Ordi qui remémare tout seul !!!

rollergirlle 05 avril 2007 à 13h59
Bjr, depuis quelques jour mon ordi redemare tout seul. j'ai fait un scan avec avast, addware, spybot et avg antispyware mais rien d'anormal. Quelqu'un aurait une solution?
alerter éditer répondre
rollergirlle 05 avril 2007 à 17h30
Personne peut m'aider ?
alerter éditer répondre
Cpdjxwle 05 avril 2007 à 17h32
télécharge hijackthis: www.merijn.org/files/HijackThis.zip

Dézippe-le et renomme-le en scanner.exe
Exécute-le et clique sur Do a scan and save a log file.
Le rappport va s'ouvrir juste après.
Copie le rapport et poste-le dans ta réponse.
alerter éditer répondre
rollergirlle 05 avril 2007 à 17h34

Logfile of HijackThis v1.99.1
Scan saved at 15:27:33, on 09/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\FileZilla\FileZilla.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Propriétare\Mes documents\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.fr.acer.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\Office12\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

-->Message édité par rollergirl le 10/04/2007 02:10:35<--
alerter éditer répondre
rollergirlle 05 avril 2007 à 20h08
..?.. Tout le mondes est partis ?
alerter éditer répondre
Anthony10le 09 avril 2007 à 15h25
Bonjour rollergirl,

Le rapport HijackThis n'est pas entier, je te pries de le renvoyer.

Anthony.
-->Message édité par Anthony10 le 09/04/2007 15:25:35<--
-------
Mon forum (avec Bruce Lee):
http://cybersecurite.xooit.com/index.php
alerter éditer répondre
rollergirlle 10 avril 2007 à 02h11
J'ai éditer le premier rapport hijackthis envoyé et je l'ai copier coller en entier.

Tu vois des lignes qui ne vont pas Anthony10 ?
alerter éditer répondre
Anthony10le 11 avril 2007 à 01h27
Bonsoir rollergirl,

  • Télécharge ComboFix.exe (par sUBs) sur ton Bureau
  • Double clique ComboFix.exe et suis les invites.
  • Lorsque le scan sera fini, un rapport apparaîtra.
  • Copie/colle ce rapport dans ta prochaine réponse.
    -------
    Mon forum (avec Bruce Lee):
    http://cybersecurite.xooit.com/index.php
    • alerter éditer répondre
    rollergirlle 12 avril 2007 à 20h49

    "Propri‚tare" - 07-05-12 20:44:48 Service Pack 2
    ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Propri‚tare\Bureau"


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\WanPacket.dll
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\system32\drivers\npf.sys


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\Iprip
    -------\NPF
    -------\LEGACY_IPRIP
    -------\LEGACY_NPF


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-12 to 2007-05-12 ))))))))))))))))))))))))))))))))))


    2007-05-12 20:41 <REP> d-------- C:\WINDOWS\LastGood


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-05-12 19:30 12 --a------ C:\WINDOWS\bthservsdp.dat
    2007-03-31 03:42 -------- d-------- C:\Program Files\easyphp 2.0b1
    2007-03-31 03:42 -------- d-------- C:\Program Files\easyphp 2.0b1
    2007-03-28 21:41 -------- d-------- C:\Program Files\ashampoo
    2007-03-28 21:41 -------- d-------- C:\Program Files\ashampoo
    2007-03-24 04:53 -------- d-------- C:\Program Files\lavalys
    2007-03-24 04:53 -------- d-------- C:\Program Files\lavalys
    2007-03-19 22:25 -------- d-------- C:\Program Files\alwil software
    2007-03-19 22:25 -------- d-------- C:\Program Files\alwil software
    2007-03-19 21:00 -------- d-------- C:\Program Files\axbx
    2007-03-19 21:00 -------- d-------- C:\Program Files\axbx
    2007-03-13 19:44 -------- d-------- C:\Program Files\stardock
    2007-03-13 19:44 -------- d-------- C:\Program Files\stardock
    2007-03-13 17:50 -------- d-------- C:\Program Files\Fichiers communs\avsmedia
    2007-03-13 17:50 -------- d-------- C:\Program Files\avsmedia
    2007-03-13 17:50 -------- d-------- C:\Program Files\avsmedia
    2007-03-08 17:37 578560 --a------ C:\WINDOWS\system32\user32.dll
    2007-03-08 17:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
    2007-03-08 17:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-03-08 17:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys
    2007-03-05 13:34 676224 --a------ C:\WINDOWS\system32\ogacheckcontrol.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Wallpaper"="\"C:\\Program Files\\Wallpaper\\Wallpaper.exe\" Starter"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
    "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
    "AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
    "ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
    "Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "LManager"="C:\\PROGRA~1\\LAUNCH~1\\LManager.exe"
    "ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    @=""
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    @=""
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    @=""
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Reader Speed Launch.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
    "item"="Adobe Reader Speed Launch"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="caissdt"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\caissdt.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PPActiveDetection"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust PestPatrol Anti-Spyware\\PPActiveDetection.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="hkcmd"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="igfxpers"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="igfxtray"
    "hkey"="HKLM"
    alerter éditer répondre
    Anthony10le 13 avril 2007 à 01h30
    Bonsoir rollergirl,

  • Télécharge The Avenger (de Swandog46) sur ton Bureau.
  • Dézippe-le sur ton Bureau.

  • Ouvre le Bloc-Notes puis copie la citation ci-dessous.

    Drivers to unload:
    Iprip
    NPF
    LEGACY_IPRIP
    LEGACY_NPF

    Registry keys to delete:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Iprip
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPRIP
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Iprip
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPRIP
    HKEY_CLASSES_ROOT\Microsoft Internet Mail Messages
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\MSACCESS.EXE
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPRIP
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetCN
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RTKIT
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ROOTKIT1
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF
    HKEY_LOCAL_MACHINE\SOFTWARE\RtKit


  • Clique sur le menu déroulant Edition et clique sur Coller
  • Clique sur le menu déroulant Fichier et clique sur Enregister sous...
  • Enregistre-le sur ton Bureau sous le nom de remove.txt.

  • Double-clique sur avenger.exe pour lancer l'outil.
  • A la fenêtre d'avertissement, clique sur OK.
  • Coche le bouton devant Load Script from File.
  • Clique sur l'icône en forme de dossier.
  • Recherche et double-clique sur remove.txt.
  • Clique sur le feu vert pour lancer le script.
  • A la fenêtre de confirmation, clique sur Oui.
  • A la fenêtre de redémarrage, clique sur Oui (Le rapport s'affichera au redémarrage).

  • Le rapport sera généré à l'endroit suivant : C:\avenger.txt
  • Dans ta future réponse, envoie ce rapport.

    A suivre,
    -------
    Mon forum (avec Bruce Lee):
    http://cybersecurite.xooit.com/index.php
    • alerter éditer répondre
    rollergirlle 13 avril 2007 à 09h43

    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 2
    Line: HKEY_CLASSES_ROOT\Microsoft Internet Mail Messages


    //////////////////////////////////////////


    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\lxbgesln

    *******************

    Script file located at: \??\C:\WINDOWS\gombvngy.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:



    Registry key \Registry\Machine\System\CurrentControlSet\Services\Iprip not found!
    Unload of driver Iprip failed!

    Could not process line:
    Iprip
    Status: 0xc0000034



    Registry key \Registry\Machine\System\CurrentControlSet\Services\NPF not found!
    Unload of driver NPF failed!

    Could not process line:
    NPF
    Status: 0xc0000034



    Registry key \Registry\Machine\System\CurrentControlSet\Services\LEGACY_IPRIP not found!
    Unload of driver LEGACY_IPRIP failed!

    Could not process line:
    LEGACY_IPRIP
    Status: 0xc0000034



    Registry key \Registry\Machine\System\CurrentControlSet\Services\LEGACY_NPF not found!
    Unload of driver LEGACY_NPF failed!

    Could not process line:
    LEGACY_NPF
    Status: 0xc0000034



    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Iprip not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Iprip failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Iprip
    Status: 0xc0000034



    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPRIP not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPRIP failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPRIP
    Status: 0xc0000034



    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Iprip not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Iprip failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Iprip
    Status: 0xc0000034



    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPRIP not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPRIP failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPRIP
    Status: 0xc0000034



    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPRIP not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPRIP failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPRIP
    Status: 0xc0000034



    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetCN not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetCN failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetCN
    Status: 0xc0000034



    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RTKIT not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RTKIT failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RTKIT
    Status: 0xc0000034



    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF
    Status: 0xc0000034



    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ROOTKIT1 not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ROOTKIT1 failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ROOTKIT1
    Status: 0xc0000034



    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF
    Status: 0xc0000034

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\MSACCESS.EXE deleted successfully.


    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\RtKit not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\RtKit failed!
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.
    alerter éditer répondre
    Anthony10le 14 avril 2007 à 01h48
    Bonsoir rollergirl,

    Génère un nouveau rapport de ComboFix et envoie-le.

    Anthony.
    -------
    Mon forum (avec Bruce Lee):
    http://cybersecurite.xooit.com/index.php
    alerter éditer répondre
    rollergirlle 14 avril 2007 à 02h51

    "Propri‚tare" - 07-05-14 2:46:59 Service Pack 2
    ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Propri‚tare\Bureau"


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-14 to 2007-05-14 ))))))))))))))))))))))))))))))))))


    2007-05-13 12:02 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-05-13 12:02 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-05-13 12:02 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2007-05-13 12:02 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2007-05-13 12:02 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2007-05-13 09:42 <REP> d-------- C:\avenger
    2007-05-13 02:13 <REP> d-------- C:\Program Files\Subdownloader


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-05-13 09:39 12 --a------ C:\WINDOWS\bthservsdp.dat
    2007-03-31 03:42 -------- d-------- C:\Program Files\easyphp 2.0b1
    2007-03-31 03:42 -------- d-------- C:\Program Files\easyphp 2.0b1
    2007-03-28 21:41 -------- d-------- C:\Program Files\ashampoo
    2007-03-28 21:41 -------- d-------- C:\Program Files\ashampoo
    2007-03-27 09:55 524288 --a------ C:\WINDOWS\system32\divxsm.exe
    2007-03-27 09:55 36624 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-03-27 09:55 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2007-03-27 09:55 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2007-03-27 09:55 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
    2007-03-27 09:49 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2007-03-27 09:49 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2007-03-27 09:49 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2007-03-27 09:49 73728 --a------ C:\WINDOWS\system32\dpl100.dll
    2007-03-27 09:49 639066 --a------ C:\WINDOWS\system32\divx.dll
    2007-03-27 09:49 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
    2007-03-27 09:49 57344 --a------ C:\WINDOWS\system32\dpv11.dll
    2007-03-27 09:49 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
    2007-03-27 09:49 344064 --a------ C:\WINDOWS\system32\dpus11.dll
    2007-03-27 09:49 294912 --a------ C:\WINDOWS\system32\dpu11.dll
    2007-03-27 09:49 294912 --a------ C:\WINDOWS\system32\dpu10.dll
    2007-03-27 09:49 196608 --a------ C:\WINDOWS\system32\dtu100.dll
    2007-03-24 04:53 -------- d-------- C:\Program Files\lavalys
    2007-03-24 04:53 -------- d-------- C:\Program Files\lavalys
    2007-03-19 22:25 -------- d-------- C:\Program Files\alwil software
    2007-03-19 22:25 -------- d-------- C:\Program Files\alwil software
    2007-03-19 21:00 -------- d-------- C:\Program Files\axbx
    2007-03-19 21:00 -------- d-------- C:\Program Files\axbx
    2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
    2007-03-08 17:37 578560 --a------ C:\WINDOWS\system32\user32.dll
    2007-03-08 17:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
    2007-03-08 17:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-03-08 17:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys
    2007-03-05 13:34 676224 --a------ C:\WINDOWS\system32\ogacheckcontrol.dll
    2007-02-16 03:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Wallpaper"="\"C:\\Program Files\\Wallpaper\\Wallpaper.exe\" Starter"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
    "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
    "AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
    "ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
    "Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "LManager"="C:\\PROGRA~1\\LAUNCH~1\\LManager.exe"
    "ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    @=""
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    @=""
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    @=""
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Reader Speed Launch.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
    "item"="Adobe Reader Speed Launch"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="caissdt"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\caissdt.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PPActiveDetection"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust PestPatrol Anti-Spyware\\PPActiveDetection.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="hkcmd"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="igfxpers"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="igfxtray"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="IMJPMIG"
    "hkey"="HKLM"
    "command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Alaunch"
    "hkey"="HKLM"
    "command"="Alaunch"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MsnMsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ntiMUI"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="TeaTimer"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="WarReg_PopUp"
    "hkey"="HKLM"
    "command"="C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe /normal-run1"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MSASCui"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AVGEMS"=dword:00000002

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="wbsys.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="\"C:\\PROGRA~1\\FICHIE~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
    63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
    6d,73,73,74,79,6c,65,73,00
    "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
    73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0nwprovau\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    bthsvcs REG_MULTI_SZ BthServ\0\0
    p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\User_Feed_Synchronization-{356509FB-5475-4499-BE20-7467B6F2A35F}.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-05-14 2:50:27
    C:\ComboFix-quarantined-files.txt ... 07-05-14 02:50
    C:\ComboFix2.txt ... 07-05-12 20:47

    alerter éditer répondre
    rollergirlle 30 mai 2007 à 23h34
    Alors, mon sujet est tombé dans les abymes du forum ?
    alerter éditer répondre
    Astuces missions spéciales _nom du jeu_ page précédente  1  page suivante astuces cheat + _nomdujeu_

    REPONSE

    Ordi qui remémare tout seul !!!
    :D :pleure: :sol: :o :sarcastic: :/ :whistle: :love: :( :) :heink: :hurle: :fume: :sleep: ;) :hello: :fou: :p :sweat: :jap: :\'( :pfff: :ouch: :youpi: :hebe: :berk: :??: :S :lol: :grrr: :beubeub: :mdr: :paf: :pt1cable: :super:



    PRODUITS

    TÉLÉCHARGER - LOGICIELS

    JEUX VIDÉOS

    LOISIRS

    01NET PRO

    AVIS ET COMMENTAIRES

    A PROPOS DE 01NET