Version anglaiseVersion espagnoleVersion françaiseInscrivez-vous, c'est gratuit ! (mot de passe oublié)
- Vendredi 5 décembre 2008 - 02:08:38
- inscrits : 1094394
- connectés : 18670
- questions/jour : 4674
- Taux de réponse : 76.86%
Plateformes d'assistanceDiscussions & Opinions des Communautés
|
|
|
|
Statut : Non résolu
[XP] Virus imbattable "spywarealert" A L
adamtheboss, le vendredi 29 août 2008 à 20:04:50Bonjour,
AUjourd'hui je viens d'attraper un gros virus qui j'espere se desinfectera grace à votre aide.
Voici certains symptômes :
- Fond d'ecran du bureau TOUT BLANC !!!
- A côté de l'heure en bas à droite, il est ecrit : VIRUS ALERT !
- Dans le menu demarrer je n'ai plus "tous mes programmes" nbi "panneau de configuration" !!!
- Je ne peux pas acceder au gestionnaire de taches car ça me marque "le gestionnaire de taches a été desactivé par l'administrateur" !
- 4 Logiciels se sont installés tous seuls : "SPYWARE AND MALWARE PROTECTION" ; "PRIVACY PROTECTOR" ; "ERROR CLEANER" et "PLAY PORTAIL NOW" !!!
- J'ai aussi des fenetres internet qui s'ouvrent toutes seules pa exemple ; "pc privacy cleaner" ou "Virusremouver2008" et quelques fenetres windows par exemple : "Windows security alert" où il est marqué : "Windows has detected an internet attack attempt..."
Bref, je n'ai jamai eu de virus semblable à celui-ci !!!!!!!!!! J'espere que vous pourrez m'aider car j'ai fait tout ce que j'ai pu (scan avec avg free, avg anti-spyware...) sans resultat. Pour vous aider, voici un log HiJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01: VIRUS ALERT!, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\PROGRA~1\AVG\AVG8\avgtray.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\WINDOWS\RTHDCPL.EXE
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
I:\Program Files\DAP\DAP.EXE
I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\PROGRA~1\AVG\AVG8\avgrsx.exe
I:\PROGRA~1\AVG\AVG8\avgemc.exe
I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
I:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
I:\Program Files\Windows Live\installer\WLSetupSvc.exe
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\WINDOWS\system32\rundll32.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\AVG\AVG8\avgui.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I:\WINDOWS\system32\NOTEPAD.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\WINDOWS\explorer.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O3 - Toolbar: qalkfxor - {63271185-F8AC-4E37-85C8-5CCB942BC177} - I:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [AVG8_TRAY] I:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [000000af] rundll32.exe "I:\WINDOWS\system32\pfktpcmf.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "I:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DownloadAccelerator] "I:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - I:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - I:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - I:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll eyropc.dll
O21 - SSODL: pdoskegl - {8E9514C1-6603-4A96-B328-05E3CFF3B46A} - I:\WINDOWS\pdoskegl.dll
O21 - SSODL: rqbmvpso - {BBEB4773-D9FB-4A46-A3A3-ACA0598B9369} - I:\WINDOWS\rqbmvpso.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: Privacy Protection - file:///I:\WINDOWS\privacy_danger\index.htm
End of file - 7330 bytes
Merci
AUjourd'hui je viens d'attraper un gros virus qui j'espere se desinfectera grace à votre aide.
Voici certains symptômes :
- Fond d'ecran du bureau TOUT BLANC !!!
- A côté de l'heure en bas à droite, il est ecrit : VIRUS ALERT !
- Dans le menu demarrer je n'ai plus "tous mes programmes" nbi "panneau de configuration" !!!
- Je ne peux pas acceder au gestionnaire de taches car ça me marque "le gestionnaire de taches a été desactivé par l'administrateur" !
- 4 Logiciels se sont installés tous seuls : "SPYWARE AND MALWARE PROTECTION" ; "PRIVACY PROTECTOR" ; "ERROR CLEANER" et "PLAY PORTAIL NOW" !!!
- J'ai aussi des fenetres internet qui s'ouvrent toutes seules pa exemple ; "pc privacy cleaner" ou "Virusremouver2008" et quelques fenetres windows par exemple : "Windows security alert" où il est marqué : "Windows has detected an internet attack attempt..."
Bref, je n'ai jamai eu de virus semblable à celui-ci !!!!!!!!!! J'espere que vous pourrez m'aider car j'ai fait tout ce que j'ai pu (scan avec avg free, avg anti-spyware...) sans resultat. Pour vous aider, voici un log HiJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01: VIRUS ALERT!, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\PROGRA~1\AVG\AVG8\avgtray.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\WINDOWS\RTHDCPL.EXE
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
I:\Program Files\DAP\DAP.EXE
I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\PROGRA~1\AVG\AVG8\avgrsx.exe
I:\PROGRA~1\AVG\AVG8\avgemc.exe
I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
I:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
I:\Program Files\Windows Live\installer\WLSetupSvc.exe
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\WINDOWS\system32\rundll32.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\AVG\AVG8\avgui.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I:\WINDOWS\system32\NOTEPAD.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\WINDOWS\explorer.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O3 - Toolbar: qalkfxor - {63271185-F8AC-4E37-85C8-5CCB942BC177} - I:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [AVG8_TRAY] I:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [000000af] rundll32.exe "I:\WINDOWS\system32\pfktpcmf.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "I:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DownloadAccelerator] "I:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - I:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - I:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - I:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll eyropc.dll
O21 - SSODL: pdoskegl - {8E9514C1-6603-4A96-B328-05E3CFF3B46A} - I:\WINDOWS\pdoskegl.dll
O21 - SSODL: rqbmvpso - {BBEB4773-D9FB-4A46-A3A3-ACA0598B9369} - I:\WINDOWS\rqbmvpso.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: Privacy Protection - file:///I:\WINDOWS\privacy_danger\index.htm
End of file - 7330 bytes
Merci
Configuration: Windows XP Internet Explorer 7.0
Bonsoir
oui en effet plusieurs infections ne t'inquiète pas je vais te guider pour désinfecter ton PC Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau. http://download.bleepingcomputer.com/sUBs/ComboFix.exe * Déconnecte toi d'internet et ferme toutes tes applications. * Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix, * Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte. * /! Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /! * Attends que Combofix ait terminé, un rapport sera créé. * réactive ton parefeu, ton antivirus, la garde de ton antispyware * copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt * Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet. @+ C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder. |
Salut, merci pour ta prompte reponse.
Le logiciel a bien marché, il a fait redemarrer le systeme mais apres le redemmarage il reste bloqué sur "Compte rendu en cours de preparation , ne lancer aucun programme tant que combofix n'est pas fini" car en faite une fenetre est apparue disant : "la modification du registre a été desactivée par l'administrateur" Sinon j'ai recupéré "tous mes programmes" et le panneau de configuration et le "VIRUS ALERT" est parti mais j'ai encore les fenetres intempestives, les 4 logiciels et le fond d'ecran blanc. Merci pour ton aide. |
C'est bon j'ai enlevé le message "la modification du registre............." est le log est apparu par contre le "VIRUS ALERT!" est revenu. voici le log :
ComboFix 08-08-28.06 - Adam 2008-08-29 20:17:54.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1582 [GMT 2:00] Endroit: I:\Documents and Settings\Adam\Bureau\ComboFix.exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . I:\Documents and Settings\Adam\Bureau\Error Cleaner.url I:\Documents and Settings\Adam\Bureau\Privacy Protector.url I:\Documents and Settings\Adam\Bureau\Spyware&Malware Protection.url I:\Documents and Settings\Adam\Favoris\Error Cleaner.url I:\Documents and Settings\Adam\Favoris\Privacy Protector.url I:\Documents and Settings\Adam\Favoris\Spyware&Malware Protection.url I:\setup.exe I:\WINDOWS\cookies.ini I:\WINDOWS\eevk.exe I:\WINDOWS\privacy_danger I:\WINDOWS\privacy_danger\images\capt.gif I:\WINDOWS\privacy_danger\images\danger.jpg I:\WINDOWS\privacy_danger\images\down.gif I:\WINDOWS\privacy_danger\images\spacer.gif I:\WINDOWS\system32\cbXoPfFY.dll I:\WINDOWS\system32\eyropc.dll I:\WINDOWS\system32\fmcptkfp.ini I:\WINDOWS\system32\ljJASjgG.dll I:\WINDOWS\system32\pfktpcmf.dll I:\WINDOWS\system32\qWGfPqru.ini I:\WINDOWS\system32\qWGfPqru.ini2 I:\WINDOWS\system32\xnuagtkq.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))))))) . 2008-08-29 20:21: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Application Data\TmpRecentIcons 2008-08-29 20:19: . VIRUS I:\ComboFix\ALERT! <REP> temp 2008-08-29 20:19: . VIRUS I:\ComboFix\ALERT! 53,248 PSEXESVC.EXE 2008-08-29 20:16: . VIRUS I:\ComboFix\ALERT! <REP> ComboFix 2008-08-29 19:44: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Trend Micro 2008-08-29 19:26: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\Grisoft 2008-08-29 19:26: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Application Data\Grisoft 2008-08-29 19:26 . 2007-05-30 14:10: VIRUS ALERT! 10,872 --a------ I:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-08-29 19:03 . 2008-08-29 19:03: VIRUS ALERT! 323,840 --a------ I:\WINDOWS\system32\urqPfGWq.dll 2008-08-29 18:57: . VIRUS I:\ComboFix\ALERT! 380,928 rodqgpvltbp.dll 2008-08-29 18:57: . VIRUS I:\ComboFix\ALERT! 233,472 pdoskegl.dll 2008-08-29 18:57: . VIRUS I:\ComboFix\ALERT! 204,800 rqbmvpso.dll 2008-08-29 18:57: . VIRUS I:\ComboFix\ALERT! 159,744 qalkfxor.dll 2008-08-29 18:57: . VIRUS I:\ComboFix\ALERT! 86,016 rvoelbxt.exe 2008-08-29 18:33: . VIRUS I:\ComboFix\ALERT! <REP> $AVG8.VAULT$ 2008-08-29 18:10: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\K-Lite Codec Pack 2008-08-29 17:26 . 2004-08-05 14:00: VIRUS ALERT! 221,184 --a------ I:\WINDOWS\system32\wmpns.dll 2008-08-29 17:21: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\LimeWire 2008-08-29 17:21: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Application Data\LimeWire 2008-08-29 17:09: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Contacts 2008-08-29 16:28: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Windows Live 2008-08-29 16:28: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-08-29 16:27: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\WLInstaller 2008-08-29 16:26: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\TEMP 2008-08-29 16:25: . VIRUS I:\ComboFix\ALERT! <REP> $MSI31Uninstall_KB893803v2$ 2008-08-29 16:21 . 2008-08-29 16:21: VIRUS ALERT! 479,298 --a------ I:\WINDOWS\system32\wbocx.ocx 2008-08-29 16:21 . 2008-08-29 16:21: VIRUS ALERT! 172,032 --a------ I:\WINDOWS\system32\AniGIF.ocx 2008-08-29 16:21 . 2008-08-29 16:21: VIRUS ALERT! 50,688 --a------ I:\WINDOWS\system32\wbhelp2.dll 2008-08-29 16:15 . 2001-06-12 22:07: VIRUS ALERT! 200,704 --a------ I:\WINDOWS\system32\dapres.dll 2008-08-29 16:12 . 2008-08-29 16:12: VIRUS ALERT! 53,760 --a------ I:\WINDOWS\system32\zlib.dll 2008-08-29 15:12: . VIRUS I:\ComboFix\ALERT! <REP> nvidia icons 2008-08-29 15:10: . VIRUS I:\ComboFix\ALERT! <REP> nview 2008-08-29 15:06 . 2008-04-30 17:27: VIRUS ALERT! 442,368 --a------ I:\WINDOWS\system32\NVUNINST.EXE 2008-08-29 14:46: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\DAP 2008-08-29 14:46: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\SpeedBit 2008-08-29 14:14: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\AIDA32 - Personal System Information 2008-08-29 14:10: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\SystemRequirementsLab 2008-08-29 14:10 . 2008-08-29 14:10: VIRUS ALERT! 664 --a------ I:\WINDOWS\system32\d3d9caps.dat 2008-08-29 14:10 . 2008-08-29 14:10: VIRUS ALERT! 552 --a------ I:\WINDOWS\system32\d3d8caps.dat 2008-08-29 14:02 . 2008-08-29 14:02: VIRUS ALERT! <REP> d-------- I:\WINDOWS\system32\Lang 2008-08-29 14:02 . 2008-08-29 14:02: VIRUS ALERT! 940,794 --a------ I:\WINDOWS\system32\LoopyMusic.wav 2008-08-29 14:02 . 2008-08-29 14:02: VIRUS ALERT! 146,650 --a------ I:\WINDOWS\system32\BuzzingBee.wav 2008-08-29 14:00: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Fichiers communs\InstallShield 2008-08-29 14:00: . VIRUS I:\ComboFix\ALERT! <REP> $NtUninstallKB888111WXPSP2$ 2008-08-29 13:57: . VIRUS I:\ComboFix\ALERT! 319,488 HideWin.exe 2008-08-29 13:55: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Lavalys 2008-08-28 23:04: . VIRUS I:\ComboFix\ALERT! <REP> $NtUninstallKB898461$ 2008-08-28 21:21: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\Nokia 2008-08-28 21:20: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\MSXML 6.0 2008-08-28 21:20 . 2008-02-01 16:17: VIRUS ALERT! 138,112 --a------ I:\WINDOWS\system32\drivers\nmwcdnsu.sys 2008-08-28 21:20 . 2008-02-01 16:17: VIRUS ALERT! 8,320 --a------ I:\WINDOWS\system32\drivers\nmwcdnsuc.sys 2008-08-28 21:07: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\PC Suite 2008-08-28 21:07: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Application Data\PC Suite 2008-08-28 21:07: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Application Data\Nokia 2008-08-28 20:59: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\PC Connectivity Solution 2008-08-28 20:59: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Fichiers communs\PCSuite 2008-08-28 20:59: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Fichiers communs\Nokia 2008-08-28 20:59: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\DIFX 2008-08-28 20:59 . 2007-09-17 15:53: VIRUS ALERT! 21,632 --a------ I:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-08-28 20:58: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Nokia 2008-08-28 20:58 . 2008-08-29 16:34: VIRUS ALERT! <REP> d----c--- I:\WINDOWS\system32\DRVSTORE 2008-08-28 20:58 . 2008-05-07 07:39: VIRUS ALERT! 1,419,232 --a------ I:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-08-28 20:58 . 2008-05-07 07:38: VIRUS ALERT! 659,968 --a------ I:\WINDOWS\system32\nmwcdcocls.dll 2008-08-28 20:58 . 2008-05-07 07:38: VIRUS ALERT! 20,864 --a------ I:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-08-28 20:58 . 2008-05-07 07:38: VIRUS ALERT! 17,536 --a------ I:\WINDOWS\system32\drivers\ccdcmb.sys 2008-08-28 20:58 . 2008-05-07 07:38: VIRUS ALERT! 8,064 --a------ I:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-08-28 20:58 . 2008-06-06 09:24: VIRUS ALERT! 8,064 --a------ I:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-08-28 20:57: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\Installations 2008-08-28 20:44 . 2006-08-29 16:56: VIRUS ALERT! 32,377 --a------ I:\WINDOWS\system32\drivers\prodigy.sys 2008-08-28 20:43: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\NSS 2008-08-28 20:42: . VIRUS I:\ComboFix\ALERT! 25,600 usbser.sys 2008-08-28 20:42 . 2004-08-03 23:08: VIRUS ALERT! 25,600 --a------ I:\WINDOWS\system32\drivers\usbser.sys 2008-08-28 20:41: . VIRUS I:\ComboFix\ALERT! <REP> $NtUninstallWdf01005$ 2008-08-28 20:41 . 2008-08-28 20:41: VIRUS ALERT! 0 --ah----- I:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-28 20:41 . 2008-08-28 20:41: VIRUS ALERT! 0 --ah----- I:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-08-28 20:19: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Google 2008-08-28 20:19: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-28 20:11: . VIRUS I:\ComboFix\ALERT! <REP> ie7updates 2008-08-28 20:11 . 2008-08-28 20:11: VIRUS ALERT! <REP> d-------- I:\WINDOWS\system32\fr-fr 2008-08-28 20:10: . VIRUS I:\ComboFix\ALERT! <REP> WBEM 2008-08-28 20:09: . VIRUS I:\ComboFix\ALERT! <REP> ie7 2008-08-28 20:09: . VIRUS I:\ComboFix\ALERT! <REP> $NtUninstallKB915865$ 2008-08-28 20:09: . VIRUS I:\ComboFix\ALERT! <REP> $NtServicePackUninstallNLSDownlevelMapping$ 2008-08-28 20:09: . VIRUS I:\ComboFix\ALERT! <REP> $NtServicePackUninstallIDNMitigationAPIs$ 2008-08-28 20:09 . 2006-10-08 21:51: VIRUS ALERT! 23,856 --a------ I:\WINDOWS\system32\spupdsvc.exe 2008-08-28 20:04 . 2008-08-28 20:04: VIRUS ALERT! 13,752 --a------ I:\WINDOWS\system32\wpa.bak 2008-08-28 18:59: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\AVG 2008-08-28 18:59: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\avg8 2008-08-28 18:59 . 2008-08-29 13:49: VIRUS ALERT! <REP> d-------- I:\WINDOWS\system32\drivers\Avg 2008-08-28 18:59 . 2008-08-29 13:48: VIRUS ALERT! 97,928 --a------ I:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-28 18:59 . 2008-08-28 18:59: VIRUS ALERT! 76,040 --a------ I:\WINDOWS\system32\drivers\avgtdix.sys 2008-08-28 18:59 . 2008-08-28 18:59: VIRUS ALERT! 10,520 --a------ I:\WINDOWS\system32\avgrsstx.dll 2008-08-28 18:53: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\UserData 2008-08-28 18:47: . VIRUS I:\ComboFix\ALERT! <REP> OPTIONS 2008-08-28 18:47: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Realtek 2008-08-28 18:47: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\InstallShield Installation Information 2008-08-28 18:47: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Application Data\InstallShield 2008-08-28 18:47 . 2008-02-25 20:54: VIRUS ALERT! 105,088 --a------ I:\WINDOWS\system32\drivers\Rtnicxp.sys 2008-08-28 18:47 . 2008-07-22 00:14: VIRUS ALERT! 9,728 --a------ I:\WINDOWS\system32\RtNicProp32.dll 2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> SoftwareDistribution 2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> Prefetch 2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> LocalService 2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Voisinage r‚seau 2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Voisinage d'impression 2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\ModŠles 2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Mes documents 2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Menu D‚marrer 2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Favoris 2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Bureau 2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> Adam 2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! 1,572,864 NTUSER.DAT 2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! 229,376 NTUSER.DAT 2008-08-28 18:03 . 2008-08-28 18:03: VIRUS ALERT! <REP> d---s---- I:\WINDOWS\system32\Microsoft 2008-08-28 18:02: . VIRUS I:\ComboFix\ALERT! <REP> NetworkService 2008-08-28 18:02: . VIRUS I:\ComboFix\ALERT! 229,376 NTUSER.DAT 2008-08-28 18:02: . VIRUS I:\ComboFix\ALERT! 8,192 REGLOCS.OLD 2008-08-28 18:01: . VIRUS I:\ComboFix\ALERT! <REP> I:\WINDOWS\system32\config\systemprofile\Voisinage r‚seau 2008-08-28 18:01: . VIRUS I:\ComboFix\ALERT! <REP> I:\WINDOWS\system32\config\systemprofile\Voisinage d'impression 2008-08-28 18:01: . VIRUS I:\ComboFix\ALERT! <REP> I:\WINDOWS\system32\config\systemprofile\ModŠles 2008-08-28 18:01: . VIRUS I:\ComboFix\ALERT! <REP> I:\WINDOWS\system32\config\systemprofile\Mes documents 2008-08-28 18:01: . VIRUS I:\ComboFix\ALERT! <REP> I:\WINDOWS\system32\config\systemprofile\Menu D‚marrer 2008-08-28 18:01: . VIRUS I:\ComboFix\ALERT! <REP> I:\WINDOWS\system32\config\systemprofile\Favoris 2008-08-28 18:01: . VIRUS I:\ComboFix\ALERT! <REP> I:\WINDOWS\system32\config\systemprofile\Bureau 2008-08-28 18:00: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\microsoft frontpage 2008-08-28 18:00: . VIRUS I:\ComboFix\ALERT! 13,463,552 hwxjpn.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-29 12:48 --------- d-----w I:\Documents and Settings\Adam\Application Data\Azureus 2008-08-29 12:00 319,488 ----a-w I:\WINDOWS\HideWin.exe 2008-08-29 10:57 86,016 ----a-w I:\WINDOWS\rvoelbxt.exe 2008-08-29 10:57 380,928 ----a-w I:\WINDOWS\rodqgpvltbp.dll 2008-08-29 10:57 233,472 ----a-w I:\WINDOWS\pdoskegl.dll 2008-08-29 10:57 204,800 ----a-w I:\WINDOWS\rqbmvpso.dll 2008-08-29 10:57 159,744 ----a-w I:\WINDOWS\qalkfxor.dll 2008-08-28 17:47 --------- d-----w I:\Documents and Settings\All Users\Application Data\Azureus 2008-08-28 17:45 --------- d-----w I:\Program Files\Vuze 2008-08-28 17:45 --------- d-----w I:\Program Files\Java 2008-08-28 17:44 --------- d-----w I:\Program Files\Fichiers communs\Java 2008-08-28 15:58 --------- d-----w I:\Program Files\Services en ligne 2008-08-06 15:12 4,755,968 ----a-w I:\WINDOWS\system32\drivers\RtkHDAud.sys 2008-07-31 13:05 16,806,912 ----a-w I:\WINDOWS\RTHDCPL.exe 2008-07-29 13:42 528,384 ----a-w I:\WINDOWS\RtlExUpd.dll 2008-07-25 08:34 81,920 ----a-w I:\WINDOWS\system32\dpl100.dll 2008-07-25 08:34 683,520 ----a-w I:\WINDOWS\system32\divx.dll 2008-07-23 16:50 3,596,288 ----a-w I:\WINDOWS\system32\qt-dx331.dll 2008-07-16 18:51 2,041,363 ----a-w I:\WINDOWS\system32\x264vfw.dll 2008-07-15 13:20 69,632 ----a-w I:\WINDOWS\system32\ChCfg.exe 2008-07-15 11:47 1,196,032 ----a-w I:\WINDOWS\RtlUpd.exe 2008-06-23 16:28 826,368 ----a-w I:\WINDOWS\system32\wininet.dll 2008-06-19 14:42 2,808,832 ----a-w I:\WINDOWS\ALCWZRD.EXE 2008-06-19 14:27 9,715,200 ----a-w I:\WINDOWS\RTLCPL.EXE 2008-06-19 14:20 57,344 ----a-w I:\WINDOWS\ALCMTR.EXE 2008-06-18 16:01 77,824 ----a-w I:\WINDOWS\SOUNDMAN.EXE 2008-06-12 18:36 7,680 ----a-w I:\WINDOWS\system32\ff_vfw.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{750572CE-0B99-47EF-9A63-BC7BE4F2B5EE}] 2008-08-29 19:03: VIRUS ALERT! 323840 --a------ I:\WINDOWS\system32\urqPfGWq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCF16171-9753-4FDB-AF00-98D14C339A63}] 2008-08-29 12:57: VIRUS ALERT! 380928 --a------ I:\WINDOWS\rodqgpvltbp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{63271185-F8AC-4E37-85C8-5CCB942BC177}"= "I:\WINDOWS\qalkfxor.dll" [2008-08-29 12:57: VIRUS ALERT! 159744] [HKEY_CLASSES_ROOT\clsid\{63271185-f8ac-4e37-85c8-5ccb942bc177}] [HKEY_CLASSES_ROOT\qalkfxor.1] [HKEY_CLASSES_ROOT\TypeLib\{AE23524F-1EBA-4EBB-9013-9218F5BD0E2D}] [HKEY_CLASSES_ROOT\qalkfxor] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) "NoDispCPL"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoToolbarCustomize"= 1 (0x1) "StartMenuLogoff"= 1 (0x1) "NoStartMenuMorePrograms"= 1 (0x1) "NoSetFolders"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u] Source= file:///I:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "pdoskegl"= {8E9514C1-6603-4A96-B328-05E3CFF3B46A} - I:\WINDOWS\pdoskegl.dll [2008-08-29 12:57: VIRUS ALERT! 233472] "rqbmvpso"= {BBEB4773-D9FB-4A46-A3A3-ACA0598B9369} - I:\WINDOWS\rqbmvpso.dll [2008-08-29 12:57: VIRUS ALERT! 204800] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll eyropc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.YV12"= yv12vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "I:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "I:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "I:\\Program Files\\Vuze\\Azureus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "I:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "I:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "I:\\Program Files\\DAP\\DAP.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;I:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 13:48: VIRUS ALERT!] R2 avg8emc;AVG Free8 E-mail Scanner;I:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 13:48: VIRUS ALERT!] R2 avg8wd;AVG Free8 WatchDog;I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 13:48: VIRUS ALERT!] R2 AvgTdiX;AVG Free8 Network Redirector;I:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-28 18:59: VIRUS ALERT!] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;I:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 16:17: VIRUS ALERT!] S3 nmwcdnsuc;Nokia USB Flashing Generic;I:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 16:17: VIRUS ALERT!] S3 PRODIGY;PRODIGY;I:\WINDOWS\system32\Drivers\PRODIGY.SYS [2006-08-29 16:56: VIRUS ALERT!] *Newly Created Service* - AVGASCLN . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{E2B532CC-0605-40D4-9659-54B020ABCEC3} - I:\WINDOWS\system32\ljJASjgG.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 O8 -: &Clean Traces - I:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 -: &Download with &DAP - I:\Program Files\DAP\dapextie.htm O8 -: Download &all with DAP - I:\Program Files\DAP\dapextie2.htm O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab I:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab I:\WINDOWS\Downloaded Program Files\SysReqLab3.osd I:\WINDOWS\Downloaded Program Files\sysreqlab3.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-29 20:21:49 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI] "ImagePath"="system32\DRIVERS\ACPI.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec] "ImagePath"="system32\drivers\aec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\System32\drivers\afd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter] "ServiceDll"="%SystemRoot%\system32\alrsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi] "ImagePath"="system32\DRIVERS\atapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc] "ImagePath"="system32\DRIVERS\atmarpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\audiosrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub] "ImagePath"="system32\DRIVERS\audstub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVG Anti-Spyware Driver] "ImagePath"="\??\I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVG Anti-Spyware Guard] "ImagePath"="I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg8emc] "ImagePath"="I:\PROGRA~1\AVG\AVG8\avgemc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg8wd] "ImagePath"="I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgAsCln] "ImagePath"="System32\DRIVERS\AvgAsCln.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgLdx86] "ImagePath"="\SystemRoot\System32\Drivers\avgldx86.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgMfx86] "ImagePath"="\SystemRoot\System32\Drivers\avgmfx86.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgTdiX] "ImagePath"="\SystemRoot\System32\Drivers\avgtdix.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC] "MofImagePath"="System32\Drivers\battc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme] "ImagePath"="\??\I:\ComboFix\catchme.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc] "ImagePath"="%SystemRoot%\system32\cisvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv] "ImagePath"="%SystemRoot%\system32\clipsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp] "ImagePath"="I:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\System32\cryptsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk] "ImagePath"="system32\DRIVERS\disk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin] "ImagePath"="%SystemRoot%\System32\dmadmin.exe /com" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot] "ImagePath"="System32\drivers\dmboot.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio] "ImagePath"="System32\drivers\dmio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload] "ImagePath"="System32\drivers\dmload.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver] "ServiceDll"="%SystemRoot%\System32\dmserver.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic] "ImagePath"="system32\drivers\DMusic.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc] "ServiceDll"="%SystemRoot%\System32\ersvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem] "ServiceDll"="I:\WINDOWS\system32\es.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc] "ImagePath"="system32\DRIVERS\fdc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr] "ImagePath"="system32\DRIVERS\fltMgr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk] "ImagePath"="system32\DRIVERS\ftdisk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc] "ImagePath"="system32\DRIVERS\msgpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc] "ImagePath"="\"I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc] "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb] "ImagePath"="system32\DRIVERS\hidusb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP] "ImagePath"="System32\Drivers\HTTP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter] "ServiceDll"="%SystemRoot%\System32\w3ssl.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi] "ImagePath"="system32\DRIVERS\imapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService] "ImagePath"="%systemroot%\system32\imapi.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService] "ImagePath"="system32\drivers\RtkHDAud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw] "ImagePath"="system32\DRIVERS\Ip6Fw.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat] "ImagePath"="system32\DRIVERS\ipnat.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec] "ImagePath"="system32\DRIVERS\ipsec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM] "ImagePath"="system32\DRIVERS\irenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp] "ImagePath"="system32\DRIVERS\isapnp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid] "ImagePath"="system32\DRIVERS\kbdhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer] "ImagePath"="system32\drivers\kmixer.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger] "ServiceDll"="%SystemRoot%\System32\msgsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc] "ImagePath"="I:\WINDOWS\system32\mnmsrvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV] "ImagePath"="system32\DRIVERS\mrxdav.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC] "ImagePath"="I:\WINDOWS\system32\msdtc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer] "ImagePath"="%systemroot%\system32\msiexec.exe /V" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT] "ImagePath"="system32\DRIVERS\netbt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla] "ServiceDll"="%SystemRoot%\System32\mswsock.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmwcd] "ImagePath"="system32\drivers\ccdcmb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmwcdc] "ImagePath"="system32\drivers\ccdcmbo.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmwcdnsu] "ImagePath"="system32\drivers\nmwcdnsu.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmwcdnsuc] "ImagePath"="system32\drivers\nmwcdnsuc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc] "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv] "ImagePath"="system32\DRIVERS\nv4_mini.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc] "ImagePath"="%SystemRoot%\system32\nvsvc32.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport] "ImagePath"="system32\DRIVERS\parport.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pccsmcfd] "ImagePath"="system32\DRIVERS\pccsmcfd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI] "ImagePath"="system32\DRIVERS\pci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde] "ImagePath"="system32\DRIVERS\pciide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PRODIGY] "ImagePath"="System32\Drivers\PRODIGY.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched] "ImagePath"="system32\DRIVERS\psched.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink] "ImagePath"="system32\DRIVERS\ptilink.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd] "ImagePath"="system32\DRIVERS\rasacd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti] "ImagePath"="system32\DRIVERS\raspti.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr] "ImagePath"="system32\DRIVERS\rdpdr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr] "ImagePath"="I:\WINDOWS\system32\sessmgr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook] "ImagePath"="system32\DRIVERS\redbook.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess] "ServiceDll"="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\System32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP] "ImagePath"="%SystemRoot%\system32\rsvp.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTL8023xp] "ImagePath"="system32\DRIVERS\Rtnicxp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr] "ImagePath"="%SystemRoot%\System32\SCardSvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule] "ServiceDll"="%SystemRoot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv] "ImagePath"="system32\DRIVERS\secdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon] "ServiceDll"="%SystemRoot%\System32\seclogon.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum] "ImagePath"="system32\DRIVERS\serenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial] "ImagePath"="system32\DRIVERS\serial.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceLayer] "ImagePath"="\"I:\Program Files\PC Connectivity Solution\ServiceLayer.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter] "ImagePath"="system32\drivers\splitter.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\system32\spoolsv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr] "ImagePath"="system32\DRIVERS\sr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice] "ServiceDll"="I:\WINDOWS\system32\srsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv] "ImagePath"="system32\DRIVERS\srv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\system32\wiaservc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi] "ImagePath"="system32\drivers\swmidi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv] "ImagePath"="I:\WINDOWS\system32\dllhost.exe /Processid:{AB10C359-6DB6-459E-BEE7-38C0379D37C4}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio] "ImagePath"="system32\drivers\sysaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog] "ImagePath"="%SystemRoot%\system32\smlogsvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip] "ImagePath"="system32\DRIVERS\tcpip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr] "ImagePath"="I:\WINDOWS\system32\tlntsvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\system32\trkwks.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update] "ImagePath"="system32\DRIVERS\update.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upperdev] "ImagePath"="system32\DRIVERS\usbser_lowerflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS] "ImagePath"="%SystemRoot%\System32\ups.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbser] "ImagePath"="system32\drivers\usbser.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UsbserFilt] "ImagePath"="system32\DRIVERS\usbser_lowerfltj.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci] "ImagePath"="system32\DRIVERS\usbuhci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnjsvc] "ImagePath"="\"I:\Program Files\Windows Live\Messenger\usnsvc.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS] "ImagePath"="%SystemRoot%\System32\vssvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp] "ImagePath"="system32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wdf01000] "ImagePath"="system32\DRIVERS\Wdf01000.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud] "ImagePath"="system32\drivers\wdmaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WLSetupSvc] "ImagePath"="\"I:\Program Files\Windows Live\installer\WLSetupSvc.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN] "ServiceDll"="I:\WINDOWS\system32\mspmsnsv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi] "ServiceDll"="%SystemRoot%\System32\advapi32.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv] "ImagePath"="I:\WINDOWS\system32\wbem\wmiapsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv] "ServiceDll"="I:\WINDOWS\system32\wuauserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC] "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov] "ServiceDll"="%SystemRoot%\System32\xmlprov.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1EA79951-FFA2-47BF-997B-3E1C239EFEDA}] . ------------------------ Other Running Processes ------------------------ . I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe I:\WINDOWS\system32\nvsvc32.exe I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe I:\WINDOWS\system32\rundll32.exe I:\WINDOWS\RTHDCPL.exe I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe I:\Program Files\PC Connectivity Solution\ServiceLayer.exe I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe I:\Program Files\DAP\DAP.exe I:\Program Files\Internet Explorer\iexplore.exe I:\Program Files\AVG\AVG8\avgrsx.exe I:\Program Files\AVG\AVG8\avgrsx.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-29 20:34:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-29 18:34:39 Pre-Run: 741,719,912,448 octets libres Post-Run: 741,830,586,368 octets libres 773 --- E O F --- 2008-08-28 21:04:31 |
ok
normal que ça ne soit pas rentre dans l'ordre car tu es sur-infecté selectionne ceci Registry::
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{63271185-F8AC-4E37-85C8-5CCB942BC177}"=-
[-HKEY_CLASSES_ROOT\clsid\{63271185-f8ac-4e37-85c8-5ccb942bc177}]
[-HKEY_CLASSES_ROOT\qalkfxor.1]
[-HKEY_CLASSES_ROOT\TypeLib\{AE23524F-1EBA-4EBB-9013-9218F5BD0E2D}]
[-HKEY_CLASSES_ROOT\qalkfxor]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u]
"Source"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"rqbmvpso"=-
File::
I:\Documents and Settings\Adam\Application Data\TmpRecentIcons
I:\WINDOWS\system32\urqPfGWq.dll
I:\WINDOWS\rodqgpvltbp.dll
I:\WINDOWS\pdoskegl.dll
I:\WINDOWS\rvoelbxt.exe
I:\WINDOWS\qalkfxor.dll
I:\WINDOWS\rqbmvpso.dll
* Copie le texte sélectionné (CTRL+C). * Ouvre le bloc-notes (programme>Accessoires >bloc-notes). * Veille à ce que Retour à la ligne ne soit pas coché dans Format. * Colle le texte copié dans ce bloc-notes (CTRL+V). * Sauvegarde ce fichier sous le nom de CFScript.txt * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci http://img.photobucket.com/albums/v666/sUBs/CFScript.gif * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal! Ne touche à rien tant que le scan n'est pas terminé. * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu. * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur. si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système. @+ C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder. |
salut, malheureusement je n'arrive pas à accéder dans le bloc notes car le "tous mes programmes" a encore disparu dans le menu demarrer. Que dois-je faire ? |
fait démarrer > Exécuter et tape Notepad.exe > ensuite ok et ton bloc note va s'ouvrir
C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder. |
merci , voilà le log :
ComboFix 08-08-28.06 - Adam 2008-08-29 22:16:20.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1552 [GMT 2:00] Endroit: I:\Documents and Settings\Adam\Bureau\ComboFix.exe Command switches used :: I:\Documents and Settings\Adam\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color FILE :: I:\Documents and Settings\Adam\Application Data\TmpRecentIcons I:\WINDOWS\pdoskegl.dll I:\WINDOWS\qalkfxor.dll I:\WINDOWS\rodqgpvltbp.dll I:\WINDOWS\rqbmvpso.dll I:\WINDOWS\rvoelbxt.exe I:\WINDOWS\system32\urqPfGWq.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . I:\Documents and Settings\Adam\Bureau\Error Cleaner.url I:\Documents and Settings\Adam\Bureau\Privacy Protector.url I:\Documents and Settings\Adam\Bureau\Spyware&Malware Protection.url I:\Documents and Settings\Adam\Favoris\Error Cleaner.url I:\Documents and Settings\Adam\Favoris\Privacy Protector.url I:\Documents and Settings\Adam\Favoris\Spyware&Malware Protection.url I:\WINDOWS\pdoskegl.dll I:\WINDOWS\privacy_danger I:\WINDOWS\privacy_danger\images\capt.gif I:\WINDOWS\privacy_danger\images\danger.jpg I:\WINDOWS\privacy_danger\images\down.gif I:\WINDOWS\privacy_danger\images\spacer.gif I:\WINDOWS\privacy_danger\index.htm I:\WINDOWS\qalkfxor.dll I:\WINDOWS\rodqgpvltbp.dll I:\WINDOWS\rqbmvpso.dll I:\WINDOWS\rvoelbxt.exe I:\WINDOWS\system32\onbcwlto.dll I:\WINDOWS\system32\otlwcbno.ini I:\WINDOWS\system32\qWGfPqru.ini I:\WINDOWS\system32\qWGfPqru.ini2 I:\WINDOWS\system32\szbbhf.dll I:\WINDOWS\system32\urqPfGWq.dll I:\WINDOWS\system32\xaehlhhy.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))))))) . 2008-08-29 21:13 . 2008-08-29 21:42 <REP> d-------- I:\Program Files\ezt 2008-08-29 20:26 . 2008-08-29 20:26 268 --ah----- I:\sqmdata00.sqm 2008-08-29 20:26 . 2008-08-29 20:26 244 --ah----- I:\sqmnoopt00.sqm 2008-08-29 19:44 . 2008-08-29 19:44 <REP> d-------- I:\Program Files\Trend Micro 2008-08-29 19:26 . 2008-08-29 19:26 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Grisoft 2008-08-29 19:26 . 2008-08-29 19:26 <REP> d-------- I:\Documents and Settings\Adam\Application Data\Grisoft 2008-08-29 19:26 . 2007-05-30 14:10 10,872 --a------ I:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-08-29 18:33 . 2008-08-29 20:25 <REP> d--h----- I:\$AVG8.VAULT$ 2008-08-29 18:10 . 2008-08-29 18:10 <REP> d-------- I:\Program Files\K-Lite Codec Pack 2008-08-29 17:26 . 2004-08-05 14:00 221,184 --a------ I:\WINDOWS\system32\wmpns.dll 2008-08-29 17:21 . 2008-08-29 17:21 <REP> d-------- I:\Program Files\LimeWire 2008-08-29 17:21 . 2008-08-29 18:09 <REP> d-------- I:\Documents and Settings\Adam\Application Data\LimeWire 2008-08-29 17:09 . 2008-08-29 17:09 <REP> d-------- I:\Documents and Settings\Adam\Contacts 2008-08-29 16:28 . 2008-08-29 16:33 <REP> d-------- I:\Program Files\Windows Live 2008-08-29 16:28 . 2008-08-29 16:33 <REP> d--hsc--- I:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-08-29 16:27 . 2008-08-29 16:27 <REP> d-------- I:\Documents and Settings\All Users\Application Data\WLInstaller 2008-08-29 16:26 . 2008-08-29 22:14 <REP> d-a------ I:\Documents and Settings\All Users\Application Data\TEMP 2008-08-29 16:21 . 2008-08-29 16:21 479,298 --a------ I:\WINDOWS\system32\wbocx.ocx 2008-08-29 16:21 . 2008-08-29 16:21 172,032 --a------ I:\WINDOWS\system32\AniGIF.ocx 2008-08-29 16:21 . 2008-08-29 16:21 50,688 --a------ I:\WINDOWS\system32\wbhelp2.dll 2008-08-29 16:15 . 2001-06-12 22:07 200,704 --a------ I:\WINDOWS\system32\dapres.dll 2008-08-29 16:12 . 2008-08-29 16:12 53,760 --a------ I:\WINDOWS\system32\zlib.dll 2008-08-29 15:12 . 2008-08-29 15:12 <REP> d-------- I:\WINDOWS\nvidia icons 2008-08-29 15:10 . 2008-08-29 15:10 <REP> d-------- I:\WINDOWS\nview 2008-08-29 15:06 . 2008-04-30 17:27 442,368 --a------ I:\WINDOWS\system32\NVUNINST.EXE 2008-08-29 14:46 . 2008-08-29 16:21 <REP> d-------- I:\Program Files\DAP 2008-08-29 14:46 . 2008-08-29 16:21 <REP> d-------- I:\Documents and Settings\All Users\Application Data\SpeedBit 2008-08-29 14:14 . 2008-08-29 14:14 <REP> d-------- I:\Program Files\AIDA32 - Personal System Information 2008-08-29 14:10 . 2008-08-29 14:10 <REP> d-------- I:\Program Files\SystemRequirementsLab 2008-08-29 14:10 . 2008-08-29 14:10 664 --a------ I:\WINDOWS\system32\d3d9caps.dat 2008-08-29 14:10 . 2008-08-29 14:10 552 --a------ I:\WINDOWS\system32\d3d8caps.dat 2008-08-29 14:02 . 2008-08-29 14:02 <REP> d-------- I:\WINDOWS\system32\Lang 2008-08-29 14:02 . 2008-08-29 14:02 940,794 --a------ I:\WINDOWS\system32\LoopyMusic.wav 2008-08-29 14:02 . 2008-08-29 14:02 146,650 --a------ I:\WINDOWS\system32\BuzzingBee.wav 2008-08-29 14:00 . 2008-08-29 15:11 <REP> d-------- I:\WINDOWS\system32\RTCOM 2008-08-29 14:00 . 2008-08-29 14:00 <REP> d-------- I:\Program Files\Fichiers communs\InstallShield 2008-08-29 13:57 . 2008-08-29 14:00 319,488 --a------ I:\WINDOWS\HideWin.exe 2008-08-29 13:55 . 2008-08-29 13:55 <REP> d-------- I:\Program Files\Lavalys 2008-08-28 21:21 . 2008-08-28 21:21 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Nokia 2008-08-28 21:20 . 2008-08-28 21:20 <REP> d-------- I:\Program Files\MSXML 6.0 2008-08-28 21:20 . 2008-02-01 16:17 138,112 --a------ I:\WINDOWS\system32\drivers\nmwcdnsu.sys 2008-08-28 21:20 . 2008-02-01 16:17 8,320 --a------ I:\WINDOWS\system32\drivers\nmwcdnsuc.sys 2008-08-28 21:07 . 2008-08-28 21:07 <REP> d-------- I:\Documents and Settings\All Users\Application Data\PC Suite 2008-08-28 21:07 . 2008-08-28 21:08 <REP> d-------- I:\Documents and Settings\Adam\Application Data\PC Suite 2008-08-28 21:07 . 2008-08-28 21:07 <REP> d-------- I:\Documents and Settings\Adam\Application Data\Nokia 2008-08-28 20:59 . 2008-08-28 20:59 <REP> d-------- I:\Program Files\PC Connectivity Solution 2008-08-28 20:59 . 2008-08-28 20:59 <REP> d-------- I:\Program Files\Fichiers communs\PCSuite 2008-08-28 20:59 . 2008-08-28 21:19 <REP> d-------- I:\Program Files\Fichiers communs\Nokia 2008-08-28 20:59 . 2008-08-28 20:59 <REP> d-------- I:\Program Files\DIFX 2008-08-28 20:59 . 2007-09-17 15:53 21,632 --a------ I:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-08-28 20:58 . 2008-08-29 16:34 <REP> d----c--- I:\WINDOWS\system32\DRVSTORE 2008-08-28 20:58 . 2008-08-28 21:19 <REP> d-------- I:\Program Files\Nokia 2008-08-28 20:58 . 2008-05-07 07:39 1,419,232 --a------ I:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-08-28 20:58 . 2008-05-07 07:38 659,968 --a------ I:\WINDOWS\system32\nmwcdcocls.dll 2008-08-28 20:58 . 2008-05-07 07:38 20,864 --a------ I:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-08-28 20:58 . 2008-05-07 07:38 17,536 --a------ I:\WINDOWS\system32\drivers\ccdcmb.sys 2008-08-28 20:58 . 2008-05-07 07:38 8,064 --a------ I:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-08-28 20:58 . 2008-06-06 09:24 8,064 --a------ I:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-08-28 20:57 . 2008-08-28 21:19 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Installations 2008-08-28 20:44 . 2006-08-29 16:56 32,377 --a------ I:\WINDOWS\system32\drivers\prodigy.sys 2008-08-28 20:43 . 2008-08-28 21:03 <REP> d-------- I:\Program Files\NSS 2008-08-28 20:42 . 2004-08-03 23:08 25,600 --a------ I:\WINDOWS\system32\drivers\usbser.sys 2008-08-28 20:42 . 2004-08-03 23:08 25,600 --a--c--- I:\WINDOWS\system32\dllcache\usbser.sys 2008-08-28 20:41 . 2008-08-28 20:41 0 --ah----- I:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-28 20:41 . 2008-08-28 20:41 0 --ah----- I:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-08-28 20:19 . 2008-08-28 20:19 <REP> d-------- I:\Program Files\Google 2008-08-28 20:19 . 2008-08-28 21:19 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-28 20:11 . 2008-08-28 20:11 <REP> d-------- I:\WINDOWS\system32\fr-fr 2008-08-28 20:09 . 2006-10-08 21:51 23,856 --a------ I:\WINDOWS\system32\spupdsvc.exe 2008-08-28 20:04 . 2008-08-28 20:04 13,752 --a------ I:\WINDOWS\system32\wpa.bak 2008-08-28 18:59 . 2008-08-29 13:49 <REP> d-------- I:\WINDOWS\system32\drivers\Avg 2008-08-28 18:59 . 2008-08-28 18:59 <REP> d-------- I:\Program Files\AVG 2008-08-28 18:59 . 2008-08-28 18:59 <REP> d-------- I:\Documents and Settings\All Users\Application Data\avg8 2008-08-28 18:59 . 2008-08-29 13:48 97,928 --a------ I:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-28 18:59 . 2008-08-28 18:59 76,040 --a------ I:\WINDOWS\system32\drivers\avgtdix.sys 2008-08-28 18:59 . 2008-08-28 18:59 10,520 --a------ I:\WINDOWS\system32\avgrsstx.dll 2008-08-28 18:53 . 2008-08-28 18:53 <REP> d--hs---- I:\Documents and Settings\Adam\UserData 2008-08-28 18:47 . 2008-08-28 18:47 <REP> d-------- I:\WINDOWS\OPTIONS 2008-08-28 18:47 . 2008-08-29 14:00 <REP> d-------- I:\Program Files\Realtek 2008-08-28 18:47 . 2008-08-29 14:00 <REP> d--h----- I:\Program Files\InstallShield Installation Information 2008-08-28 18:47 . 2008-08-28 18:47 <REP> d-------- I:\Documents and Settings\Adam\Application Data\InstallShield 2008-08-28 18:47 . 2008-02-25 20:54 105,088 --a------ I:\WINDOWS\system32\drivers\Rtnicxp.sys 2008-08-28 18:47 . 2008-07-22 00:14 9,728 --a------ I:\WINDOWS\system32\RtNicProp32.dll 2008-08-28 18:03 . 2008-08-28 18:03 <REP> d---s---- I:\WINDOWS\system32\Microsoft 2008-08-28 18:03 . 2008-08-28 18:03 <REP> d--hs---- I:\Documents and Settings\LocalService 2008-08-28 18:03 . 2008-08-28 19:47 <REP> d--h----- I:\Documents and Settings\Adam\Voisinage r‚seau 2008-08-28 18:03 . 2008-08-28 19:47 <REP> d--h----- I:\Documents and Settings\Adam\Voisinage d'impression 2008-08-28 18:03 . 2008-08-28 17:56 <REP> d--h----- I:\Documents and Settings\Adam\ModŠles 2008-08-28 18:03 . 2008-08-29 22:15 <REP> dr------- I:\Documents and Settings\Adam\Mes documents 2008-08-28 18:03 . 2008-08-28 19:47 <REP> dr------- I:\Documents and Settings\Adam\Menu D‚marrer 2008-08-28 18:03 . 2008-08-29 22:16 <REP> dr------- I:\Documents and Settings\Adam\Favoris 2008-08-28 18:03 . 2008-08-29 22:18 <REP> d-------- I:\Documents and Settings\Adam\Bureau 2008-08-28 18:03 . 2008-08-29 17:09 <REP> d-------- I:\Documents and Settings\Adam 2008-08-28 18:02 . 2008-08-28 18:02 <REP> d--hs---- I:\Documents and Settings\NetworkService 2008-08-28 18:02 . 2008-08-28 18:02 8,192 --a------ I:\WINDOWS\REGLOCS.OLD 2008-08-28 18:01 . 2008-08-28 19:47 <REP> d--h----- I:\WINDOWS\system32\config\systemprofile\Voisinage r‚seau 2008-08-28 18:01 . 2008-08-28 19:47 <REP> d--h----- I:\WINDOWS\system32\config\systemprofile\Voisinage d'impression 2008-08-28 18:01 . 2008-08-28 17:56 <REP> d--h----- I:\WINDOWS\system32\config\systemprofile\ModŠles 2008-08-28 18:01 . 2008-08-28 19:47 <REP> d-------- I:\WINDOWS\system32\config\systemprofile\Mes documents 2008-08-28 18:01 . 2008-08-28 19:47 <REP> dr------- I:\WINDOWS\system32\config\systemprofile\Menu D‚marrer 2008-08-28 18:01 . 2008-08-28 19:47 <REP> d-------- I:\WINDOWS\system32\config\systemprofile\Favoris 2008-08-28 18:01 . 2008-08-28 19:47 <REP> d-------- I:\WINDOWS\system32\config\systemprofile\Bureau 2008-08-28 18:00 . 2008-08-28 18:00 <REP> d-------- I:\WINDOWS\system32\xircom 2008-08-28 18:00 . 2008-08-28 18:00 <REP> d-------- I:\Program Files\microsoft frontpage . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-29 12:48 --------- d-----w I:\Documents and Settings\Adam\Application Data\Azureus 2008-08-28 17:47 --------- d-----w I:\Documents and Settings\All Users\Application Data\Azureus 2008-08-28 17:45 --------- d-----w I:\Program Files\Vuze 2008-08-28 17:45 --------- d-----w I:\Program Files\Java 2008-08-28 17:44 --------- d-----w I:\Program Files\Fichiers communs\Java 2008-08-28 15:58 --------- d-----w I:\Program Files\Services en ligne 2008-08-06 15:12 4,755,968 ----a-w I:\WINDOWS\system32\drivers\RtkHDAud.sys 2008-07-31 13:05 16,806,912 ----a-w I:\WINDOWS\RTHDCPL.exe 2008-07-29 13:42 528,384 ----a-w I:\WINDOWS\RtlExUpd.dll 2008-07-25 08:34 81,920 ----a-w I:\WINDOWS\system32\dpl100.dll 2008-07-25 08:34 683,520 ----a-w I:\WINDOWS\system32\divx.dll 2008-07-23 16:50 3,596,288 ----a-w I:\WINDOWS\system32\qt-dx331.dll 2008-07-16 18:51 2,041,363 ----a-w I:\WINDOWS\system32\x264vfw.dll 2008-07-15 13:20 69,632 ----a-w I:\WINDOWS\system32\ChCfg.exe 2008-07-15 11:47 1,196,032 ----a-w I:\WINDOWS\RtlUpd.exe 2008-06-23 16:28 826,368 ----a-w I:\WINDOWS\system32\wininet.dll 2008-06-19 14:42 2,808,8 |