> Tous les forums > Forum Sécurité
 infecté par le virus new win32, help!
Ajouter un message à la discussion
Pages : [1] 2 3 4 ... Fin
Page 1 sur 4 [Fin]
mmaxx
  Posté le 17/12/2007 @ 10:50 
Aller en bas de la page 
Petit astucien

mon ordi est infecté par le virus new win32, j'ai installé le logiciel hijackthis dont voici le log! merci de m'aider à resoudre ce probleme!!

Logfile of HijackThis v1.99.1
Scan saved at 21:28:33, on 16/12/2000
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\host.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Fonts\system\ati2evxx.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kzdh.com/?g
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\host.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush0.dll
O2 - BHO: Thunder5ÏÂÔØ - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\WINDOWS\ThunderBHONew.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SSLDyn] C:\WINDOWS\SSLDyn.exE
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\853957M.exe
O4 - HKLM\..\Run: [crsss] C:\WINDOWS\system32\Systom.exe
O4 - HKLM\..\Run: [inudhya] C:\WINDOWS\Fonts\system\soundma.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\853957L.exe
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\853957W.exe
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\lxxbcr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TBMonEx] C:\WINDOWS\Fonts\system\ati2evxx.exe
O4 - HKLM\..\RunOnce: [leby1] %systemroot%\system32\Rundll32.exe %systemroot%\system32\leby1.dll,DllUnregisterServer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\qdshm.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qdshm.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = groupensia.local
O17 - HKLM\Software\..\Telephony: DomainName = groupensia.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = groupensia.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = groupensia.local
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: kvdxjma.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Performance Logs and Ale (kav7.0.0.125sch) - Unknown owner - C:\WINDOWS\system32\sch.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Connections Management (RemoteStorage) - Unknown owner - C:\WINDOWS\system32\1Svch.exe
O23 - Service: ·þÎñÃû (svcname) - Unknown owner - C:\WINDOWS\system32\1Hs0t.exe

Publicité
Anonyme
 Posté le 17/12/2007 à 10:57 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Hello Mmaxx,

Et bienvenu.

Demande le transfert de ton sujet sur le forum sécurité pour analyse de ton rapport (cliquer sur )

Anonyme
 Posté le 17/12/2007 à 11:21 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Je viens de faire la demande de transfert.
pcastuces
 Posté le 17/12/2007 à 11:25 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Equipe PC Astuces
Sujet déplacé par la modération

Vous pouvez continuer la discussion à la suite.
chrifleur
 Posté le 17/12/2007 à 13:55 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

bonjour et bienvenue

examen de ton rapport en cours

chrifleur
 Posté le 17/12/2007 à 14:02 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Télécharge SDFix d’ Andy Manchesta sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

clic double sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

Redémarre ton ordinateur en mode sans échec

Comment aller en Mode sans échec lettre C
https://forum.pcastuces.com/sujet.asp?f=25&s=3902
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisi la première option : Sans Échec, et valide avec "Entrée"
5) Choisi ton compte régulier, et non Administrateur

Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et clic double sur RunThis.cmd

Appuie sur Y pour commencer le nettoyage.

Il va supprimer les services et les entrées du Registre infectés puis te demandera d'appuyer sur une touche pour redémarrer.

Appuie sur une touche pour redémarrer le PC.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, poste le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,

Télécharge combofix.exe (par sUBs) sur ton Bureau

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

désactive ton antivirus, antispyware, et Spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite.

Double clique combofix.exe.

Tape sur la touche Y (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse

NOTE : Le rapport se trouve également ici : C:\Combofix.txt



Modifié par chrifleur le 17/12/2007 14:06
mmaxx
 Posté le 17/12/2007 à 16:51 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

je n'arrive pas à télécharger le SDFix!

J'utlise un 2è ordi dont l'antivirus mac affee signale que ce programme est également infectée par un virus! et la procédure de téléchargement s'interrompt. Quand je tente la connexion avec l'ordi infecté, c'est trop lent et de nombreuses fenetres de iexplorer s'ouvrent sur le site www.caiyi8.com/index, je n'arrive pas à avoir la main pour acceder à ma messagerie!

je suis toujours dans une impasse!!!!

chrifleur
 Posté le 17/12/2007 à 17:18 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

il n'est pas infecté!

désactive ton antivirus le temps du scan, tu le réactiveras après

mmaxx
 Posté le 17/12/2007 à 18:42 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Ca été laborieux mais c'est bon! je suis parvenu à installer le SDFIX dont voici le log


SDFix: Version 1.118

Run by mmaxx on 17/12/2000 at 16:55

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
RpcS
svchost
svcname

Path:
C:\WINDOWS\system32\Rpcs.exe
C:\WINDOWS\system32\dllcache\svchost.exe -g
C:\WINDOWS\system32\1Hs0t.exe

RpcS - Deleted
svchost - Deleted
svcname - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\30D924~1.DLL - Deleted
C:\WINDOWS\Fonts\system\ati2evxx.exe.tmp - Deleted
C:\autorun.inf - Deleted
C:\WINDOWS\17PHolmes22.exe - Deleted
C:\WINDOWS\system32\1.exe - Deleted
C:\WINDOWS\system32\Rpcs.dll - Deleted
C:\WINDOWS\system32\Rpcs.exe - Deleted
C:\WINDOWS\system32\svchost.dll - Deleted


Could Not Remove C:\WINDOWS\system32\host.exe


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.


Final Check:


Remaining Services:
------------------

Authorized Application Key Export:

Remaining Files:
---------------
C:\WINDOWS\system32\host.exe Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu 19 Aug 2004 28,000 ..SH. --- "C:\ntldr.exe"
Mon 14 Dec 1987 18,944 ...HR --- "C:\sch.exe"
Wed 14 Dec 2005 18,944 ...HR --- "C:\sky.exe"
Mon 14 Dec 1987 36,864 ..SHR --- "C:\sos.exe"
Wed 14 Dec 2005 89,905 ..SH. --- "C:\WINDOWS\853957L.exe"
Wed 14 Dec 2005 71,473 ..SH. --- "C:\WINDOWS\853957M.exe"
Sun 17 Dec 2000 54,130 A.SH. --- "C:\WINDOWS\853957MM.DLL"
Wed 14 Dec 2005 71,473 ..SH. --- "C:\WINDOWS\853957W.exe"
Sun 17 Dec 2000 53,825 A.SH. --- "C:\WINDOWS\853957WO.DLL"
Fri 11 Aug 2006 52 A..H. --- "C:\Program Files\STOPzilla!\swin32z.sys"
Sun 17 Dec 2000 7,305 ..SH. --- "C:\WINDOWS\system32\addrtlhelp.dll"
Wed 4 Aug 2004 26,966 ..SH. --- "C:\WINDOWS\system32\avwghmn.dll"
Wed 4 Aug 2004 26,448 ..SH. --- "C:\WINDOWS\system32\avwlgmn.dll"
Thu 14 Dec 2000 12,474 ..SH. --- "C:\WINDOWS\system32\gdfyi32.dll"
Wed 14 Dec 2005 13,027 ..SH. --- "C:\WINDOWS\system32\gdgji32.dll"
Fri 14 Dec 2001 14,114 ..SH. --- "C:\WINDOWS\system32\gdhnxai32.dll"
Fri 14 Dec 2001 14,548 ..SH. --- "C:\WINDOWS\system32\gdjzi32.dll"
Sun 17 Dec 2000 15,967 ..SH. --- "C:\WINDOWS\system32\gdmsi32.dll"
Wed 14 Dec 2005 13,454 ..SH. --- "C:\WINDOWS\system32\gdqji32.dll"
Wed 14 Dec 2005 12,169 ..SH. --- "C:\WINDOWS\system32\gdqqsgi32.dll"
Wed 14 Dec 2005 12,024 ..SH. --- "C:\WINDOWS\system32\gdtli32.dll"
Wed 14 Dec 2005 13,612 ..SH. --- "C:\WINDOWS\system32\gdwdi32.dll"
Wed 14 Dec 2005 13,607 ..SH. --- "C:\WINDOWS\system32\gdwli32.dll"
Wed 14 Dec 2005 12,670 ..SH. --- "C:\WINDOWS\system32\gdzhtui32.dll"
Sun 17 Dec 2000 12,506 ..SH. --- "C:\WINDOWS\system32\gdzxi32.dll"
Thu 14 Dec 2000 11,600 ..SH. --- "C:\WINDOWS\system32\gdzyzji32.dll"
Wed 4 Aug 2004 2,120,526 ..SH. --- "C:\WINDOWS\system32\kaqhlzy.dll"
Wed 4 Aug 2004 24,394 ..SH. --- "C:\WINDOWS\system32\kawdfzy.dll"
Wed 4 Aug 2004 24,402 ..SH. --- "C:\WINDOWS\system32\kvdxjma.dll"
Thu 14 Dec 2000 75,892 ..SHR --- "C:\WINDOWS\system32\mycc071213.exe"
Mon 14 Dec 1987 18,944 ..SH. --- "C:\WINDOWS\system32\sch.exe"
Wed 14 Dec 2005 18,944 ..SH. --- "C:\WINDOWS\system32\sky.exe"
Wed 14 Dec 2005 27,136 ..SHR --- "C:\WINDOWS\system32\wincheck071204.dll"
Wed 14 Dec 2005 28,172 ..SHR --- "C:\WINDOWS\system32\wincheck071204.exe"
Wed 14 Dec 2005 27,136 ..SHR --- "C:\WINDOWS\system32\wincheck071213.dll"
Wed 14 Dec 2005 26,716 ..SHR --- "C:\WINDOWS\system32\wincheck071213.exe"
Sun 17 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 14 Dec 2001 48,945 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP35\A0003275.DLL"
Mon 14 Dec 1987 49,250 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP35\A0003329.DLL"
Fri 14 Dec 2001 49,555 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP35\A0004334.DLL"
Fri 14 Dec 2001 49,860 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0004482.DLL"
Fri 14 Dec 2001 50,165 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0005486.DLL"
Mon 14 Dec 1987 42,801 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0005487.exe"
Mon 19 Nov 2007 950,272 A..H. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0005501.EXE"
Wed 14 Dec 2005 49,250 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0005907.DLL"
Wed 14 Dec 2005 48,945 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0005910.DLL"
Thu 14 Dec 2000 49,555 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0006893.DLL"
Thu 14 Dec 2000 49,250 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0006896.DLL"
Thu 14 Dec 2000 49,860 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0008887.DLL"
Thu 14 Dec 2000 49,555 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0008899.DLL"
Thu 14 Dec 2000 50,165 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0009894.DLL"
Thu 14 Dec 2000 49,860 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0009897.DLL"
Thu 14 Dec 2000 50,470 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0010913.DLL"
Thu 14 Dec 2000 50,165 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0010916.DLL"
Thu 14 Dec 2000 50,775 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0011915.DLL"
Thu 14 Dec 2000 50,470 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0011918.DLL"
Thu 14 Dec 2000 51,080 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0012912.DLL"
Thu 14 Dec 2000 50,775 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0012916.DLL"
Thu 14 Dec 2000 51,385 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0014162.DLL"
Thu 14 Dec 2000 51,080 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0014166.DLL"
Fri 15 Dec 2000 51,690 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0016194.DLL"
Fri 15 Dec 2000 51,385 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0016197.DLL"
Fri 15 Dec 2000 51,995 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP37\A0017214.DLL"
Fri 15 Dec 2000 51,690 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP37\A0017217.DLL"
Sat 16 Dec 2000 52,300 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP37\A0018240.DLL"
Sat 16 Dec 2000 51,995 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP37\A0018243.DLL"
Sat 16 Dec 2000 52,605 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP37\A0019448.DLL"
Sat 16 Dec 2000 52,300 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP37\A0019451.DLL"
Sat 16 Dec 2000 52,910 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0020475.DLL"
Sat 16 Dec 2000 52,605 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0020478.DLL"
Sun 17 Dec 2000 53,215 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0021500.DLL"
Sun 17 Dec 2000 52,910 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0021509.DLL"
Sun 17 Dec 2000 53,520 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0022500.DLL"
Sat 17 Dec 2005 53,215 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0022503.DLL"
Sun 17 Dec 2000 53,825 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0024515.DLL"
Sun 17 Dec 2000 53,520 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0024521.DLL"
Thu 19 Aug 2004 28,000 ..SH. --- "C:\WINDOWS\Fonts\system\ati2evxx.exe"
Mon 19 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 11 Dec 2007 284 ..SH. --- "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\318.D4A3642601C83C0B.history\00000002.bak"

Finished!

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.


Final Check:


Remaining Services:
------------------

Authorized Application Key Export:

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu 19 Aug 2004 28,000 ..SH. --- "C:\ntldr.exe"
Mon 14 Dec 1987 18,944 ...HR --- "C:\sch.exe"
Wed 14 Dec 2005 18,944 ...HR --- "C:\sky.exe"
Mon 14 Dec 1987 36,864 ..SHR --- "C:\sos.exe"
Wed 14 Dec 2005 89,905 ..SH. --- "C:\WINDOWS\853957L.exe"
Wed 14 Dec 2005 71,473 ..SH. --- "C:\WINDOWS\853957M.exe"
Mon 17 Dec 2007 54,435 A.SH. --- "C:\WINDOWS\853957MM.DLL"
Wed 14 Dec 2005 71,473 ..SH. --- "C:\WINDOWS\853957W.exe"
Mon 17 Dec 2007 54,130 A.SH. --- "C:\WINDOWS\853957WO.DLL"
Fri 11 Aug 2006 52 A..H. --- "C:\Program Files\STOPzilla!\swin32z.sys"
Sun 17 Dec 2000 7,305 ..SH. --- "C:\WINDOWS\system32\addrtlhelp.dll"
Wed 4 Aug 2004 26,966 ..SH. --- "C:\WINDOWS\system32\avwghmn.dll"
Wed 4 Aug 2004 26,448 ..SH. --- "C:\WINDOWS\system32\avwlgmn.dll"
Thu 14 Dec 2000 12,474 ..SH. --- "C:\WINDOWS\system32\gdfyi32.dll"
Wed 14 Dec 2005 13,027 ..SH. --- "C:\WINDOWS\system32\gdgji32.dll"
Fri 14 Dec 2001 14,114 ..SH. --- "C:\WINDOWS\system32\gdhnxai32.dll"
Fri 14 Dec 2001 14,548 ..SH. --- "C:\WINDOWS\system32\gdjzi32.dll"
Sun 17 Dec 2000 15,967 ..SH. --- "C:\WINDOWS\system32\gdmsi32.dll"
Wed 14 Dec 2005 13,454 ..SH. --- "C:\WINDOWS\system32\gdqji32.dll"
Wed 14 Dec 2005 12,169 ..SH. --- "C:\WINDOWS\system32\gdqqsgi32.dll"
Wed 14 Dec 2005 12,024 ..SH. --- "C:\WINDOWS\system32\gdtli32.dll"
Wed 14 Dec 2005 13,612 ..SH. --- "C:\WINDOWS\system32\gdwdi32.dll"
Wed 14 Dec 2005 13,607 ..SH. --- "C:\WINDOWS\system32\gdwli32.dll"
Wed 14 Dec 2005 12,670 ..SH. --- "C:\WINDOWS\system32\gdzhtui32.dll"
Sun 17 Dec 2000 12,506 ..SH. --- "C:\WINDOWS\system32\gdzxi32.dll"
Thu 14 Dec 2000 11,600 ..SH. --- "C:\WINDOWS\system32\gdzyzji32.dll"
Wed 4 Aug 2004 2,120,526 ..SH. --- "C:\WINDOWS\system32\kaqhlzy.dll"
Wed 4 Aug 2004 24,394 ..SH. --- "C:\WINDOWS\system32\kawdfzy.dll"
Wed 4 Aug 2004 24,402 ..SH. --- "C:\WINDOWS\system32\kvdxjma.dll"
Thu 14 Dec 2000 75,892 ..SHR --- "C:\WINDOWS\system32\mycc071213.exe"
Mon 14 Dec 1987 18,944 ..SH. --- "C:\WINDOWS\system32\sch.exe"
Wed 14 Dec 2005 18,944 ..SH. --- "C:\WINDOWS\system32\sky.exe"
Wed 14 Dec 2005 27,136 ..SHR --- "C:\WINDOWS\system32\wincheck071204.dll"
Wed 14 Dec 2005 28,172 ..SHR --- "C:\WINDOWS\system32\wincheck071204.exe"
Wed 14 Dec 2005 27,136 ..SHR --- "C:\WINDOWS\system32\wincheck071213.dll"
Wed 14 Dec 2005 26,716 ..SHR --- "C:\WINDOWS\system32\wincheck071213.exe"
Sun 17 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 14 Dec 2001 48,945 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP35\A0003275.DLL"
Mon 14 Dec 1987 49,250 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP35\A0003329.DLL"
Fri 14 Dec 2001 49,555 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP35\A0004334.DLL"
Fri 14 Dec 2001 49,860 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0004482.DLL"
Fri 14 Dec 2001 50,165 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0005486.DLL"
Mon 14 Dec 1987 42,801 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0005487.exe"
Mon 19 Nov 2007 950,272 A..H. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0005501.EXE"
Wed 14 Dec 2005 49,250 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0005907.DLL"
Wed 14 Dec 2005 48,945 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0005910.DLL"
Thu 14 Dec 2000 49,555 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0006893.DLL"
Thu 14 Dec 2000 49,250 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0006896.DLL"
Thu 14 Dec 2000 49,860 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0008887.DLL"
Thu 14 Dec 2000 49,555 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0008899.DLL"
Thu 14 Dec 2000 50,165 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0009894.DLL"
Thu 14 Dec 2000 49,860 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0009897.DLL"
Thu 14 Dec 2000 50,470 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0010913.DLL"
Thu 14 Dec 2000 50,165 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0010916.DLL"
Thu 14 Dec 2000 50,775 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0011915.DLL"
Thu 14 Dec 2000 50,470 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0011918.DLL"
Thu 14 Dec 2000 51,080 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0012912.DLL"
Thu 14 Dec 2000 50,775 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0012916.DLL"
Thu 14 Dec 2000 51,385 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0014162.DLL"
Thu 14 Dec 2000 51,080 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0014166.DLL"
Fri 15 Dec 2000 51,690 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0016194.DLL"
Fri 15 Dec 2000 51,385 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP36\A0016197.DLL"
Fri 15 Dec 2000 51,995 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP37\A0017214.DLL"
Fri 15 Dec 2000 51,690 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP37\A0017217.DLL"
Sat 16 Dec 2000 52,300 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP37\A0018240.DLL"
Sat 16 Dec 2000 51,995 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP37\A0018243.DLL"
Sat 16 Dec 2000 52,605 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP37\A0019448.DLL"
Sat 16 Dec 2000 52,300 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP37\A0019451.DLL"
Sat 16 Dec 2000 52,910 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0020475.DLL"
Sat 16 Dec 2000 52,605 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0020478.DLL"
Sun 17 Dec 2000 53,215 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0021500.DLL"
Sun 17 Dec 2000 52,910 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0021509.DLL"
Sun 17 Dec 2000 53,520 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0022500.DLL"
Sat 17 Dec 2005 53,215 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0022503.DLL"
Sun 17 Dec 2000 53,825 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0024515.DLL"
Sun 17 Dec 2000 53,520 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0024521.DLL"
Sun 17 Dec 2000 54,130 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0025586.DLL"
Sun 17 Dec 2000 53,825 A.SH. --- "C:\System Volume Information\\_restore{8E6083DB-4F28-4258-9BD3-1F4407811379}\RP38\A0025589.DLL"
Thu 19 Aug 2004 28,000 ..SH. --- "C:\WINDOWS\Fonts\system\ati2evxx.exe"
Mon 19 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 11 Dec 2007 284 ..SH. --- "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\318.D4A3642601C83C0B.history\00000002.bak"

Finished!

Publicité
chrifleur
 Posté le 17/12/2007 à 19:42 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

ok il a plutôt pas mal travaillé

passa Combofix comme demandé maintenant...

mmaxx
 Posté le 17/12/2007 à 22:39 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Merci chrifleur, mon ordi infecté a à nouveau commencé à tourné normalement, mais mon antivirus mac afee signale qu'il est toujours infecté par le virus new win32! (après avoir utilisé combofix)

voici le log apres avoir fait passer combofix!

ComboFix 07-12-17.1 - Kone.se 2000-12-17 18:47:47.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.396 [GMT 0:00]Running from: C:\Documents and Settings\mmaxx.NSIA-PC-mmaxx\Bureau\ComboFix.exe
* Created a new restore point
.
[color=purple]The following files were disabled during the run:[/color]
C:\WINDOWS\system32\GDFYI32.dll
C:\WINDOWS\system32\GDMSI32.dll
C:\WINDOWS\system32\GDWLI32.dll
C:\WINDOWS\system32\GDHnXaI32.dll
C:\WINDOWS\system32\GDQQSGI32.dll
C:\WINDOWS\system32\GDZYZJI32.dll
C:\WINDOWS\system32\addrTLhelp.dll
C:\WINDOWS\system32\GDTLI32.dll
C:\WINDOWS\system32\GDQJI32.dll
C:\WINDOWS\system32\GDJZI32.dll
C:\WINDOWS\system32\GDZHTUI32.dll
C:\WINDOWS\system32\GDZXI32.dll
C:\WINDOWS\system32\GDWDI32.dll
C:\WINDOWS\system32\GDGJI32.dll
C:\WINDOWS\system32\avwghmn.dll
C:\WINDOWS\system32\GDFYI32.dll
C:\WINDOWS\system32\GDMSI32.dll
C:\WINDOWS\system32\GDWLI32.dll
C:\WINDOWS\system32\GDHnXaI32.dll
C:\WINDOWS\system32\GDQQSGI32.dll
C:\WINDOWS\system32\GDZYZJI32.dll
C:\WINDOWS\system32\addrTLhelp.dll
C:\WINDOWS\system32\GDTLI32.dll
C:\WINDOWS\system32\GDQJI32.dll
C:\WINDOWS\system32\GDJZI32.dll
C:\WINDOWS\system32\GDZHTUI32.dll
C:\WINDOWS\system32\GDZXI32.dll
C:\WINDOWS\system32\GDWDI32.dll
C:\WINDOWS\system32\GDGJI32.dll
C:\WINDOWS\system32\avwghmn.dll
C:\WINDOWS\system32\GDFYI32.dll
C:\WINDOWS\system32\GDMSI32.dll
C:\WINDOWS\system32\GDWLI32.dll
C:\WINDOWS\system32\GDHnXaI32.dll
C:\WINDOWS\system32\GDQQSGI32.dll
C:\WINDOWS\system32\GDZYZJI32.dll
C:\WINDOWS\system32\addrTLhelp.dll
C:\WINDOWS\system32\GDTLI32.dll
C:\WINDOWS\system32\GDQJI32.dll
C:\WINDOWS\system32\GDJZI32.dll
C:\WINDOWS\system32\GDZHTUI32.dll
C:\WINDOWS\system32\GDZXI32.dll
C:\WINDOWS\system32\GDWDI32.dll
C:\WINDOWS\system32\GDGJI32.dll
C:\WINDOWS\system32\avwghmn.dll
C:\WINDOWS\system32\GDFYI32.dll
C:\WINDOWS\system32\GDMSI32.dll
C:\WINDOWS\system32\GDWLI32.dll
C:\WINDOWS\system32\GDHnXaI32.dll
C:\WINDOWS\system32\GDQQSGI32.dll
C:\WINDOWS\system32\GDZYZJI32.dll
C:\WINDOWS\system32\addrTLhelp.dll
C:\WINDOWS\system32\GDTLI32.dll
C:\WINDOWS\system32\GDQJI32.dll
C:\WINDOWS\system32\GDJZI32.dll
C:\WINDOWS\system32\GDZHTUI32.dll
C:\WINDOWS\system32\GDZXI32.dll
C:\WINDOWS\system32\GDWDI32.dll
C:\WINDOWS\system32\GDGJI32.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\DFD1636859.bat
C:\DFD1645218.bat
C:\DFD1654171.bat
C:\DFD1665546.bat
C:\DFD1674000.bat
C:\DFD1683531.bat
C:\DFD1692109.bat
C:\DFD1693812.bat
C:\DFD1697609.bat
C:\DFD1710421.bat
C:\DFD1710656.bat
C:\DFD1712234.bat
C:\DFD1717046.bat
C:\DFD1727734.bat
C:\DFD1739734.bat
C:\DFD1745343.bat
C:\DFD1825000.bat
C:\DFD1836250.bat
C:\DFD1845140.bat
C:\DFD1855078.bat
C:\DFD1864265.bat
C:\DFD1879218.bat
C:\DFD36250.bat
C:\Documents and Settings\All Users.WINDOWS\Application Data.\microsoft\pctools
C:\Documents and Settings\All Users.WINDOWS\Application Data.\microsoft\pctools\pctools.dll
C:\Documents and Settings\All Users.WINDOWS\Application Data.\t
C:\Documents and Settings\All Users.WINDOWS\Application Data.\t\a1631.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data.\t\b1631.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data.\t\k1631.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data.\t\p1631.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data.\t\r1631.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\microsoft\pctools\pctools.dll
C:\Documents and Settings\KONE.SE.GROUPENSIA\Favoris\7BFA~1.URL
C:\Documents and Settings\Kone.se.NSIA-PC-KONE\Bureau\4bb6~1.lnk
C:\Documents and Settings\KONE.SE\Application Data\inst.exe
C:\Documents and Settings\LocalService.AUTORITE NT\Favoris\7BFA~1.URL
C:\Program Files\fctn\lizt.dll
C:\Program Files\fctn\pmdx.dll
C:\Program Files\fctn\spga.dll
C:\Program Files\fctn\uric.dll
C:\Program Files\fctn\xulf.dll
C:\Program Files\Fichiers communs\cpush
C:\Program Files\Fichiers communs\cpush\cpush0.dll
C:\Program Files\Fichiers communs\cpush\Uninst.exe
C:\WINDOWS\111.bmp
C:\WINDOWS\avpsrv.exe
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\DbgHlp32.exe
C:\WINDOWS\Fonts\ardaase.fon
C:\WINDOWS\Fonts\enhuafx.fon
C:\WINDOWS\Fonts\enweafx.fon
C:\WINDOWS\Fonts\msguasd.fon
C:\WINDOWS\Fonts\mswuasd.fon
C:\WINDOWS\GenProtect.exe
C:\WINDOWS\kvsc3.exe
C:\WINDOWS\NVDispDrv.exe
C:\WINDOWS\system\mydf071214.dll
C:\WINDOWS\system\nm071214.exe
C:\WINDOWS\system\nm32.dll
C:\WINDOWS\system32\1.exe
C:\WINDOWS\system32\106.exe
C:\WINDOWS\system32\9f1.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\avpsrv.dll
C:\WINDOWS\system32\C0FC3010.EXE
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\dllcache\svchost.exe
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\drivers\comint32.sys
C:\WINDOWS\system32\drivers\mxdispdr.sys
C:\WINDOWS\system32\drivers\p4g6p.sys
C:\WINDOWS\system32\GenProtect.dll
C:\WINDOWS\system32\inf\scrsys071212.scr
C:\WINDOWS\system32\inf\scrsys16_071212.dll
C:\WINDOWS\system32\inf\scrsyszy071212.scr
C:\WINDOWS\system32\inf\scrsyszy071217.scr
C:\WINDOWS\system32\inf\svch0st.exe
C:\WINDOWS\system32\inf\svchost.exe
C:\WINDOWS\system32\kvdxjma.dll
C:\WINDOWS\system32\kvsc3.dll
C:\WINDOWS\system32\lwisys16_071212.dll
C:\WINDOWS\system32\lyloader.exe
C:\WINDOWS\system32\lymangr.dll
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\msdeg32.dll
C:\WINDOWS\system32\nvdispdrv.dll
C:\WINDOWS\system32\rpcs.dll
C:\WINDOWS\system32\rpcs.exe
C:\WINDOWS\system32\svchost.dat
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\TEMP.\~my1.tmp
C:\WINDOWS\tempaq
C:\WINDOWS\upxdnd.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ACPIDISK
-------\LEGACY_COMINT32
-------\LEGACY_KHYS
-------\LEGACY_MS_2FAX
-------\LEGACY_RPCS
-------\acpidisk
-------\comint32
-------\khys
-------\ms_2fax
-------\RpcS


((((((((((((((((((((((((((((( Fichiers cr‚‚s 1987-11-17 to 1987-12-17 ))))))))))))))))))))))))))))))))))))
.

1987-12-17 19:17 . 1987-12-17 19:17 199,680 --a------ C:\WINDOWS\system32\mwiszyys32_071212.dll
1987-12-17 19:17 . 1987-12-17 19:17 25,088 --a------ C:\WINDOWS\system32\lwizysys16_071212.dll
1987-12-17 19:17 . 1987-12-17 19:17 24,576 --a------ C:\WINDOWS\system32\1.exe
1987-12-17 17:13 . 2007-12-17 08:16 114,688 -r------- C:\WINDOWS\system32\4d201.exe
1987-12-14 09:50 . 2000-12-17 19:18 <REP> dr------- C:\Documents and Settings\LocalService.AUTORITE NT\Favoris
1987-12-14 09:49 . 2007-12-17 19:18 36,864 --------- C:\WINDOWS\system32\Systom.exe
1987-12-14 09:41 . 2001-12-14 11:19 244 --ah----- C:\sqmnoopt18.sqm
1987-12-14 09:41 . 2001-12-14 11:19 232 --ah----- C:\sqmdata18.sqm
1987-12-14 06:39 . 1987-12-14 06:39 77,824 --a------ C:\WINDOWS\system32\wxptdi.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 19:18 105 ----a-w C:\WINDOWS\Fonts\kaqhlcsa.dll
2007-12-17 19:15 74,756 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-17 19:15 19,940 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-17 19:12 --------- d-----w C:\Program Files\fctn
2007-12-17 19:10 55 ----a-w C:\WINDOWS\Fonts\kvdxjcfa.dll
2007-12-17 19:10 108 ----a-w C:\WINDOWS\Fonts\avwghina.dll
2007-12-14 00:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2007-12-13 18:34 90,980 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-13 18:34 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-13 15:31 --------- d-----w C:\Program Files\McAfee
2007-12-13 15:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2007-12-13 15:16 --------- d-----w C:\Documents and Settings\KONE.SE.GROUPENSIA\Application Data\AdobeUM
2007-12-13 12:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 12:48 --------- d-----w C:\Program Files\Atheros
2007-12-13 11:47 --------- d-----w C:\Program Files\Realtek AC97
2007-12-13 11:45 --------- d-----w C:\Program Files\Java
2007-12-13 11:37 --------- d-----w C:\Program Files\ltmoh
2007-12-13 11:22 --------- d-----w C:\Program Files\DVD-RAM
2007-12-13 11:19 --------- d-----w C:\Program Files\ATI Technologies
2007-12-13 11:08 --------- d-----w C:\Program Files\Microsoft Works
2007-12-13 11:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2007-12-13 11:07 --------- d-----w C:\Program Files\MSBuild
2007-12-13 09:22 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-12-13 09:22 --------- d-----w C:\Program Files\Toshiba
2007-12-11 15:38 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\Skype
2007-12-11 15:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\U3
2007-12-11 15:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Network Associates
2007-12-11 08:57 --------- d-----w C:\Documents and Settings\administrateur.NSIA\Application Data\Network Associates
2007-12-10 17:24 --------- d-----w C:\Documents and Settings\kone.se.NSIA\Application Data\Skype
2007-12-10 09:58 --------- d-----w C:\Documents and Settings\kone.se.NSIA\Application Data\AdobeUM
2007-12-08 20:02 --------- d-----w C:\Documents and Settings\kone.se.NSIA\Application Data\Network Associates
2007-12-07 14:20 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\U3
2007-12-06 14:52 --------- d-----w C:\Program Files\DivX
2007-12-06 14:29 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\Vso
2007-12-06 14:21 47,360 ----a-w C:\Documents and Settings\KONE.SE\Application Data\pcouffin.sys
2007-11-19 23:37 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\Yahoo!
2007-11-19 22:43 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 09:59 --------- d-----w C:\Program Files\Kaspersky Lab
2007-11-03 12:08 --------- d-----w C:\Program Files\SuperCopier2
2007-10-11 10:17 --------- d-----w C:\Program Files\HP
2007-09-04 08:19 --------- d-----w C:\Program Files\DAP
2007-09-03 09:24 --------- d-----w C:\Program Files\Copernic Agent
2007-08-22 10:39 --------- d-----w C:\Program Files\Skype
2007-08-22 10:39 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-08-12 09:24 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\Copernic
2007-08-12 09:20 --------- d-----w C:\Program Files\Fichiers communs\Copernic
2007-08-11 10:17 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\CopyToDvd
2007-08-11 09:48 --------- d-----w C:\Program Files\vso
2007-08-11 09:48 --------- d-----w C:\Program Files\LG Sofware Innovations
2007-08-01 06:38 --------- d-----w C:\Program Files\Xilisoft
2007-08-01 06:11 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\VSO_HWE
2007-07-08 08:56 --------- d-----w C:\Program Files\WinAVIVideoConverter
2007-07-08 08:44 --------- d-----w C:\Program Files\AVSMedia
2007-07-06 10:05 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2007-06-30 15:28 --------- d-----w C:\Program Files\dvdSanta
2007-06-30 15:26 --------- d-----w C:\Program Files\3wPlayer
2007-06-30 10:39 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\DivX
2007-06-24 10:17 --------- d-----w C:\Program Files\MathType
2007-06-24 09:51 --------- d-----w C:\Program Files\WinAVI Video Converter
2007-06-03 17:01 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-06-01 16:43 --------- d-----w C:\Program Files\SlySoft
2007-05-09 12:49 --------- d-----w C:\Program Files\Elaborate Bytes
2007-05-02 09:49 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\Design Science
2007-04-23 10:32 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
2007-02-20 10:20 --------- d-----w C:\Program Files\Hewlett-Packard
2007-02-20 10:19 --------- d-----w C:\Program Files\Fichiers communs\SWF Studio
2007-02-17 09:23 --------- d-----w C:\Program Files\MSN Messenger
2007-02-13 15:24 --------- d-----w C:\Program Files\Fichiers communs\Data Dynamics
2007-02-11 11:21 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\AdobeUM
2007-02-09 11:10 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2007-01-29 23:09 23,196 ----a-w C:\WINDOWS\system32\drivers\klop.dat
2007-01-25 19:27 109,848 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2007-01-24 16:33 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-01-21 10:22 --------- d-----w C:\Program Files\Webteh
2007-01-21 10:16 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\BSplayer
2007-01-21 07:41 --------- d-----w C:\Program Files\Avanquest update
2007-01-21 07:40 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-01-21 07:37 24,192 ----a-w C:\Documents and Settings\KONE.SE\usbsermptxp.sys
2007-01-21 07:37 22,768 ----a-w C:\Documents and Settings\KONE.SE\usbsermpt.sys
2007-01-07 19:23 --------- d-----w C:\Program Files\CCleaner
2006-12-23 17:35 --------- d-----w C:\Program Files\SAGEM
2006-11-28 08:37 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\Network Associates
2006-11-27 10:40 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Network Associates
2006-11-16 17:59 --------- d-----w C:\Program Files\MSXML 4.0
2006-10-20 13:53 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2006-10-17 19:55 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\Ahead
2006-10-13 10:23 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-07 11:16 --------- d-----w C:\Program Files\Nero
2006-10-07 11:11 --------- d-----w C:\Program Files\Ahead
2006-10-06 14:36 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\Sonic
2006-09-24 11:19 --------- d-----w C:\Program Files\Publication Web
2006-09-18 14:16 --------- d--h--w C:\Program Files\Zero G Registry
2006-08-21 09:14 128,896 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 09:37 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-16 09:15 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2006-08-16 09:15 --------- d-----w C:\Program Files\Fichiers communs\Real
2006-08-16 07:48 --------- d-----w C:\Program Files\Real
2006-08-14 10:34 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2006-08-11 07:12 --------- d-----w C:\Program Files\STOPzilla!
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2000-12-14 14:23]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2000-12-14 14:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" []
"TFncKy"="TFncKy.exe" []
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 16:49 C:\WINDOWS\system32\TCtrlIOHook.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2000-12-14 14:20]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 11:45]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2000-12-14 14:23]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2000-12-14 14:20]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 08:10 C:\WINDOWS\agrsmmsg.exe]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2000-12-14 14:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2000-12-14 14:23]
"Zooming"="ZoomingHook.exe" [2005-06-06 09:58 C:\WINDOWS\system32\ZoomingHook.exe]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 03:06]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02]
"crsss"="C:\WINDOWS\system32\Systom.exe" [2007-12-17 19:18]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2000-12-14 14:21]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2004-02-19 13:07]
"WinSysW"="C:\WINDOWS\853957L.exe" [2005-12-14 12:07]
"TBMonEx"="C:\WINDOWS\Fonts\system\ati2evxx.exe" [2004-08-19 16:10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"leby1"="C:\WINDOWS\system32\Rundll32.exe" [2004-08-19 16:10]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9C0ADB68-353A-61DD-ED09-1D8003A61111}"= C:\WINDOWS\system32\kb1111p.dll [1999-01-01 00:01 19456]
"{68907901-1416-3389-9981-372178569986}"= C:\WINDOWS\system32\kawdfzy.dll [2004-08-04 06:40 24394]
"{7960356A-458E-DE24-BD50-268F589A56A7}"= C:\WINDOWS\system32\avwlgmn.dll [2004-08-04 06:41 26448]
"{8A1247C1-53DA-FF43-ABD3-345F323A48D8}"= C:\WINDOWS\system32\avwghmn.dll [ ]
"{C7D81718-1314-5200-2597-58790101807C}"= C:\WINDOWS\system32\kaqhlzy.dll [2004-08-04 06:41 2120526]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kaqhlzy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ACKWIN32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTI-TROJAN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\APVXDWIN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AUTODOWN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVE32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGCTRL.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVKSERV.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVNT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPCC.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPDOS32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPM.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPTC32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPUPD.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSCHED32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWIN95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWUPD32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BLACKD.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BLACKICE.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFIADMIN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFIAUDIT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFINET.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFINET32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLAW95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLAW95CF.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLEANER.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLEANER3.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DVP95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DVP95_0.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ECENGINE.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ESAFE.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EXPWATCH.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-AGNT95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-PROT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-PROT95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-STOPW.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FESCUE.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FINDVIRU.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FP-WIN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPROT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FRW.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMAPP.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMSERV.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IBMASN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IBMAVSP.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICLOAD95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICLOADNT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICMON.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICSUPP95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICSUPPNT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IFACE.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IOMON98.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\JEDI.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVsvc.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVSvcUI.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVFW.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchUI.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LOCKDOWN2000.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Logo1_.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Logo_1.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LOOKOUT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LUALL.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MAILMON.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MOOLIVE.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFTRAY.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my.exe]
Debugger=C:\WINDOWS\Fonts\system\lmmh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\N32SCANW.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVLU32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVNT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVWNT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NISUM.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NMain.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NORMIST.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NUPGRADE.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NVC95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVCL.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVSCHED.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVW.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PCCWIN98.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PCFWALLICON.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PERSFW.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Play.exe]
Debugger=C:\WINDOWS\Fonts\system\lmmy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV7.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV7WIN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVtimer.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rising.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SAFEWEB.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCAN95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCANPM.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCRSCAN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SERV95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SMC.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SPHINX.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SWEEP95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TBSCAN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TCA.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS2-98.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS2-NT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\THGUARD.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanHunter.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VET95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VETTRAY.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSCAN40.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSECOMR.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSHWIN32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WFINDV32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZONEALARM.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\\_AVP32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\\_AVPCC.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\\_AVPM.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ÐÞ¸´¹¤¾ß.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

R0 95el;95e;C:\WINDOWS\system32\DRIVERS\95el.sys [2004-08-19 16:09]
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-09-22 20:00]
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Drivers\SSIoMngr.sys [2004-07-30 15:05]
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-06-03 19:49]
R2 25A3A348;25A3A348;C:\WINDOWS\system32\C0FC3010.EXE -g []
R2 bhxxyl;bhxxyl;C:\WINDOWS\system32\svchost.exe -k bhxxyl []
R2 ixf7sc;ixf7sc;C:\WINDOWS\system32\drivers\ixf7sc.sys [2004-08-19 16:09]
R2 MSDCOMClient16;DCOM Service Process Manager;C:\WINDOWS\system32\svchost.exe -k netsvcs []
R2 yhxxyloc;yhxxyloc;C:\WINDOWS\system32\drivers\xeadkt.sys [2004-08-19 16:10]
S2 kav7.0.0.125sch;Performance Logs and Ale;C:\WINDOWS\system32\sch.exe [1987-12-14 06:41]
S2 p4g6p;p4g6p;C:\WINDOWS\system32\drivers\p4g6p.sys []
S2 RemoteStorage;Network Connections Management;C:\WINDOWS\system32\1Svch.exe [2000-12-14 14:29]
S3 PciHardDisk;PciHardDisk;C:\WINDOWS\system32\drivers\pcidisk.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bhxxyl REG_MULTI_SZ bhxxyl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
MSDCOMClient16
MSDCOMClient32

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ntldr.exe
\Shell\´ò¿ª(&O)\command - C:\ntldr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab860cfa-d24b-11d4-8330-ae14021832ad}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab860cfb-d24b-11d4-8330-ae14021832ad}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e013796f-f07c-11d5-a156-00166f388eda}]
\Shell\Auto\command - E:\sch.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sch.exe

*Newly Created Service* - ENTDRV51
*Newly Created Service* - IXF7SC
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 19:17:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\C0FC3010.EXE 20523 bytes executable
C:\WINDOWS\system32\5.exe 151311 bytes executable
C:\WINDOWS\system32\Rpcs.dll 110080 bytes executable
C:\WINDOWS\system32\Rpcs.exe 151311 bytes executable

scan completed successfully
hidden files: 4

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\kaqhlzy.dll
-> c:\windows\system32\xeadkt.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\kaqhlzy.dll
-> C:\WINDOWS\system32\qdshm.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\kaqhlzy.dll
-> C:\WINDOWS\system32\kb1111p.dll
-> C:\WINDOWS\system32\qdshm.dll
-> c:\windows\system32\xeadkt.dll
-> C:\WINDOWS\system32\kawdfzy.dll
-> C:\WINDOWS\system32\avwlgmn.dll
-> C:\WINDOWS\system32\leby1.dll
c:\windows\inf\usbdevices.inf
-> C:\WINDOWS\853957WL.DLL
.
Completion time: 2000-12-17 19:21:17 - machine was rebooted
.
2005-12-14 06:56:38 --- E O F ---

chrifleur
 Posté le 18/12/2007 à 10:04 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

je regarde ce volumineux rapport

poste un nouveau rapport hijack this stp

mmaxx
 Posté le 18/12/2007 à 12:02 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Voici le dernier log de hijackthis

gfile of HijackThis v1.99.1
Scan saved at 10:56, on 2000-12-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\host.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Fonts\system\ati2evxx.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abidjan.net/
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\host.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [crsss] C:\WINDOWS\system32\Systom.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [TBMonEx] C:\WINDOWS\Fonts\system\ati2evxx.exe
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [WinForm] C:\WINDOWS\WinForm.exE
O4 - HKLM\..\RunOnce: [leby1] %systemroot%\system32\Rundll32.exe %systemroot%\system32\leby1.dll,DllUnregisterServer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\qdshm.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qdshm.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = groupensia.local
O17 - HKLM\Software\..\Telephony: DomainName = groupensia.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = groupensia.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = groupensia.local
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: kaqhlzy.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Connections Management (RemoteStorage) - Unknown owner - C:\WINDOWS\system32\1Svch.exe

chrifleur
 Posté le 18/12/2007 à 12:09 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Ouvrir l'Explorateur Windows: > Démarrer > Programmes > Accessoires > Explorateur Windows ou Démarrer > Programmes > Explorateur Windows.

Cliquer sur Outils > Options des dossiers > Affichage.

Sélectionner :

cocher : Afficher les fichiers et dossiers cachés.

décocher : Masquer les extensions des fichiers dont le type est connu.

décocher : Masquer les fichiers protégés du système d'exploitation (recommandé)

Cliquer sur Appliquer et Ok

Cliquer sur ce lien

http://www.virustotal.com/

Et teste ceci: c:\windows\system32\qdshm.dll

Cliquer sur Parcourir et indiquer le chemin du ou des fichier(s) que j’ai désigné(s).

Cliquer sur Send File

Au message Sending File, ne pas fermer cette fenêtre.

Si vous avez un message Current Statue: queued : Patience!

Au bout de quelques minutes, vous aurez dans l'encadré: Current status: finishedeued waiting scanning

Faire un copier/coller du résultat et postez-le dans votre prochain message.

Tu recaches tes fichiers dossiers

décocher : Afficher les fichiers et dossiers cachés.

recocher : Masquer les extensions des fichiers dont le type est connu.

cocher : Masquer les fichiers protégés du système d'exploitation (recommandé)

Cliquer sur Appliquer et Ok

mmaxx
 Posté le 18/12/2007 à 13:37 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

VOICI LE RESULTAT DE l'analyse

AntivirusVersionDernière mise à jourRésultat
AhnLab-V32007.12.18.112007.12.18-
AntiVir7.6.0.452007.12.18TR/PSW.Onlineg.KC.2
Authentium4.93.82007.12.18-
Avast4.7.1098.02007.12.17Win32:OnLineGames-BKP
AVG7.5.0.5032007.12.17PSW.OnlineGames.XAD
BitDefender7.22007.12.18-
CAT-QuickHeal9.002007.12.17-
ClamAV0.91.22007.12.18PUA.Packed.UPack
DrWeb4.44.0.091702007.12.18Trojan.PWS.Gamania.6441
eSafe7.0.15.02007.12.17-
eTrust-Vet31.3.53852007.12.18Win32/Spibe!generic
Ewido4.02007.12.18-
FileAdvisor12007.12.18-
Fortinet3.14.0.02007.12.18-
F-Prot4.4.2.542007.12.18W32/Heuristic-162!Eldorado
F-Secure6.70.13030.02007.12.18Trojan-PSW.Win32.OnLineGames.gjr
IkarusT3.1.1.152007.12.18Trojan-Dropper.Win32.Agent.ane
Kaspersky7.0.0.1252007.12.18Trojan-PSW.Win32.OnLineGames.gjr
McAfee51872007.12.17PWS-OnlineGames.j
Microsoft1.31092007.12.18PWS:Win32/OnLineGames.CQC
NOD32v227292007.12.18a variant of Win32/PSW.OnLineGames.NHF
Norman5.80.022007.12.17W32/Suspicious_U.gen
Panda9.0.0.42007.12.18Suspicious file
Prevx1V22007.12.18-
Rising20.23.12.002007.12.18Trojan.PSW.Win32.QQGame.am
Sophos4.24.02007.12.18Mal/EncPk-BW
Sunbelt2.2.907.02007.12.18VIPRE.Suspicious
Symantec102007.12.18-
TheHacker6.2.9.1622007.12.17W32/Behav-Heuristic-060
VBA323.12.2.52007.12.17-
VirusBuster4.3.26:92007.12.17Packed/Upack
Webwasher-Gateway6.6.22007.12.18Trojan.PSW.Onlineg.KC.2

chrifleur
 Posté le 18/12/2007 à 13:42 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

* Télécharge LSPfix
* Lance LSPfix
* Déconnecte-toi d'Internet et ferme toutes les fenêtres d'Internet Explorer.
* Coche la case "I know what I'm doing"
* Sélectionne toutes les instances des dll suivantes (s'il y en a, sinon ferme LSPfix) :

qdshm.dll

* fais les glisser du panneau de gauche "keep" au panneau de droite "Remove".
Clique sur le bouton "Finish".
(Si elles sont déjà dans le panneau "Remove" alors clique directement sur le bouton "Finish".)

----
à charger en même tps que lspfix en cas de perte de connexion
Tu fais réparer la connexion avec
WinSock XP Fix .

edit :

refais un scan avec Combofix

poste les rapports obtenusavec un rapport hijack this



Modifié par chrifleur le 18/12/2007 22:00
chrifleur
 Posté le 18/12/2007 à 20:43 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

tu en es où?
Publicité
mmaxx
 Posté le 18/12/2007 à 21:13 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Désolé, j'étais absent toute la journée. je m'y mets maintenant.

chrifleur
 Posté le 18/12/2007 à 22:14 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

ok, par contre il est l'heure pour moi de

je te donne encore un peu de travail...

edit : passe RavAntivirus avant stp

Étape 1:
Télécharge eScan Antivirus Toolkit ici. Sauvegarde-le sur ton Bureau.

http://www.spywareinfo.dk/download/mwav.exe

Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.

Étape 2:
Voici comment mettre l'outil à jour :

1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau ; dézippe les fichiers dans le nouveau dossier suggéré (C:\Kaspersky). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").

2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky ; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.

3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue" ; tape sur une clé pour continuer. Deux nouveaux répertoires (dossiers) ont été créés lors de la mise à jour (C:\Bases et C:\Downloads).

4.) Sélectionne/copie tous les fichiers présents dans le dossier C:\Downloads, puis colle-les dans le dossier C:\Kaspersky. Accepte à l'invite de remplacer les fichiers existants.

Ne pas lancer le scan tout de suite !

copie ou imprime ce qui suit car tu n'auras pas accès à internet

Étape 3:
Redémarre en mode Sans Échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisi la première option : Sans Échec, et valide avec "Entrée"
5) Choisi ton compte régulier, et non Administrateur


Étape 4:
Du mode Sans Échec, voici comment utiliser le programme :

1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky

2.) Double-clique sur mwavscan.com ; l'interface d'eScan va apparaître à l'écran.

3.) Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.

4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous ; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.

5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.

6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !

7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.

Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.


à demain matin pour la suite



Modifié par chrifleur le 19/12/2007 19:23
mmaxx
 Posté le 19/12/2007 à 07:54 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Voici le rapport combofix

ComboFix 07-12-17.1 - Kone.se 2000-12-18 20:24:53.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.600 [GMT 0:00]
Running from: C:\Documents and Settings\Kone.se.NSIA-PC-KONE\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Program Files\Internet Explorer\PLUGINS\NvWin_5.Jmp
C:\WINDOWS\DbgHlp32.exe
C:\WINDOWS\system32\addrTLhelp.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\GDGJI32.dll
C:\WINDOWS\system32\GDHnXaI32.dll
C:\WINDOWS\system32\GDQQHXI32.dll
C:\WINDOWS\system32\GDQQSGI32.dll
C:\WINDOWS\system32\GDTLI32.dll
C:\WINDOWS\system32\GDZHTUI32.dll
C:\WINDOWS\system32\GDZYZJI32.dll
C:\WINDOWS\system32\MsPrint32D.dll
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\system32\winform.dll
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\winform.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-17 to 2007-12-17 ))))))))))))))))))))))))))))))))))))
.

2007-12-18 12:09 . 2007-12-18 12:09 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2007-12-18 11:49 . 2007-12-18 13:24 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2007-12-18 11:46 . 2007-12-18 13:24 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-17 17:13 . 2007-12-17 17:13 68 --a------ C:\WINDOWS\system32\0f3
2007-12-17 17:13 . 2007-12-17 17:13 29 --a------ C:\WINDOWS\system32\22-10411234
2007-12-17 17:11 . 2007-12-17 17:11 14 --a------ C:\WINDOWS\system32\6-10411234
2007-12-17 17:10 . 2007-12-17 17:11 76,404 --a------ C:\WINDOWS\an006.exe
2007-12-17 17:10 . 2007-12-17 17:10 79 --a------ C:\WINDOWS\system32\mstacim.sig
2007-12-14 06:40 . 2001-12-14 06:40 30,785 --a------ C:\WINDOWS\1209.exe
2007-12-14 06:40 . 2007-12-14 06:40 15,360 --a------ C:\WINDOWS\admin3_ver1212.exe
2007-12-14 06:40 . 2000-12-17 21:59 8,192 --a------ C:\WINDOWS\system32\REGKEY.hiv
2007-12-14 06:40 . 2000-12-14 11:25 332 --a------ C:\WINDOWS\dwf32.ini
2007-12-14 00:14 . 2007-12-14 00:14 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2007-12-13 23:16 . 2007-12-13 23:16 244 --ah----- C:\sqmnoopt17.sqm
2007-12-13 23:16 . 2007-12-13 23:16 232 --ah----- C:\sqmdata17.sqm
2007-12-13 19:07 . 2007-12-13 19:07 244 --ah----- C:\sqmnoopt16.sqm
2007-12-13 19:07 . 2007-12-13 19:07 232 --ah----- C:\sqmdata16.sqm
2007-12-13 18:22 . 2007-12-13 18:22 244 --ah----- C:\sqmnoopt15.sqm
2007-12-13 18:22 . 2007-12-13 18:22 232 --ah----- C:\sqmdata15.sqm
2007-12-13 17:52 . 2007-12-17 20:31 5,920,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-13 17:52 . 2007-12-17 20:30 277,536 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-13 17:52 . 2007-12-13 18:34 90,980 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-13 17:52 . 2007-12-13 18:34 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-13 17:52 . 2000-12-18 20:18 80,132 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-13 17:52 . 2000-12-18 20:18 26,900 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-13 16:46 . 2007-12-17 23:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-12-13 16:34 . 2007-12-13 16:34 <REP> d---s---- C:\Documents and Settings\Kone.se.NSIA-PC-KONE\UserData
2007-12-13 16:03 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-13 15:31 . 2007-12-13 15:31 <REP> d-------- C:\Program Files\McAfee
2007-12-13 15:31 . 2007-12-13 15:31 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2007-12-13 15:31 . 2006-11-17 03:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-12-13 15:31 . 2006-11-17 03:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
2007-12-13 15:30 . 2007-12-07 11:37 3,772,527 --a------ C:\WINDOWS\FramePkg.exe
2007-12-13 15:15 . 2007-12-13 15:16 <REP> d-------- C:\Documents and Settings\KONE.SE.GROUPENSIA\Application Data\AdobeUM
2007-12-13 14:30 . 2007-12-12 16:34 <REP> d--h----- C:\Documents and Settings\KONE.SE.GROUPENSIA\Voisinage réseau
2007-12-13 14:30 . 2007-12-12 16:34 <REP> d--h----- C:\Documents and Settings\KONE.SE.GROUPENSIA\Voisinage d'impression
2007-12-13 14:30 . 2007-12-12 19:11 <REP> d--h----- C:\Documents and Settings\KONE.SE.GROUPENSIA\Modèles
2007-12-13 14:30 . 2007-12-13 14:30 <REP> dr------- C:\Documents and Settings\KONE.SE.GROUPENSIA\Mes documents
2007-12-13 14:30 . 2007-12-12 16:34 <REP> dr------- C:\Documents and Settings\KONE.SE.GROUPENSIA\Menu Démarrer
2007-12-13 14:30 . 2007-12-17 19:11 <REP> dr------- C:\Documents and Settings\KONE.SE.GROUPENSIA\Favoris
2007-12-13 14:30 . 2007-12-13 17:18 <REP> d-------- C:\Documents and Settings\KONE.SE.GROUPENSIA\Bureau
2007-12-13 13:28 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-13 13:27 . 2007-12-12 16:34 <REP> d--h----- C:\Documents and Settings\administrateur.GROUPENSIA\Voisinage réseau
2007-12-13 13:27 . 2007-12-12 16:34 <REP> d--h----- C:\Documents and Settings\administrateur.GROUPENSIA\Voisinage d'impression
2007-12-13 13:27 . 2007-12-12 19:11 <REP> d--h----- C:\Documents and Settings\administrateur.GROUPENSIA\Modèles
2007-12-13 13:27 . 2007-12-13 13:28 <REP> dr------- C:\Documents and Settings\administrateur.GROUPENSIA\Mes documents
2007-12-13 13:27 . 2007-12-12 16:34 <REP> dr------- C:\Documents and Settings\administrateur.GROUPENSIA\Menu Démarrer
2007-12-13 13:27 . 2007-12-13 13:28 <REP> dr------- C:\Documents and Settings\administrateur.GROUPENSIA\Favoris
2007-12-13 13:27 . 2007-12-12 16:34 <REP> d-------- C:\Documents and Settings\administrateur.GROUPENSIA\Bureau
2007-12-13 13:07 . 2005-06-01 05:46 1,671,168 --a------ C:\WINDOWS\system32\W29MLRES.dll
2007-12-13 13:07 . 2005-06-03 16:20 13 --a------ C:\WINDOWS\system32\drivers\verfile.tic
2007-12-13 13:07 . 2007-12-13 13:07 0 --a------ C:\WINDOWS\CeEKey.INI
2007-12-13 12:48 . 2003-05-24 03:13 270,336 --a------ C:\WINDOWS\system32\PlugPlayPCIDevice.exe
2007-12-13 12:48 . 2005-02-24 14:26 163,840 --a------ C:\WINDOWS\system32\MFCFirstRemove.exe
2007-12-13 12:48 . 2005-02-24 14:57 32,768 --a------ C:\WINDOWS\system32\RmWLAN.exe
2007-12-13 12:48 . 2004-06-10 11:03 28,672 --a------ C:\WINDOWS\system32\InstallInf.exe
2007-12-13 11:47 . 2005-06-21 17:09 18,751,488 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2007-12-13 11:45 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2007-12-13 11:44 . 2007-12-13 11:45 <REP> d-------- C:\Program Files\Java
2007-12-13 11:39 . 2007-12-13 11:39 0 --a------ C:\WINDOWS\NDSTray.INI
2007-12-13 11:37 . 2000-12-17 19:32 <REP> d-------- C:\Program Files\ltmoh
2007-12-13 11:37 . 2003-02-25 05:42 128,113 --a------ C:\WINDOWS\system32\csellang.ini
2007-12-13 11:37 . 2005-04-06 14:53 110,592 --a------ C:\WINDOWS\system32\cselect.exe
2007-12-13 11:37 . 2004-12-22 08:10 88,358 --a------ C:\WINDOWS\agrsmmsg.exe
2007-12-13 11:37 . 2003-12-04 23:48 77,824 --a------ C:\WINDOWS\system32\tosmreg.exe
2007-12-13 11:37 . 2004-04-06 09:49 64,512 --------- C:\WINDOWS\agrsmdel.exe
2007-12-13 11:37 . 2003-10-31 17:59 45,056 --a------ C:\WINDOWS\system32\csellang.dll
2007-12-13 11:37 . 2005-04-06 17:33 10,177 --a------ C:\WINDOWS\system32\tosmreg.ini
2007-12-13 11:37 . 2003-02-25 06:01 7,671 --a------ C:\WINDOWS\system32\cseltbl.ini
2007-12-13 11:36 . 2005-03-04 18:10 74,496 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2007-12-13 11:22 . 2007-12-13 11:22 <REP> d-------- C:\Program Files\DVD-RAM
2007-12-13 11:22 . 2004-08-28 07:37 155,648 --a------ C:\WINDOWS\system32\RAMASST.exe
2007-12-13 11:22 . 2005-04-22 11:36 135,168 --a------ C:\WINDOWS\system32\DVDMenu.dll
2007-12-13 11:22 . 2004-08-28 07:33 110,592 --a------ C:\WINDOWS\system32\DVDRAMSV.exe
2007-12-13 11:22 . 2005-06-02 10:33 102,384 --a------ C:\WINDOWS\system32\drivers\meiudf.sys
2007-12-13 11:21 . 2002-11-21 10:57 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-12-13 11:21 . 2002-11-21 10:57 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-12-13 11:21 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-12-13 11:21 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-12-13 11:21 . 2002-11-21 10:57 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-12-13 11:21 . 2002-11-21 10:57 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-12-13 11:20 . 2005-05-31 05:33 98,360 --a------ C:\WINDOWS\dla.exe
2007-12-13 11:20 . 2005-04-22 03:22 88,352 --a------ C:\WINDOWS\system32\drivers\drvmcdb.sys
2007-12-13 11:20 . 2005-05-31 05:33 61,500 --a------ C:\WINDOWS\system32\tfswapi.dll
2007-12-13 11:20 . 2005-04-21 02:56 40,544 --a------ C:\WINDOWS\system32\drivers\drvnddm.sys
2007-12-13 11:20 . 2005-05-13 10:37 23,545 --a------ C:\WINDOWS\system32\drivers\ssrtln.sys
2007-12-13 11:20 . 2005-05-13 10:37 5,627 --a------ C:\WINDOWS\system32\drivers\sscdbhk5.sys
2007-12-13 11:20 . 2007-12-13 11:20 191 --a------ C:\WINDOWS\wininit.ini
2007-12-13 11:17 . 2005-05-17 13:25 94,208 --a------ C:\WINDOWS\system32\TCtrlCommon.dll
2007-12-13 11:07 . 2007-12-13 11:07 <REP> d-------- C:\Program Files\MSBuild
2007-12-13 10:59 . 2007-12-13 11:08 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2007-12-13 09:22 . 2000-12-17 23:41 <REP> d-------- C:\Program Files\Atheros
2007-12-13 09:22 . 2007-12-13 09:22 <REP> d-------- C:\Documents and Settings\KONESE~2~NSI\LOCALS~1
2007-12-13 09:18 . 2005-04-11 15:58 516,096 --a------ C:\WINDOWS\system32\TOSCDSPD.cpl
2007-12-13 09:14 . 2005-06-03 19:32 28,672 --a------ C:\WINDOWS\system32\EBLib.DLL
2007-12-13 09:14 . 2005-06-03 19:49 9,600 --a------ C:\WINDOWS\system32\drivers\TPwSav.sys
2007-12-13 09:08 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-12 19:45 . 2007-12-12 16:34 <REP> d--h----- C:\Documents and Settings\Kone.se.NSIA-PC-KONE\Voisinage réseau
2007-12-12 19:45 . 2007-12-12 16:34 <REP> d--h----- C:\Documents and Settings\Kone.se.NSIA-PC-KONE\Voisinage d'impression
2007-12-12 19:45 . 2007-12-12 19:11 <REP> d--h----- C:\Documents and Settings\Kone.se.NSIA-PC-KONE\Modèles

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 13:58 24,576 ----a-w C:\WINDOWS\system32\msapi32.dll
2007-12-18 11:49 --------- d-----w C:\Program Files\Yahoo!
2007-12-17 23:12 44,032 ----a-w C:\WINDOWS\system32\host.exe
2007-12-17 20:29 106 ----a-w C:\WINDOWS\Fonts\avwlgina.dll
2007-12-17 20:29 105 ----a-w C:\WINDOWS\Fonts\kaqhlcsa.dll
2007-12-17 20:29 103 ----a-w C:\WINDOWS\Fonts\kawdfcsa.dll
2007-12-17 19:18 36,864 ------w C:\WINDOWS\system32\Systom.exe
2007-12-17 19:12 --------- d-----w C:\Program Files\fctn
2007-12-17 19:10 55 ----a-w C:\WINDOWS\Fonts\kvdxjcfa.dll
2007-12-17 08:16 114,688 ------r C:\WINDOWS\system32\4d201.exe
2007-12-15 15:44 90,112 ----a-w C:\WINDOWS\system32\¸´¼þ11~1.exe
2007-12-13 12:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 11:47 --------- d-----w C:\Program Files\Realtek AC97
2007-12-13 11:19 --------- d-----w C:\Program Files\ATI Technologies
2007-12-13 11:08 --------- d-----w C:\Program Files\Microsoft Works
2007-12-13 09:22 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-12-13 09:22 --------- d-----w C:\Program Files\Toshiba
2007-12-11 15:38 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\Skype
2007-12-07 14:20 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\U3
2007-12-06 14:52 --------- d-----w C:\Program Files\DivX
2007-12-06 14:29 --------- d-----w C:\Documents and Settings\KONE.SE\Application Data\Vso
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 09:59 --------- d-----w C:\Program Files\Kaspersky Lab
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 10:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-01-21 07:37 24,192 ----a-w C:\Documents and Settings\KONE.SE\usbsermptxp.sys
2007-01-21 07:37 22,768 ----a-w C:\Documents and Settings\KONE.SE\usbsermpt.sys
2004-08-19 16:10 28,000 --sh--w C:\WINDOWS\Fonts\system\ati2evxx.exe
2001-12-14 10:27 95,744 ----a-w C:\WINDOWS\Fonts\system\inudhya.dll
2000-12-18 19:56 30,331 ----a-w C:\WINDOWS\Fonts\system\qq.exe
2000-12-18 10:57 6,717 ----a-w C:\Program Files\hijackthis333.txt
2000-12-18 10:56 6,717 ----a-w C:\Program Files\hijackthis.log
2000-12-16 21:29 7,296 ----a-w C:\Program Files\hijackthis2.txt
2000-12-14 14:19 136,704 ----a-w C:\WINDOWS\inf\MSLogin64.exe
2005-12-14 12:07 71,473 --sh--w C:\WINDOWS\853957M.exe
2005-12-14 12:07 71,473 --sh--w C:\WINDOWS\853957W.exe
2004-08-19 16:10 28,000 --sh--w C:\WINDOWS\Fonts\system\ati2evxx.exe
2004-08-04 06:41 26,448 --sh--w C:\WINDOWS\system32\avwlgmn.dll
2004-08-04 06:41 2,120,526 --sh--w C:\WINDOWS\system32\kaqhlzy.dll
2004-08-04 06:40 24,394 --sh--w C:\WINDOWS\system32\kawdfzy.dll
2000-12-14 11:24 75,892 --sh--r C:\WINDOWS\system32\mycc071213.exe
2005-12-14 12:07 18,944 --sh--w C:\WINDOWS\system32\sky.exe
2005-12-14 12:07 27,136 --sh--r C:\WINDOWS\system32\wincheck071204.dll
2005-12-14 12:07 28,172 --sh--r C:\WINDOWS\system32\wincheck071204.exe
2005-12-14 12:10 27,136 --sh--r C:\WINDOWS\system32\wincheck071213.dll
2005-12-14 12:08 26,716 --sh--r C:\WINDOWS\system32\wincheck071213.exe
.

((((((((((((((((((((((((((((( snapshot@2000-12-17_19.19.43.69 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-07-14 15:52:22 121,856 ----a-w C:\WINDOWS\$hf_mig$\KB915865\SP2QFE\xmllite.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB915865\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB915865\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\updspapi.dll
+ 2006-05-25 10:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
+ 2006-05-25 10:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
+ 2006-05-24 12:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
+ 2006-05-24 12:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
+ 2000-12-17 22:00:30 15,104 ----a-w C:\WINDOWS\bplqlp.exe
- 2000-12-17 16:54:17 1,138,688 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2000-12-17 22:28:32 1,138,688 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2000-12-17 16:54:18 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2000-12-17 22:28:32 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2000-12-18 19:56:41 15,676 ----a-w C:\WINDOWS\ikiblz.exe
+ 2006-10-17 23:48:40 132,608 ----a-w C:\WINDOWS\msdownld.tmp\AS1FE17F.tmp\advpack.dll
+ 2006-10-17 23:48:46 975,896 ----a-w C:\WINDOWS\msdownld.tmp\AS1FE17F.tmp\ytb_6.3.5.0_pub_us_setup_.exe
+ 2006-10-17 23:48:40 132,608 ----a-w C:\WINDOWS\msdownld.tmp\AS54F8EE.tmp\advpack.dll
+ 2006-10-17 23:48:46 975,896 ----a-w C:\WINDOWS\msdownld.tmp\AS54F8EE.tmp\ytb_6.3.5.0_pub_us_setup_.exe
+ 2006-10-17 23:48:40 132,608 ----a-w C:\WINDOWS\msdownld.tmp\AS76804D.tmp\advpack.dll
+ 2006-10-17 23:48:46 975,896 ----a-w C:\WINDOWS\msdownld.tmp\AS76804D.tmp\ytb_6.3.5.0_pub_us_setup_.exe
- 2000-12-14 14:29:54 77,312 ----a-w C:\WINDOWS\system32\1Svch.exe
+ 2000-12-18 14:02:01 126,551 ----a-w C:\WINDOWS\system32\1Svch.exe
- 2004-08-19 16:09:20 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2006-10-17 13:01:08 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-19 16:09:20 101,888 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2006-10-17 13:00:50 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
- 2004-08-19 16:09:20 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2006-10-17 13:01:08 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2004-08-19 16:09:20 101,888 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2006-10-17 13:00:50 123,904 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2004-08-19 14:09:22 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2006-10-17 13:33:40 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2007-10-11 06:13:39 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2006-10-17 12:58:06 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-10-11 06:13:39 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2006-10-17 12:57:50 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-10-11 06:13:39 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2006-10-17 13:33:40 131,584 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2004-08-19 16:09:28 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2006-10-17 12:44:36 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2004-08-19 16:09:56 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2006-10-17 13:00:56 54,784 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2004-08-19 16:09:28 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2006-10-17 13:01:20 152,064 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2004-08-19 16:09:28 221,696 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2006-10-17 13:01:34 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2001-09-28 12:00:00 245,760 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2006-10-17 12:23:08 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2004-08-19 16:09:28 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2006-10-17 13:01:22 382,976 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-10-10 11:16:27 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2006-10-17 13:04:50 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2004-08-19 16:09:28 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2006-10-17 13:06:00 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-10-11 06:13:39 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2006-10-17 13:33:40 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2004-08-19 16:09:28 49,152 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2006-10-17 13:00:58 43,008 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2004-08-19 16:09:28 63,488 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2006-10-17 13:01:06 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2004-08-19 16:09:56 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2006-10-17 13:04:40 622,080 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2004-08-19 16:09:30 35,840 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2006-10-17 12:57:58 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-10-11 06:13:39 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2006-10-17 13:00:54 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-11-14 07:28:02 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2006-10-17 13:00:00 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-10-11 06:13:39 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2006-10-17 13:33:40 27,136 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-19 16:09:32 22,528 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2006-10-17 13:05:10 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2004-08-19 16:10:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2006-10-17 12:56:10 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-10-30 10:18:16 3,079,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2006-10-17 13:33:42 3,577,856 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-10-11 06:13:40 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2006-10-17 13:33:40 475,648 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-19 16:08:28 57,344 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2006-10-17 12:28:56 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2001-09-28 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2006-10-17 13:33:40 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2007-10-11 06:13:40 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2006-10-17 13:05:10 192,000 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-10-11 06:13:40 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2006-10-17 13:33:40 670,720 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-19 16:09:38 97,280 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2006-10-17 13:04:46 101,376 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-10-11 06:13:40 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2006-10-17 12:58:08 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-19 16:09:48 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2006-10-17 13:05:22 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-10-11 06:13:41 617,472 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2006-10-17 13:33:40 1,162,240 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-19 16:09:48 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2006-10-17 13:33:40 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 13:56:54 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2006-10-17 13:33:40 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2004-08-19 16:09:48 281,600 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2006-10-17 13:33:40 231,424 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-10-11 06:13:41 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2006-10-17 13:33:40 818,688 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2004-08-19 16:09:36 28,512 ----a-w C:\WINDOWS\system32\drivers\ixf7sc.sys
- 2007-10-11 06:13:39 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2006-10-17 12:58:06 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-10-11 06:13:39 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2006-10-17 12:57:50 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-10-11 06:13:39 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2006-10-17 13:33:40 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2000-12-17 22:00:23 34,337 ----a-w C:\WINDOWS\system32\FTCCompress.dll
+ 2000-12-17 21:23:51 12,019 ----a-w C:\WINDOWS\system32\GDDJI32.dll
+ 2000-12-14 12:13:18 12,474 ----a-w C:\WINDOWS\system32\GDFYI32.dll
+ 2001-12-14 06:40:57 14,548 ----a-w C:\WINDOWS\system32\GDJZI32.dll
+ 2000-12-17 10:05:06 15,967 ----a-w C:\WINDOWS\system32\GDMSI32.dll
+ 2005-12-14 12:07:29 13,454 ----a-w C:\WINDOWS\system32\GDQJI32.dll
+ 2005-12-14 12:06:59 13,612 ----a-w C:\WINDOWS\system32\GDWDI32.dll
+ 2005-12-14 12:10:00 13,607 ----a-w C:\WINDOWS\system32\GDWLI32.dll
+ 2000-12-17 21:23:35 13,363 ----a-w C:\WINDOWS\system32\GDWMI32.dll
+ 2000-12-17 15:29:49 12,506 ----a-w C:\WINDOWS\system32\GDZXI32.dll
+ 2006-10-17 12:58:20 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 08:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-19 16:09:56 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2006-10-17 13:00:56 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-19 16:09:28 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2006-10-17 13:01:20 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-19 16:09:28 221,696 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2006-10-17 13:01:34 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2001-09-28 12:00:00 245,760 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2006-10-17 12:23:08 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2006-09-06 00:01:26 2,451,824 ------w C:\WINDOWS\system32\ieapfltr.dat
+ 2006-10-17 12:27:56 380,928 ------w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-19 16:09:28 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2006-10-17 13:01:22 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-19 16:09:28 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2006-10-17 13:06:00 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2006-10-17 13:33:42 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll
- 2007-10-11 06:13:39 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2006-10-17 13:33:40 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-19 16:09:28 49,152 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2006-10-17 13:00:58 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2006-10-17 12:57:20 266,752 ------w C:\WINDOWS\system32\iertutil.dll
- 2004-08-19 16:09:28 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2006-10-17 13:01:06 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2006-10-17 13:01:00 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2006-10-17 13:33:40 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-19 16:09:30 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2006-10-17 12:57:58 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-10-11 06:13:39 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2006-10-17 13:00:54 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2000-12-17 22:00:28 27,648 ----a-w C:\WINDOWS\system32\jimwzd.dll
- 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2006-10-17 13:00:00 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-10-11 06:13:39 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2006-10-17 13:33:40 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-19 16:09:32 22,528 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2006-10-17 13:05:10 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2006-10-17 13:33:40 458,752 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2006-10-17 13:33:40 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2006-10-17 12:58:32 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-19 16:10:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2006-10-17 12:56:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2007-10-30 10:18:16 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2006-10-17 13:33:42 3,577,856 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-10-11 06:13:40 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2006-10-17 13:33:40 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-19 16:08:28 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2006-10-17 12:28:56 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2001-09-28 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2006-10-17 13:33:40 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2000-12-17 22:00:17 31,977 ----a-w C:\WINDOWS\system32\msqdlsl32.dll
- 2007-10-11 06:13:40 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2006-10-17 13:05:10 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-10-11 06:13:40 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2006-10-17 13:33:40 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 17:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 08:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
+ 2000-12-18 19:54:36 28,672 ----a-w C:\WINDOWS\system32\nxdxmm.dll
- 2004-08-19 16:09:38 97,280 ----a-w C:\WINDOWS\system32\occache.dll
+ 2006-10-17 13:04:46 101,376 ----a-w C:\WINDOWS\system32\occache.dll
- 2005-12-14 09:41:53 41,170 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2000-12-17 19:21:17 41,170 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2005-12-14 09:41:53 49,932 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2000-12-17 19:21:17 49,932 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2005-12-14 09:41:53 314,842 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2000-12-17 19:21:17 314,842 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2005-12-14 09:41:53 371,070 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2000-12-17 19:21:17 371,070 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-10-11 06:13:40 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2006-10-17 12:58:08 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2000-12-17 10:24:05 4,168 ----a-w C:\WINDOWS\system32\qdshm.dll
+ 2000-12-17 21:22:45 4,179 ----a-w C:\WINDOWS\system32\qdshm.dll
- 2006-01-19 19:29:25 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-06 17:43:16 14,048 ------w C:\WINDOWS\system32\spmsg.dll
- 2004-08-19 16:09:48 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2006-10-17 13:05:22 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-10-11 06:13:41 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2006-10-17 13:33:40 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-19 16:09:48 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2006-10-17 13:33:40 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-19 16:09:48 281,600 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2006-10-17 13:33:40 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2006-10-17 13:05:58 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2007-10-11 06:13:41 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-10-17 13:33:40 818,688 ----a-w C:\WINDOWS\system32\wininet.dll
- 1987-12-14 06:39:28 77,824 ----a-w C:\WINDOWS\system32\wxptdi.sys
+ 2000-12-17 21:59:10 77,824 ----a-w C:\WINDOWS\system32\wxptdi.sys
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" []
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" []
"TFncKy"="TFncKy.exe" []
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 16:49 C:\WINDOWS\system32\TCtrlIOHook.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2000-12-18 10:47]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 11:45]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2000-12-18 10:48]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2000-12-18 10:48]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 08:10 C:\WINDOWS\agrsmmsg.exe]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2000-12-18 10:49]
"Zooming"="ZoomingHook.exe" [2005-06-06 09:58 C:\WINDOWS\system32\ZoomingHook.exe]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 03:06]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02]
"crsss"="C:\WINDOWS\system32\Systom.exe" [2007-12-17 19:18]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" []
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2004-02-19 13:07]
"TBMonEx"="C:\WINDOWS\Fonts\system\ati2evxx.exe" [2004-08-19 16:10]
"SDFix"="C:\SDFix\RunThis.bat /second" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"leby1"="C:\WINDOWS\system32\Rundll32.exe" [2004-08-19 16:10]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2007-12-13 09:22:43]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2007-12-13 11:22:51]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9C0ADB68-353A-61DD-ED09-1D8003A61111}"= C:\WINDOWS\system32\kb1111p.dll [1999-01-01 00:01 19456]
"{68907901-1416-3389-9981-372178569986}"= C:\WINDOWS\system32\kawdfzy.dll [2004-08-04 06:40 24394]
"{7960356A-458E-DE24-BD50-268F589A56A7}"= C:\WINDOWS\system32\avwlgmn.dll [2004-08-04 06:41 26448]
"{C7D81718-1314-5200-2597-58790101807C}"= C:\WINDOWS\system32\kaqhlzy.dll [2004-08-04 06:41 2120526]
"{809B3B49-72F3-491E-87FA-1753DA02FA06}"= C:\WINDOWS\system32\ubhoagntygmt.dll [ ]
"{521DAF25-0CF6-4605-A66D-010E84546FED}"= C:\WINDOWS\system32\gmsygmsyfl.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avwlgmn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ACKWIN32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTI-TROJAN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\APVXDWIN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AUTODOWN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVE32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGCTRL.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVKSERV.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVNT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPCC.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPDOS32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPM.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPTC32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPUPD.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSCHED32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWIN95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWUPD32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BLACKD.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BLACKICE.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFIADMIN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFIAUDIT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFINET.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFINET32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLAW95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLAW95CF.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLEANER.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLEANER3.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DVP95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DVP95_0.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ECENGINE.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ESAFE.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EXPWATCH.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-AGNT95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-PROT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-PROT95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-STOPW.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FESCUE.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FINDVIRU.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FP-WIN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPROT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FRW.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMAPP.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMSERV.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IBMASN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IBMAVSP.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICLOAD95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICLOADNT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICMON.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICSUPP95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICSUPPNT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IFACE.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IOMON98.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\JEDI.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVsvc.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVSvcUI.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVFW.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchUI.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LOCKDOWN2000.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Logo1_.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Logo_1.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LOOKOUT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LUALL.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MAILMON.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MOOLIVE.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFTRAY.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my.exe]
Debugger=C:\WINDOWS\Fonts\system\lmmh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\N32SCANW.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVLU32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVNT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVWNT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NISUM.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NMain.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NORMIST.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NUPGRADE.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NVC95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVCL.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVSCHED.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVW.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PCCWIN98.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PCFWALLICON.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PERSFW.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Play.exe]
Debugger=C:\WINDOWS\Fonts\system\lmmy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV7.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV7WIN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVtimer.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rising.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SAFEWEB.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCAN95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCANPM.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCRSCAN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SERV95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SMC.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SPHINX.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SWEEP95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TBSCAN.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TCA.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS2-98.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS2-NT.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\THGUARD.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanHunter.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VET95.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VETTRAY.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSCAN40.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSECOMR.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSHWIN32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WFINDV32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZONEALARM.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\\_AVP32.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\\_AVPCC.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\\_AVPM.EXE]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ÐÞ¸´¹¤¾ß.exe]
Debugger=C:\WINDOWS\Fonts\system\ati2evxx.exe

R0 95el;95e;C:\WINDOWS\system32\DRIVERS\95el.sys [2004-08-19 16:09]
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-09-22 20:00]
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Drivers\SSIoMngr.sys [2004-07-30 15:05]
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-06-03 19:49]
R2 bhxxyl;bhxxyl;C:\WINDOWS\system32\svchost.exe -k bhxxyl []
R2 ixf7sc;ixf7sc;C:\WINDOWS\system32\drivers\ixf7sc.sys [2004-08-19 16:09]
R2 MSDCOMClient16;DCOM Service Process Manager;C:\WINDOWS\system32\svchost.exe -k netsvcs []
R2 RemoteStorage;Network Connections Management;C:\WINDOWS\system32\1Svch.exe [2000-12-18 14:02]
R2 WindowsRemote;Windows Accounts Driver;C:\WINDOWS\system32\1Svch.exe [2000-12-18 14:02]
S2 p4g6p;p4g6p;C:\WINDOWS\system32\drivers\p4g6p.sys []
S2 yhxxyloc;yhxxyloc;C:\WINDOWS\system32\drivers\xeadkt.sys []
S3 PciHardDisk;PciHardDisk;C:\WINDOWS\system32\fat32.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bhxxyl REG_MULTI_SZ bhxxyl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
MSDCOMClient16
MSDCOMClient32

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ntldr.exe
\Shell\´ò¿ª(&O)\command - C:\ntldr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab860cfa-d24b-11d4-8330-ae14021832ad}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab860cfb-d24b-11d4-8330-ae14021832ad}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e013796f-f07c-11d5-a156-00166f388eda}]
\Shell\Auto\command - E:\sch.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sch.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 20:31:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\kaqhlzy.dll
-> c:\windows\system32\xeadkt.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\kaqhlzy.dll
.
Completion time: 2007-12-17 20:33:50
C:\ComboFix2.txt ... 2000-12-17 23:39
C:\ComboFix3.txt ... 2000-12-17 19:21
.
2005-12-14 06:56:38 --- E O F ---

chrifleur
 Posté le 19/12/2007 à 08:29 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

edit : passe RavAntivirus en premier stp

si tu as une ou des clés USB, évite de les utiliser ou alors ne double clique pas desuus pour les ouvrir, la même chose pour tous tes périphériques externes...

si tu désinfectes ton Pc mais pas tes périphériques - clé USB, DD externe,tout périphérique qui se connecte sur ton PC, etc...cela se relance..
tu vas faire ceci dans un 1er temps
Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
Télécharge Rav antivirus:

http://www.evosla.com/compteur.php?soft=rav_antivirus


· Clique droit sur le fichier .ZIP > Extraire sur > le Bureau
· Double clic sur >> RAV.exe << afin de lancer l'outil.
· Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tous les lecteurs (disques fixes et amovibles)
· Si infection > un rapport s'établira, sinon s'affichera (très rapide) ==>Votre Ordinateur est sain .
· Retire tes disques amovibles et redémarre ton ordinateur .
Poste le rapport , si infection!

fais la suite avec Escan



Modifié par chrifleur le 19/12/2007 19:25
mmaxx
 Posté le 20/12/2007 à 10:24 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

J'ai passé le escan toolkit, conformément à tes instructions instructions, hier. Ca a duré plus de 4 h, et j'ai pu enregistré le rapport. Cependant, il y a une nouvelle difficulté qui est apparue! JE n'arrive plus à redemarrer mon ordi! ni en mode normal ni en mode sans echec.

Lorsque je relance, j'arrive à la partie ou je dois appuyer Ctrl+Alt+sUPP pour demarrer et taper mon mot de passe

Lorsque je tape mon mot de passe, l'ordi commence le demarrage (chargement de vos parametres) puis aussitot déconnexion et reviens à la fenetre ou je dois appuyer Ctrl+Alt+sUPP pour demarrer ! idem lorsque je vais en mode sans echec!

Que faire?

chrifleur
 Posté le 20/12/2007 à 11:12 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

je me renseigne

je te tiens au courant

chrifleur
 Posté le 20/12/2007 à 11:19 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Lorsque je relance, j'arrive à la partie ou je dois appuyer Ctrl+Alt+sUPP pour demarrer et taper mon mot de passe

pourquoi cela? tu n'as pas directement accès au mot de passe?

mmaxx
 Posté le 20/12/2007 à 12:04 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

lORSQUE je demarre l'ordi, j'ai une fenetre "bienvenue à windows" , puis je dois appuyer Ctrl+Alt+Supp pour démarrer. (pour ouvrir une session) Juste en dessous de ces instructions, il est écrit " l'utilisation de cette combinaison de touches au démarrage permet de sécuriser votre ordinateur.Pour plus d'informations, cliquez sur aide"

l'aide donne l'emplacement sur le clavier des touches évoquées ci dessus et donne lqq explications sur le sens de cette combinaison de touche.

chrifleur
 Posté le 20/12/2007 à 13:54 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

il y a longtemps que tu as ce souci pour ouvrir ta session...je ne connais aucun PC sur lequel on doive effectuer cette manip pour le lancer...

as tu essayer de le lancer sans faire contr+alt+suppr?

Publicité
Pages : [1] 2 3 4 ... Fin
Page 1 sur 4 [Fin]

Vous devez être connecté pour poster des messages. Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !


Sujets relatifs
PC infecté par le virus Win32/Small.CA
bonjour je suis infecté du virus win32/cybot B
PC infecté virus "Backdoor:Win32/Cycbot.B."
Virus Win32/Patched ou Winlogon.exe infecté
besoin d'aide PC infecté par WIN32 et autres virus
infecté par virus win32 viro
probleme de virus , pc infecté Win32 cloaker
virus win32 pc infecté ou pas?
infecté par le virus "Email-Worm.Win32.Bagle.ii'"
Virus win32/Small.CA !
Plus de sujets relatifs à infecté par le virus new win32, help!
 > Tous les forums > Forum Sécurité