Votre question

infections multiples(resolu,merci egwene)

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Août 2008 13:59:52

bonjour. j ai ramassé ces saloperies quelque part: FakeAlert.cc
Zlob.downloader.vdt
myway.mysearch
myway.mywebsearch
smitfraud-c.gp
resultat obtenus avec spybot. je joint un rapport hyjackthis.pouvez-vous m aider s il vous plait?


Logfile of HijackThis v1.97.7
Scan saved at 07:58, on 2008-08-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Eye On Network\Eye On Network.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\DOCUME~1\MARIOD~1\LOCALS~1\Temp\bwgo0000c3fb.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mario Després\Bureau\Nouveau dossier\3 Menage\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Eye On Network] C:\Program Files\Eye On Network\Eye On Network.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM)
O9 - Extra button: Recherche (HKLM)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Mystery%20of%20the%20Crystal%20Portal/Images/stg_drm.ocx
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/dir...
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get/flashplayer/curren...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt....

voila.merci. :bounce: 

Autres pages sur : infections multiples resolu merci egwene

3 Août 2008 15:21:22

Bonjour tinomme1969,

le rapport de HijackThis est incomplet...

A+ tard ;)  .
3 Août 2008 15:35:44

j en ai refait un autre ,mais il est identique au premier...
Contenus similaires
3 Août 2008 16:46:24

c est fait. voila le log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43, on 2008-08-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Eye On Network\Eye On Network.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\DOCUME~1\MARIOD~1\LOCALS~1\Temp\bwgo0000c3fb.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Eye On Network] C:\Program Files\Eye On Network\Eye On Network.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Mystery%20of%20the%20Crystal%20Portal/Images/stg_drm.ocx
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt....
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8014 bytes
3 Août 2008 16:58:48

Re,

* Télécharge SDFix (merci Andy Manchesta) et sauvegarde-le sur ton Bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.e...
* Imprime ceci :
* Redémarre ton ordinateur en mode sans échec, en suivant cette procédure :
o Redémarre ton ordinateur.
o Après avoir entendu l' ordinateur biper lors du démarrage mais avant que l' icône Windows n' apparaisse, tapote la touche F8 (ou F5).
o A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
o Choisis la première pour exécuter Windows en mode sans échec, puis appuie sur Entrée.
o Choisis ton compte.
* Déroule la liste des instructions ci-dessous :
o En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install
o Ouvre le dossier SDFix qui vient d' être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer le script.
o Appuie sur Y pour commencer le script.
o Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du registre et te demandera d' appuyer sur une touche pour redémarrer.
o Appuie sur une touche pour redémarrer le PC.
o Ton système sera plus long à redémarrer qu' à la normale, car l' outil va continuer à s' exécuter et supprimer des fichiers.
o Après le chargement du Bureau, l' outil terminera son travail et affichera Finished
o Appuie sur une touche pour finir l' exécution du script et charger les icônes de ton Bureau.
o Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse, avec un nouveau HijackThis.

NB : Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l' outil.

A+ tard ;)  .
3 Août 2008 18:33:23


SDFix: Version 1.212
Run by Mario Després on 2008-08-03 at 12:17

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\Config\csrss.exe - Deleted
C:\WINDOWS\system32\braviax.exe - Deleted
C:\WINDOWS\system32\winivstr.exe - Deleted
C:\WINDOWS\system32\nvrsul32.dll - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 12:25:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:0f43a30e
"s2"=dword:22368001
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:D e,bd,c9,ad,95,9f,dc,16,32,75,49,60,eb,b1,34,61,e9,b1,48,c3,01,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,01,c9,b6,aa,2f,0b,c3,a0,e9,b4,02,a8,5f,9d,0e,e8,47,..
"khjeh"=hex:ca,99,c9,37,bd,d0,87,c7,be,c2,9f,49,99,c9,9a,3d,6a,25,7f,03,e2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f9,dd,54,da,74,b8,44,bf,b4,70,de,fc,ad,84,2a,b4,57,2a,aa,6b,01,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:D e,bd,c9,ad,95,9f,dc,16,32,75,49,60,eb,b1,34,61,e9,b1,48,c3,01,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,01,c9,b6,aa,2f,0b,c3,a0,e9,b4,02,a8,5f,9d,0e,e8,47,..
"khjeh"=hex:ca,99,c9,37,bd,d0,87,c7,be,c2,9f,49,99,c9,9a,3d,6a,25,7f,03,e2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f9,dd,54,da,74,b8,44,bf,b4,70,de,fc,ad,84,2a,b4,57,2a,aa,6b,01,..

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 65536 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"="C:\\Program Files\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"="C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe:*:Enabled:fpupdate"
"C:\\Program Files\\ASUS\\ASUS GameFace Live\\GameFace.exe"="C:\\Program Files\\ASUS\\ASUS GameFace Live\\GameFace.exe:*:Enabled:ASUS GameFace Live Application"
"F:\\Sports Car GT\\Spcar.exe"="F:\\Sports Car GT\\Spcar.exe:*:Enabled:Sports Car GT"
"C:\\Program Files\\Powerboat GT\\Run.exe"="C:\\Program Files\\Powerboat GT\\Run.exe:*:Enabled:Aquadelic GT game"
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"F:\\carbon\\NFSC.exe"="F:\\carbon\\NFSC.exe:*:Enabled:NFSC"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"F:\\xpandrally.exe"="F:\\xpandrally.exe:*:Enabled:XpandRally"
"F:\\Program Files\\Supreme Commander\\bin\\SupremeCommander.exe"="F:\\Program Files\\Supreme Commander\\bin\\SupremeCommander.exe:*:Enabled:Supreme Commander"
"F:\\Program Files\\GPGNet\\GPG.Multiplayer.Client.exe"="F:\\Program Files\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"E:\\mc2.exe"="E:\\mc2.exe:*:Enabled:mc2"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"F:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="F:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 21 May 2006 3,686,484 A..H. --- "C:\My Games\Qbeez 2\QBeez2.exe"
Fri 27 Jun 2008 1,557,832 ...H. --- "C:\Program Files\10 Days Under The Sea\10DaysUnderTheSea.exe"
Fri 18 Jul 2008 2,913,608 ...H. --- "C:\Program Files\Legend of Ali Baba\LegendOfAliBaba.exe"
Thu 5 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 27 Jun 2008 1,512,776 ...H. --- "C:\Program Files\Turtix 2 - Rescue Adventures\Turtix.exe"
Tue 15 Nov 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 26 Oct 2006 1,675,264 A..H. --- "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\game.exe"
Tue 18 Oct 2005 1,290,240 A..H. --- "C:\Program Files\PopCap Games\Zuma Deluxe\game.exe"
Tue 13 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT1.tmp"
Sun 22 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Mon 29 Oct 2007 1,123,200 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\93a233c2dff315e0408559775486f5b2\BIT50.tmp"
Tue 18 Mar 2008 1,977 ...HR --- "C:\Documents and Settings\Mario Després\Application Data\SecuROM\UserData\securom_v7_01.bak"
Mon 1 Oct 2007 1,199,508 A.SH. --- "C:\WINDOWS\system32\wbem\mof\good\mirc.exe"
Sun 23 Sep 2007 147 A.SH. --- "C:\WINDOWS\system32\wbem\mof\good\start.reg"

Finished!

3 Août 2008 18:34:24

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33, on 2008-08-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eye On Network\Eye On Network.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\DOCUME~1\MARIOD~1\LOCALS~1\Temp\bwgo000793c2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Eye On Network] C:\Program Files\Eye On Network\Eye On Network.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Mystery%20of%20the%20Crystal%20Portal/Images/stg_drm.ocx
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt....
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7905 bytes
3 Août 2008 18:43:22

:hello: tinomme1969,

1) Télécharge :
CCleaner 2.15.815 - Slim : http://www.ccleaner.com/download/builds.aspx
Lance-le puis clique sur Options>Avancé et décoche Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures. Laisse-le avec ses réglages par défaut et ferme le programme pour l' instant.
Tuto : http://www.infos-du-net.com/telecharger/CCleaner,0301-1...

Malwarebytes' Anti-Malware :
http://www.besttechie.net/tools/mbam-setup.exe
Lance-le et une fois l' exécutable téléchargé, double-clique sur mbam-setup.exe, l' installation commence. Laisse-toi guider par l' assistant : Choix de la langue, acceptation de la licence, dossier par défaut... Pense à cocher la case Créer une icône sur le Bureau. Tu arrives à présent à la fin de l' installation, ferme le programme pour l' instant.

2) Redémarre en mode sans echec :
Voir à la lettre D : http://forum.pcastuces.com/sujet.asp?f=25&s=3902
Il te faudra choisir ta session habituelle, pas le compte Administrateur ou autre.
Important : A partir de l' étape 3 tu n' auras plus accès au net. Copie la suite des instructions dans un fichier texte, sur ton bureau.

3) Lance Malwarebytes' Anti-Malware :
Tuto : http://www.infos-du-net.com/forum/278396-11-tuto-malwar...

4) Lance : CCleaner
Dans le menu Nettoyeur, clique sur Analyse (laisse-le travailler, cela peut durer longtemps la 1ère fois).
Puis clique sur le bouton Lancer le nettoyage.
Fais cela plusieurs fois d' affilée et ferme CCleaner

5) Redémarre en mode normal :
Poste le rapport Malwarebytes' Anti-Malware.

A+ tard ;)  .
3 Août 2008 19:34:13

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1020
Windows 5.1.2600 Service Pack 2

13:17:24 2008-08-03
mbam-log-8-3-2008 (13-17-17).txt

Type de recherche: Examen rapide
Eléments examinés: 56915
Temps écoulé: 8 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\MySearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\XPSecurityCenter (Rogue.XPSecurityCenter) -> No action taken.
C:\Program Files\XPSecurityCenter\data (Rogue.XPSecurityCenter) -> No action taken.
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT (Rogue.XPSecurityCenter) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\marie josée\Local Settings\Temporary Internet Files\Content.IE5\O2RJ8K6Q\Install[1].exe (Rogue.Installer) -> No action taken.
C:\Program Files\XPSecurityCenter\htmlayout.dll (Rogue.XPSecurityCenter) -> No action taken.
C:\Program Files\XPSecurityCenter\install.exe (Rogue.XPSecurityCenter) -> No action taken.
C:\Program Files\XPSecurityCenter\pthreadVC2.dll (Rogue.XPSecurityCenter) -> No action taken.
C:\Program Files\XPSecurityCenter\un.ico (Rogue.XPSecurityCenter) -> No action taken.
C:\Program Files\XPSecurityCenter\unzip32.dll (Rogue.XPSecurityCenter) -> No action taken.
C:\Program Files\XPSecurityCenter\wscui.cpl (Rogue.XPSecurityCenter) -> No action taken.
C:\Program Files\XPSecurityCenter\data\daily.cvd (Rogue.XPSecurityCenter) -> No action taken.
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.XPSecurityCenter) -> No action taken.
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80.dll (Rogue.XPSecurityCenter) -> No action taken.
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80.dll (Rogue.XPSecurityCenter) -> No action taken.
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80.dll (Rogue.XPSecurityCenter) -> No action taken.



y en avait une page pleine a supprimer...
4 Août 2008 03:40:37

j ai sauvegardé avant et apres avoir supprimé...;-)

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1020
Windows 5.1.2600 Service Pack 2

13:17:28 2008-08-03
mbam-log-8-3-2008 (13-17-28).txt

Type de recherche: Examen rapide
Eléments examinés: 56915
Temps écoulé: 8 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\data (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\marie josée\Local Settings\Temporary Internet Files\Content.IE5\O2RJ8K6Q\Install[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\htmlayout.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\install.exe (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\pthreadVC2.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\un.ico (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\unzip32.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\wscui.cpl (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\data\daily.cvd (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.



c est le bon je crois.
la,c est dimanche soir ici et il est 21h39. a demain,merci.
4 Août 2008 12:34:16

bonjour frederix:-)
voici le dernier rapport demandé.


ComboFix 08-08-03.03 - Mario Després 2008-08-04 6:05:55.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1511 [GMT -4:00]
Endroit: C:\Documents and Settings\Mario Després\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\XPSecurityCenter
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\XPSecurityCenter\Uninstall.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\XPSecurityCenter\XPSecurityCenter.lnk
C:\Documents and Settings\marie josée\Application Data\macromedia\Flash Player\#SharedObjects\7H9BZ65Z\interclick.com
C:\Documents and Settings\marie josée\Application Data\macromedia\Flash Player\#SharedObjects\7H9BZ65Z\interclick.com\ud.sol
C:\Documents and Settings\marie josée\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\marie josée\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\_syst.dll
C:\WINDOWS\system32\bdfyrvrv.ini
C:\WINDOWS\system32\bfekftdc.ini
C:\WINDOWS\system32\chhdxmps.ini
C:\WINDOWS\system32\dojkqdps.ini
C:\WINDOWS\system32\oatxfgvi.ini
C:\WINDOWS\system32\oeihadhy.ini
C:\WINDOWS\system32\qpxsjiky.ini
C:\WINDOWS\system32\systDel.dll
C:\WINDOWS\system32\wvkkicec.ini
C:\WINDOWS\system32\yphljqps.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-04 to 2008-08-04 ))))))))))))))))))))))))))))))))))))
.

2008-08-03 22:12 . 2008-08-03 22:23 <REP> d-------- C:\d3temp
2008-08-03 12:55 . 2008-08-03 12:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-03 12:55 . 2008-08-03 12:55 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\Malwarebytes
2008-08-03 12:55 . 2008-08-03 12:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-03 12:55 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-03 12:55 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-03 11:44 . 2008-08-03 11:45 <REP> d-------- C:\WINDOWS\ERUNT
2008-08-03 11:40 . 2008-08-03 12:28 <REP> d-------- C:\SDFix
2008-08-03 10:43 . 2008-08-03 10:43 <REP> d-------- C:\Program Files\Trend Micro
2008-08-02 21:19 . 2008-08-02 21:19 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-02 21:14 . 2008-08-02 21:17 15,083,520 --a------ C:\spybotsd160.exe
2008-08-02 21:09 . 2008-07-27 22:29 172,295 --a------ C:\WINDOWS\system32\_scui.cpl
2008-08-02 20:36 . 2008-08-02 20:36 60,416 --a------ C:\Setup_ver1.1620.0.exe
2008-08-02 15:58 . 2008-08-02 15:58 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\Skinux
2008-08-02 13:52 . 2008-08-02 13:52 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\Skinux
2008-08-02 13:13 . 2008-08-02 13:48 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
2008-08-02 13:13 . 2008-08-02 13:13 <REP> d-------- C:\KPCMS
2008-08-02 13:06 . 2008-08-02 14:01 <REP> d-------- C:\Program Files\Kodak
2008-08-02 08:10 . 2008-08-02 08:12 <REP> d-------- C:\Program Files\Cactus Bruce and the Corporate Monkeys
2008-08-02 08:03 . 2008-08-02 08:03 <REP> d-------- C:\Program Files\Nemo's Aquarium 3D
2008-08-02 08:03 . 2004-01-30 15:31 3,594,576 --a------ C:\WINDOWS\Nemo's Aquarium 3D Anemonen-Feld.scr
2008-08-02 08:03 . 2004-01-30 15:31 3,494,207 --a------ C:\WINDOWS\Nemo's Aquarium 3D Korallenriff.scr
2008-08-02 08:03 . 2008-08-03 22:23 2,620 --a------ C:\WINDOWS\ssconf2.bin
2008-08-01 20:33 . 2008-08-02 09:21 <REP> d-------- C:\Program Files\The Mystery Of The Crystal Portal
2008-07-30 08:53 . 2008-07-30 08:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\The Revills Games
2008-07-23 20:01 . 2008-07-23 20:02 <REP> d-------- C:\Program Files\Norton Security Scan
2008-07-22 09:43 . 2008-07-22 09:43 <REP> d-------- C:\Program Files\Legend of Ali Baba
2008-07-22 09:43 . 2008-07-22 09:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Media Art
2008-07-19 06:33 . 2008-07-19 06:33 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\Gold Casual Games
2008-07-19 06:33 . 2008-07-19 06:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
2008-07-18 08:06 . 2008-07-19 20:33 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\ForgottenRiddles2
2008-07-15 13:54 . 2008-03-11 20:30 105,511 --a------ C:\WINDOWS\_detmp.1
2008-07-15 13:54 . 2000-04-23 19:00 69,632 --a------ C:\WINDOWS\_detmp.2
2008-07-14 16:04 . 2008-07-14 16:05 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\EnchantedCavern
2008-07-12 08:00 . 2008-07-12 08:00 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\AlauxSoft
2008-07-08 18:42 . 2008-07-08 18:42 <REP> d-------- C:\WINDOWS\The Pini Society
2008-07-07 15:11 . 2008-08-02 18:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-07 15:11 . 2008-07-07 15:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-05 07:38 . 2008-07-05 07:42 <REP> d-------- C:\Documents and Settings\Mario Després\.housecall6.6
2008-07-05 07:38 . 2008-07-05 07:42 <REP> d-------- C:\Documents and Settings\Mario Després\.housecall6.6
2008-07-04 08:29 . 2008-07-04 08:29 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\Meridian93
2008-07-04 08:28 . 2008-07-04 08:28 <REP> d-------- C:\WINDOWS\Unicorn Castle
2008-07-04 08:28 . 2008-07-06 21:46 <REP> d-------- C:\Program Files\Unicorn Castle
2008-07-04 07:22 . 2008-07-04 07:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Arkadium
2008-07-04 07:21 . 2008-07-08 18:42 <REP> d-------- C:\Program Files\The Pini Society

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 10:11 --------- d-----w C:\Program Files\Eye On Network
2008-08-04 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-03 00:36 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-08-03 00:27 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\uTorrent
2008-08-02 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-08-02 01:20 --------- d-----w C:\Program Files\iWin.com
2008-08-02 01:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-30 01:27 --------- d-----w C:\Program Files\Zylom Games
2008-07-23 17:41 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-22 10:51 --------- d-----w C:\Program Files\SuperMarioPac
2008-07-18 11:57 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Zylom
2008-07-15 23:22 --------- d-----w C:\Program Files\GameFiesta
2008-07-15 18:43 --------- d-----w C:\Program Files\RealArcade
2008-07-15 18:42 --------- d-----w C:\Program Files\Oberon Media
2008-07-15 17:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-13 16:49 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\LimeWire
2008-07-12 12:46 --------- d-----w C:\Program Files\Lavasoft
2008-07-12 12:44 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\Lavasoft
2008-07-12 12:42 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-03 17:29 --------- d-----w C:\Program Files\Google Earth Pro 4.2
2008-07-02 13:08 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Meridian93
2008-07-02 10:37 --------- d-----w C:\Program Files\Turtix Rescue Adventure
2008-07-01 14:12 --------- d-----w C:\Program Files\Turtix 2 - Rescue Adventures
2008-06-29 11:33 --------- d-----w C:\Program Files\10 Days Under The Sea
2008-06-28 14:13 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Ancient Quest of Saqqarah__bfg
2008-06-28 01:21 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Reflexive
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 01:49 --------- d-----w C:\Program Files\The Lost Cases Of Sherlock Holmes
2008-06-20 01:35 --------- d-----w C:\Documents and Settings\marie josée\Application Data\MysteryStudio
2008-06-19 16:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-06-19 00:49 --------- d-----w C:\Documents and Settings\marie josée\Application Data\BigFish
2008-06-19 00:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFish
2008-06-15 23:56 --------- d-----w C:\Program Files\The Clumsys
2008-06-15 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Media Center Programs
2008-06-15 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameHouse
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-06-11 23:00 --------- d-----w C:\Program Files\eGames
2008-06-09 18:42 --------- d-----w C:\Documents and Settings\marie josée\Application Data\cerasus.media
2008-06-08 12:04 --------- d-----w C:\Program Files\Process Master
2008-06-08 11:47 --------- d-----w C:\Program Files\XoftSpySE
2008-06-06 10:23 --------- d-----w C:\Program Files\Mystery PI The Vegas Heist
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-03-21 07:05 7,407,104 ----a-w C:\Program Files\Limewire PRO 4.17.5.EXE
2008-03-01 12:30 0 ----a-w C:\Program Files\temp01
2007-10-29 15:29 7,467,056 ----a-w C:\Program Files\spybotsd15.exe
2007-01-09 02:14 4,049,311 ----a-w C:\Program Files\liveupdate.exe
2006-12-05 02:07 497 ----a-w C:\Program Files\Raccourci vers lumieres.lnk
2006-12-05 01:58 9,440 ----a-w C:\Program Files\lumieres.zip
2006-11-29 02:35 817 -c--a-w C:\Program Files\recoil.err
2006-08-28 23:39 983,745 ----a-w C:\Program Files\PowerpointImageExtractor.zip
2006-03-07 03:07 31,944 ----a-w C:\Program Files\Uninst.isu
2006-02-03 16:53 243,512 ----a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe
2005-10-29 02:45 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-03-11 17:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1999-10-06 21:40 1,765,376 ------w C:\Documents and Settings\Mario Després\SETUPENU.DLL
1999-10-06 21:40 1,765,376 ------w C:\Documents and Settings\Mario Després\SETUPENU.DLL
1999-01-12 21:19 75,776 ----a-w C:\Program Files\messages.dll
1998-11-06 19:50 57,344 ----a-w C:\Program Files\Uninst.dll
1998-11-04 16:41 201,216 ----a-w C:\Program Files\a3dapi.dll
1997-10-09 20:54 30,720 ----a-w C:\Program Files\regsvr32.exe
2008-03-31 16:12 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2007-10-01 18:17 1,199,508 --sha-w C:\WINDOWS\system32\wbem\mof\good\mirc.exe
2008-03-13 12:08 172 --sha-w C:\WINDOWS\system32\wbem\mof\good\start.bat
2007-09-23 19:05 147 --sha-w C:\WINDOWS\system32\wbem\mof\good\start.reg
2008-03-12 14:56 107 --sha-w C:\WINDOWS\system32\wbem\mof\good\winhelp.vbe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"Eye On Network"="C:\Program Files\Eye On Network\Eye On Network.exe" [2003-09-13 13:47 1553920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-08-21 11:15 1192336]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-08-21 11:17 1966128]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe" [2007-08-20 19:20 148760]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 15:07 90112 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00 15360]

C:\Documents and Settings\marie josée\Menu Démarrer\Programmes\Démarrage\
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2007-12-09 08:35:43 317952]

C:\Documents and Settings\Mario Després\Menu Démarrer\Programmes\Démarrage\
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2007-12-09 08:35:43 317952]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe [2007-07-02 17:56:45 840704]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]
Logiciel Kodak EasyShare.lnk - F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-05-10 07:15:28 282624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlackICE PC Protection.lnk]
backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mario Després^Menu Démarrer^Programmes^Démarrage^Enregistrement d'un produit Joint Operations Typhoon Rising.lnk]
backup=C:\WINDOWS\pss\Enregistrement d'un produit Joint Operations Typhoon Rising.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"C:\\Program Files\\ASUS\\ASUS GameFace Live\\GameFace.exe"=
"C:\\Program Files\\Powerboat GT\\Run.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"F:\\carbon\\NFSC.exe"=
"F:\\xpandrally.exe"=
"F:\\Program Files\\Supreme Commander\\bin\\SupremeCommander.exe"=
"F:\\Program Files\\GPGNet\\GPG.Multiplayer.Client.exe"=
"E:\\mc2.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"F:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 08:46]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 11:11]
R0 vIdeBus;vIdeBus;C:\WINDOWS\system32\DRIVERS\vIdeBus.sys [2007-06-25 15:12]
R0 vIdePort;VIA IDE Controller PORT Driver;C:\WINDOWS\system32\DRIVERS\vIdePort.sys [2007-06-25 15:12]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-06-25 14:45]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 10:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 10:37]
R3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2004-11-16 09:27]
R3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2004-11-16 11:54]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56]
S0 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys []
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S3 atidgllk;atidgllk;C:\Program Files\ASUS\SmartDoctor\atidgllk.sys [2004-06-16 14:34]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 Fadpu16E;Fadpu16E;C:\WINDOWS\TEMP\Fadpu16E.sys []
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-02-25 19:26]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-02-25 19:26]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 23:58]
S3 SIWIO;SIWIO;C:\WINDOWS\TEMP\SiwIo.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []

*Newly Created Service* - PCALERTDRIVER
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-07-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-08-02 C:\WINDOWS\Tasks\EasyShare Registration Task.job
- C:\WINDOWS\system32\rundll32.exe [2004-08-05 08:00]

2008-08-03 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PowerBar - (no file)
HKU-Default-Run-msnmsgr - ~C:\Program Files\MSN Messenger\msnmsgr.exe
Notify-klogon - (no file)
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mario Després\Application Data\Mozilla\Firefox\Profiles\7g53ffgl.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 06:13:59
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\DOCUME~1\MARIOD~1\LOCALS~1\temp\bwgo0001e23d.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-04 6:21:00 - machine was rebooted [Mario Després]
ComboFix-quarantined-files.txt 2008-08-04 10:20:53

Pre-Run: 884,842,496 octets libres
Post-Run: 1,111,891,968 octets libres

305 --- E O F --- 2008-07-26 10:12:26
4 Août 2008 13:26:18

Re,

poste un nouveau rapport HijackThis...

A+ tard ;)  .
Ps : Comment va ton Pc?
4 Août 2008 16:52:33

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:56, on 2008-08-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eye On Network\Eye On Network.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\MARIOD~1\LOCALS~1\Temp\bwgo00fa2693.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Eye On Network] C:\Program Files\Eye On Network\Eye On Network.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-436374069-1960408961-839522115-1007\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'marie josée')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - S-1-5-21-436374069-1960408961-839522115-1007 Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe (User 'marie josée')
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Mystery%20of%20the%20Crystal%20Portal/Images/stg_drm.ocx
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt....
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9141 bytes



ben ca va beaucoup mieux. j ai pu reactiver mon firewall qui etait bloqué,le X ROUGE est disparu de la barre des taches aussi. j crois qu on y est.
5 Août 2008 00:50:28

Ps : Comment va ton Pc? après avoir surfé un peu aujourd'hui,j ai remarqué que mon pc est encore lent...j sais pas si mon reseau est encombré ou si ya encore des saloperies qui trainent?!?!
5 Août 2008 01:07:10

Bonsoir tinomme1969,

télécharge OTMoveIt2 (de Old_Timer) sur ton Bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2...
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche (couleur jaune) de OTMoveIt2 : Paste standard List of Files/Folders to be moved.

C:\DOCUME~1\MARIOD~1\LOCALS~1\Temp\bwgo00fa2693.exe
C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaîtra dans le cadre Results.
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\\\\\\\\\\_OTMoveIt\MovedFiles\********.log

Il te sera peut-être demander de redémarrer le Pc pour achever la suppression.
Si c' est le cas accepte par Yes.


Lance HijackThis et ferme toutes les fenêtres de programme.

Vérifie qu' il fera des sauvegardes : Dans Config, coche Make backups before fixing items (protéger les objets avant de fixer) puis clique sur le bouton Back (retour). Ensuite, clique sur le bouton Do a system scan only (scanner seulement) et coche les cases situées devant les lignes ci-dessous :

O4 - S-1-5-21-436374069-1960408961-839522115-1007 Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe (User 'marie josée')
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Mystery%20of%20the%20Crystal%20Portal/Images/stg_drm.ocx
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.dll
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Download [...] _Win32.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx

Puis clique sur Fix checked (fixer objet).

Enfin fais un scan antivirus en ligne avec BitDefender.
Tuto : http://forum.pcastuces.com/bitdefender_online_scanner__...
Poste le rapport.

A+ tard ;)  .
5 Août 2008 22:14:11



BitDefender Online Scanner







Rapport d'analyse généré à: Tue, Aug 05, 2008 - 15:59:30









Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;















Statistiques

Temps


00:32:52

Fichiers


129295

Directoires


15765

Secteurs de boot


5

Archives


1779

Paquets programmes


11425







Résultats

Virus identifiés


3

Fichiers infectés


6

Fichiers suspects


0

Avertissements


0

Désinfectés


0

Fichiers effacés


6







Info sur les moteurs

Définition virus


1415051

Version des moteurs


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins


16

Archive des plugins


43

Unpack des plugins


7

E-mail plugins


6

Système plugins


5







Paramètres d'analyse

Première action


Désinfecté

Seconde Action


Supprimé

Heuristique


Oui

Acceptez les avertissements


Oui

Extensions analysées


exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions




Analyse d'emails


Oui

Analyse des Archives


Oui

Analyser paquets programmes


Oui

Analyse des fichiers


Oui

Analyse de boot


Oui








Fichier analysé


Statut

C:\Program Files\Blood Ties\Uninstall.exe


Infecté par: Packer.Krunchy.A

C:\Program Files\Blood Ties\Uninstall.exe


Echec de la désinfection

C:\Program Files\Blood Ties\Uninstall.exe


Supprimé

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP883\A0328096.exe


Infecté par: Backdoor.Agent.ZNR

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP883\A0328096.exe


Supprimé

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP883\A0328104.exe


Infecté par: Backdoor.Agent.ZNR

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP883\A0328104.exe


Supprimé

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP885\A0328555.exe


Infecté par: Packer.Krunchy.A

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP885\A0328555.exe


Echec de la désinfection

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP885\A0328555.exe


Supprimé

E:\call of duty 2\DAEMON Tools Pro Advanced Edition v4.12.0220\Patch.exe


Infecté par: Backdoor.Generic.38923

E:\call of duty 2\DAEMON Tools Pro Advanced Edition v4.12.0220\Patch.exe


Supprimé

E:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP885\A0328556.exe


Infecté par: Backdoor.Generic.38923

E:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP885\A0328556.exe


Supprimé





















6 Août 2008 00:47:17

tinomme1969 a dit :
> ya encore des saloperies qui trainent?!?!


Bonsoir tinomme1969,

> Non...

Et le rapport d' OTMoveIt?

Il faut mettre à jour ta machine Java (sous peine de faille de sécurité) :
http://java.sun.com/javase/downloads/index.jsp
Clique sur Download Java Runtime Environment (JRE) 6u7 et dans la page suivante, coche Iaccept et télécharge Windows Offline Installation, Multi-language/jre-6u7-windows-i586-p.exe/15.24 MB
Tu l' installeras navigateur fermé et dans Ajout/Suppression des programmes, supprime toutes les autres versions.
Adobe Reader (idem) :
Acrobat Reader 9 :
http://www.adobe.com/fr/products/acrobat/readstep2.html
Dans Ajout/Suppression des programmes, supprime toutes les autres versions.

De+ tu n' as pas de parefeu, il faut que tu en installes-un.

A+ tard ;)  .
6 Août 2008 13:29:03

voila lerapport.desolé de l oubli


C:\DOCUME~1\MARIOD~1\LOCALS~1\Temp\bwgo00fa2693.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08052008_072228
6 Août 2008 13:49:04

mises a jour terminées. coté pare-feu, zone alarm est tres populaire j crois...avis?
7 Août 2008 00:39:40

tinomme1969 a dit :
> zone alarm est tres populaire j crois... avis?


Bonsoir tinomme1969,

> Je te conseille ZoneAlarm : http://www.malekal.com/tutorial_zonealarm.php

Si tu penses ne+ avoir de souci, ok...

* Je te conseille de défragmenter ton Pc : http://www.6ma.fr/tuto/defragmenter+disque+sous+windows...
* Il est fortement recommandé d' avoir tous ses logiciels à jour.
* Tu peux supprimer ceux que nous avons utilisés traitant d' infections spécifiques.
* Garde Malwarebytes' Anti-Malware et CCleaner.

-----------------------------------------------------------------------------------------------------------------------------------

Maintenant que ta machine n' est plus infectée, désactive/réactive la Restauration du système : http://www.infos-du-net.com/forum/297053-11-tuto-desact...

-----------------------------------------------------------------------------------------------------------------------------------

Pour la sécurité de ton Pc, prends quelques minutes pour lire :
http://www.infos-du-net.com/forum/275481-11-dossier-pre...

-----------------------------------------------------------------------------------------------------------------------------------

Dénonce stv ton infection en postant sur Malware-Complaints :

- Règles du forum : http://www.malwarecomplaints.info/viewtopic.php?t=5
- Enregistre-toi à l' aide du bouton Register
- Choisis I Agree to these terms and am over or exactly 13 years of age

Indique aussi le nom du forum qui t' a aidé, Idn.

-----------------------------------------------------------------------------------------------------------------------------------

Marque ton sujet en (Résolu).

A+ tard ;)  .
7 Août 2008 04:15:02

je te remercie b e a u c o u p pour ton aide et et ta courtoisie.

pour ce qui est de parler d IDN,j en manque pas une.

vu ma facon de surfer sur le net,j te dis a la prochaine...loll ne desespere pas!!

HÉ! PARS PAS! en fouillant mon panneau de configuration,j ai remarqué mon centre de securité windows...pas normal.pas d antivirus et tout en anglais. ``windows security center``m affecte gravement j crois.:-(
7 Août 2008 13:22:42

tinomme1969 a dit :
1] vu ma facon de surfer sur le net, j te dis a la prochaine...
2] en fouillant mon panneau de configuration, j ai remarqué mon centre de securité windows... pas normal. pas d antivirus et tout en anglais.


Bonjour tinomme1969,

1] Je ne t' aiderai peut-être pas la prochaine fois...

2] http://www.pcentraide.com/index.php?showtopic=120
Désinstalle/réinstalle Avast en faisant ceci : démarrer>Panneau de configuration>Ajouter ou supprimer des programmes puis supprimer, et démarrer>Poste de travail>Disque local (C:) >Program Files puis supprimer.
Et pour finir, utilise CCleaner.

De+ poste un nouveau rapport HijackThis...

A+ tard ;)  .
7 Août 2008 13:22:57

j ai plus d antivirus actif d après ce qu il me dit. avast tjrs sur mon bureau mais ne s active plus au demarrage ni manuellement.
comment on a pu passer a coté??
7 Août 2008 13:38:18

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:36:14, on 2008-08-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eye On Network\Eye On Network.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\MARIOD~1\LOCALS~1\Temp\bwgo00008da9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Eye On Network] C:\Program Files\Eye On Network\Eye On Network.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt....
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7872 bytes



c est fait mais c est toujours la...
7 Août 2008 13:46:21

frederix a dit :
...
2] http://www.pcentraide.com/index.php?showtopic=120
Désinstalle/réinstalle Avast en faisant ceci : démarrer>Panneau de configuration>Ajouter ou supprimer des programmes puis supprimer, et démarrer>Poste de travail>Disque local (C:) >Program Files puis supprimer.
Et pour finir, utilise CCleaner.

De+ poste un nouveau rapport HijackThis...
...


Re,


A+ tard ;)  .
Ps : Je serai de retour ce soir.
7 Août 2008 17:17:18

bonsoir frederix. j ai délaissé avast au profit d antivir qui m a détecté ceci: DR/DELPHI.GEN que j ai mis en quarantaine. je termine mon scan et je t envoi le dernier hijackthis
a+
7 Août 2008 18:38:17

tiens! j ai pensé que ca t interesserait. rapport ANTIVIR

Avira AntiVir Personal
Report file date: 7 août 2008 11:08

Scanning for 1540327 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MARIO-884D96CE1

Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 2008-07-11 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 14:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 13:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 19:54:15
ANTIVIR2.VDF : 7.0.5.207 2316800 Bytes 2008-08-04 15:05:31
ANTIVIR3.VDF : 7.0.5.228 134144 Bytes 2008-08-07 15:05:32
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-07-09 14:46:50
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 2008-08-07 15:05:43
AESCN.DLL : 8.1.0.23 119156 Bytes 2008-08-07 15:05:42
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-07-09 14:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 2008-08-07 15:05:42
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 2008-08-07 15:05:41
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 2008-08-07 15:05:40
AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-07-09 14:46:50
AEGEN.DLL : 8.1.0.35 315764 Bytes 2008-08-07 15:05:37
AEEMU.DLL : 8.1.0.7 430452 Bytes 2008-08-07 15:05:35
AECORE.DLL : 8.1.1.8 172406 Bytes 2008-08-07 15:05:34
AEBB.DLL : 8.1.0.1 53617 Bytes 2008-04-24 14:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-08-07 15:05:33
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, E:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 7 août 2008 11:08

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned
Scan process 'schedul2.exe' - '1' Module(s) have been scanned
Scan process 'bwgo0000885a.exe' - '1' Module(s) have been scanned
Scan process 'CoreCenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'schedhlp.exe' - '1' Module(s) have been scanned
Scan process 'TimounterMonitor.exe' - '1' Module(s) have been scanned
Scan process 'DiscWizardMonitor.exe' - '1' Module(s) have been scanned
Scan process 'Eye On Network.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '74' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Setup_ver1.1620.0.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '490f1071.qua'!
C:\Documents and Settings\Mario Després\Mes documents\Downloads\Bloodties\Blood Ties.exe
[0] Archive type: RAR SFX (self extracting)
--> Uninstall.exe
[DETECTION] Is the TR/Spy.Gampass.CV Trojan
[NOTE] The file was moved to '490a12a8.qua'!
C:\Documents and Settings\Mario Després\Mes documents\Downloads\Bloodties\BloodTies.rar
[0] Archive type: RAR
--> Blood Ties.exe
[1] Archive type: RAR SFX (self extracting)
--> Uninstall.exe
[DETECTION] Is the TR/Spy.Gampass.CV Trojan
[NOTE] The file was moved to '490a12b8.qua'!
C:\Program Files\iWin Games\DesktopAlerts.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '490e176e.qua'!
C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP897\A0329753.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '48ce1bd0.qua'!
C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP897\A0329757.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '48ce1bd1.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\' <backup>
Begin scan in 'F:\' <f:>


End of the scan: 7 août 2008 12:28
Used time: 1:19:49 Hour(s)

The scan has been done completely.

16090 Scanning directories
620590 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
620581 Files not concerned
3560 Archives were scanned
3 Warnings
6 Notes

------------------------------------------------------------------------------------------------


ainsi que hijackthisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:17, on 2008-08-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eye On Network\Eye On Network.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\DOCUME~1\MARIOD~1\LOCALS~1\Temp\bwgo0000885a.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Eye On Network] C:\Program Files\Eye On Network\Eye On Network.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Little%20Shop%20-%20Road%20Trip/Images/stg_drm.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Little%20Shop%20-%20Road%20Trip/Images/armhelper.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt....
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8877 bytes
8 Août 2008 01:59:35

Bonsoir tinomme1969,

télécharge SmitfraudFix (merci S!Ri) : http://siri.urz.free.fr/Fix/SmitfraudFix.exe

* Installe-le à la racine de C
* Double-clique sur l' exe pour le décompresser et lancer le fix.
Utilisation---option1---Recherche :
* Double clique sur smitfraudfix.cmd
* Sélectionne 1 pour créer un rapport des fichiers responsables de l' infection.
* Poste le rapport.

process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus...) comme étant un RiskTool. Il ne s' agit pas d' un virus, mais d' un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...), d' où l' alerte émise par ces antivirus.

A+ tard ;)  .
8 Août 2008 02:45:24

SmitFraudFix v2.333

Rapport fait à 20:42:25.79, 2008-08-07
Executé à partir de C:\WINDOWS\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eye On Network\Eye On Network.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\DOCUME~1\MARIOD~1\LOCALS~1\Temp\bwgo0000885a.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mario Després


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mario Després\Application Data

C:\Documents and Settings\Mario Després\Application Data\Skinux PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARIOD~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B9546DF-0DD2-4F87-B941-448E2AFAB302}: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7B9546DF-0DD2-4F87-B941-448E2AFAB302}: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=67.69.39.200 67.69.39.201


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

8 Août 2008 12:55:07

Bonjour tinomme1969,

double-clique sur smitfraudfix.cmd

* Sélectionne 2 pour supprimer les fichiers responsables de l' infection.
A la question Voulez-vous nettoyer le registre?, répondre O (Oui) afin de débloquer le fond d' écran et de supprimer les clés de démarrage automatique de l' infection. Le fix déterminera si le fichier wininet.dll est infecté.
A la question Corriger le fichier infecté?, répondre O (Oui) pour remplacer le fichier corrompu.
* Redémarre en mode normal et poste le rapport.

NB : Cette étape élimine les fichiers infectieux détectés à l' option 1. Attention elle supprime le fond d' écran!

A+ tard ;)  .
8 Août 2008 18:03:19

vla le rapportmais euh!!!ou sont mes collines verdoyantes???

SmitFraudFix v2.333

Rapport fait à 11:53:40.57, 2008-08-08
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\Documents and Settings\Mario Després\Application Data\Skinux\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B9546DF-0DD2-4F87-B941-448E2AFAB302}: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7B9546DF-0DD2-4F87-B941-448E2AFAB302}: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=67.69.39.200 67.69.39.201


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



Z AVEZ PAS VU MES COLLINES QUELQUE PART??? LOLL
9 Août 2008 01:42:05

Bonsoir tinomme1969,

télécharge MSNFix.zip (merci !aur3n7) sur ton bureau :
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit>extraire ici) et double-clique sur le fichier MSNFix.bat
- Exécute l' option R.
-- Si l' infection est détectée, exécute la N.
--- Sauvegarde le rapport puis fais un copier/coller de ce cellui-ci sur le forum, ainsi qu' un nouveau scan HijackThis fait en mode normal.

Note : Si une erreur de suppression est détectée, un message s' affichera demandant de redémarrer l' ordinateur afin de terminer les opérations. Dans ce cas, il suffit de redémarrer l' ordinateur en mode normal.
Sauvegarde et ferme le rapport pour que Windows termine de se lancer normalement.


A+ tard et bon w-e ;)  .
9 Août 2008 13:26:07

MSNFix 1.737

C:\MSNFix\MSNFix
Fix exécuté le 2008-08-09 - 7:16:07.76 By Mario Després
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\tmp.txt

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\tmp.txt



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


Aucun Fichier trouvé



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\SmitfraudFix.exe] 4C1E05409E87CE3575C4D5A9F3E056C6
[C:\spybotsd160.exe] 0E7FBF50F87B3B7C384A2471154A7558

==> SVP merci d'envoyer le fichier C:\DOCUME~1\MARIOD~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 2008-08-09_ 72059.14.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-aler...


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------




et ensuite

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:25:00, on 2008-08-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eye On Network\Eye On Network.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\DOCUME~1\MARIOD~1\LOCALS~1\Temp\bwgo00017654.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Eye On Network] C:\Program Files\Eye On Network\Eye On Network.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Little%20Shop%20-%20Road%20Trip/Images/stg_drm.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Little%20Shop%20-%20Road%20Trip/Images/armhelper.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt....
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8413 bytes
9 Août 2008 23:17:15



BitDefender Online Scanner







Rapport d'analyse généré à: Sat, Aug 09, 2008 - 16:41:32









Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;















Statistiques

Temps


00:43:54

Fichiers


135214

Directoires


16126

Secteurs de boot


5

Archives


1758

Paquets programmes


11226







Résultats

Virus identifiés


1

Fichiers infectés


7

Fichiers suspects


0

Avertissements


0

Désinfectés


0

Fichiers effacés


7







Info sur les moteurs

Définition virus


1436115

Version des moteurs


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins


16

Archive des plugins


43

Unpack des plugins


7

E-mail plugins


6

Système plugins


5







Paramètres d'analyse

Première action


Désinfecté

Seconde Action


Supprimé

Heuristique


Oui

Acceptez les avertissements


Oui

Extensions analysées


exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions




Analyse d'emails


Oui

Analyse des Archives


Oui

Analyser paquets programmes


Oui

Analyse des fichiers


Oui

Analyse de boot


Oui








Fichier analysé


Statut

C:\Program Files\Mozilla Firefox\SmitfraudFix\IEDFix.C.exe


Infecté par: IRC-Worm.Generic.3573

C:\Program Files\Mozilla Firefox\SmitfraudFix\IEDFix.C.exe


Supprimé

C:\SmitfraudFix\IEDFix.C.exe


Infecté par: IRC-Worm.Generic.3573

C:\SmitfraudFix\IEDFix.C.exe


Supprimé

C:\SmitfraudFix.exe=>(RAR Sfx o)=>SmitfraudFix\IEDFix.C.exe


Infecté par: IRC-Worm.Generic.3573

C:\SmitfraudFix.exe=>(RAR Sfx o)=>SmitfraudFix\IEDFix.C.exe


Supprimé

C:\SmitfraudFix.exe=>(RAR Sfx o)


Echec de la mise à jour

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP897\A0329808.exe


Infecté par: IRC-Worm.Generic.3573

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP897\A0329808.exe


Supprimé

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP898\A0329884.exe


Infecté par: IRC-Worm.Generic.3573

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP898\A0329884.exe


Supprimé

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP898\A0329885.exe


Infecté par: IRC-Worm.Generic.3573

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP898\A0329885.exe


Supprimé

C:\WINDOWS\SmitfraudFix\IEDFix.C.exe


Infecté par: IRC-Worm.Generic.3573

C:\WINDOWS\SmitfraudFix\IEDFix.C.exe


Supprimé





















avast /supprimé. restait un fichier prefetch seulement ',-)
10 Août 2008 14:52:53

:hello: tinomme1969,

comment va ton Pc?

A+ tard ;)  .
10 Août 2008 16:15:30

salut. generalement,mon pc va bien sauf que ya toujours windows security center dans mon panneau de configuration.pas de pup-up sauf si je clic pour l activer,la le fameux x rouge s installe dans ma barre des taches et peu importe le lien que je clic,ca m emmene sur la meme page.
par contre,si je desactive mon anti-virus,le centre de securité xp s active bien et tous les liens fonctionnent...mais il reste invisible a partir du panneau de configuration.

est-ce que mes explications sont claires???
10 Août 2008 20:31:04

tinomme1969 a dit :
1] ya toujours windows security center dans mon panneau de configuration 2] pas de pup-up sauf si je clic pour l activer


Re,

1] Désinstalle-le.

2] Ne l' active surtout pas :non:  ...

Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31 : http://siri.urz.free.fr/Fix/SmitfraudFix.exe

* Installe-le à la racine de C
* Double-clique sur l' exe pour le décompresser et lancer le fix.
Utilisation---option 1---Recherche :
* Double clique sur smitfraudfix.cmd
* Sélectionne 1 pour créer un rapport des fichiers responsables de l' infection.
* Poste le rapport ici.

process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus...) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d' un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...), d' où l' alerte émise par ces antivirus.

A+ tard ;)  .
11 Août 2008 13:11:04

SmitFraudFix v2.333

Rapport fait à 7:07:25.01, 2008-08-11
Executé à partir de C:\WINDOWS\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eye On Network\Eye On Network.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\MARIOD~1\LOCALS~1\Temp\bwgo0a239d4b.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mario Després


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mario Després\Application Data

C:\Documents and Settings\Mario Després\Application Data\Skinux PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARIOD~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine II Fast Ethernet Adapter
DNS Server Search Order: 67.69.39.200
DNS Server Search Order: 67.69.39.201

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B9546DF-0DD2-4F87-B941-448E2AFAB302}: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B9546DF-0DD2-4F87-B941-448E2AFAB302}: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7B9546DF-0DD2-4F87-B941-448E2AFAB302}: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7B9546DF-0DD2-4F87-B941-448E2AFAB302}: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=67.69.39.200 67.69.39.201


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

11 Août 2008 13:37:15

Bonjour tinomme1969,

double-clique sur smitfraudfix.cmd

* Sélectionne 2 pour supprimer les fichiers responsables de l' infection.
A la question Voulez-vous nettoyer le registre ?, répondre O (Oui) afin de débloquer le fond d' écran et de supprimer les clés de démarrage automatique de l' infection. Le fix déterminera si le fichier wininet.dll est infecté.
A la question Corriger le fichier infecté ?, répondre O (Oui) pour remplacer le fichier corrompu.
* Redémarre en mode normal et poste le rapport.

NB : Cette étape élimine les fichiers infectieux détectés à l' option 1. Attention elle supprime le fond d' écran!

A+ tard ;)  .
11 Août 2008 17:49:17

``cent fois sur le métier, remettez votre ouvrage...``

re- voila:SmitFraudFix v2.333

Rapport fait à 11:40:51.25, 2008-08-11
Executé à partir de C:\Documents and Settings\Mario Després\Bureau\Upload_Me\DOCUME~1\MARIOD~1\Bureau\Upload_Me\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B9546DF-0DD2-4F87-B941-448E2AFAB302}: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B9546DF-0DD2-4F87-B941-448E2AFAB302}: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7B9546DF-0DD2-4F87-B941-448E2AFAB302}: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7B9546DF-0DD2-4F87-B941-448E2AFAB302}: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=67.69.39.200 67.69.39.201


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

12 Août 2008 13:37:37

ComboFix 08-08-11.01 - Mario Després 2008-08-12 7:20:50.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1546 [GMT -4:00]
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\actskn43.ocx

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-12 to 2008-08-12 ))))))))))))))))))))))))))))))))))))
.

2008-08-12 07:15 . 2008-08-12 07:15 2,710,613 --a------ C:\ComboFix.exe
2008-08-11 13:22 . 2008-08-11 13:30 <REP> d-------- C:\d3temp
2008-08-11 11:46 . 2008-08-11 11:46 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\Skinux
2008-08-10 06:41 . 2008-08-10 06:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Slapdash Games
2008-08-09 15:49 . 2008-08-09 15:49 230,776 --a------ C:\aswclear.exe
2008-08-09 07:15 . 2008-08-09 07:15 <REP> d-------- C:\MSNFix
2008-08-09 07:15 . 2008-08-09 07:14 447,594 --a------ C:\MSNFix.zip
2008-08-07 20:41 . 2008-08-11 07:08 <REP> d-------- C:\WINDOWS\SmitfraudFix
2008-08-07 20:41 . 2008-08-11 11:29 1,479,403 --a------ C:\SmitfraudFix.exe
2008-08-07 11:04 . 2008-08-07 11:04 <REP> d-------- C:\Program Files\Avira
2008-08-07 11:04 . 2008-08-07 11:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-06 22:06 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-06 22:06 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-06 07:38 . 2008-08-06 07:38 <REP> d-------- C:\Program Files\Sun
2008-08-05 07:04 . 2008-08-05 07:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TheRace_dev
2008-08-03 12:55 . 2008-08-03 12:55 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\Malwarebytes
2008-08-03 12:55 . 2008-08-03 12:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-03 11:44 . 2008-08-03 11:45 <REP> d-------- C:\WINDOWS\ERUNT
2008-08-03 10:43 . 2008-08-03 10:43 <REP> d-------- C:\Program Files\Trend Micro
2008-08-02 21:19 . 2008-08-02 21:19 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-02 21:14 . 2008-08-02 21:17 15,083,520 --a------ C:\spybotsd160.exe
2008-08-02 21:09 . 2008-07-27 22:29 172,295 --a------ C:\WINDOWS\system32\_scui.cpl
2008-08-02 15:58 . 2008-08-02 15:58 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\Skinux
2008-08-02 13:13 . 2008-08-02 13:48 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
2008-08-02 13:06 . 2008-08-02 14:01 <REP> d-------- C:\Program Files\Kodak
2008-08-02 08:10 . 2008-08-02 08:12 <REP> d-------- C:\Program Files\Cactus Bruce and the Corporate Monkeys
2008-08-02 08:03 . 2008-08-02 08:03 <REP> d-------- C:\Program Files\Nemo's Aquarium 3D
2008-08-02 08:03 . 2004-01-30 15:31 3,594,576 --a------ C:\WINDOWS\Nemo's Aquarium 3D Anemonen-Feld.scr
2008-08-02 08:03 . 2004-01-30 15:31 3,494,207 --a------ C:\WINDOWS\Nemo's Aquarium 3D Korallenriff.scr
2008-08-02 08:03 . 2008-08-11 13:30 2,620 --a------ C:\WINDOWS\ssconf2.bin
2008-08-01 20:33 . 2008-08-04 12:20 <REP> d-------- C:\Program Files\The Mystery Of The Crystal Portal
2008-07-30 08:53 . 2008-07-30 08:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\The Revills Games
2008-07-22 09:43 . 2008-07-22 09:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Media Art
2008-07-19 06:33 . 2008-07-19 06:33 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\Gold Casual Games
2008-07-19 06:33 . 2008-07-19 06:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
2008-07-18 08:06 . 2008-07-19 20:33 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\ForgottenRiddles2
2008-07-15 13:54 . 2008-03-11 20:30 105,511 --a------ C:\WINDOWS\_detmp.1
2008-07-15 13:54 . 2000-04-23 19:00 69,632 --a------ C:\WINDOWS\_detmp.2
2008-07-14 16:04 . 2008-07-14 16:05 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\EnchantedCavern
2008-07-12 08:00 . 2008-07-12 08:00 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\AlauxSoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 11:24 --------- d-----w C:\Program Files\Eye On Network
2008-08-12 11:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-11 15:40 3,870 ----a-w C:\WINDOWS\system32\tmp.reg
2008-08-10 13:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-10 12:00 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\uTorrent
2008-08-09 23:27 --------- d-----w C:\Program Files\Zylom Games
2008-08-09 13:25 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Zylom
2008-08-09 00:13 --------- d-----w C:\Program Files\iWin.com
2008-08-07 15:38 --------- d-----w C:\Program Files\iWin Games
2008-08-07 02:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 14:19 --------- d-----w C:\Program Files\Java
2008-08-06 11:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-08-05 19:40 --------- d-----w C:\Program Files\Blood Ties
2008-08-04 17:23 --------- d-----w C:\Program Files\Unicorn Castle
2008-08-02 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-07-23 17:41 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-22 10:51 --------- d-----w C:\Program Files\SuperMarioPac
2008-07-15 23:22 --------- d-----w C:\Program Files\GameFiesta
2008-07-15 18:43 --------- d-----w C:\Program Files\RealArcade
2008-07-15 18:42 --------- d-----w C:\Program Files\Oberon Media
2008-07-13 16:49 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\LimeWire
2008-07-12 12:46 --------- d-----w C:\Program Files\Lavasoft
2008-07-12 12:44 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\Lavasoft
2008-07-12 12:42 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-08 22:42 --------- d-----w C:\Program Files\The Pini Society
2008-07-04 12:29 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\Meridian93
2008-07-04 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Arkadium
2008-07-03 17:29 --------- d-----w C:\Program Files\Google Earth Pro 4.2
2008-07-02 13:08 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Meridian93
2008-07-02 10:37 --------- d-----w C:\Program Files\Turtix Rescue Adventure
2008-07-01 14:12 --------- d-----w C:\Program Files\Turtix 2 - Rescue Adventures
2008-06-28 14:13 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Ancient Quest of Saqqarah__bfg
2008-06-28 01:21 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Reflexive
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 01:49 --------- d-----w C:\Program Files\The Lost Cases Of Sherlock Holmes
2008-06-20 01:35 --------- d-----w C:\Documents and Settings\marie josée\Application Data\MysteryStudio
2008-06-19 16:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-06-19 00:49 --------- d-----w C:\Documents and Settings\marie josée\Application Data\BigFish
2008-06-19 00:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFish
2008-06-15 23:56 --------- d-----w C:\Program Files\The Clumsys
2008-06-15 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Media Center Programs
2008-06-15 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameHouse
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-03-21 07:05 7,407,104 ----a-w C:\Program Files\Limewire PRO 4.17.5.EXE
2008-03-01 12:30 0 ----a-w C:\Program Files\temp01
2007-10-29 15:29 7,467,056 ----a-w C:\Program Files\spybotsd15.exe
2007-01-09 02:14 4,049,311 ----a-w C:\Program Files\liveupdate.exe
2006-12-05 02:07 497 ----a-w C:\Program Files\Raccourci vers lumieres.lnk
2006-12-05 01:58 9,440 ----a-w C:\Program Files\lumieres.zip
2006-11-29 02:35 817 -c--a-w C:\Program Files\recoil.err
2006-08-28 23:39 983,745 ----a-w C:\Program Files\PowerpointImageExtractor.zip
2006-03-07 03:07 31,944 ----a-w C:\Program Files\Uninst.isu
2006-02-03 16:53 243,512 ----a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe
2005-10-29 02:45 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-03-11 17:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1999-10-06 21:40 1,765,376 ------w C:\Documents and Settings\Mario Després\SETUPENU.DLL
1999-10-06 21:40 1,765,376 ------w C:\Documents and Settings\Mario Després\SETUPENU.DLL
1999-01-12 21:19 75,776 ----a-w C:\Program Files\messages.dll
1998-11-06 19:50 57,344 ----a-w C:\Program Files\Uninst.dll
1998-11-04 16:41 201,216 ----a-w C:\Program Files\a3dapi.dll
1997-10-09 20:54 30,720 ----a-w C:\Program Files\regsvr32.exe
2008-03-31 16:12 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2007-10-01 18:17 1,199,508 --sha-w C:\WINDOWS\system32\wbem\mof\good\mirc.exe
2008-03-13 12:08 172 --sha-w C:\WINDOWS\system32\wbem\mof\good\start.bat
2007-09-23 19:05 147 --sha-w C:\WINDOWS\system32\wbem\mof\good\start.reg
2008-03-12 14:56 107 --sha-w C:\WINDOWS\system32\wbem\mof\good\winhelp.vbe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"Eye On Network"="C:\Program Files\Eye On Network\Eye On Network.exe" [2003-09-13 13:47 1553920]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-08-21 11:15 1192336]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-08-21 11:17 1966128]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe" [2007-08-20 19:20 148760]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 15:07 90112 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00 15360]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe [2007-07-02 17:56:45 840704]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]
Logiciel Kodak EasyShare.lnk - F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-05-10 07:15:28 282624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlackICE PC Protection.lnk]
backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mario Després^Menu Démarrer^Programmes^Démarrage^Enregistrement d'un produit Joint Operations Typhoon Rising.lnk]
backup=C:\WINDOWS\pss\Enregistrement d'un produit Joint Operations Typhoon Rising.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"C:\\Program Files\\ASUS\\ASUS GameFace Live\\GameFace.exe"=
"C:\\Program Files\\Powerboat GT\\Run.exe"=
"F:\\carbon\\NFSC.exe"=
"F:\\xpandrally.exe"=
"F:\\Program Files\\Supreme Commander\\bin\\SupremeCommander.exe"=
"F:\\Program Files\\GPGNet\\GPG.Multiplayer.Client.exe"=
"E:\\mc2.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"F:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"E:\\microsoft games\\fsx.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 08:46]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 11:11]
R0 vIdeBus;vIdeBus;C:\WINDOWS\system32\DRIVERS\vIdeBus.sys [2007-06-25 15:12]
R0 vIdePort;VIA IDE Controller PORT Driver;C:\WINDOWS\system32\DRIVERS\vIdePort.sys [2007-06-25 15:12]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-06-25 14:45]
R3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2004-11-16 09:27]
R3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2004-11-16 11:54]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56]
S0 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys []
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S3 atidgllk;atidgllk;C:\Program Files\ASUS\SmartDoctor\atidgllk.sys [2004-06-16 14:34]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 Fadpu16E;Fadpu16E;C:\WINDOWS\TEMP\Fadpu16E.sys []
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-02-25 19:26]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-02-25 19:26]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 23:58]
S3 SIWIO;SIWIO;C:\WINDOWS\TEMP\SiwIo.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []

*Newly Created Service* - PCALERTDRIVER
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-08-02 C:\WINDOWS\Tasks\EasyShare Registration Task.job
- C:\WINDOWS\system32\rundll32.exe [2004-08-05 08:00]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PowerBar - (no file)
Notify-klogon - (no file)
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mario Després\Application Data\Mozilla\Firefox\Profiles\7g53ffgl.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 07:27:10
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\DOCUME~1\MARIOD~1\LOCALS~1\temp\bwgo0001e6b1.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-12 7:33:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-12 11:33:41

Pre-Run: 1,740,222,464 octets libres
Post-Run: 1,821,323,264 octets libres

269 --- E O F --- 2008-07-26 10:12:26
14 Août 2008 01:20:29

hé! salut. je n ai pas abandonné...


BitDefender Online Scanner







Rapport d'analyse généré à: Wed, Aug 13, 2008 - 19:10:31









Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;















Statistiques

Temps


00:44:15

Fichiers


133741

Directoires


16221

Secteurs de boot


5

Archives


1767

Paquets programmes


11021







Résultats

Virus identifiés


1

Fichiers infectés


10

Fichiers suspects


0

Avertissements


0

Désinfectés


0

Fichiers effacés


10







Info sur les moteurs

Définition virus


1467275

Version des moteurs


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins


16

Archive des plugins


43

Unpack des plugins


7

E-mail plugins


6

Système plugins


5







Paramètres d'analyse

Première action


Désinfecté

Seconde Action


Supprimé

Heuristique


Oui

Acceptez les avertissements


Oui

Extensions analysées


exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions




Analyse d'emails


Oui

Analyse des Archives


Oui

Analyser paquets programmes


Oui

Analyse des fichiers


Oui

Analyse de boot


Oui








Fichier analysé


Statut

C:\Program Files\Mozilla Firefox\SmitfraudFix\IEDFix.C.exe


Infecté par: IRC-Worm.Generic.3574

C:\Program Files\Mozilla Firefox\SmitfraudFix\IEDFix.C.exe


Supprimé

C:\SmitfraudFix.exe=>(RAR Sfx o)=>SmitfraudFix\IEDFix.C.exe


Infecté par: IRC-Worm.Generic.3574

C:\SmitfraudFix.exe=>(RAR Sfx o)=>SmitfraudFix\IEDFix.C.exe


Supprimé

C:\SmitfraudFix.exe=>(RAR Sfx o)


Echec de la mise à jour

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP898\A0329886.exe


Infecté par: IRC-Worm.Generic.3574

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP898\A0329886.exe


Supprimé

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP899\A0329951.exe=>(RAR Sfx o)=>SmitfraudFix\IEDFix.C.exe


Infecté par: IRC-Worm.Generic.3574

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP899\A0329951.exe=>(RAR Sfx o)=>SmitfraudFix\IEDFix.C.exe


Supprimé

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP899\A0329951.exe=>(RAR Sfx o)


Echec de la mise à jour

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP900\A0329966.exe=>(RAR Sfx o)=>SmitfraudFix\IEDFix.C.exe


Infecté par: IRC-Worm.Generic.3574

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP900\A0329966.exe=>(RAR Sfx o)=>SmitfraudFix\IEDFix.C.exe


Supprimé

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP900\A0329966.exe=>(RAR Sfx o)


Echec de la mise à jour

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP900\A0329981.exe


Infecté par: IRC-Worm.Generic.3574

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP900\A0329981.exe


Supprimé

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP901\A0330118.exe=>(RAR Sfx o)=>SmitfraudFix\IEDFix.C.exe


Infecté par: IRC-Worm.Generic.3574

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP901\A0330118.exe=>(RAR Sfx o)=>SmitfraudFix\IEDFix.C.exe


Supprimé

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP901\A0330118.exe=>(RAR Sfx o)


Echec de la mise à jour

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP901\A0330134.exe


Infecté par: IRC-Worm.Generic.3574

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP901\A0330134.exe


Supprimé

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP902\A0330248.exe


Infecté par: IRC-Worm.Generic.3574

C:\System Volume Information\_restore{6DCF8BB7-ACA0-4DDA-A68E-E1CCD52AD22B}\RP902\A0330248.exe


Supprimé

C:\WINDOWS\SmitfraudFix\IEDFix.C.exe


Infecté par: IRC-Worm.Generic.3574

C:\WINDOWS\SmitfraudFix\IEDFix.C.exe


Supprimé






j attend la suite,a+.














14 Août 2008 13:32:42

Bonjour tinomme1969,

poste un nouveau rapport HijackThis...

A+ tard ;)  .
Ps : Comment va ton Pc?
14 Août 2008 16:20:16

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:09, on 2008-08-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eye On Network\Eye On Network.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\MARIOD~1\LOCALS~1\Temp\bwgo009a11f4.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Eye On Network] C:\Program Files\Eye On Network\Eye On Network.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-436374069-1960408961-839522115-1007\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'marie josée')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Laura%20Jones%20and%20the%20Gates%20of%20Good%20and%20Evil/Images/stg_drm.ocx
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} -
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} -
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Little%20Shop%20-%20Road%20Trip/Images/armhelper.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt....
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9236 bytes


bonjour frederix. ya rien de changé coté windows security center...
      • 1 / 3
      • 2
      • 3
      • Dernier
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS