Votre question
Fermé

probleme NTOS

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Janvier 2008 20:16:48

Bonsoir,

Lorsque j'allume mon Pc, un message me demande une clé crypté et dans details il semble qu'un fichier appelle NTOS.exe pose soucis.

J'ai telechargé le logiciel combofix et voici le rapport :
(il semble que le probleme ne soit tjrs pas reglé...car NOTS apparrait non pas dans les fichiers effacés mais dans les fichiers cachés)

Avez vous une solution

Ps: mon pc ne marche pas en mode sans echec

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\JP\Application Data\hidires
C:\WINDOWS\exefld
C:\WINDOWS\system32\5_exception.nls
C:\WINDOWS\system32\tmp70.tmp

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))))))))
.

2008-01-07 20:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 18:21 --------- d-----w C:\Program Files\Ratajik Software
2008-07-14 22:06 --------- d-----w C:\Program Files\Alwil Software
2008-07-14 22:01 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-14 22:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-07 18:34 --------- d-----w C:\Program Files\HomePlayer1.5.0.2

2008-01-06 19:52 --------- d-----w C:\Program Files\QuickTime
2008-01-06 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-06 19:49 --------- d-----w C:\Program Files\Yahoo!
2008-01-06 19:48 --------- d-----w C:\Program Files\Apple Software Update
2008-01-02 21:08 --------- d-----w C:\Program Files\WinamaxPoker
2007-12-08 10:55 --------- d-----w C:\Program Files\Crazy Browser
2007-12-07 20:13 --------- d-----w C:\Program Files\Microsoft Games
2007-12-07 18:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-28 17:18 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-11-28 14:23 --------- d-----w C:\Program Files\Paradox Interactive
2007-11-25 15:55 --------- d-----w C:\Program Files\Frozenbyte
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 16:07 --------- d-----w C:\Program Files\WinUAE
2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-11-01 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-14 17:19 1 ----a-w C:\Documents and Settings\JP\SI.bin
2006-09-27 19:02 560 -c--a-w C:\Documents and Settings\JP\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 14:18 94208]
"Steam"="c:\program files\steam\steam.exe" [2007-11-30 07:39 1266936]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53 73840]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 16:55 68856]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 08:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2002-12-20 14:22 24576]
"autoclk"="autoclk.exe" [2002-09-25 10:36 118784 C:\WINDOWS\autoclk.exe]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-20 14:22 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-20 14:22 45056]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 17:02 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-07-19 11:36 933888]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2005-02-28 17:53 53248]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 18:38 35328]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53 73840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-04 16:09:21]
Contr“leur d'‚tat.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-07-30 10:25:06]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe [2006-07-29 16:46:02]

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-08-03 17:50]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 04:50]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 13:58]
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 21:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4104b4f2-5fcf-11dc-b89d-0013eff0ce28}]
\Shell\AutoRun\command - O:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f8b2322-afc1-11db-986a-001109be918c}]
\Shell\AutoRun\command - L:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6cf3458-6b2b-11dc-b8a9-0013eff0ce28}]
\Shell\AutoRun\command - M:\Autorun.exe

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-24 13:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2007-11-24 19:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2007-11-24 07:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
"2007-11-24 19:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\Documents
"2007-11-24 13:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\Documents
"2007-11-24 07:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\Documents
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 20:07:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\ntos.exe 440832 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
Completion time: 2008-01-07 20:08:42
ComboFix-quarantined-files.txt 2008-01-07 19:08:37
.
2008-01-01 02:01:15 --- E O F ---

Autres pages sur : probleme ntos

8 Janvier 2008 18:48:43

Je me réponds :

Probleme résolu grace a un logiciel libre : SpyBot search & destroy.

Le NTOS caché a été flingué, plus de petite fenetre a l'ouverture.

Merci Berhane
De rien Berhane.
a b 8 Sécurité
8 Janvier 2008 19:15:45

Bonjour,

Tu peux refaire un scan Combofix ?
Contenus similaires
8 Janvier 2008 19:32:45

Bonsoir

Oui voici le rapport :

ComboFix 08-01-07.5 - JP 2008-01-08 19:26:40.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.587 [GMT 1:00]
Running from: C:\Documents and Settings\JP\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))))))))
.

2008-01-07 23:11 . 2008-01-07 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-07 20:54 . 2008-01-07 20:54 <REP> d-------- C:\Program Files\Trend Micro
2008-01-07 20:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 18:21 --------- d-----w C:\Program Files\Ratajik Software
2008-07-14 22:06 --------- d-----w C:\Program Files\Alwil Software
2008-07-14 22:01 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-14 22:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-08 18:12 --------- d-----w C:\Program Files\Steam
2008-01-06 19:52 --------- d-----w C:\Program Files\QuickTime
2008-01-06 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-06 19:49 --------- d-----w C:\Program Files\Yahoo!
2008-01-06 19:48 --------- d-----w C:\Program Files\Apple Software Update
2008-01-02 21:08 --------- d-----w C:\Program Files\WinamaxPoker
2007-12-08 10:55 --------- d-----w C:\Program Files\Crazy Browser
2007-12-07 20:13 --------- d-----w C:\Program Files\Microsoft Games
2007-12-07 18:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-28 17:18 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-11-28 14:23 --------- d-----w C:\Program Files\Paradox Interactive
2007-11-25 15:55 --------- d-----w C:\Program Files\Frozenbyte
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 16:07 --------- d-----w C:\Program Files\WinUAE
2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-11-01 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-14 17:19 1 ----a-w C:\Documents and Settings\JP\SI.bin
2006-09-27 19:02 560 -c--a-w C:\Documents and Settings\JP\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((( snapshot@2008-01-07_20.07.53,37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-07 18:26:02 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-07 19:19:07 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-07 18:26:02 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-07 19:19:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-07 18:26:02 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-07 19:19:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-08 18:12:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5f0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 14:18 94208]
"Steam"="c:\program files\steam\steam.exe" [2007-11-30 07:39 1266936]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53 73840]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 16:55 68856]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09 171464]
"WINSOS VERIFY"="C:\Program Files\WINSOS\WINSOS.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 08:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2002-12-20 14:22 24576]
"autoclk"="autoclk.exe" [2002-09-25 10:36 118784 C:\WINDOWS\autoclk.exe]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-20 14:22 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-20 14:22 45056]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 17:02 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-07-19 11:36 933888]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2005-02-28 17:53 53248]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 18:38 35328]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53 73840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-04 16:09:21]
Contr“leur d'‚tat.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-07-30 10:25:06]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe [2006-07-29 16:46:02]

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-08-03 17:50]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 04:50]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 13:58]
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 21:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4104b4f2-5fcf-11dc-b89d-0013eff0ce28}]
\Shell\AutoRun\command - O:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f8b2322-afc1-11db-986a-001109be918c}]
\Shell\AutoRun\command - L:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6cf3458-6b2b-11dc-b8a9-0013eff0ce28}]
\Shell\AutoRun\command - M:\Autorun.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-24 13:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2007-11-24 19:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2007-11-24 07:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
"2007-11-24 19:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\Documents
"2007-11-24 13:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\Documents
"2007-11-24 07:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\Documents
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 19:29:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-08 19:30:27
ComboFix-quarantined-files.txt 2008-01-08 18:30:23
ComboFix2.txt 2008-01-07 19:26:26
ComboFix3.txt 2008-01-07 19:08:44
.
2008-01-01 02:01:15 --- E O F ---



Tu y voit qque chose d'anormal ?
a b 8 Sécurité
8 Janvier 2008 19:42:29

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job

Folder::
C:\Program Files\WINSOS
C:\Program Files\Macrogaming

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
"WINSOS VERIFY"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4104b4f2-5fcf-11dc-b89d-0013eff0ce28}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6cf3458-6b2b-11dc-b8a9-0013eff0ce28}]


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
8 Janvier 2008 22:44:20

ok voici le rapport combofix :


ComboFix 08-01-07.5 - JP 2008-01-08 22:36:42.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.578 [GMT 1:00]
Running from: C:\Documents and Settings\JP\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\JP\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Macrogaming
C:\Program Files\Macrogaming\SweetIM\conf\adapter.xml
C:\Program Files\Macrogaming\SweetIM\conf\autoupdate.xml
C:\Program Files\Macrogaming\SweetIM\conf\logger.xml
C:\Program Files\Macrogaming\SweetIM\conf\messages.xml
C:\Program Files\Macrogaming\SweetIM\conf\sweetim.xml
C:\Program Files\Macrogaming\SweetIM\conf\sweetimapp.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\berhane69@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\berhane69@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\cviere@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\chriviere@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\jeanpieviere@hotmail.com\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\jeaniere@hotmail.com\lastuse_SpecialFX.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\jeiere@hotmail.com\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\libie.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\libulonie.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\valou9tmail.com\emoticons_shortcut.xml
C:\Program iles\Macrogaming\SweetIM\conf\users\valou9mail.com\lastuse_Emoticons.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\valouotmail.com\lastuse_SpecialFX.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\valouotmail.com\lastuse_Winks.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\valoutmail.com\user_config.xml
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AC.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B9.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CC.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D1.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D5.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DD.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001011E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010817.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010819.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010842.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010847.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010848.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010849.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010857.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010859.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010893.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A7.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108BA.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020067.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020071.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020072.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020073.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020075.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020079.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020080.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002008A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200A2.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200B8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200B9.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C0.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D4.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200E3.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200ED.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020114.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020119.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002011A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002011B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002011E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020144.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020149.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020150.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020154.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020155.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020158.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020160.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020171.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002017D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030017.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400A3.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400B4.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400BB.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050001.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050002.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050004.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050005.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050007.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060027.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006002A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006003D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000600B1.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000600BB.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\010108A7.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050002.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
C:\Program Files\Macrogaming\SweetIM\default.xml
C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll
C:\Program Files\Macrogaming\SweetIM\mgArchive.dll
C:\Program Files\Macrogaming\SweetIM\mgcommon.dll
C:\Program Files\Macrogaming\SweetIM\mgcommunication.dll
C:\Program Files\Macrogaming\SweetIM\mgconfig.dll
C:\Program Files\Macrogaming\SweetIM\mgFlashPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mghooking.dll
C:\Program Files\Macrogaming\SweetIM\mgIEPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mglogger.dll
C:\Program Files\Macrogaming\SweetIM\mgMediaPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mgMsnAuto.dll
C:\Program Files\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll
C:\Program Files\Macrogaming\SweetIM\mgSweetIM.dll
C:\Program Files\Macrogaming\SweetIM\mgUpdateSupport.dll
C:\Program Files\Macrogaming\SweetIM\mgxml_wrapper.dll
C:\Program Files\Macrogaming\SweetIM\mgYahooAuto.dll
C:\Program Files\Macrogaming\SweetIM\mgYahooMessengerAdapter.dll
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\cd2005c66fba47ff715ecc444d3bc1fb.xml
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))))))))
.

2008-01-07 23:11 . 2008-01-07 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-07 20:54 . 2008-01-07 20:54 <REP> d-------- C:\Program Files\Trend Micro
2008-01-07 20:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 18:21 --------- d-----w C:\Program Files\Ratajik Software
2008-07-14 22:06 --------- d-----w C:\Program Files\Alwil Software
2008-07-14 22:01 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-14 22:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-08 18:12 --------- d-----w C:\Program Files\Steam
2008-01-07 19:57 --------- d-----w C:\Program Files\HomePlayer1.5.0.2
2008-01-06 19:52 --------- d-----w C:\Program Files\QuickTime
2008-01-06 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-06 19:49 --------- d-----w C:\Program Files\Yahoo!
2008-01-06 19:48 --------- d-----w C:\Program Files\Apple Software Update
2008-01-02 21:08 --------- d-----w C:\Program Files\WinamaxPoker
2007-12-08 10:55 --------- d-----w C:\Program Files\Crazy Browser
2007-12-07 20:13 --------- d-----w C:\Program Files\Microsoft Games
2007-12-07 18:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-28 17:18 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-11-28 14:23 --------- d-----w C:\Program Files\Paradox Interactive
2007-11-25 15:55 --------- d-----w C:\Program Files\Frozenbyte
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 16:07 --------- d-----w C:\Program Files\WinUAE
2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-11-01 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-14 17:19 1 ----a-w C:\Documents and Settings\JP\SI.bin
2006-09-27 19:02 560 -c--a-w C:\Documents and Settings\JP\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((( snapshot@2008-01-07_20.07.53,37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-07 18:26:02 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-07 19:19:07 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-07 18:26:02 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-07 19:19:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-07 18:26:02 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-07 19:19:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-08 18:12:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5f0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 14:18 94208]
"Steam"="c:\program files\steam\steam.exe" [2007-11-30 07:39 1266936]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 16:55 68856]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09 171464]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 08:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2002-12-20 14:22 24576]
"autoclk"="autoclk.exe" [2002-09-25 10:36 118784 C:\WINDOWS\autoclk.exe]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-20 14:22 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-20 14:22 45056]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 17:02 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-07-19 11:36 933888]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2005-02-28 17:53 53248]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 18:38 35328]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-04 16:09:21]
Contr“leur d'‚tat.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-07-30 10:25:06]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe [2006-07-29 16:46:02]

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-08-03 17:50]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 04:50]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 13:58]
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 21:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f8b2322-afc1-11db-986a-001109be918c}]
\Shell\AutoRun\command - L:\setupSNK.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 22:40:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-08 22:41:36
ComboFix-quarantined-files.txt 2008-01-08 21:41:33
ComboFix2.txt 2008-01-08 18:30:29
ComboFix3.txt 2008-01-07 19:26:26
ComboFix4.txt 2008-01-07 19:08:44
.
2008-01-01 02:01:15 --- E O F ---



-----------------------------------------------------------------------------


Voici le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:11, on 08/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\WINDOWS\autoclk.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\program files\steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JP\LOCALS~1\Temp\Rar$EX00.859\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/fr/ý
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://trafic.parisrhinrhone.fr/AxisCamControl.ocx
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://photoways.com/clients/uploader_v2.2.0.6.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 8862 bytes




C'est grave docteur ?
8 Janvier 2008 22:52:22

Tu as vu ? "SafeBoot registry key needs repairs. This machine cannot enter Safe Mode"


C pas bon ça non ?!
a b 8 Sécurité
9 Janvier 2008 13:17:55

On peut corriger.

Télécharge ELIBAGLA en bas de cette page.
Clique sur le bouton Descargar Elibagla, cela va télécharger le fichier, place-le sur ton Bureau.
Double-clique dessus pour l'ouvrir.
Assure-toi que dans le menu déroulant Unidad, vous ayez bien C:\
Vérifie aussi aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente soit bien cochée.
Clique sur le bouton Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.

AIDE : Comment supprimer Bagle ?
9 Janvier 2008 13:37:18

Je vais faire ça dés mon retour du taf, ce soir,

En tout cas merci pour ton aide !
a b 8 Sécurité
9 Janvier 2008 13:40:41

Ok ;) 
9 Janvier 2008 18:59:35

Voila c fait :



Wed Jan 09 18:40:50 2008
EliBagle v10.83 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Restaurada Clave: "SafeBoot\Minimal y Network"

Wed Jan 09 18:41:22 2008
EliBagle v10.83 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 7291
Nº Total de Ficheros: 93955
Nº de Ficheros Analizados: 11500
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0



?? y'a rien non ??
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS