbar-ITBar7Position - (no file) HKCU-Run-oemiwkk - c:\documents and settings\alain\local settings\application data\oemiwkk.exe HKLM-Run-UberIcon - C:\Program Files\UberIcon\UberIcon Manager.exe HKLM-Run-SkyTel - SkyTel.EXE HKLM-Run-SoundMan - SOUNDMAN.EXE . ------- Examen supplémentaire ------- . R0 -: HKCU-Main,Start Page = hxxp://www.neufportail.fr/ R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.fr/keyword/%s R0 -: HKLM-Main,Start Page = hxxp://www.google.fr R1 -: HKCU-Internet Settings,ProxyOverride = *.local R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.fr/keyword/%s O8 -: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin esources\WebMenuImg.htm O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-12 21:54:09 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32 opdesk.dll -> C:\Windows\System32\VttHooks.dll . ------------------------ Autres processus actifs ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\IncrediMail\bin\ImApp.exe C:\Program Files\Hp\Digital Imaging\bin\hpqgalry.exe . ************************************************************************** . Heure de fin: 2008-10-12 22:01:24 - La machine a redémarré ComboFix-quarantined-files.txt 2008-10-12 20:01:18 Avant-CF: 96 742 096 896 octets libres Après-CF: 96,735,453,184 octets libres 296 --- E O F --- 2008-10-11 14:37:47 c'est bien ce que tu voulais ?

alainbrest · Answer

ComboFix 08-10-11.04 - alain 2008-10-12 21:48:26.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.154 [GMT 2:00] Lancé depuis: C:\Documents and Settings\alain\Mes documents\ComboFix.exe * Un nouveau point de restauration a été créé [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\alain\Local Settings\Application Data\kgqywck.dat C:\Documents and Settings\alain\Local Settings\Application Data\kgqywck.exe C:\Documents and Settings\alain\Local Settings\Application Data\kgqywck_nav.dat C:\Documents and Settings\alain\Local Settings\Application Data\kgqywck_navps.dat C:\Documents and Settings\alain\Local Settings\Application Data\oemiwkk.dat C:\Documents and Settings\alain\Local Settings\Application Data\oemiwkk.exe C:\Documents and Settings\alain\Local Settings\Application Data\oemiwkk_nav.dat C:\Documents and Settings\alain\Local Settings\Application Data\oemiwkk_navps.dat C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\msnmsgs.exe C:\WINDOWS\system32\sysdm.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-12 au 2008-10-12 )))))))))))))))))))))))))))))))))))) . 2008-10-12 21:19 . 2008-10-12 21:19 d-------- C:\Program Files\Trend Micro 2008-10-10 21:38 . 2008-10-10 21:38 d-------- C:\WINDOWS\system32\DRM 2008-10-08 19:47 . 2008-10-08 19:48 d-------- C:\Program Files\iTunes 2008-10-08 19:47 . 2008-10-08 19:47 d-------- C:\Program Files\iPod 2008-10-08 19:47 . 2008-10-08 19:48 d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-03 11:54 . 2008-10-03 11:54 d-------- C:\Program Files\Pacman 2005 2008-09-26 18:42 . 2008-06-30 17:30 188,547 --a------ C:\wubildr 2008-09-26 18:42 . 2008-06-30 17:30 8,192 --a------ C:\wubildr.mbr 2008-09-26 18:36 . 2008-09-26 18:36 d-------- C:\ubuntu 2008-09-23 11:05 . 2008-05-09 12:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll 2008-09-23 11:05 . 2008-05-09 12:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll 2008-09-23 11:05 . 2008-05-09 12:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll 2008-09-23 11:05 . 2008-05-09 12:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll 2008-09-23 11:05 . 2008-05-08 13:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe 2008-09-23 11:05 . 2008-05-09 10:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe 2008-09-23 11:05 . 2008-05-09 12:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll 2008-09-23 10:36 . 2008-09-23 10:36 d-------- C:\WINDOWS\system32\xircom 2008-09-23 10:36 . 2008-09-23 10:36 d-------- C:\WINDOWS\system32 pp 2008-09-23 10:36 . 2008-09-23 10:36 d-------- C:\Program Files\microsoft frontpage 2008-09-23 10:28 . 2008-09-23 10:28 d-------- C:\WINDOWS\system32\fr 2008-09-23 10:28 . 2008-09-23 10:28 d-------- C:\WINDOWS\system32\bits 2008-09-23 10:28 . 2008-09-23 10:28 d-------- C:\WINDOWS\l2schemas 2008-09-23 10:26 . 2008-09-23 10:29 d-------- C:\WINDOWS\ServicePackFiles 2008-09-23 10:20 . 2008-09-23 10:29 d-------- C:\WINDOWS\EHome 2008-09-23 10:03 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers etwlan5.img 2008-09-23 10:03 . 2008-04-13 19:34 11,264 --------- C:\WINDOWS\system32\spnpinst.exe 2008-09-21 14:49 . 2008-09-21 14:49 d-------- C:\Documents and Settings\alain\Application Data\fr.specialk.widjets.650E238E6C8F1B8509D0BF1E479F06D523A86A64.1 2008-09-21 14:48 . 2008-09-21 14:48 d-------- C:\Program Files\SpecialK 2008-09-21 14:48 . 2008-09-21 14:48 d-------- C:\Program Files\Fichiers communs\Adobe AIR 2008-09-21 08:56 . 2008-09-21 08:58 1,905 --a------ C:\WINDOWS\diagwrn.xml 2008-09-21 08:56 . 2008-09-21 08:58 1,905 --a------ C:\WINDOWS\diagerr.xml 2008-09-21 08:49 . 2008-10-05 20:35 d-------- C:\Program Files\VVSN 2008-09-21 08:48 . 2008-09-21 08:48 d-------- C:\Program Files\DAEMON Tools 2008-09-21 08:48 . 2008-09-21 08:48 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2008-09-20 22:51 . 2008-10-07 10:29 d-------- C:\Program Files\DAEMON Tools Pro 2008-09-20 21:41 . 2008-09-20 21:41 d-------- C:\Program Files\Alcohol Soft 2008-09-20 21:34 . 2008-09-20 21:34 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-09-20 20:03 . 2008-09-20 20:03 d-------- C:\Program Files\7-Zip 2008-09-20 19:35 . 2008-09-20 19:35 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-09-20 19:33 . 2008-09-20 19:33 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-09-20 19:32 . 2008-09-20 19:32 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-20 19:31 . 2008-09-20 19:35 d-------- C:\Documents and Settings\alain\Contacts 2008-09-20 19:30 . 2008-09-20 19:33 d-------- C:\Program Files\Windows Live 2008-09-20 19:30 . 2008-09-20 19:30 d-------- C:\Program Files\Messenger Plus! Live 2008-09-19 22:50 . 2008-09-19 22:51 d-------- C:\Program Files\Live_TV 2008-09-19 12:39 . 2008-09-19 12:39 d-------- C:\Program Files\MaxiCompte 2008-09-14 20:38 . 2008-09-14 20:38 d-------- C:\WINDOWS\system32\Adobe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-09 08:31 --------- d-----w C:\Program Files\eMule 2008-10-08 10:28 --------- d-----w C:\Program Files\Winamp 2008-10-08 10:27 --------- d-----w C:\Documents and Settings\alain\Application Data\Winamp 2008-10-05 18:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-10-05 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-24 19:58 --------- d-----w C:\Program Files\SmartSync Pro 2008-09-20 17:34 --------- d-----w C:\Program Files\MSN Messenger 2008-09-10 19:26 --------- d-----w C:\Program Files\Bonjour 2008-09-10 19:25 --------- d-----w C:\Program Files\QuickTime 2008-09-10 19:24 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-09-10 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-04 21:18 --------- d-----w C:\Program Files\Lavasoft 2008-09-04 21:18 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-09-04 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-04 21:04 --------- d-----w C:\Program Files\MSBuild 2008-08-31 17:20 --------- d-----w C:\Program Files et framework 1.0 2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll 2008-08-24 13:58 --------- d-----w C:\Program Files\Biblia Universalis 2008-08-24 13:52 --------- d-----w C:\Program Files heo30 2008-08-23 18:22 --------- d-----w C:\Documents and Settings\alain\Application Data\Apple Computer 2008-08-23 18:20 --------- d-----w C:\Program Files\Apple Software Update 2008-08-23 18:13 --------- d-----w C:\Program Files\Safari 2008-08-21 14:43 --------- d-----w C:\Program Files\Zattoo 2008-08-18 19:30 --------- d-----w C:\Program Files\Microsoft Works 2008-08-18 12:46 --------- d-----w C:\Program Files\DivX 2008-08-17 10:37 --------- d-----w C:\Program Files\eCatch 2008-08-17 09:27 --------- d-----w C:\Program Files\WinHTTrack 2008-08-16 20:04 --------- d-----w C:\Program Files\Java 2008-08-16 19:39 --------- d-----w C:\Program Files\IncrediMail 2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll 2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll 2008-07-29 19:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe 2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe 2008-07-29 17:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll 2008-07-29 17:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll 2008-07-29 17:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll 2008-07-29 17:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2008-07-29 17:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll 2008-07-29 17:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe 2008-07-29 17:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll 2008-07-25 09:17 41,984 ----a-w C:\WINDOWS\system32 etfxperf.dll 2008-07-25 09:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2008-07-25 09:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll 2008-07-25 09:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2008-07-25 09:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2008-02-28 132392] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 36864] "Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089] "TransBar"="C:\Windows\System32\TransBar.exe" [2004-08-28 65536] "Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 307200] "TopDesk"="C:\WINDOWS\system32 opdesk.exe" [2004-08-28 195584] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456] "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "LVCOMSX"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 252704] "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-09 90112] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 155648] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 45056] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2008-04-04 185896] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-10-04 266497] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-07 2620336] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-07 904880] "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-10-07 140568] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-05-20 188416] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "RTHDCPL"="RTHDCPL.EXE" [2006-09-11 C:\WINDOWS\RTHDCPL.exe] "AlcWzrd"="ALCWZRD.EXE" [2006-05-03 C:\WINDOWS\alcwzrd.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2008-04-14 138240] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-06-23 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248] HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe"= "%windir%\system32\sessmgr.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\eMule\emule.exe"= "C:\Program Files\IncrediMail\bin\IncMail.exe"= "C:\Program Files\IncrediMail\bin\ImApp.exe"= "C:\Program Files\IncrediMail\bin\ImpCnt.exe"= "C:\Program Files\Fichiers communs\Nero\Nero Web\SetupX.exe"= "C:\Program Files\VideoLAN\VLC\vlc.exe"= "C:\Program Files\Zattoo\zattood.exe"= "C:\Program Files\Zattoo\Zattoo2.exe"= "C:\WINDOWS\system32\mmc.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20001:UDP"= 20001:UDP:MicroSAN "80:TCP"= 80:TCP:Web R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS drpman.sys [2008-04-11 368736] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2004-08-28 9728] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2004-08-28 11264] R0 ZetSFD;ZetSFD;C:\WINDOWS\system32\DRIVERS\ZetSFD.sys [2007-08-08 12800] R2 SFSZ;DataPlow SFS for Zetera Storage Devices;C:\WINDOWS\system32\drivers\sfsz.sys [2007-08-14 345984] R2 Z-SANService;Z-SAN Service;C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe [2007-08-08 376891] R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS [2002-06-24 45568] R3 ZetBus;Zetera Virtual Bus;C:\WINDOWS\system32\DRIVERS\ZetBus.sys [2007-08-08 15488] R3 ZetMPD;ZetMPD;C:\WINDOWS\system32\DRIVERS\ZetMPD.sys [2007-08-08 5120] S2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] *Newly Created Service* - HELPSVC . Contenu du dossier 'Tâches planifiées' 2008-10-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-10-12 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-SaveLinksOrder - (no file) Toolbar-Locked - (no file) Toolbar-ITBarLayout - (no file) Toolbar-ITBarLayout - (no file) Toolbar-ITBar7Position - (no file) HKCU-Run-oemiwkk - c:\documents and settings\alain\local settings\application data\oemiwkk.exe HKLM-Run-UberIcon - C:\Program Files\UberIcon\UberIcon Manager.exe HKLM-Run-SkyTel - SkyTel.EXE HKLM-Run-SoundMan - SOUNDMAN.EXE . ------- Examen supplémentaire ------- . R0 -: HKCU-Main,Start Page = hxxp://www.neufportail.fr/ R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.fr/keyword/%s R0 -: HKLM-Main,Start Page = hxxp://www.google.fr R1 -: HKCU-Internet Settings,ProxyOverride = *.local R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.fr/keyword/%s O8 -: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin esources\WebMenuImg.htm O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-12 21:54:09 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32 opdesk.dll -> C:\Windows\System32\VttHooks.dll . ------------------------ Autres processus actifs ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\IncrediMail\bin\ImApp.exe C:\Program Files\Hp\Digital Imaging\bin\hpqgalry.exe . ************************************************************************** . Heure de fin: 2008-10-12 22:01:24 - La machine a redémarré ComboFix-quarantined-files.txt 2008-10-12 20:01:18 Avant-CF: 96 742 096 896 octets libres Après-CF: 96,735,453,184 octets libres 296 --- E O F --- 2008-10-11 14:37:47 c'est bien ce que tu voulais ?

Utilisateur anonyme · Answer

Telecharge malwarebytes 

Tu l´instale; le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

alainbrest · Answer

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 3

12/10/2008 23:03:13
mbam-log-2008-10-12 (23-03-01).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 128039
Temps écoulé: 46 minute(s), 13 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 17

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Live_TV (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Live_TV (Adware.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Live_TV (Adware.Agent) -> No action taken.
C:\Program Files\Live_TV\RadioPlayer (Adware.Agent) -> No action taken.
C:\Program Files\Live_TVss (Adware.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\Program Files\Live_TV	bLive.dll (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{291FDE0E-083D-4293-ADCC-811A96CCE21B}\RP232\A0021282.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Live_TV\INSTALL.LOG (Adware.Agent) -> No action taken.
C:\Program Files\Live_TV\LanguagePack.xml (Adware.Agent) -> No action taken.
C:\Program Files\Live_TV\LocalSettings.txt (Adware.Agent) -> No action taken.
C:\Program Files\Live_TV\ThirdPartyComponents.xml (Adware.Agent) -> No action taken.
C:\Program Files\Live_TV	oolbar.cfg (Adware.Agent) -> No action taken.
C:\Program Files\Live_TV\UNWISE.EXE (Adware.Agent) -> No action taken.
C:\Program Files\Live_TV\update.xml (Adware.Agent) -> No action taken.
C:\Program Files\Live_TV\RadioPlayer\Predefined_Media_List.xml (Adware.Agent) -> No action taken.
C:\Program Files\Live_TV\RadioPlayer\User_Media_List.xml (Adware.Agent) -> No action taken.
C:\Program Files\Live_TVss\http___feeds_feedburner_com_metacafe_TYps.xml (Adware.Agent) -> No action taken.
C:\Program Files\Live_TVss\http___feeds_feedburner_com_metacafe_TYps_structured.xml (Adware.Agent) -> No action taken.
C:\Program Files\Live_TVss\http___video_google_com_videofeed_type=top100new&num=20&output=rss.xml (Adware.Agent) -> No action taken.
C:\Program Files\Live_TVss\http___video_google_com_videofeed_type=top100new&num=20&output=rss_structured.xml (Adware.Agent) -> No action taken.
C:\Program Files\Live_TVss\http___youtube_com_rss_global_top_viewed_today_rss.xml (Adware.Agent) -> No action taken.
C:\Program Files\Live_TVss\http___youtube_com_rss_global_top_viewed_today_rss_structured.xml (Adware.Agent) -> No action taken.

voilà le rapport de malwarebytes'
j'espère que tu pourras m'aider car je n'y comprends rien.

Utilisateur anonyme · Answer

-> No action taken

as tu supprimé la selection ???

alainbrest · Answer

j'ai lancé malwarebytes, j'ai copié le rapport comme tu me l'as demandé , 

et j'ai éteint malwarebytes

si tu crois que je dois corriger certaines choses , dis le moi

Utilisateur anonyme · Answer

re 

as tu supprimé ce qu a trouvé malewarebyte comme proposé a la fin du scan ??

alainbrest · Answer

non

Utilisateur anonyme · Answer

hé bé tu as gagné le droit de refaire le scan et surout supprime a la fin ...

courage -;)

alainbrest · Answer

je m'en doutais vu la question ...

j' ai lancé malwarebytes'
quand il aura fini, je corrigerai les erreurs trouvées.

merci pour ton aide .

là je vais me coucher donc à demain si tu veux et si tu es là

merci

alain

Utilisateur anonyme · Answer

ok 

a demain 

bonne nuit

alainbrest · Answer

bonjour chiquitine 29 ,

j'ai donc relancé malwarebytes' et effacé toutes les erreurs qu'il a trouvé.

malheureusement A0021323 est toujours là.

que faire ?

Utilisateur anonyme · Answer

réouvre malewarebyte
va sur quaranataine
supprime tout


Désactive et réactive ta restauration system :

(1) Désactiver la Restauration du système 

cliques sur Démarrer 
Cliques droit sur Poste de travail 
cliques sur Propriétés 
Cliques sur l'onglet Restauration du système 
Coches Désactiver la Restauration du système sur tous les lecteurs 
Cliques sur Appliquer, Lorsque le message de confirmation apparaît, 
cliques sur Oui. 
Cliques sur OK. 


(2) Activer la Restauration du système 


cliques sur Démarrer 
Cliques droit sur Poste de travail 
cliques sur Propriétés 
Cliques sur l'onglet Restauration du système 
Décoches Désactiver la Restauration du système sur tous les lecteurs 
Cliques sur Appliquer, Lorsque le message de confirmation apparaît, 
cliques sur Oui. 
Cliques sur OK. 


Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924


ensuite verifie avec antivir si t as un rapport il est le bienvenu

alainbrest · Answer

merci pour tes conseils chiquitine .

j'ai effectué les modifications que tu me demandais sur la restauration systeme.

je t'envoies le rapport d'antivir dès que je peux

saches que j'ai 1 dd ide (c:) , 1 dd sata (d: sauvegarde)

2 dd en réseau partitionnés en 3 dd sur mon netgear sc101

Utilisateur anonyme · Answer

ok a plus tard alain

alainbrest · Answer

voilà mon rapport antivir : Avira AntiVir Personal Report file date: lundi 13 octobre 2008 15:47 Scanning for 1679110 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: 075CA73A97B7462 Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 04/10/2008 10:38:14 AVSCAN.DLL : 8.1.4.0 40705 Bytes 04/10/2008 10:38:14 LUKE.DLL : 8.1.4.5 164097 Bytes 04/10/2008 10:38:14 LUKERES.DLL : 8.1.4.0 12033 Bytes 04/10/2008 10:38:14 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 19:27:16 ANTIVIR2.VDF : 7.0.7.12 4066816 Bytes 08/10/2008 15:07:36 ANTIVIR3.VDF : 7.0.7.33 146432 Bytes 13/10/2008 13:47:20 Engineversion : 8.1.1.35 AEVDF.DLL : 8.1.0.5 102772 Bytes 16/04/2008 10:00:54 AESCRIPT.DLL : 8.1.0.76 319867 Bytes 19/09/2008 09:23:21 AESCN.DLL : 8.1.0.23 119156 Bytes 16/08/2008 19:27:27 AERDL.DLL : 8.1.1.2 438644 Bytes 19/09/2008 09:23:20 AEPACK.DLL : 8.1.2.3 364918 Bytes 24/09/2008 09:20:47 AEOFFICE.DLL : 8.1.0.25 196986 Bytes 19/09/2008 09:23:19 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 19/09/2008 09:23:18 AEHELP.DLL : 8.1.0.15 115063 Bytes 16/08/2008 19:27:23 AEGEN.DLL : 8.1.0.36 315764 Bytes 18/08/2008 19:25:10 AEEMU.DLL : 8.1.0.7 430452 Bytes 16/08/2008 19:27:22 AECORE.DLL : 8.1.1.11 172406 Bytes 03/09/2008 19:25:39 AEBB.DLL : 8.1.0.1 53617 Bytes 16/08/2008 19:27:21 AVWINLL.DLL : 1.0.0.12 15105 Bytes 04/10/2008 10:38:14 AVPREF.DLL : 8.0.2.0 38657 Bytes 04/10/2008 10:38:14 AVREP.DLL : 8.0.0.2 98344 Bytes 16/08/2008 19:27:20 AVREG.DLL : 8.0.0.1 33537 Bytes 04/10/2008 10:38:14 AVARKT.DLL : 1.0.0.23 307457 Bytes 16/04/2008 10:00:53 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 04/10/2008 10:38:14 SQLITE3.DLL : 3.3.17.1 339968 Bytes 16/04/2008 10:00:53 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 04/10/2008 10:38:14 NETNT.DLL : 8.0.0.1 7937 Bytes 16/04/2008 10:00:53 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/10/2008 10:38:12 RCTEXT.DLL : 8.0.52.0 86273 Bytes 04/10/2008 10:38:12 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, E:, I:, J:, K:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 13 octobre 2008 15:47 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'IncMail.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'Z-SANService.exe' - '1' Module(s) have been scanned Scan process 'TrueImageTryStartService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned Scan process 'hpqgalry.exe' - '1' Module(s) have been scanned Scan process 'NBService.exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'ImApp.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'schedul2.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned Scan process 'schedhlp.exe' - '1' Module(s) have been scanned Scan process 'TimounterMonitor.exe' - '1' Module(s) have been scanned Scan process 'TrueImageMonitor.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'Monitor.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'LogiTray.exe' - '1' Module(s) have been scanned Scan process 'LVComS.exe' - '1' Module(s) have been scanned Scan process 'LVComSX.exe' - '1' Module(s) have been scanned Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'topdesk.exe' - '1' Module(s) have been scanned Scan process 'Styler.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 58 processes with 58 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Master boot sector HD2 [INFO] No virus was found! Master boot sector HD3 [INFO] No virus was found! Master boot sector HD4 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Boot sector 'I:\' [INFO] No virus was found! Boot sector 'J:\' [INFO] No virus was found! Boot sector 'K:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '866' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\dtscsi.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'E:\' Begin scan in 'I:\' I:\daemon tools\Daemon Tools 4.0 + crack.rar [0] Archive type: RAR --> Daemon Tools 4.0 + crack\Daemon-Tools-4.0-FR.EXE [DETECTION] Is the TR/Dldr.Small.bfb.45 Trojan [WARNING] The file was ignored! I:\daemon tools\Daemon.Tools.Pro.v4.10.218.0.Advanced.Incl.Patch.(OSiOLEK.com).rar [0] Archive type: RAR --> daemon.tools.pro.patch.exe [DETECTION] Is the TR/Agent.620544.A Trojan [NOTE] The file was moved to '49586bf7.qua'! I:\incoming du 21032008\Incoming\dreamweaver\archives\Macromedia Studio 8 Fr (dreamweaver 8 - Fireworks 8 - Flash 8) + Kegen.ace [0] Archive type: ACE --> Le concept.doc [WARNING] No further files can be extracted from this archive. The archive will be closed I:\incoming du 21032008\Incoming\photoshop\archives\Adobe Photoshop CS2 multilanguage [ENG][ITA][FR][DE][ESP][JPG] Funzionante Tested + serial + crack.rar [0] Archive type: RAR --> Serial & Crack\keygen.exe [DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm [WARNING] An error has occurred and the file was not deleted. ErrorID: 26001 [WARNING] Failed! [NOTE] Attempting to perform action using the ARK lib. [NOTE] The file was moved to '4b0bdca8.qua'! I:\incoming du 21032008\Incoming\power iso\PowerISO v3.8 [FFF keygen][h33t][matt14].rar [0] Archive type: RAR --> PowerISO v3.8 [FFF keygen][h33t][matt14]\keygen.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '496a88c0.qua'! I:\WINACE\WinAce v.2.6 + KeyGen(2).zip [0] Archive type: ZIP --> WinAce v.2.6 + KeyGen/Winace v2.6 Beta 1 Patchfr.exe [WARNING] No further files can be extracted from this archive. The archive will be closed I:\WINACE\WinAce v.2.6 + KeyGen(2)\WinAce v.2.6 + KeyGen\Winace v2.6 Beta 1 Patchfr.exe [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed Begin scan in 'J:\'

alainbrest · Answer

voilà mon rapport antivir : Avira AntiVir Personal Report file date: lundi 13 octobre 2008 15:47 Scanning for 1679110 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: 075CA73A97B7462 Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 04/10/2008 10:38:14 AVSCAN.DLL : 8.1.4.0 40705 Bytes 04/10/2008 10:38:14 LUKE.DLL : 8.1.4.5 164097 Bytes 04/10/2008 10:38:14 LUKERES.DLL : 8.1.4.0 12033 Bytes 04/10/2008 10:38:14 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 19:27:16 ANTIVIR2.VDF : 7.0.7.12 4066816 Bytes 08/10/2008 15:07:36 ANTIVIR3.VDF : 7.0.7.33 146432 Bytes 13/10/2008 13:47:20 Engineversion : 8.1.1.35 AEVDF.DLL : 8.1.0.5 102772 Bytes 16/04/2008 10:00:54 AESCRIPT.DLL : 8.1.0.76 319867 Bytes 19/09/2008 09:23:21 AESCN.DLL : 8.1.0.23 119156 Bytes 16/08/2008 19:27:27 AERDL.DLL : 8.1.1.2 438644 Bytes 19/09/2008 09:23:20 AEPACK.DLL : 8.1.2.3 364918 Bytes 24/09/2008 09:20:47 AEOFFICE.DLL : 8.1.0.25 196986 Bytes 19/09/2008 09:23:19 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 19/09/2008 09:23:18 AEHELP.DLL : 8.1.0.15 115063 Bytes 16/08/2008 19:27:23 AEGEN.DLL : 8.1.0.36 315764 Bytes 18/08/2008 19:25:10 AEEMU.DLL : 8.1.0.7 430452 Bytes 16/08/2008 19:27:22 AECORE.DLL : 8.1.1.11 172406 Bytes 03/09/2008 19:25:39 AEBB.DLL : 8.1.0.1 53617 Bytes 16/08/2008 19:27:21 AVWINLL.DLL : 1.0.0.12 15105 Bytes 04/10/2008 10:38:14 AVPREF.DLL : 8.0.2.0 38657 Bytes 04/10/2008 10:38:14 AVREP.DLL : 8.0.0.2 98344 Bytes 16/08/2008 19:27:20 AVREG.DLL : 8.0.0.1 33537 Bytes 04/10/2008 10:38:14 AVARKT.DLL : 1.0.0.23 307457 Bytes 16/04/2008 10:00:53 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 04/10/2008 10:38:14 SQLITE3.DLL : 3.3.17.1 339968 Bytes 16/04/2008 10:00:53 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 04/10/2008 10:38:14 NETNT.DLL : 8.0.0.1 7937 Bytes 16/04/2008 10:00:53 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/10/2008 10:38:12 RCTEXT.DLL : 8.0.52.0 86273 Bytes 04/10/2008 10:38:12 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, E:, I:, J:, K:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 13 octobre 2008 15:47 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'IncMail.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'Z-SANService.exe' - '1' Module(s) have been scanned Scan process 'TrueImageTryStartService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned Scan process 'hpqgalry.exe' - '1' Module(s) have been scanned Scan process 'NBService.exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'ImApp.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'schedul2.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned Scan process 'schedhlp.exe' - '1' Module(s) have been scanned Scan process 'TimounterMonitor.exe' - '1' Module(s) have been scanned Scan process 'TrueImageMonitor.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'Monitor.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'LogiTray.exe' - '1' Module(s) have been scanned Scan process 'LVComS.exe' - '1' Module(s) have been scanned Scan process 'LVComSX.exe' - '1' Module(s) have been scanned Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'topdesk.exe' - '1' Module(s) have been scanned Scan process 'Styler.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 58 processes with 58 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Master boot sector HD2 [INFO] No virus was found! Master boot sector HD3 [INFO] No virus was found! Master boot sector HD4 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Boot sector 'I:\' [INFO] No virus was found! Boot sector 'J:\' [INFO] No virus was found! Boot sector 'K:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '866' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\dtscsi.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'E:\' Begin scan in 'I:\' I:\daemon tools\Daemon Tools 4.0 + crack.rar [0] Archive type: RAR --> Daemon Tools 4.0 + crack\Daemon-Tools-4.0-FR.EXE [DETECTION] Is the TR/Dldr.Small.bfb.45 Trojan [WARNING] The file was ignored! I:\daemon tools\Daemon.Tools.Pro.v4.10.218.0.Advanced.Incl.Patch.(OSiOLEK.com).rar [0] Archive type: RAR --> daemon.tools.pro.patch.exe [DETECTION] Is the TR/Agent.620544.A Trojan [NOTE] The file was moved to '49586bf7.qua'! I:\incoming du 21032008\Incoming\dreamweaver\archives\Macromedia Studio 8 Fr (dreamweaver 8 - Fireworks 8 - Flash 8) + Kegen.ace [0] Archive type: ACE --> Le concept.doc [WARNING] No further files can be extracted from this archive. The archive will be closed I:\incoming du 21032008\Incoming\photoshop\archives\Adobe Photoshop CS2 multilanguage [ENG][ITA][FR][DE][ESP][JPG] Funzionante Tested + serial + crack.rar [0] Archive type: RAR --> Serial & Crack\keygen.exe [DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm [WARNING] An error has occurred and the file was not deleted. ErrorID: 26001 [WARNING] Failed! [NOTE] Attempting to perform action using the ARK lib. [NOTE] The file was moved to '4b0bdca8.qua'! I:\incoming du 21032008\Incoming\power iso\PowerISO v3.8 [FFF keygen][h33t][matt14].rar [0] Archive type: RAR --> PowerISO v3.8 [FFF keygen][h33t][matt14]\keygen.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '496a88c0.qua'! I:\WINACE\WinAce v.2.6 + KeyGen(2).zip [0] Archive type: ZIP --> WinAce v.2.6 + KeyGen/Winace v2.6 Beta 1 Patchfr.exe [WARNING] No further files can be extracted from this archive. The archive will be closed I:\WINACE\WinAce v.2.6 + KeyGen(2)\WinAce v.2.6 + KeyGen\Winace v2.6 Beta 1 Patchfr.exe [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed Begin scan in 'J:\'

Utilisateur anonyme · Answer

hé bien voila il a detecté tes crack keygen etc ....


* pour supprimer les outils/fix utilisés : 

Télécharge ToolsCleaner sur ton bureau. 
--> 
http://pc-system.fr/ 
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

alainbrest · Answer

désolé je ne trouve pas les rapports de ccleaner

Utilisateur anonyme · Answer

dis moi juste si hijackthis etc ont disparu

alainbrest · Answer

tout semble aller pour le mieux dans le meilleur des mondes ....

hijackthis est toujours là, prèt à servir en cas de besoin.

et j'ai tout fait : fichiers et base de registres 

j'ai exploré toutes les fonctions de ccleaner

Utilisateur anonyme · Answer

ok

si tu n as pas d autres soucis change le statut du sujet en resolu stp

http://www.commentcamarche.net/faq/sujet 11365 marquer un fil de discussion comme etant resolu

Antivir A0021323.exe

30 réponses

Discussions similaires

Newsletters