|
|
Auteur
|
Message
|
1
2
|
|
|
|
bonjour.
j'ai telecharge l'anti-virus avast et dés que je clique sur l'icone, une fenêtre s'ouvre avec ecrit: " C:/programe files/alwil software/avast4/ashavast.exe n'est pas une application win32 valide".
si vous^pouviez m'aider asser vite car je n'ai plus aucunne sécurité sur mon pc.
merci d'avance. ced040108
-->Message édité par ced040108 le 03/05/2008 14:58:50<--
|
|
|
|
|
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE: Comment utiliser Hijackthis v2.0.2
|
|
|
|
|
salut BLACKTIG3R
j'ai installé hijackthis sans probleme , mais quand j'ai cliqué sur la deuxième icone sur le bureau une fenetre c'est ouverte celle ci ma marquer.
" C:\programefiles\trendmicro\hijachthis\hijackthis.exe n'est pas une application win32 valide".
en attendant ta prochaine réponce. ced040108
|
|
|
|
|
Ok,
Télécharge ELIBAGLA ( En bas de cette page ) Clique sur "Descargar ELIBAGLA" pour commencer le telechargement. Enregistre le sur le Bureau.
- Double clique sur le fichier téléchargé pour l'ouvrir.
- Assure-toi que dans le menu déroulant "Unidad", tu aies bien C:\.
- Vérifie aussi que l'option en bas de la fenêtre "Eliminar Ficheros Automaticamente" soit bien cochée.
- Clique sur le bouton "Explorar" pour lancer l'analyse.
A la fin de l'analyse, Poste le rapport ELIBAGLA qui se trouve ici: C:\InfoSat.txt
|
|
|
|
|
Wed Apr 23 20:01:18 2008
EliBagle v11.29 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.
Wed Apr 23 20:01:36 2008
EliBagle v11.29 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 6685
Nº Total de Ficheros: 89577
Nº de Ficheros Analizados: 11030
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
|
|
|
|
|
Ok,
Merci de bien vouloir désactiver les protections résidentes telles que les Antivirus, les Firewalls...
Télécharge ComboFix.exe sur ton Bureau.
Double clique sur "combofix.exe".
Tape sur la touche "1" ( Yes ), pous démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine reponse.
Le rapport se trouve egalement ici: C:\ComboFix.txt
|
|
|
|
|
après avoir double cliquer sur l'icone, une fenetre apparait avec marquer excuter, après avoir cliquer sur executer une autre fenetre c'est ouverte et ma ecrit:
"C:\document and stetting\HP_PROPRIETAIRE\bureau\combofix.exe n'est pas une application win32 valide
|
|
|
|
|
Ok,
Pourrais-tu essayer de l'executer en mode sans echec ?
Si en mode sans echec ComboFix marche, apres avoir fais ComboFix, essaye de faire Hijackthis.
/ ! \ Utilise absolument la methode avec F8 / ! \
AIDE : Redémarrer en mode sans échec
PS: Si tu n'arrive pas à demarrer en mode sans échec, fais ça puis ressaye :
Télécharge SafeBootKeyRepair sur ton Bureau.
Double-clique sur le fichier "SafeBootKeyRepair.exe" puis, une fenêtre noire va s'ouvrir , laisse l'outil travailler. Une fois qu'il aura restauré ton mode sans échec, un rapport va s'afficher : Poste son contenu.
Si tu ne le vois pas, tu le trouveras ici : C:\SAFEBOOT_REPAIR.TXT
-->Message édité par BlackTig3r le 23/04/2008 21:26:05<--
|
|
|
|
|
Reg export of SafeBoot key after repair:
========================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
========================
|
|
|
|
|
Fais le reste des manips en mode sans échec 
Bonne chance.
|
|
|
|
|
bonsoir blacktig3r
je te remercie de tes conseils tous c'est bien remis.
désoler de ne pas t'avoir répondus plus vite car je n'est pas eu le temps.
encore merci. ced040108
|
|
|
|
|
Grâce à ComboFix ?
S'il te plait explique toi
|
|
|
|
|
oui grasse a gombofix,car j'ai réinstaler hijactis en mode sans echec et excuter
a la fin du scan ,l'ordi s'est remis en route et j'ai pus installer avast .je te met ce que m'a trouver ComboFix 08-04-22.5 - HP_Propriétaire 2008-04-24 17:01:18.1 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.709 [GMT 2:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\HP_Propriétaire\Bureau\webmediaplayer.lnk
C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\uninstall.exe
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages.xml
C:\Program Files\webmediaplayer\resources\webmedias.xml
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.url
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\26010234.exe
C:\WINDOWS\system32\drivers\downld\26034437.exe
C:\WINDOWS\system32\drivers\downld\26066656.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\fgkwejq_navtmp.dat
C:\WINDOWS\system32\gqtfunp.dat
C:\WINDOWS\system32\gqtfunp_nav.dat
C:\WINDOWS\system32\gqtfunp_navps.dat
C:\WINDOWS\system32\slxykig.dat
C:\WINDOWS\system32\slxykig_nav.dat
C:\WINDOWS\system32\slxykig_navps.dat
C:\WINDOWS\system32\stera.log
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_srosa
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.
2008-04-23 19:13 . 2008-04-23 19:13 <REP> d-------- C:\Program Files\Trend Micro
2008-04-23 18:12 . 2008-04-23 18:12 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools
2008-04-23 17:53 . 2008-04-23 17:53 <REP> d-------- C:\Program Files\Alwil Software
2008-04-22 17:57 . 2008-04-22 20:31 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
2008-04-22 12:04 . 2008-04-22 12:32 <REP> d-------- C:\Program Files\LimeWire
2008-04-20 17:24 . 2008-04-20 17:24 <REP> d-------- C:\Program Files\Eidos
2008-04-19 14:53 . 2008-04-19 14:53 <REP> d-------- C:\Program Files\Eidos Interactive
2008-04-17 18:31 . 2008-04-17 18:31 <REP> d-------- C:\Program Files\SoundSpectrum
2008-04-15 14:44 . 2008-04-15 14:44 268 --ah----- C:\sqmdata02.sqm
2008-04-15 14:44 . 2008-04-15 14:44 244 --ah----- C:\sqmnoopt02.sqm
2008-04-14 13:43 . 2008-04-14 13:43 <REP> d-------- C:\Program Files\Astonsoft
2008-04-13 13:28 . 2008-04-24 12:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-10 18:03 . 2008-04-22 17:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\G DATA
2008-04-10 18:03 . 2008-04-10 18:03 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-04-10 18:03 . 2008-04-10 18:03 32,072 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys
2008-04-10 08:50 . 2008-04-10 08:50 <REP> d-------- C:\WINDOWS\Profiles
2008-04-07 11:57 . 2008-04-07 11:57 <REP> d-------- C:\temp\DISK1
2008-04-07 11:47 . 2008-04-07 11:52 <REP> d-------- C:\Program Files\MixSense
2008-04-07 11:21 . 2008-04-07 11:31 <REP> d-------- C:\Program Files\eoRezo
2008-04-06 14:07 . 2008-04-06 14:07 <REP> d-------- C:\Program Files\Search Settings
2008-04-06 14:06 . 2008-04-14 18:44 <REP> d-------- C:\Program Files\Free Easy Burner
2008-04-06 14:06 . 2003-08-07 13:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-04-06 14:06 . 2006-11-18 11:38 200,704 --a------ C:\WINDOWS\system32\vbalExpBar6.ocx
2008-04-06 14:06 . 1998-07-13 17:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL
2008-04-05 17:13 . 2008-04-05 17:25 <REP> d-------- C:\Program Files\MixVibesPro6DEMO
2008-04-02 20:56 . 2008-04-02 20:56 <REP> d-------- C:\Program Files\Common Files
2008-04-02 19:36 . 2008-04-02 21:14 <REP> d-------- C:\Program Files\EA SPORTS
2008-04-02 08:55 . 2008-04-16 21:48 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-28 19:19 . 2006-07-28 10:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-03-28 19:19 . 2006-07-28 10:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 10:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-22 12:44 --------- d-----w C:\Program Files\eMule
2008-04-21 14:57 --------- d-----w C:\Program Files\BitDownload
2008-04-21 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Software rule flag owns
2008-04-19 07:41 --------- d-----w C:\Program Files\Ubisoft
2008-04-16 21:12 --------- d-----w C:\Program Files\internetx
2008-04-13 11:30 --------- d-----w C:\Program Files\Google
2008-04-11 09:08 --------- d-----w C:\Program Files\DivX
2008-04-10 16:40 --------- d-----w C:\Program Files\InternetProgram
2008-03-17 08:38 --------- d-----w C:\Program Files\Java
2008-03-16 12:40 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-16 12:40 --------- d-----w C:\Program Files\Ahead
2008-03-16 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-15 12:48 --------- d-----w C:\Program Files\VSO
2008-03-14 13:05 --------- d-----w C:\Program Files\FBrowsingAdvisor
2008-03-14 13:05 --------- d-----w C:\Program Files\FBrowserAdvisor
2008-03-14 12:58 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-03-14 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-13 09:52 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-08 12:14 --------- d-----w C:\Program Files\VirtualDJ
2008-03-03 20:04 --------- d-----w C:\Program Files\MSN Messenger
2008-03-03 20:03 --------- d-----w C:\Program Files\Windows Live
2008-03-03 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-29 19:32 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-09-06 15:34 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-03 20:01 79,752 ----a-w C:\Program Files\Preparation_Messenger.exe
2006-07-22 21:16 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
C:\Program Files\Kiwee Toolbar2\1.2.114\KiweeIEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88C9B3C7-06B6-5C05-CFEC-C09DBC10CC30}]
C:\Program Files\InternetProgram\InternetProgram-2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-02-06 17:47 1160544 --a------ C:\Program Files\Search Settings\kb126\SearchSettings.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\1.2.114\KiweeIEToolbar.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.2.114\KiweeIEToolbar.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ModeBits"="C:\DOCUME~1\HP_PRO~1\APPLIC~1\MfcdGpl\DEFAULTDUMB.exe" [2008-04-21 16:53 438272]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2007-10-09 14:42 475180]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-03-28 19:07 204843]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flag Owns Live Grim"="C:\Documents and Settings\All Users\Application Data\Software rule flag owns\View Send.exe" [2008-04-24 17:05 2288640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.VP31"= vp31vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.3IV2"= 3ivxVfWCodec.dll
"vidc.SMP4"= mcs_vfw.dll
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-05-11 11:48]
S3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2008-04-10 18:03]
S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2008-04-10 18:03]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
S4 AVKService;G DATA Scheduler;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKService.exe []
S4 AVKWCtl;Gardien d'AntiVirus;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-24 12:00:00 C:\WINDOWS\Tasks\A49411AD918F8E2D.job"
- c:\docume~1\hp_pro~1\applic~1\mfcdgpl\Defy Grey Owns.exe
"2008-03-26 19:12:15 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.417 [GMT 2:00]
rouver un trojean win32.
merci encore du coup de main
|
|
|
|
|
Tu es très infecté, tu as même LOP 
On va élaguer un peu
Désinstalle correctement Avast!.
Avast! est, deloin ce que l'on fait de mieu en matière d'antivirus gratuit, Lis ce topic pour plus dinformations.
D'ou le fait que je te recommande vivement d'installer AntiVir.
Vérifie qu’il soit bien à jour ! Ouvre Antivir; va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur), lance le scan. Poste moi le rapport généré (qui se trouve dans l'onglet reports).
Aide: Tutorial d'utilisation d'Antivir by Malekal
&
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
-->Message édité par BlackTig3r le 25/04/2008 14:55:32<--
|
|
|
|
|
voila le rapport d'antivir:
Avira AntiVir Personal
Report file date: 2008-04-26 10:40
Scanning for 1237787 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: HP_Propriétaire
Computer name: VEROIS
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 2008-04-22 08:37:53
ANTIVIR3.VDF : 7.0.3.216 137216 Bytes 2008-04-25 08:37:54
Engineversion : 8.1.0.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
AESCRIPT.DLL : 8.1.0.27 233851 Bytes 2008-04-26 08:38:10
AESCN.DLL : 8.1.0.14 119156 Bytes 2008-04-26 08:38:09
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-04-26 08:38:08
AEPACK.DLL : 8.1.1.2 364917 Bytes 2008-04-26 08:38:06
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-04-26 08:38:04
AEHEUR.DLL : 8.1.0.20 1196406 Bytes 2008-04-26 08:38:03
AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-04-26 08:37:59
AEGEN.DLL : 8.1.0.18 299381 Bytes 2008-04-26 08:37:58
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 15:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 2008-04-26 08:37:55
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, G:, H:, I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008-04-26 10:40
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'MgApp.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'VeohClient.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[INFO] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '41' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Propriétaire\Mes documents\webmediaplayer_setup.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\HP_Propriétaire\Mes documents\Nouveau dossier (2)\temp.exe
[DETECTION] Is the Trojan horse TR/Agent.DIJ
[NOTE] The file was deleted!
C:\Program Files\VirtualDJ\vdj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NQ
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\mdelk.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NQ
[NOTE] The file was moved to '4877fd10.qua'!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: 2008-04-26 12:11
Used time: 1:31:09 min
The scan has been done completely.
7351 Scanning directories
537172 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
537167 Files not concerned
14165 Archives were scanned
6 Warnings
5 Notes
|
|
|
|
|
Tu est infecté par n'importe quoi, Bagle, Lop, Navipromo ...
Va falloir faire attention à ce que tu fais sur le Internet
J'attend toujours le Malware Bytes Anti Malware en mode sans échec également.
Re-passe ELIBAGLA en mode sans échec
Ensuite, repasse ComboFix en mode normal, et si échec, en mode sans échec.
Poste moi tous les rapports.
|
|
|
|
|
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 683
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 142920
Temps écoulé: 5 hour(s), 53 minute(s), 52 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
|
|
|
|
|
Sat Apr 26 19:16:11 2008
EliBagle v11.29 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Sat Apr 26 19:16:16 2008
EliBagle v11.29 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 6841
Nº Total de Ficheros: 97833
Nº de Ficheros Analizados: 11092
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
|
|
|
|
|
ComboFix 08-04-22.5 - HP_Propriétaire 2008-04-26 19:38:37.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.564 [GMT 2:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\HP_Propriétaire\Bureau\webmediaplayer.lnk
C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\uninstall.exe
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages.xml
C:\Program Files\webmediaplayer\resources\webmedias.xml
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.url
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\26010234.exe
C:\WINDOWS\system32\drivers\downld\26034437.exe
C:\WINDOWS\system32\drivers\downld\26066656.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\fgkwejq_navtmp.dat
C:\WINDOWS\system32\gqtfunp.dat
C:\WINDOWS\system32\gqtfunp_nav.dat
C:\WINDOWS\system32\gqtfunp_navps.dat
C:\WINDOWS\system32\slxykig.dat
C:\WINDOWS\system32\slxykig_nav.dat
C:\WINDOWS\system32\slxykig_navps.dat
C:\WINDOWS\system32\stera.log
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_srosa
((((((((((((((((((((((((((((( Fichiers créés 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))))))))
.
2023-10-08 10:46 . 2023-10-08 10:46 3,120 --a------ C:\WINDOWS\.lfa
2023-09-22 21:07 . 2023-09-22 21:07 3,120 --a--c--- C:\WINDOWS\MF_C426.lfa
2023-09-22 21:07 . 2023-09-22 21:07 3,120 --a--c--- C:\WINDOWS\MF_C421.lfa
2023-09-22 21:07 . 2023-09-22 21:07 3,120 --a--c--- C:\WINDOWS\MF_C420.lfa
2008-04-26 12:22 . 2008-04-26 12:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-26 12:22 . 2008-04-26 12:22 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
2008-04-26 12:22 . 2008-04-26 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-26 10:36 . 2008-04-26 10:36 <REP> d-------- C:\Program Files\Avira
2008-04-26 10:36 . 2008-04-26 10:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-23 19:13 . 2008-04-23 19:13 <REP> d-------- C:\Program Files\Trend Micro
2008-04-23 18:12 . 2008-04-23 18:12 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools
2008-04-23 17:53 . 2008-04-23 17:53 <REP> d-------- C:\Program Files\Alwil Software
2008-04-22 17:57 . 2008-04-22 20:31 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
2008-04-22 12:45 . 2008-04-22 12:45 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\shared 5.2
2008-04-22 12:45 . 2008-04-22 12:45 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\shared 5.2
2008-04-22 12:35 . 2008-04-26 09:22 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\shared
2008-04-22 12:35 . 2008-04-26 09:22 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\shared
2008-04-22 12:04 . 2008-04-22 12:32 <REP> d-------- C:\Program Files\LimeWire
2008-04-21 16:53 . 2008-04-21 16:56 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\MfcdGpl
2008-04-20 17:24 . 2008-04-20 17:24 <REP> d-------- C:\Program Files\Eidos
2008-04-19 14:53 . 2008-04-19 14:53 <REP> d-------- C:\Program Files\Eidos Interactive
2008-04-17 18:32 . 2008-04-17 18:32 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\SoundSpectrum
2008-04-17 18:31 . 2008-04-17 18:31 <REP> d-------- C:\Program Files\SoundSpectrum
2008-04-15 14:44 . 2008-04-15 14:44 268 --ah----- C:\sqmdata02.sqm
2008-04-15 14:44 . 2008-04-15 14:44 244 --ah----- C:\sqmnoopt02.sqm
2008-04-14 13:44 . 2008-04-14 14:15 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\DeepBurner
2008-04-14 13:43 . 2008-04-14 13:43 <REP> d-------- C:\Program Files\Astonsoft
2008-04-13 13:28 . 2008-04-25 13:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-10 18:03 . 2008-04-22 17:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\G DATA
2008-04-10 18:03 . 2008-04-10 18:03 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-04-10 18:03 . 2008-04-10 18:03 32,072 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys
2008-04-10 08:50 . 2008-04-10 08:50 <REP> d-------- C:\WINDOWS\Profiles
2008-04-07 11:57 . 2008-04-07 11:57 <REP> d-------- C:\temp\DISK1
2008-04-07 11:47 . 2008-04-07 11:52 <REP> d-------- C:\Program Files\MixSense
2008-04-07 11:21 . 2008-04-07 11:31 <REP> d-------- C:\Program Files\eoRezo
2008-04-06 16:36 . 2008-04-06 16:36 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Search Settings
2008-04-06 14:07 . 2008-04-06 14:07 <REP> d-------- C:\Program Files\Search Settings
2008-04-06 14:06 . 2008-04-14 18:44 <REP> d-------- C:\Program Files\Free Easy Burner
2008-04-06 14:06 . 2003-08-07 13:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-04-06 14:06 . 2006-11-18 11:38 200,704 --a------ C:\WINDOWS\system32\vbalExpBar6.ocx
2008-04-06 14:06 . 1998-07-13 17:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL
2008-04-05 17:13 . 2008-04-05 17:25 <REP> d-------- C:\Program Files\MixVibesPro6DEMO
2008-04-02 20:56 . 2008-04-02 20:56 <REP> d-------- C:\Program Files\Common Files
2008-04-02 19:36 . 2008-04-02 21:14 <REP> d-------- C:\Program Files\EA SPORTS
2008-04-02 08:55 . 2008-04-16 21:48 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-28 19:19 . 2006-07-28 10:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-03-28 19:19 . 2006-07-28 10:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 09:41 --------- d-----w C:\Program Files\VirtualDJ
2008-04-25 06:55 --------- d-----w C:\Program Files\eMule
2008-04-23 10:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-22 12:27 15,360 ----a-w C:\WINDOWS\system32\dllcache\register.exe
2008-04-22 10:08 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\LimeWire
2008-04-21 14:57 --------- d-----w C:\Program Files\BitDownload
2008-04-21 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Software rule flag owns
2008-04-19 07:41 --------- d-----w C:\Program Files\Ubisoft
2008-04-16 21:12 --------- d-----w C:\Program Files\internetx
2008-04-13 11:30 --------- d-----w C:\Program Files\Google
2008-04-11 09:08 --------- d-----w C:\Program Files\DivX
2008-04-10 16:40 --------- d-----w C:\Program Files\InternetProgram
2008-04-07 09:31 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\EoRezo
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-17 08:38 --------- d-----w C:\Program Files\Java
2008-03-16 12:40 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-16 12:40 --------- d-----w C:\Program Files\Ahead
2008-03-16 12:30 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\NeroVision
2008-03-16 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-15 12:48 --------- d-----w C:\Program Files\VSO
2008-03-14 12:58 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-03-14 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-13 09:52 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-03 20:04 --------- d-----w C:\Program Files\MSN Messenger
2008-03-03 20:03 --------- d-----w C:\Program Files\Windows Live
2008-03-03 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 19:32 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-28 12:26 1,414,440 ----a-w C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-09-06 15:34 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-03 20:01 79,752 ----a-w C:\Program Files\Preparation_Messenger.exe
2007-05-23 06:59 94,080 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\ezplay.sys
2007-05-23 06:59 87,608 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\ezpinst.exe
2007-01-14 19:13 47,360 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\pcouffin.sys
2006-07-22 21:16 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-24_17.10.12.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-24 15:03:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-26 17:32:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
C:\Program Files\Kiwee Toolbar2\1.2.114\KiweeIEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88C9B3C7-06B6-5C05-CFEC-C09DBC10CC30}]
C:\Program Files\InternetProgram\InternetProgram-2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-02-06 17:47 1160544 --a------ C:\Program Files\Search Settings\kb126\SearchSettings.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\1.2.114\KiweeIEToolbar.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.2.114\KiweeIEToolbar.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ModeBits"="C:\DOCUME~1\HP_PRO~1\APPLIC~1\MfcdGpl\DEFAULTDUMB.exe" [2008-04-21 16:53 438272]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2007-10-09 14:42 475180]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-03-28 19:07 204843]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [ ] < | | |
