Votre question

[Résolu] Virus

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Mai 2008 23:19:54

Bonjour à tous !

Je suis nouveau ici, je poste parce que j'ai un virus sur mon ordinateur. Je me suis absenté quelques jours, et pendant ce temps mon père a attrapé ce truc en ouvrant un truc qu'il fallait pas dans un mail, apparemment.
Maintenant l'ordi plante souvent 2-3 minutes après le démarrage, un écran de fond s'est installé avec écrit "Warning, Spyware found on your computer, install an antispyware or antivirus", et des cafards se baladent en bouffant les icônes du bureau (comme un écran de veille après inactivité.

J'ai réussi un peu à stabiliser le truc, j'ai fait une analyse avec Spybot et l'antivirus AVG, et là ça a l'air de s'être calmé, mais il y'a surement encore des saloperies sur la machine.

J'ai également téléchargé HiJackThis, et voici le log du scan :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00:46, on 25/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Microsoft Hardware\Keyboard\type32.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Java\jre1.6.0\bin\jusched.exe
E:\WINDOWS\system32\ctfmona.exe
E:\WINDOWS\system32\ctfmon.exe
E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\AVG\AVG8\avgtray.exe
E:\Documents and Settings\Angélique\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - E:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4C8C47A0-65BC-4818-83A0-BB5FF2D79C26} - E:\WINDOWS\system32\wvuvu.dll (file missing)
O2 - BHO: (no name) - {51AAB489-7D80-443D-BF12-EDD76920DA53} - E:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - E:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [IntelliType] "E:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Zone Labs Client] E:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [CloneCDTray] "E:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ctfmona] E:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [antiviirus] E:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] E:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - E:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - E:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{67537B1E-A3EF-43D0-98FA-E218280076B8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{74790246-8C91-48B5-923A-A2EC2600F0BA}: NameServer = 85.255.114.62,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F170D5-0270-44F8-8009-DEAD97B44579}: NameServer = 85.255.114.62,85.255.112.61
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{67537B1E-A3EF-43D0-98FA-E218280076B8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - E:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: gebabab - gebabab.dll (file missing)
O21 - SSODL: AvpAlrt - {ded5f0d9-377c-480d-aaa2-936d8ac38a9c} - E:\WINDOWS\Resources\AvpAlrt.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - E:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O24 - Desktop Component 0: (no name) - http://www.humour.com/images/images/double_zero.jpg

--
End of file - 8832 bytes


Voilà, j'espère avoir donné assez de détails, et je remercie d'avance les personnes qui pourront aider !

Autres pages sur : resolu virus

26 Mai 2008 21:28:07

bonsoir
je sais pas trop ce que tu as stabilisé, mais tu es encore bien infecté...

1

Télécharge FixWareout de l'un de ces deux liens :
Fixwareout.exe


Sauvegarde-le sur ton Bureau, puis lance-le.
Clique Next, puis Install, et assure-toi que "Run fixit" soit coché, puis clique Finish.
Suis les directives à l'écran.
L'outil va te demander de redémarrer ton PC; fais-le s'il te plaît.
Le redémarrage risque de prendre un peu plus de temps; ceci est normal.
Suite au redémarrage, copie/colle le contenu du rapport généré par l'outil qui se trouve ici : C:\fixwareout\report.txt,

2

~Télécharge SmitfraudFix

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

~Dezippe la totalité de l'archive SmitfraudFix.zip
Recherche:
~Double clique sur SmitfraudFix.cmd
~Sélectionne 1 et presse Entrée dans le menu pour créer un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque système C:\rapport.txt
~Poste ce rapport.
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

27 Mai 2008 01:40:20

Rebonsoir !
Merci pour ces indications claires.

1

Voici le rapport Fixwareout :

Username "Ang‚lique" - 27/05/2008 1:09:12 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{74790246-8C91-48B5-923A-A2EC2600F0BA}
"nameserver"="85.255.114.62,85.255.112.61" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E2F170D5-0270-44F8-8009-DEAD97B44579}
"nameserver"="85.255.114.62,85.255.112.61" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{67537B1E-A3EF-43D0-98FA-E218280076B8}
"DhcpNameServer"="85.255.114.62,85.255.112.61" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{CCB57110-DDF1-4292-BEF9-B0C39BAF9FA6}
"DhcpNameServer"="85.255.114.62,85.255.112.61" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E2F170D5-0270-44F8-8009-DEAD97B44579}
"DhcpNameServer"="85.255.114.62,85.255.112.61" <Value cleared.

Cache de résolution DNS vidé.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLSAV"="E:\\PROGRA~1\\TECHCI~1\\AOLSAV\\AOLAgent.exe"
"IntelliType"="\"E:\\Program Files\\Microsoft Hardware\\Keyboard\\type32.exe\""
"Zone Labs Client"="E:\\PROGRA~1\\ZONELA~1\\ZONEAL~1\\zlclient.exe"
"CloneCDTray"="\"E:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"iTunesHelper"="\"E:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"E:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AOLDialer"="E:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"SunJavaUpdateSched"="\"E:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"AVG8_TRAY"="E:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
"ctfmona"="E:\\WINDOWS\\system32\\ctfmona.exe"
"antiviirus"="E:\\Program Files\\antiviirus.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\\WINDOWS\\system32\\ctfmon.exe"
"AdobeUpdater"="E:\\Program Files\\Fichiers communs\\Adobe\\Updater5\\AdobeUpdater.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~





2

Maintenant le rapport SmitfraudFix :

SmitFraudFix v2.322

Rapport fait à 1:27:13,14, 27/05/2008
Executé à partir de E:\Documents and Settings\Ang‚lique\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Microsoft Hardware\Keyboard\type32.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Java\jre1.6.0\bin\jusched.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmona.exe
E:\Program Files\antiviirus.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\tmp0.exe
E:\Program Files\tmp1.exe
E:\Program Files\tmp2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\PROGRA~1\AVG\AVG8\avgscanx.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\cmd.exe
E:\Program Files\Internet Explorer\iexplore.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» E:\


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32

E:\WINDOWS\system32\ctfmona.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Ang‚lique


»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Ang‚lique\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\ANGLIQ~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files

E:\Program Files\tmp???????.exe PRESENT !
E:\Program Files\antiviirus.exe PRESENT !
E:\Program Files\tmp?.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.humour.com/images/images/double_zero.jpg"
"SubscribedURL"="http://www.humour.com/images/images/double_zero.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="E:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{67537B1E-A3EF-43D0-98FA-E218280076B8}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{74790246-8C91-48B5-923A-A2EC2600F0BA}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{67537B1E-A3EF-43D0-98FA-E218280076B8}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{74790246-8C91-48B5-923A-A2EC2600F0BA}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{67537B1E-A3EF-43D0-98FA-E218280076B8}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{74790246-8C91-48B5-923A-A2EC2600F0BA}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin




Contenus similaires
27 Mai 2008 17:23:04

re

1

~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
Aide

~Double clique sur SmitfraudFix.cmd
~Sélectionne 2 et presse Entrée dans le menu pour supprimer les fichiers responsables de l'infection.
~Réponds Oui (o) à toutes les questions.
Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage.
~Poste le nouveau rapport.

2
ajoute un nouveau log hijackthis stp
27 Mai 2008 19:42:12

Hop !

1

Voici le rapport SmitfraudFix après nettoyage :

SmitFraudFix v2.322

Rapport fait à 19:24:53,98, 27/05/2008
Executé à partir de E:\Documents and Settings\Ang‚lique\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

E:\WINDOWS\system32\ctfmona.exe supprimé
E:\Program Files\antiviirus.exe supprimé
E:\Program Files\tmp???????.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{67537B1E-A3EF-43D0-98FA-E218280076B8}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{74790246-8C91-48B5-923A-A2EC2600F0BA}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{67537B1E-A3EF-43D0-98FA-E218280076B8}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{74790246-8C91-48B5-923A-A2EC2600F0BA}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{67537B1E-A3EF-43D0-98FA-E218280076B8}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{74790246-8C91-48B5-923A-A2EC2600F0BA}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin





2


Et le nouveau rapport HiJackThis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:16, on 27/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Microsoft Hardware\Keyboard\type32.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Java\jre1.6.0\bin\jusched.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Documents and Settings\Angélique\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - E:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4C8C47A0-65BC-4818-83A0-BB5FF2D79C26} - E:\WINDOWS\system32\wvuvu.dll (file missing)
O2 - BHO: (no name) - {51AAB489-7D80-443D-BF12-EDD76920DA53} - E:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - E:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [IntelliType] "E:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Zone Labs Client] E:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [CloneCDTray] "E:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] E:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - E:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - E:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{67537B1E-A3EF-43D0-98FA-E218280076B8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{67537B1E-A3EF-43D0-98FA-E218280076B8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - E:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: gebabab - gebabab.dll (file missing)
O21 - SSODL: AvpAlrt - {ded5f0d9-377c-480d-aaa2-936d8ac38a9c} - E:\WINDOWS\Resources\AvpAlrt.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - E:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 8522 bytes
28 Mai 2008 00:13:08

re
on continue
1

relance SmitFraudFix et sélectionne l'option 5 cette fois. (suppression des détournements de DNS)

2

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    28 Mai 2008 12:46:24

    Re
    Voilà le rapport après scan complet de MalwareByte's Anti-Malware :

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 793

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 202744
    Temps écoulé: 1 hour(s), 56 minute(s), 24 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 51
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 10
    Fichier(s) infecté(s): 11

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a916af3c-976d-4358-8736-95bea0b5fd2c} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{be45f056-e005-437b-be88-23acf70b0b6a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    E:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Program Files\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Program Files\ShoppingReport\Bin\2.0.26 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Documents and Settings\Angélique\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Documents and Settings\Angélique\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Documents and Settings\Angélique\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Documents and Settings\Angélique\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Documents and Settings\Angélique\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Documents and Settings\Angélique\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    E:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
    E:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Documents and Settings\Angélique\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Documents and Settings\Angélique\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Documents and Settings\Angélique\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Documents and Settings\Angélique\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Documents and Settings\Angélique\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Documents and Settings\Angélique\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\Documents and Settings\Angélique\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    E:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
    E:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
    28 Mai 2008 15:53:18

    bien :) 
    reposte un log hijackthis stp
    28 Mai 2008 17:03:42

    Le voilà ;) 

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:02:41, on 28/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    E:\Program Files\Java\jre1.6.0\bin\jusched.exe
    E:\PROGRA~1\AVG\AVG8\avgtray.exe
    E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    E:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    E:\PROGRA~1\AVG\AVG8\avgrsx.exe
    E:\WINDOWS\System32\svchost.exe
    E:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    E:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    E:\WINDOWS\system32\WgaTray.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    D:\pacou\Dofus\Dofus.exe
    D:\pacou\Dofus\dofus.dll
    E:\Documents and Settings\Angélique\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {4C8C47A0-65BC-4818-83A0-BB5FF2D79C26} - E:\WINDOWS\system32\wvuvu.dll (file missing)
    O2 - BHO: (no name) - {51AAB489-7D80-443D-BF12-EDD76920DA53} - E:\WINDOWS\system32\geedb.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - E:\Program Files\RXToolBar\sfcont.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [IntelliType] "E:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] E:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [CloneCDTray] "E:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] E:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
    O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{67537B1E-A3EF-43D0-98FA-E218280076B8}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{67537B1E-A3EF-43D0-98FA-E218280076B8}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - E:\Program Files\RXToolBar\sfcont.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: gebabab - gebabab.dll (file missing)
    O21 - SSODL: AvpAlrt - {ded5f0d9-377c-480d-aaa2-936d8ac38a9c} - E:\WINDOWS\Resources\AvpAlrt.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - E:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

    --
    End of file - 8004 bytes
    28 Mai 2008 20:51:39

    re

    1

    ~Lance Hijackthis “Do a system scan only”.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.

    O2 - BHO: (no name) - {4C8C47A0-65BC-4818-83A0-BB5FF2D79C26} - E:\WINDOWS\system32\wvuvu.dll (file missing)
    O2 - BHO: (no name) - {51AAB489-7D80-443D-BF12-EDD76920DA53} - E:\WINDOWS\system32\geedb.dll (file missing)
    O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - E:\Program Files\RXToolBar\sfcont.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - E:\Program Files\RXToolBar\sfcont.dll
    O20 - Winlogon Notify: gebabab - gebabab.dll (file missing)

    Clique sur Fix checked (en bas à gauche)

    2
    supprime le dossier en gras:
    E:\Program Files\RXToolBar

    3

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"


    4

    ajoute un nouveau rapport Hijackthis.
    29 Mai 2008 14:24:38

    Coucou.

    Pour l'étape 2, apparemment le dossier avait déjà été supprimé, il n'était plus là.

    La suite :


    Rapport Combofix :


    ComboFix 08-05-28.4 - Angélique 2008-05-29 13:58:57.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.76 [GMT 2:00]
    Endroit: E:\Documents and Settings\Angélique\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    E:\Documents and Settings\Angélique\Application Data\macromedia\Flash Player\#SharedObjects\CHY5Q3EJ\www.broadcaster.com
    E:\Documents and Settings\Angélique\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    E:\Documents and Settings\Angélique\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    E:\WINDOWS\smdat32m.sys
    E:\WINDOWS\system32\818646
    E:\WINDOWS\system32\bdeeg.ini
    E:\WINDOWS\system32\bdeeg.ini2
    E:\WINDOWS\system32\uvuvw.ini
    E:\WINDOWS\system32\uvuvw.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-28 03:33 . 2008-05-28 03:33 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-28 03:33 . 2008-05-05 20:46 27,048 --a------ E:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-28 03:33 . 2008-05-05 20:46 15,864 --a------ E:\WINDOWS\system32\drivers\mbam.sys
    2008-05-27 02:22 . 2004-08-20 01:09 221,184 --a------ E:\WINDOWS\system32\wmpns.dll
    2008-05-27 02:09 . 2007-07-09 15:11 584,192 -----c--- E:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-05-27 01:27 . 2008-05-27 19:25 2,958 --a------ E:\WINDOWS\system32\tmp.reg
    2008-05-27 01:25 . 2007-09-06 00:22 289,144 --a------ E:\WINDOWS\system32\VCCLSID.exe
    2008-05-27 01:25 . 2006-04-27 17:49 288,417 --a------ E:\WINDOWS\system32\SrchSTS.exe
    2008-05-27 01:25 . 2008-05-15 23:22 86,528 --a------ E:\WINDOWS\system32\VACFix.exe
    2008-05-27 01:25 . 2008-05-18 21:40 82,944 --a------ E:\WINDOWS\system32\IEDFix.exe
    2008-05-27 01:25 . 2008-05-18 21:40 82,944 --a------ E:\WINDOWS\system32\404Fix.exe
    2008-05-27 01:25 . 2003-06-05 21:13 53,248 --a------ E:\WINDOWS\system32\Process.exe
    2008-05-27 01:25 . 2004-07-31 18:50 51,200 --a------ E:\WINDOWS\system32\dumphive.exe
    2008-05-27 01:25 . 2007-10-04 00:36 25,600 --a------ E:\WINDOWS\system32\WS2Fix.exe
    2008-05-27 01:14 . 2007-07-30 19:19 38,232 --a------ E:\WINDOWS\system32\wucltui.dll.mui
    2008-05-27 01:14 . 2007-07-30 19:20 30,040 --a------ E:\WINDOWS\system32\wuaucpl.cpl.mui
    2008-05-27 01:14 . 2007-07-30 19:19 30,040 --a------ E:\WINDOWS\system32\wuapi.dll.mui
    2008-05-27 01:14 . 2007-07-30 19:18 21,336 --a------ E:\WINDOWS\system32\wuaueng.dll.mui
    2008-05-27 01:08 . 2008-05-27 01:14 <REP> d-------- E:\fixwareout
    2008-05-17 17:26 . 2008-05-22 20:40 54,156 --ah----- E:\WINDOWS\QTFont.qfn
    2008-05-17 17:26 . 2008-05-17 17:26 1,409 --a------ E:\WINDOWS\QTFont.for

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-28 01:36 396 ----a-w E:\WINDOWS\system32\drivers\fwdrv.err
    2008-05-17 22:48 --------- d-----w E:\Program Files\Soulseek
    2008-04-25 22:25 96,520 ----a-w E:\WINDOWS\system32\drivers\avgldx86.sys
    2008-04-25 22:25 75,272 ----a-w E:\WINDOWS\system32\drivers\avgtdix.sys
    2008-04-25 22:25 10,520 ----a-w E:\WINDOWS\system32\avgrsstx.dll
    2008-04-25 22:24 --------- d-----w E:\Program Files\AVG
    2008-04-25 22:24 --------- d-----w E:\Documents and Settings\All Users\Application Data\avg8
    2008-03-25 04:51 621,344 ----a-w E:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w E:\WINDOWS\system32\msjint40.dll
    2008-03-20 08:09 1,845,376 ----a-w E:\WINDOWS\system32\win32k.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    2008-04-26 00:24 2050816 --a------ E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"= "E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-26 00:24 2050816]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"= E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-26 00:24 2050816]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
    "AdobeUpdater"="E:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AOLSAV"="E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-03-15 12:39 73728]
    "IntelliType"="E:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 06:41 94208]
    "Zone Labs Client"="E:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe" [ ]
    "CloneCDTray"="E:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 15:47 57344]
    "iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
    "QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2006-05-05 19:43 155648]
    "AOLDialer"="E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 06:25 496752]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
    "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-27 11:43 77824]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "AVG8_TRAY"="E:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-26 00:24 1177368]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "AvpAlrt"= {ded5f0d9-377c-480d-aaa2-936d8ac38a9c} - E:\WINDOWS\Resources\AvpAlrt.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm
    "vidc.xvid"= xvid.dll
    "VIDC.HFYU"= huffyuv.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "E:\\Program Files\\Messenger\\msmsgs.exe"=
    "E:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "E:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\AOL 9.0\\waol.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "E:\\Program Files\\uTorrent\\utorrent.exe"=
    "E:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
    "E:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "E:\\Program Files\\MSN Messenger\\livecall.exe"=
    "E:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"=
    "E:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
    "E:\\Program Files\\AOL 9.0\\waol.exe"=
    "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
    "E:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "E:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1214:TCP"= 1214:TCP:Kazaa
    "7561:TCP"= 7561:TCP:emule tcp
    "7571:UDP"= 7571:UDP:emule udp

    R1 AvgLdx86;AVG AVI Loader Driver x86;E:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-26 00:25]
    R1 fwdrv;Firewall Driver;E:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
    R1 khips;Kerio HIPS Driver;E:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
    R2 avg8emc;AVG8 E-mail Scanner;E:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-26 00:24]
    R2 avg8wd;AVG8 WatchDog;E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-26 00:24]
    R2 AvgTdiX;AVG8 Network Redirector;E:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-26 00:25]
    S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;E:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
    S3 MBAMCatchMe;MBAMCatchMe;E:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-29 14:08:33
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    E:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    E:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    E:\Program Files\AVG\AVG8\avgrsx.exe
    E:\Program Files\AVG\AVG8\avgrsx.exe
    E:\WINDOWS\system32\imapi.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-29 14:18:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-29 12:18:34

    Pre-Run: 382,103,552 octets libres
    Post-Run: 518,922,240 octets libres

    160 --- E O F --- 2008-05-27 18:01:46






    Et un nouveau log Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:21:10, on 29/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    E:\WINDOWS\System32\drivers\CDAC11BA.EXE
    E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    E:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    E:\Program Files\Java\jre1.6.0\bin\jusched.exe
    E:\WINDOWS\System32\svchost.exe
    E:\PROGRA~1\AVG\AVG8\avgtray.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    E:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    E:\WINDOWS\explorer.exe
    E:\WINDOWS\system32\notepad.exe
    E:\Program Files\AVG\AVG8\avgrsx.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    E:\Program Files\AVG\AVG8\avgrsx.exe
    E:\Documents and Settings\Angélique\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [IntelliType] "E:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] E:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [CloneCDTray] "E:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] E:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{67537B1E-A3EF-43D0-98FA-E218280076B8}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{67537B1E-A3EF-43D0-98FA-E218280076B8}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O21 - SSODL: AvpAlrt - {ded5f0d9-377c-480d-aaa2-936d8ac38a9c} - E:\WINDOWS\Resources\AvpAlrt.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - E:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

    --
    End of file - 7425 bytes


    29 Mai 2008 21:24:52

    re

    je voudrais vérifier quelque chose...

    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    E:\WINDOWS\system32\wmpns.dll

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.




    30 Mai 2008 01:54:26

    Voilà :) 


    Fichier wmpns.dll reçu le 2008.05.30 01:51:56 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.5.29.0 2008.05.29 -
    AntiVir 7.8.0.24 2008.05.29 -
    Authentium 5.1.0.4 2008.05.29 -
    Avast 4.8.1195.0 2008.05.29 -
    AVG 7.5.0.516 2008.05.29 -
    BitDefender 7.2 2008.05.30 -
    CAT-QuickHeal 9.50 2008.05.29 -
    ClamAV 0.92.1 2008.05.29 -
    DrWeb 4.44.0.09170 2008.05.29 -
    eSafe 7.0.15.0 2008.05.29 -
    eTrust-Vet 31.4.5834 2008.05.29 -
    Ewido 4.0 2008.05.29 -
    F-Prot 4.4.4.56 2008.05.29 -
    F-Secure 6.70.13260.0 2008.05.30 -
    Fortinet 3.14.0.0 2008.05.29 -
    GData 2.0.7306.1023 2008.05.29 -
    Ikarus T3.1.1.26.0 2008.05.30 -
    Kaspersky 7.0.0.125 2008.05.30 -
    McAfee 5306 2008.05.29 -
    Microsoft 1.3520 2008.05.30 -
    NOD32v2 3145 2008.05.29 -
    Norman 5.80.02 2008.05.29 -
    Panda 9.0.0.4 2008.05.29 -
    Prevx1 V2 2008.05.30 -
    Rising 20.46.32.00 2008.05.29 -
    Sophos 4.29.0 2008.05.29 -
    Sunbelt 3.0.1139.1 2008.05.29 -
    Symantec 10 2008.05.30 -
    TheHacker 6.2.92.325 2008.05.30 -
    VBA32 3.12.6.6 2008.05.29 -
    VirusBuster 4.3.26:9 2008.05.29 -
    Webwasher-Gateway 6.6.2 2008.05.29 -
    Information additionnelle
    File size: 221184 bytes
    MD5...: 7700f06c746fc968b67ea19904060ed4
    SHA1..: fa9ef20c07ba1c4fe4c705ee708fc14de4c3fbd8
    SHA256: 11fad13f8fadeda3cab4e3f587b0823b0e867c06574d294abf25e8fbb1596780
    SHA512: f63a6ffff7c71b8f5f650af8c97c8652b24f6eef61234a13676ec19f02c6d94c<br>0e04470778b9ac6e04004513676216c32cb690ec5c1720be33fda0d609c062ff
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4b189aaf<br>timedatestamp.....: 0x41253343 (Thu Aug 19 23:09:55 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2c693 0x2d000 6.34 007795c4c82158e83337a6ec86eb1e00<br>.data 0x2e000 0x40f0 0x3000 5.54 3646948843d181c12b3dfac21d921f05<br>.rsrc 0x33000 0x3d8 0x1000 1.04 b1f9f3fc230509e17b143f93967209f4<br>.reloc 0x34000 0x3b40 0x4000 4.18 e2a088a1be3bf8c65b4822ef67e36ef8<br><br>( 10 imports ) <br>> msvcrt.dll: wcsstr, _wcsnicmp, _wtol, _vsnwprintf, wcschr, wcspbrk, iswspace, memmove, wcslen, wcsncmp, towupper, _wcsicmp, wcsrchr, vswprintf, _beginthreadex, _wtoi, iswdigit, wcscmp, _snwprintf, wcsncpy, __3@YAXPAX@Z, _onexit, __dllonexit, _adjust_fdiv, malloc, _initterm, free, _purecall, _except_handler3, __2@YAPAXI@Z<br>> MPR.dll: WNetGetConnectionW, WNetGetConnectionA, WNetCancelConnection2W, WNetAddConnection2W<br>> KERNEL32.dll: CompareStringW, GetDriveTypeA, GetDriveTypeW, QueryDosDeviceA, QueryDosDeviceW, GetWindowsDirectoryW, GetLocaleInfoW, GetLocaleInfoA, GetVersionExW, lstrcpyW, lstrcatW, LoadLibraryW, lstrcpynW, GetModuleHandleW, GetModuleFileNameW, GetModuleFileNameA, GetFileAttributesW, GetFileAttributesA, lstrlenA, CloseHandle, GetCurrentThreadId, WaitForSingleObject, SetEvent, FlushInstructionCache, GetCurrentProcess, InterlockedIncrement, LeaveCriticalSection, EnterCriticalSection, InterlockedDecrement, SetLastError, GetLastError, FreeLibrary, SetErrorMode, GetProcAddress, GetExitCodeThread, CreateFileW, CreateFileA, DeviceIoControl, GetVersion, GetUserDefaultLangID, CreateThread, InitializeCriticalSection, HeapDestroy, DeleteCriticalSection, DisableThreadLibraryCalls, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, CreateEventW, CreateEventA, CompareStringA, GetModuleHandleA, GetWindowsDirectoryA, lstrlenW, GetVersionExA, MultiByteToWideChar, WideCharToMultiByte, VirtualAlloc, VirtualFree, LoadLibraryA, HeapAlloc, GetProcessHeap, HeapFree, SetUnhandledExceptionFilter, UnhandledExceptionFilter<br>> GDI32.dll: SelectPalette, RealizePalette, RectVisible, SetDIBitsToDevice, StretchDIBits, MaskBlt, StretchBlt, CreateDIBSection, GetDIBColorTable, GetDeviceCaps, GetObjectW, GetObjectType, GetObjectA, CreateICW, CreateICA, GetClipBox, CreateCompatibleDC, SelectClipRgn, SelectObject, OffsetViewportOrgEx, DeleteDC, SetRectRgn, CreateRectRgnIndirect, DeleteObject<br>> USER32.dll: MessageBoxA, MessageBoxW, PeekMessageA, PeekMessageW, PostMessageA, PostMessageW, PostThreadMessageA, PostThreadMessageW, RegisterClassExA, RegisterClassExW, UnregisterClassA, UnregisterClassW, RegisterWindowMessageA, SendMessageW, SetWindowLongA, SetWindowLongW, wvsprintfW, GetMonitorInfoA, GetMonitorInfoW, CharNextW, GetCapture, ReleaseCapture, SetCapture, GetFocus, SetFocus, IsWindowVisible, GetDC, ReleaseDC, InvalidateRect, InvalidateRgn, PtInRect, MonitorFromRect, WindowFromDC, LoadCursorW, GetWindowTextW, GetWindowTextA, GetWindowLongW, GetWindowLongA, GetMessageW, GetMessageA, GetClassNameA, GetClassLongA, GetClassInfoExW, GetClassInfoExA, DispatchMessageW, DispatchMessageA, DefWindowProcW, DefWindowProcA, CreateWindowExW, CreateWindowExA, GetSystemMetrics, CharNextA, GetCursorPos, MapWindowPoints, CallWindowProcW, CallWindowProcA, BeginPaint, CopyRect, LoadCursorA, OffsetRect, EndPaint, IsChild, ShowWindow, GetClientRect, SetWindowPos, GetParent, GetWindowRect, TranslateMessage, SetParent, IsWindow, DestroyWindow, BringWindowToTop, SendMessageA<br>> ADVAPI32.dll: RegCreateKeyExA, RegCreateKeyExW, RegOpenKeyExA, RegOpenKeyExW, RegQueryValueExA, RegQueryValueExW, RegCloseKey<br>> ole32.dll: CoUninitialize, CoFreeUnusedLibraries, CoInitialize, CoCreateInstance<br>> COMCTL32.dll: InitCommonControlsEx<br>> OLEAUT32.dll: -, -, -, -, -, -, -<br>> SHLWAPI.dll: PathGetCharTypeW, PathGetCharTypeA<br><br>( 247 exports ) <br>DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, _Java_WMPNS_EventThread_CheckEvents@8, _Java_WMPNS_EventThread_GetThreadID@8, _Java_WMPNS_EventThread_kill@12, _Java_WMPNS_IWMPCdromCollection_equalsNative@20, _Java_WMPNS_IWMPCdromCollection_getByDriveSpecifierNative@20, _Java_WMPNS_IWMPCdromCollection_getCountNative@16, _Java_WMPNS_IWMPCdromCollection_itemNative@24, _Java_WMPNS_IWMPCdrom_ejectNative@16, _Java_WMPNS_IWMPCdrom_equalsNative@20, _Java_WMPNS_IWMPCdrom_getDriveSpecifierNative@16, _Java_WMPNS_IWMPCdrom_getPlaylistNative@16, _Java_WMPNS_IWMPClosedCaption_equalsNative@20, _Java_WMPNS_IWMPClosedCaption_getCaptioningIDNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIFileNameNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMILangCountNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMILangIDNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMILangNameNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMILangNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleCountNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleNameNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleNative@16, _Java_WMPNS_IWMPClosedCaption_setCaptioningIDNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMIFileNameNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMILangNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMIStyleNative@20, _Java_WMPNS_IWMPControls_equalsNative@20, _Java_WMPNS_IWMPControls_fastForwardNative@16, _Java_WMPNS_IWMPControls_fastReverseNative@16, _Java_WMPNS_IWMPControls_getAudioLanguageCountNative@16, _Java_WMPNS_IWMPControls_getAudioLanguageDescriptionNative@24, _Java_WMPNS_IWMPControls_getAudioLanguageIDNative@24, _Java_WMPNS_IWMPControls_getCurrentAudioLanguageIndexNative@16, _Java_WMPNS_IWMPControls_getCurrentAudioLanguageNative@16, _Java_WMPNS_IWMPControls_getCurrentItemNative@16, _Java_WMPNS_IWMPControls_getCurrentMarkerNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionStringNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionTimecodeNative@16, _Java_WMPNS_IWMPControls_getLanguageNameNative@24, _Java_WMPNS_IWMPControls_isAvailableNative@20, _Java_WMPNS_IWMPControls_nextNative@16, _Java_WMPNS_IWMPControls_pauseNative@16, _Java_WMPNS_IWMPControls_playItemNative@20, _Java_WMPNS_IWMPControls_playNative@16, _Java_WMPNS_IWMPControls_previousNative@16, _Java_WMPNS_IWMPControls_setCurrentAudioLanguageIndexNative@24, _Java_WMPNS_IWMPControls_setCurrentAudioLanguageNative@24, _Java_WMPNS_IWMPControls_setCurrentItemNative@20, _Java_WMPNS_IWMPControls_setCurrentMarkerNative@24, _Java_WMPNS_IWMPControls_setCurrentPositionNative@24, _Java_WMPNS_IWMPControls_setCurrentPositionTimecodeNative@20, _Java_WMPNS_IWMPControls_stepNative@24, _Java_WMPNS_IWMPControls_stopNative@16, _Java_WMPNS_IWMPDVD_backNative@16, _Java_WMPNS_IWMPDVD_equalsNative@20, _Java_WMPNS_IWMPDVD_getDomainNative@16, _Java_WMPNS_IWMPDVD_isAvailableNative@20, _Java_WMPNS_IWMPDVD_resumeNative@16, _Java_WMPNS_IWMPDVD_titleMenuNative@16, _Java_WMPNS_IWMPDVD_topMenuNative@16, _Java_WMPNS_IWMPErrorItem_equalsNative@20, _Java_WMPNS_IWMPErrorItem_getConditionNative@16, _Java_WMPNS_IWMPErrorItem_getCustomUrlNative@16, _Java_WMPNS_IWMPErrorItem_getErrorCodeNative@16, _Java_WMPNS_IWMPErrorItem_getErrorContextNative@16, _Java_WMPNS_IWMPErrorItem_getErrorDescriptionNative@16, _Java_WMPNS_IWMPErrorItem_getRemedyNative@16, _Java_WMPNS_IWMPError_clearErrorQueueNative@16, _Java_WMPNS_IWMPError_equalsNative@20, _Java_WMPNS_IWMPError_getErrorCountNative@16, _Java_WMPNS_IWMPError_itemNative@24, _Java_WMPNS_IWMPError_webHelpNative@16, _Java_WMPNS_IWMPMediaCollection_addNative@20, _Java_WMPNS_IWMPMediaCollection_equalsNative@20, _Java_WMPNS_IWMPMediaCollection_getAllNative@16, _Java_WMPNS_IWMPMediaCollection_getAttributeStringCollectionNative@24, _Java_WMPNS_IWMPMediaCollection_getByAlbumNative@20, _Java_WMPNS_IWMPMediaCollection_getByAttributeNative@24, _Java_WMPNS_IWMPMediaCollection_getByAuthorNative@20, _Java_WMPNS_IWMPMediaCollection_getByGenreNative@20, _Java_WMPNS_IWMPMediaCollection_getByNameNative@20, _Java_WMPNS_IWMPMediaCollection_getMediaAtomNative@20, _Java_WMPNS_IWMPMediaCollection_isDeletedNative@20, _Java_WMPNS_IWMPMediaCollection_removeNative@24, _Java_WMPNS_IWMPMediaCollection_setDeletedNative@24, _Java_WMPNS_IWMPMedia_equalsNative@20, _Java_WMPNS_IWMPMedia_getAttributeCountByTypeNative@24, _Java_WMPNS_IWMPMedia_getAttributeCountNative@16, _Java_WMPNS_IWMPMedia_getAttributeNameNative@24, _Java_WMPNS_IWMPMedia_getDurationNative@16, _Java_WMPNS_IWMPMedia_getDurationStringNative@16, _Java_WMPNS_IWMPMedia_getErrorNative@16, _Java_WMPNS_IWMPMedia_getImageSourceHeightNative@16, _Java_WMPNS_IWMPMedia_getImageSourceWidthNative@16, _Java_WMPNS_IWMPMedia_getItemInfoByAtomNative@24, _Java_WMPNS_IWMPMedia_getItemInfoByTypeNative@32, _Java_WMPNS_IWMPMedia_getItemInfoNative@20, _Java_WMPNS_IWMPMedia_getMarkerCountNative@16, _Java_WMPNS_IWMPMedia_getMarkerNameNative@24, _Java_WMPNS_IWMPMedia_getMarkerTimeNative@24, _Java_WMPNS_IWMPMedia_getNameNative@16, _Java_WMPNS_IWMPMedia_getSourceURLNative@16, _Java_WMPNS_IWMPMedia_isIdenticalNative@20, _Java_WMPNS_IWMPMedia_isMemberOfNative@20, _Java_WMPNS_IWMPMedia_isReadOnlyItemNative@20, _Java_WMPNS_IWMPMedia_setItemInfoNative@24, _Java_WMPNS_IWMPMedia_setNameNative@20, _Java_WMPNS_IWMPNetwork_equalsNative@20, _Java_WMPNS_IWMPNetwork_getBandWidthNative@16, _Java_WMPNS_IWMPNetwork_getBitRateNative@16, _Java_WMPNS_IWMPNetwork_getBufferingCountNative@16, _Java_WMPNS_IWMPNetwork_getBufferingProgressNative@16, _Java_WMPNS_IWMPNetwork_getBufferingTimeNative@16, _Java_WMPNS_IWMPNetwork_getDownloadProgressNative@16, _Java_WMPNS_IWMPNetwork_getEncodedFrameRateNative@16, _Java_WMPNS_IWMPNetwork_getFrameRateNative@16, _Java_WMPNS_IWMPNetwork_getFramesSkippedNative@16, _Java_WMPNS_IWMPNetwork_getLostPacketsNative@16, _Java_WMPNS_IWMPNetwork_getMaxBandwidthNative@16, _Java_WMPNS_IWMPNetwork_getMaxBitRateNative@16, _Java_WMPNS_IWMPNetwork_getProxyBypassForLocalNative@20, _Java_WMPNS_IWMPNetwork_getProxyExceptionListNative@20, _Java_WMPNS_IWMPNetwork_getProxyNameNative@20, _Java_WMPNS_IWMPNetwork_getProxyPortNative@20, _Java_WMPNS_IWMPNetwork_getProxySettingsNative@20, _Java_WMPNS_IWMPNetwork_getReceivedPacketsNative@16, _Java_WMPNS_IWMPNetwork_getReceptionQualityNative@16, _Java_WMPNS_IWMPNetwork_getRecoveredPacketsNative@16, _Java_WMPNS_IWMPNetwork_getSourceProtocolNative@16, _Java_WMPNS_IWMPNetwork_setBufferingTimeNative@24, _Java_WMPNS_IWMPNetwork_setMaxBandwidthNative@24, _Java_WMPNS_IWMPNetwork_setProxyBypassForLocalNative@24, _Java_WMPNS_IWMPNetwork_setProxyExceptionListNative@24, _Java_WMPNS_IWMPNetwork_setProxyNameNative@24, _Java_WMPNS_IWMPNetwork_setProxyPortNative@28, _Java_WMPNS_IWMPNetwork_setProxySettingsNative@28, _Java_WMPNS_IWMPPlayerApplication_equalsNative@20, _Java_WMPNS_IWMPPlayerApplication_getHasDisplayNative@16, _Java_WMPNS_IWMPPlayerApplication_getPlayerDockedNative@16, _Java_WMPNS_IWMPPlayerApplication_switchToControlNative@16, _Java_WMPNS_IWMPPlayerApplication_switchToPlayerApplicationNative@16, _Java_WMPNS_IWMPPlayer_closeNative@16, _Java_WMPNS_IWMPPlayer_equalsNative@20, _Java_WMPNS_IWMPPlayer_getCdromCollectionNative@16, _Java_WMPNS_IWMPPlayer_getClosedCaptionNative@16, _Java_WMPNS_IWMPPlayer_getControlsNative@16, _Java_WMPNS_IWMPPlayer_getCurrentMediaNative@16, _Java_WMPNS_IWMPPlayer_getCurrentPlaylistNative@16, _Java_WMPNS_IWMPPlayer_getDvdNative@16, _Java_WMPNS_IWMPPlayer_getEnableContextMenuNative@16, _Java_WMPNS_IWMPPlayer_getEnabledNative@16, _Java_WMPNS_IWMPPlayer_getErrorNative@16, _Java_WMPNS_IWMPPlayer_getFullScreenNative@16, _Java_WMPNS_IWMPPlayer_getIsOnlineNative@16, _Java_WMPNS_IWMPPlayer_getIsRemoteNative@16, _Java_WMPNS_IWMPPlayer_getMediaCollectionNative@16, _Java_WMPNS_IWMPPlayer_getNetworkNative@16, _Java_WMPNS_IWMPPlayer_getOpenStateNative@16, _Java_WMPNS_IWMPPlayer_getPlayStateNative@16, _Java_WMPNS_IWMPPlayer_getPlayerApplicationNative@16, _Java_WMPNS_IWMPPlayer_getPlaylistCollectionNative@16, _Java_WMPNS_IWMPPlayer_getSettingsNative@16, _Java_WMPNS_IWMPPlayer_getStatusNative@16, _Java_WMPNS_IWMPPlayer_getStretchToFitNative@16, _Java_WMPNS_IWMPPlayer_getURLNative@16, _Java_WMPNS_IWMPPlayer_getUiModeNative@16, _Java_WMPNS_IWMPPlayer_getVersionInfoNative@16, _Java_WMPNS_IWMPPlayer_getWindowlessVideoNative@16, _Java_WMPNS_IWMPPlayer_launchURLNative@20, _Java_WMPNS_IWMPPlayer_newMediaNative@20, _Java_WMPNS_IWMPPlayer_newPlaylistNative@24, _Java_WMPNS_IWMPPlayer_openPlayerNative@20, _Java_WMPNS_IWMPPlayer_setCurrentMediaNative@20, _Java_WMPNS_IWMPPlayer_setCurrentPlaylistNative@20, _Java_WMPNS_IWMPPlayer_setEnableContextMenuNative@20, _Java_WMPNS_IWMPPlayer_setEnabledNative@20, _Java_WMPNS_IWMPPlayer_setFullScreenNative@20, _Java_WMPNS_IWMPPlayer_setStretchToFitNative@20, _Java_WMPNS_IWMPPlayer_setURLNative@20, _Java_WMPNS_IWMPPlayer_setUiModeNative@20, _Java_WMPNS_IWMPPlayer_setWindowlessVideoNative@20, _Java_WMPNS_IWMPPlaylistArray_equalsNative@20, _Java_WMPNS_IWMPPlaylistArray_getCountNative@16, _Java_WMPNS_IWMPPlaylistArray_itemNative@24, _Java_WMPNS_IWMPPlaylistCollection_equalsNative@20, _Java_WMPNS_IWMPPlaylistCollection_getAllNative@16, _Java_WMPNS_IWMPPlaylistCollection_getByNameNative@20, _Java_WMPNS_IWMPPlaylistCollection_importPlaylistNative@20, _Java_WMPNS_IWMPPlaylistCollection_isDeletedNative@20, _Java_WMPNS_IWMPPlaylistCollection_newPlaylistNative@20, _Java_WMPNS_IWMPPlaylistCollection_removeNative@20, _Java_WMPNS_IWMPPlaylistCollection_setDeletedNative@24, _Java_WMPNS_IWMPPlaylist_appendItemNative@20, _Java_WMPNS_IWMPPlaylist_clearNative@16, _Java_WMPNS_IWMPPlaylist_equalsNative@20, _Java_WMPNS_IWMPPlaylist_getAttributeCountNative@16, _Java_WMPNS_IWMPPlaylist_getAttributeNameNative@24, _Java_WMPNS_IWMPPlaylist_getCountNative@16, _Java_WMPNS_IWMPPlaylist_getItemInfoNative@20, _Java_WMPNS_IWMPPlaylist_getNameNative@16, _Java_WMPNS_IWMPPlaylist_insertItemNative@28, _Java_WMPNS_IWMPPlaylist_isIdenticalNative@20, _Java_WMPNS_IWMPPlaylist_itemNative@24, _Java_WMPNS_IWMPPlaylist_moveItemNative@32, _Java_WMPNS_IWMPPlaylist_removeItemNative@20, _Java_WMPNS_IWMPPlaylist_setItemInfoNative@24, _Java_WMPNS_IWMPPlaylist_setNameNative@20, _Java_WMPNS_IWMPSettings_equalsNative@20, _Java_WMPNS_IWMPSettings_getAutoStartNative@16, _Java_WMPNS_IWMPSettings_getBalanceNative@16, _Java_WMPNS_IWMPSettings_getBaseURLNative@16, _Java_WMPNS_IWMPSettings_getDefaultAudioLanguageNative@16, _Java_WMPNS_IWMPSettings_getDefaultFrameNative@16, _Java_WMPNS_IWMPSettings_getEnableErrorDialogsNative@16, _Java_WMPNS_IWMPSettings_getInvokeURLsNative@16, _Java_WMPNS_IWMPSettings_getMediaAccessRightsNative@16, _Java_WMPNS_IWMPSettings_getModeNative@20, _Java_WMPNS_IWMPSettings_getMuteNative@16, _Java_WMPNS_IWMPSettings_getPlayCountNative@16, _Java_WMPNS_IWMPSettings_getRateNative@16, _Java_WMPNS_IWMPSettings_getVolumeNative@16, _Java_WMPNS_IWMPSettings_isAvailableNative@20, _Java_WMPNS_IWMPSettings_requestMediaAccessRightsNative@20, _Java_WMPNS_IWMPSettings_setAutoStartNative@20, _Java_WMPNS_IWMPSettings_setBalanceNative@24, _Java_WMPNS_IWMPSettings_setBaseURLNative@20, _Java_WMPNS_IWMPSettings_setDefaultFrameNative@20, _Java_WMPNS_IWMPSettings_setEnableErrorDialogsNative@20, _Java_WMPNS_IWMPSettings_setInvokeURLsNative@20, _Java_WMPNS_IWMPSettings_setModeNative@24, _Java_WMPNS_IWMPSettings_setMuteNative@20, _Java_WMPNS_IWMPSettings_setPlayCountNative@24, _Java_WMPNS_IWMPSettings_setRateNative@24, _Java_WMPNS_IWMPSettings_setVolumeNative@24, _Java_WMPNS_IWMPStringCollection_equalsNative@20, _Java_WMPNS_IWMPStringCollection_getCountNative@16, _Java_WMPNS_IWMPStringCollection_itemNative@24, _Java_WMPNS_WMP_debug@12, _Java_WMPNS_WMP_getAppletHWND@8, _Java_WMPNS_WMP_getPlayer@12, _Java_WMPNS_WMP_getTargetHWND@12, _Java_WMPNS_WMP_killThread@12, _Java_WMPNS_WMP_spawnThread@16<br>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.5.29.0 2008.05.29 -
    AntiVir 7.8.0.24 2008.05.29 -
    Authentium 5.1.0.4 2008.05.29 -
    Avast 4.8.1195.0 2008.05.29 -
    AVG 7.5.0.516 2008.05.29 -
    BitDefender 7.2 2008.05.30 -
    CAT-QuickHeal 9.50 2008.05.29 -
    ClamAV 0.92.1 2008.05.29 -
    DrWeb 4.44.0.09170 2008.05.29 -
    eSafe 7.0.15.0 2008.05.29 -
    eTrust-Vet 31.4.5834 2008.05.29 -
    Ewido 4.0 2008.05.29 -
    F-Prot 4.4.4.56 2008.05.29 -
    F-Secure 6.70.13260.0 2008.05.30 -
    Fortinet 3.14.0.0 2008.05.29 -
    GData 2.0.7306.1023 2008.05.29 -
    Ikarus T3.1.1.26.0 2008.05.30 -
    Kaspersky 7.0.0.125 2008.05.30 -
    McAfee 5306 2008.05.29 -
    Microsoft 1.3520 2008.05.30 -
    NOD32v2 3145 2008.05.29 -
    Norman 5.80.02 2008.05.29 -
    Panda 9.0.0.4 2008.05.29 -
    Prevx1 V2 2008.05.30 -
    Rising 20.46.32.00 2008.05.29 -
    Sophos 4.29.0 2008.05.29 -
    Sunbelt 3.0.1139.1 2008.05.29 -
    Symantec 10 2008.05.30 -
    TheHacker 6.2.92.325 2008.05.30 -
    VBA32 3.12.6.6 2008.05.29 -
    VirusBuster 4.3.26:9 2008.05.29 -
    Webwasher-Gateway 6.6.2 2008.05.29 -

    Information additionnelle
    File size: 221184 bytes
    MD5...: 7700f06c746fc968b67ea19904060ed4
    SHA1..: fa9ef20c07ba1c4fe4c705ee708fc14de4c3fbd8
    SHA256: 11fad13f8fadeda3cab4e3f587b0823b0e867c06574d294abf25e8fbb1596780
    SHA512: f63a6ffff7c71b8f5f650af8c97c8652b24f6eef61234a13676ec19f02c6d94c<br>0e04470778b9ac6e04004513676216c32cb690ec5c1720be33fda0d609c062ff
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4b189aaf<br>timedatestamp.....: 0x41253343 (Thu Aug 19 23:09:55 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2c693 0x2d000 6.34 007795c4c82158e83337a6ec86eb1e00<br>.data 0x2e000 0x40f0 0x3000 5.54 3646948843d181c12b3dfac21d921f05<br>.rsrc 0x33000 0x3d8 0x1000 1.04 b1f9f3fc230509e17b143f93967209f4<br>.reloc 0x34000 0x3b40 0x4000 4.18 e2a088a1be3bf8c65b4822ef67e36ef8<br><br>( 10 imports ) <br>> msvcrt.dll: wcsstr, _wcsnicmp, _wtol, _vsnwprintf, wcschr, wcspbrk, iswspace, memmove, wcslen, wcsncmp, towupper, _wcsicmp, wcsrchr, vswprintf, _beginthreadex, _wtoi, iswdigit, wcscmp, _snwprintf, wcsncpy, __3@YAXPAX@Z, _onexit, __dllonexit, _adjust_fdiv, malloc, _initterm, free, _purecall, _except_handler3, __2@YAPAXI@Z<br>> MPR.dll: WNetGetConnectionW, WNetGetConnectionA, WNetCancelConnection2W, WNetAddConnection2W<br>> KERNEL32.dll: CompareStringW, GetDriveTypeA, GetDriveTypeW, QueryDosDeviceA, QueryDosDeviceW, GetWindowsDirectoryW, GetLocaleInfoW, GetLocaleInfoA, GetVersionExW, lstrcpyW, lstrcatW, LoadLibraryW, lstrcpynW, GetModuleHandleW, GetModuleFileNameW, GetModuleFileNameA, GetFileAttributesW, GetFileAttributesA, lstrlenA, CloseHandle, GetCurrentThreadId, WaitForSingleObject, SetEvent, FlushInstructionCache, GetCurrentProcess, InterlockedIncrement, LeaveCriticalSection, EnterCriticalSection, InterlockedDecrement, SetLastError, GetLastError, FreeLibrary, SetErrorMode, GetProcAddress, GetExitCodeThread, CreateFileW, CreateFileA, DeviceIoControl, GetVersion, GetUserDefaultLangID, CreateThread, InitializeCriticalSection, HeapDestroy, DeleteCriticalSection, DisableThreadLibraryCalls, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, CreateEventW, CreateEventA, CompareStringA, GetModuleHandleA, GetWindowsDirectoryA, lstrlenW, GetVersionExA, MultiByteToWideChar, WideCharToMultiByte, VirtualAlloc, VirtualFree, LoadLibraryA, HeapAlloc, GetProcessHeap, HeapFree, SetUnhandledExceptionFilter, UnhandledExceptionFilter<br>> GDI32.dll: SelectPalette, RealizePalette, RectVisible, SetDIBitsToDevice, StretchDIBits, MaskBlt, StretchBlt, CreateDIBSection, GetDIBColorTable, GetDeviceCaps, GetObjectW, GetObjectType, GetObjectA, CreateICW, CreateICA, GetClipBox, CreateCompatibleDC, SelectClipRgn, SelectObject, OffsetViewportOrgEx, DeleteDC, SetRectRgn, CreateRectRgnIndirect, DeleteObject<br>> USER32.dll: MessageBoxA, MessageBoxW, PeekMessageA, PeekMessageW, PostMessageA, PostMessageW, PostThreadMessageA, PostThreadMessageW, RegisterClassExA, RegisterClassExW, UnregisterClassA, UnregisterClassW, RegisterWindowMessageA, SendMessageW, SetWindowLongA, SetWindowLongW, wvsprintfW, GetMonitorInfoA, GetMonitorInfoW, CharNextW, GetCapture, ReleaseCapture, SetCapture, GetFocus, SetFocus, IsWindowVisible, GetDC, ReleaseDC, InvalidateRect, InvalidateRgn, PtInRect, MonitorFromRect, WindowFromDC, LoadCursorW, GetWindowTextW, GetWindowTextA, GetWindowLongW, GetWindowLongA, GetMessageW, GetMessageA, GetClassNameA, GetClassLongA, GetClassInfoExW, GetClassInfoExA, DispatchMessageW, DispatchMessageA, DefWindowProcW, DefWindowProcA, CreateWindowExW, CreateWindowExA, GetSystemMetrics, CharNextA, GetCursorPos, MapWindowPoints, CallWindowProcW, CallWindowProcA, BeginPaint, CopyRect, LoadCursorA, OffsetRect, EndPaint, IsChild, ShowWindow, GetClientRect, SetWindowPos, GetParent, GetWindowRect, TranslateMessage, SetParent, IsWindow, DestroyWindow, BringWindowToTop, SendMessageA<br>> ADVAPI32.dll: RegCreateKeyExA, RegCreateKeyExW, RegOpenKeyExA, RegOpenKeyExW, RegQueryValueExA, RegQueryValueExW, RegCloseKey<br>> ole32.dll: CoUninitialize, CoFreeUnusedLibraries, CoInitialize, CoCreateInstance<br>> COMCTL32.dll: InitCommonControlsEx<br>> OLEAUT32.dll: -, -, -, -, -, -, -<br>> SHLWAPI.dll: PathGetCharTypeW, PathGetCharTypeA<br><br>( 247 exports ) <br>DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, _Java_WMPNS_EventThread_CheckEvents@8, _Java_WMPNS_EventThread_GetThreadID@8, _Java_WMPNS_EventThread_kill@12, _Java_WMPNS_IWMPCdromCollection_equalsNative@20, _Java_WMPNS_IWMPCdromCollection_getByDriveSpecifierNative@20, _Java_WMPNS_IWMPCdromCollection_getCountNative@16, _Java_WMPNS_IWMPCdromCollection_itemNative@24, _Java_WMPNS_IWMPCdrom_ejectNative@16, _Java_WMPNS_IWMPCdrom_equalsNative@20, _Java_WMPNS_IWMPCdrom_getDriveSpecifierNative@16, _Java_WMPNS_IWMPCdrom_getPlaylistNative@16, _Java_WMPNS_IWMPClosedCaption_equalsNative@20, _Java_WMPNS_IWMPClosedCaption_getCaptioningIDNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIFileNameNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMILangCountNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMILangIDNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMILangNameNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMILangNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleCountNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleNameNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleNative@16, _Java_WMPNS_IWMPClosedCaption_setCaptioningIDNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMIFileNameNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMILangNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMIStyleNative@20, _Java_WMPNS_IWMPControls_equalsNative@20, _Java_WMPNS_IWMPControls_fastForwardNative@16, _Java_WMPNS_IWMPControls_fastReverseNative@16, _Java_WMPNS_IWMPControls_getAudioLanguageCountNative@16, _Java_WMPNS_IWMPControls_getAudioLanguageDescriptionNative@24, _Java_WMPNS_IWMPControls_getAudioLanguageIDNative@24, _Java_WMPNS_IWMPControls_getCurrentAudioLanguageIndexNative@16, _Java_WMPNS_IWMPControls_getCurrentAudioLanguageNative@16, _Java_WMPNS_IWMPControls_getCurrentItemNative@16, _Java_WMPNS_IWMPControls_getCurrentMarkerNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionStringNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionTimecodeNative@16, _Java_WMPNS_IWMPControls_getLanguageNameNative@24, _Java_WMPNS_IWMPControls_isAvailableNative@20, _Java_WMPNS_IWMPControls_nextNative@16, _Java_WMPNS_IWMPControls_pauseNative@16, _Java_WMPNS_IWMPControls_playItemNative@20, _Java_WMPNS_IWMPControls_playNative@16, _Java_WMPNS_IWMPControls_previousNative@16, _Java_WMPNS_IWMPControls_setCurrentAudioLanguageIndexNative@24, _Java_WMPNS_IWMPControls_setCurrentAudioLanguageNative@24, _Java_WMPNS_IWMPControls_setCurrentItemNative@20, _Java_WMPNS_IWMPControls_setCurrentMarkerNative@24, _Java_WMPNS_IWMPControls_setCurrentPositionNative@24, _Java_WMPNS_IWMPControls_setCurrentPositionTimecodeNative@20, _Java_WMPNS_IWMPControls_stepNative@24, _Java_WMPNS_IWMPControls_stopNative@16, _Java_WMPNS_IWMPDVD_backNative@16, _Java_WMPNS_IWMPDVD_equalsNative@20, _Java_WMPNS_IWMPDVD_getDomainNative@16, _Java_WMPNS_IWMPDVD_isAvailableNative@20, _Java_WMPNS_IWMPDVD_resumeNative@16, _Java_WMPNS_IWMPDVD_titleMenuNative@16, _Java_WMPNS_IWMPDVD_topMenuNative@16, _Java_WMPNS_IWMPErrorItem_equalsNative@20, _Java_WMPNS_IWMPErrorItem_getConditionNative@16, _Java_WMPNS_IWMPErrorItem_getCustomUrlNative@16, _Java_WMPNS_IWMPErrorItem_getErrorCodeNative@16, _Java_WMPNS_IWMPErrorItem_getErrorContextNative@16, _Java_WMPNS_IWMPErrorItem_getErrorDescriptionNative@16, _Java_WMPNS_IWMPErrorItem_getRemedyNative@16, _Java_WMPNS_IWMPError_clearErrorQueueNative@16, _Java_WMPNS_IWMPError_equalsNative@20, _Java_WMPNS_IWMPError_getErrorCountNative@16, _Java_WMPNS_IWMPError_itemNative@24, _Java_WMPNS_IWMPError_webHelpNative@16, _Java_WMPNS_IWMPMediaCollection_addNative@20, _Java_WMPNS_IWMPMediaCollection_equalsNative@20, _Java_WMPNS_IWMPMediaCollection_getAllNative@16, _Java_WMPNS_IWMPMediaCollection_getAttributeStringCollectionNative@24, _Java_WMPNS_IWMPMediaCollection_getByAlbumNative@20, _Java_WMPNS_IWMPMediaCollection_getByAttributeNative@24, _Java_WMPNS_IWMPMediaCollection_getByAuthorNative@20, _Java_WMPNS_IWMPMediaCollection_getByGenreNative@20, _Java_WMPNS_IWMPMediaCollection_getByNameNative@20, _Java_WMPNS_IWMPMediaCollection_getMediaAtomNative@20, _Java_WMPNS_IWMPMediaCollection_isDeletedNative@20, _Java_WMPNS_IWMPMediaCollection_removeNative@24, _Java_WMPNS_IWMPMediaCollection_setDeletedNative@24, _Java_WMPNS_IWMPMedia_equalsNative@20, _Java_WMPNS_IWMPMedia_getAttributeCountByTypeNative@24, _Java_WMPNS_IWMPMedia_getAttributeCountNative@16, _Java_WMPNS_IWMPMedia_getAttributeNameNative@24, _Java_WMPNS_IWMPMedia_getDurationNative@16, _Java_WMPNS_IWMPMedia_getDurationStringNative@16, _Java_WMPNS_IWMPMedia_getErrorNative@16, _Java_WMPNS_IWMPMedia_getImageSourceHeightNative@16, _Java_WMPNS_IWMPMedia_getImageSourceWidthNative@16, _Java_WMPNS_IWMPMedia_getItemInfoByAtomNative@24, _Java_WMPNS_IWMPMedia_getItemInfoByTypeNative@32, _Java_WMPNS_IWMPMedia_getItemInfoNative@20, _Java_WMPNS_IWMPMedia_getMarkerCountNative@16, _Java_WMPNS_IWMPMedia_getMarkerNameNative@24, _Java_WMPNS_IWMPMedia_getMarkerTimeNative@24, _Java_WMPNS_IWMPMedia_getNameNative@16, _Java_WMPNS_IWMPMedia_getSourceURLNative@16, _Java_WMPNS_IWMPMedia_isIdenticalNative@20, _Java_WMPNS_IWMPMedia_isMemberOfNative@20, _Java_WMPNS_IWMPMedia_isReadOnlyItemNative@20, _Java_WMPNS_IWMPMedia_setItemInfoNative@24, _Java_WMPNS_IWMPMedia_setNameNative@20, _Java_WMPNS_IWMPNetwork_equalsNative@20, _Java_WMPNS_IWMPNetwork_getBandWidthNative@16, _Java_WMPNS_IWMPNetwork_getBitRateNative@16, _Java_WMPNS_IWMPNetwork_getBufferingCountNative@16, _Java_WMPNS_IWMPNetwork_getBufferingProgressNative@16, _Java_WMPNS_IWMPNetwork_getBufferingTimeNative@16, _Java_WMPNS_IWMPNetwork_getDownloadProgressNative@16, _Java_WMPNS_IWMPNetwork_getEncodedFrameRateNative@16, _Java_WMPNS_IWMPNetwork_getFrameRateNative@16, _Java_WMPNS_IWMPNetwork_getFramesSkippedNative@16, _Java_WMPNS_IWMPNetwork_getLostPacketsNative@16, _Java_WMPNS_IWMPNetwork_getMaxBandwidthNative@16, _Java_WMPNS_IWMPNetwork_getMaxBitRateNative@16, _Java_WMPNS_IWMPNetwork_getProxyBypassForLocalNative@20, _Java_WMPNS_IWMPNetwork_getProxyExceptionListNative@20, _Java_WMPNS_IWMPNetwork_getProxyNameNative@20, _Java_WMPNS_IWMPNetwork_getProxyPortNative@20, _Java_WMPNS_IWMPNetwork_getProxySettingsNative@20, _Java_WMPNS_IWMPNetwork_getReceivedPacketsNative@16, _Java_WMPNS_IWMPNetwork_getReceptionQualityNative@16, _Java_WMPNS_IWMPNetwork_getRecoveredPacketsNative@16, _Java_WMPNS_IWMPNetwork_getSourceProtocolNative@16, _Java_WMPNS_IWMPNetwork_setBufferingTimeNative@24, _Java_WMPNS_IWMPNetwork_setMaxBandwidthNative@24, _Java_WMPNS_IWMPNetwork_setProxyBypassForLocalNative@24, _Java_WMPNS_IWMPNetwork_setProxyExceptionListNative@24, _Java_WMPNS_IWMPNetwork_setProxyNameNative@24, _Java_WMPNS_IWMPNetwork_setProxyPortNative@28, _Java_WMPNS_IWMPNetwork_setProxySettingsNative@28, _Java_WMPNS_IWMPPlayerApplication_equalsNative@20, _Java_WMPNS_IWMPPlayerApplication_getHasDisplayNative@16, _Java_WMPNS_IWMPPlayerApplication_getPlayerDockedNative@16, _Java_WMPNS_IWMPPlayerApplication_switchToControlNative@16, _Java_WMPNS_IWMPPlayerApplication_switchToPlayerApplicationNative@16, _Java_WMPNS_IWMPPlayer_closeNative@16, _Java_WMPNS_IWMPPlayer_equalsNative@20, _Java_WMPNS_IWMPPlayer_getCdromCollectionNative@16, _Java_WMPNS_IWMPPlayer_getClosedCaptionNative@16, _Java_WMPNS_IWMPPlayer_getControlsNative@16, _Java_WMPNS_IWMPPlayer_getCurrentMediaNative@16, _Java_WMPNS_IWMPPlayer_getCurrentPlaylistNative@16, _Java_WMPNS_IWMPPlayer_getDvdNative@16, _Java_WMPNS_IWMPPlayer_getEnableContextMenuNative@16, _Java_WMPNS_IWMPPlayer_getEnabledNative@16, _Java_WMPNS_IWMPPlayer_getErrorNative@16, _Java_WMPNS_IWMPPlayer_getFullScreenNative@16, _Java_WMPNS_IWMPPlayer_getIsOnlineNative@16, _Java_WMPNS_IWMPPlayer_getIsRemoteNative@16, _Java_WMPNS_IWMPPlayer_getMediaCollectionNative@16, _Java_WMPNS_IWMPPlayer_getNetworkNative@16, _Java_WMPNS_IWMPPlayer_getOpenStateNative@16, _Java_WMPNS_IWMPPlayer_getPlayStateNative@16, _Java_WMPNS_IWMPPlayer_getPlayerApplicationNative@16, _Java_WMPNS_IWMPPlayer_getPlaylistCollectionNative@16, _Java_WMPNS_IWMPPlayer_getSettingsNative@16, _Java_WMPNS_IWMPPlayer_getStatusNative@16, _Java_WMPNS_IWMPPlayer_getStretchToFitNative@16, _Java_WMPNS_IWMPPlayer_getURLNative@16, _Java_WMPNS_IWMPPlayer_getUiModeNative@16, _Java_WMPNS_IWMPPlayer_getVersionInfoNative@16, _Java_WMPNS_IWMPPlayer_getWindowlessVideoNative@16, _Java_WMPNS_IWMPPlayer_launchURLNative@20, _Java_WMPNS_IWMPPlayer_newMediaNative@20, _Java_WMPNS_IWMPPlayer_newPlaylistNative@24, _Java_WMPNS_IWMPPlayer_openPlayerNative@20, _Java_WMPNS_IWMPPlayer_setCurrentMediaNative@20, _Java_WMPNS_IWMPPlayer_setCurrentPlaylistNative@20, _Java_WMPNS_IWMPPlayer_setEnableContextMenuNative@20, _Java_WMPNS_IWMPPlayer_setEnabledNative@20, _Java_WMPNS_IWMPPlayer_setFullScreenNative@20, _Java_WMPNS_IWMPPlayer_setStretchToFitNative@20, _Java_WMPNS_IWMPPlayer_setURLNative@20, _Java_WMPNS_IWMPPlayer_setUiModeNative@20, _Java_WMPNS_IWMPPlayer_setWindowlessVideoNative@20, _Java_WMPNS_IWMPPlaylistArray_equalsNative@20, _Java_WMPNS_IWMPPlaylistArray_getCountNative@16, _Java_WMPNS_IWMPPlaylistArray_itemNative@24, _Java_WMPNS_IWMPPlaylistCollection_equalsNative@20, _Java_WMPNS_IWMPPlaylistCollection_getAllNative@16, _Java_WMPNS_IWMPPlaylistCollection_getByNameNative@20, _Java_WMPNS_IWMPPlaylistCollection_importPlaylistNative@20, _Java_WMPNS_IWMPPlaylistCollection_isDeletedNative@20, _Java_WMPNS_IWMPPlaylistCollection_newPlaylistNative@20, _Java_WMPNS_IWMPPlaylistCollection_removeNative@20, _Java_WMPNS_IWMPPlaylistCollection_setDeletedNative@24, _Java_WMPNS_IWMPPlaylist_appendItemNative@20, _Java_WMPNS_IWMPPlaylist_clearNative@16, _Java_WMPNS_IWMPPlaylist_equalsNative@20, _Java_WMPNS_IWMPPlaylist_getAttributeCountNative@16, _Java_WMPNS_IWMPPlaylist_getAttributeNameNative@24, _Java_WMPNS_IWMPPlaylist_getCountNative@16, _Java_WMPNS_IWMPPlaylist_getItemInfoNative@20, _Java_WMPNS_IWMPPlaylist_getNameNative@16, _Java_WMPNS_IWMPPlaylist_insertItemNative@28, _Java_WMPNS_IWMPPlaylist_isIdenticalNative@20, _Java_WMPNS_IWMPPlaylist_itemNative@24, _Java_WMPNS_IWMPPlaylist_moveItemNative@32, _Java_WMPNS_IWMPPlaylist_removeItemNative@20, _Java_WMPNS_IWMPPlaylist_setItemInfoNative@24, _Java_WMPNS_IWMPPlaylist_setNameNative@20, _Java_WMPNS_IWMPSettings_equalsNative@20, _Java_WMPNS_IWMPSettings_getAutoStartNative@16, _Java_WMPNS_IWMPSettings_getBalanceNative@16, _Java_WMPNS_IWMPSettings_getBaseURLNative@16, _Java_WMPNS_IWMPSettings_getDefaultAudioLanguageNative@16, _Java_WMPNS_IWMPSettings_getDefaultFrameNative@16, _Java_WMPNS_IWMPSettings_getEnableErrorDialogsNative@16, _Java_WMPNS_IWMPSettings_getInvokeURLsNative@16, _Java_WMPNS_IWMPSettings_getMediaAccessRightsNative@16, _Java_WMPNS_IWMPSettings_getModeNative@20, _Java_WMPNS_IWMPSettings_getMuteNative@16, _Java_WMPNS_IWMPSettings_getPlayCountNative@16, _Java_WMPNS_IWMPSettings_getRateNative@16, _Java_WMPNS_IWMPSettings_getVolumeNative@16, _Java_WMPNS_IWMPSettings_isAvailableNative@20, _Java_WMPNS_IWMPSettings_requestMediaAccessRightsNative@20, _Java_WMPNS_IWMPSettings_setAutoStartNative@20, _Java_WMPNS_IWMPSettings_setBalanceNative@24, _Java_WMPNS_IWMPSettings_setBaseURLNative@20, _Java_WMPNS_IWMPSettings_setDefaultFrameNative@20, _Java_WMPNS_IWMPSettings_setEnableErrorDialogsNative@20, _Java_WMPNS_IWMPSettings_setInvokeURLsNative@20, _Java_WMPNS_IWMPSettings_setModeNative@24, _Java_WMPNS_IWMPSettings_setMuteNative@20, _Java_WMPNS_IWMPSettings_setPlayCountNative@24, _Java_WMPNS_IWMPSettings_setRateNative@24, _Java_WMPNS_IWMPSettings_setVolumeNative@24, _Java_WMPNS_IWMPStringCollection_equalsNative@20, _Java_WMPNS_IWMPStringCollection_getCountNative@16, _Java_WMPNS_IWMPStringCollection_itemNative@24, _Java_WMPNS_WMP_debug@12, _Java_WMPNS_WMP_getAppletHWND@8, _Java_WMPNS_WMP_getPlayer@12, _Java_WMPNS_WMP_getTargetHWND@12, _Java_WMPNS_WMP_killThread@12, _Java_WMPNS_WMP_spawnThread@16<br>
    30 Mai 2008 19:31:50

    bonsoir

    comment se comporte ton pc?

    supprime E:\qoobox et vide ta corbeille

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://webscanner.kaspersky.fr/

    ~ Clique sur Online Scanner.
    ~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.

    ~Sélectionne le poste de travail comme analyse.

    ~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.

    Tuto du scan en ligne
    31 Mai 2008 12:56:50

    Bonjour

    Le PC se comporte beaucoup mieux. Merci d'avoir consacré ton temps à mon problème !

    Voici le rapport Kaspersky :

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Saturday, May 31, 2008 12:48:27 PM
    Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 30/05/2008
    Enregistrements dans la base antivirus Kaspersky : 726126
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\

    Statistiques de l'analyse:
    Total d'objets analysés: 163794
    Nombre de virus trouvés: 0
    Nombre d'objets infectés: 0 / 0
    Nombre d'objets suspects: 0
    Durée de l'analyse: 03:26:13

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log L'objet est verrouillé ignoré
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx L'objet est verrouillé ignoré
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log L'objet est verrouillé ignoré
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx L'objet est verrouillé ignoré
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log L'objet est verrouillé ignoré
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx L'objet est verrouillé ignoré
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log L'objet est verrouillé ignoré
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx L'objet est verrouillé ignoré
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log L'objet est verrouillé ignoré
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx L'objet est verrouillé ignoré
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log L'objet est verrouillé ignoré
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx L'objet est verrouillé ignoré
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log L'objet est verrouillé ignoré
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx L'objet est verrouillé ignoré
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log L'objet est verrouillé ignoré
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{4F6DBB40-2CFB-4B34-B4D8-F7D2E8E529AF}\RP1014\change.log L'objet est verrouillé ignoré
    C:\jeux\Lost.S04E13-E14.HDTV.XviD-2HD.avi L'objet est verrouillé ignoré
    D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    D:\System Volume Information\_restore{4F6DBB40-2CFB-4B34-B4D8-F7D2E8E529AF}\RP1014\change.log L'objet est verrouillé ignoré
    E:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph L'objet est verrouillé ignoré
    E:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable L'objet est verrouillé ignoré
    E:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log L'objet est verrouillé ignoré
    E:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log L'objet est verrouillé ignoré
    E:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.1 L'objet est verrouillé ignoré
    E:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log L'objet est verrouillé ignoré
    E:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log L'objet est verrouillé ignoré
    E:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log L'objet est verrouillé ignoré
    E:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log L'objet est verrouillé ignoré
    E:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log L'objet est verrouillé ignoré
    E:\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log L'objet est verrouillé ignoré
    E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    E:\Documents and Settings\Angélique\Cookies\index.dat L'objet est verrouillé ignoré
    E:\Documents and Settings\Angélique\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    E:\Documents and Settings\Angélique\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    E:\Documents and Settings\Angélique\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    E:\Documents and Settings\Angélique\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    E:\Documents and Settings\Angélique\NTUSER.DAT L'objet est verrouillé ignoré
    E:\Documents and Settings\Angélique\ntuser.dat.LOG L'objet est verrouillé ignoré
    E:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    E:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    E:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    E:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    E:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    E:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    E:\Program Files\Fichiers communs\AOL\ACS\FR\forms.fdb L'objet est verrouillé ignoré
    E:\Program Files\Fichiers communs\AOL\ACS\FR\static L'objet est verrouillé ignoré
    E:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    E:\System Volume Information\_restore{4F6DBB40-2CFB-4B34-B4D8-F7D2E8E529AF}\RP1014\change.log L'objet est verrouillé ignoré
    E:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    E:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    E:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    E:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    E:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    E:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    E:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    E:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    E:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    E:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    E:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    E:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    E:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    E:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    E:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    E:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    E:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    E:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    E:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    E:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    E:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    E:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    E:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

    Analyse terminée.
    31 Mai 2008 16:02:32

    re

    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS