Trojan WMA:Wimad[Drp]

Résolu
zantetsu-76 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention   -  
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
j'ai 1 ou 2 problemes avec des virus alors autant posté les 2 en meme temps.

1) j'ai repéré il y a peu la presence d'un trojan dans mon ordinateur d'apres un message d'avast pendant la lecture d'un mp3.le message revenant pour plusieur musique j'ai procédé a un scan de mon dossier musique et surprise;1/3 des musiques sont infectés par ce truc : WMA:Wimad[Drp] .Donc voila je voulais savoir comment il etait arrivé là et si possible comment s'en debarrasser sans perdre mes mp3.
PS:j'ai installé windows media player il y a peu. peut il etre la cause?
.
2) A cause du probleme ci-dessus, j'ai effectué un test spybot et il n'a rien trouvé sauf le virus "virtumonde".
j'ai lu qu'il etait assez coriace et qu'il ouvrait des pages de pub et ralentissait internet(je n'ais pas de pub,info erroné ?ou alors j'ai mal compris)
bref j'ai procédé a un scan hijackthis. voici le rapport au cas où:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:46, on 20/01/2009
Platform: Windows XP SP2
MSIE: Internet Explorer v6.00 SP2
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\steph\Mes documents\Downloads\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\,,))))),WW),W),)WW)))),,)WW.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Systran Professional Premium 4.0 - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\PROGRA~1\Systran\4_0\Premium\IEPlugin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S91.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: UnFREEz 2.1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {475DF11A-2BC2-41A9-8A97-E989E023E517} (SetupComponent Class) - http://gw.eu.hanjin.com/ezIcd.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
A voir également:

38 réponses

Précédent
  • 1
  • 2
Réponse 21 / 38
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
Bon passe SDfix alors aide toi de ce lien le telechargement et dedans et fait exactemnt ce qu'il y a d'ecrit et poste le rapport ensuite stp https://www.malekal.com/slenfbot-still-an-other-irc-bot/
0
Réponse 22 / 38
zantetsu-76 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention   1
 
c'est bon j'ai reussi a passer un coup avec SDfix voici le rapport:


[b]SDFix: Version 1.240 [/b]
Run by steph on 21/01/2009 at 17:23

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 17:34:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:7f7d2586
"s2"=dword:971ca3cf
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000001
"ujdew"=hex:99,67,f7,6f,7f,15,a9,e9,31,dd,44,a5,a9,1a,a9,19,b6,0a,74,8c,61,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e1,2d,f1,5d,5b,64,d4,9f,f7,2a,6c,32,83,11,43,44,de,9b,85,28,eb,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,aa,4b,51,1d,32,1f,e2,2c,b6,ff,f4,dc,da,be,71,e9,8c,..
"khjeh"=hex:c6,db,f1,2c,c4,15,f1,b4,e5,34,9e,a2,9c,db,3b,42,4b,b5,16,2a,f0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:74,af,52,8d,23,62,1d,00,3d,17,f7,3c,8a,4a,8c,2d,dd,58,f2,41,78,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:ac,2d,19,2d,47,6a,c0,19,be,15,67,43,5e,6d,0e,26,38,b3,96,90,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1c,35,3d,eb,de,f4,e7,7c,df,07,40,98,e3,9b,86,2a,aa,1d,17,12,71,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:1c,35,3d,eb,de,f4,e7,7c,df,07,40,98,e3,9b,86,2a,aa,1d,17,12,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000001
"ujdew"=hex:99,67,f7,6f,7f,15,a9,e9,31,dd,44,a5,a9,1a,a9,19,b6,0a,74,8c,61,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e1,2d,f1,5d,5b,64,d4,9f,f7,2a,6c,32,83,11,43,44,de,9b,85,28,eb,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,aa,4b,51,1d,32,1f,e2,2c,b6,ff,f4,dc,da,be,71,e9,8c,..
"khjeh"=hex:c6,db,f1,2c,c4,15,f1,b4,e5,34,9e,a2,9c,db,3b,42,4b,b5,16,2a,f0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:74,af,52,8d,23,62,1d,00,3d,17,f7,3c,8a,4a,8c,2d,dd,58,f2,41,78,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:ac,2d,19,2d,47,6a,c0,19,be,15,67,43,5e,6d,0e,26,38,b3,96,90,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1c,35,3d,eb,de,f4,e7,7c,df,07,40,98,e3,9b,86,2a,aa,1d,17,12,71,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:1c,35,3d,eb,de,f4,e7,7c,df,07,40,98,e3,9b,86,2a,aa,1d,17,12,71,..

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\steph\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1087 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="c:\\program files\\echanblard\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Kazaa Lite Resurrection\\kazaalite.kpp"="C:\\Program Files\\Kazaa Lite Resurrection\\kazaalite.kpp:*:Enabled:kazaalite"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eMule"
"D:\\Sierra\\Empire Earth\\Empire Earth.exe"="D:\\Sierra\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"D:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"="D:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe:*:Enabled:EE-AOC"
"D:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"="D:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe:*:Enabled:Kaspersky Anti-Virus Personal"
"C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kavsvc.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kavsvc.exe:*:Enabled:Kaspersky Anti-Virus Service"
"D:\\Program Files\\Konami\\Pro Evolution Soccer 2008\\PES2008.exe"="D:\\Program Files\\Konami\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\steph\\Local Settings\\Temp\\Rar$EX00.266\\Crack - BL3LE'\\PES2008.exe"="C:\\Documents and Settings\\steph\\Local Settings\\Temp\\Rar$EX00.266\\Crack - BL3LE'\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Documents and Settings\\steph\\Mes documents\\Guillaume\\logiciels\\call of duty 4\\Setup\\Data\\iw3mp.exe"="C:\\Documents and Settings\\steph\\Mes documents\\Guillaume\\logiciels\\call of duty 4\\Setup\\Data\\iw3mp.exe:*:Enabled:iw3mp"
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\CapCom\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"="C:\\Program Files\\CapCom\\Lost Planet Extreme Condition\\LostPlanetDx9.exe:*:Enabled:LostPlanetDx9"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"D:\\Program Files\\eMule\\Incoming\\Counter-Strike_Source_Final_Emporio\\emp-css\\srcds.exe"="D:\\Program Files\\eMule\\Incoming\\Counter-Strike_Source_Final_Emporio\\emp-css\\srcds.exe:*:Enabled:srcds"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\WINDOWS\\system32\\,,))))),WW),W),)WW)))),,)WW.exe"="C:\\WINDOWS\\system32\\,,))))),WW),W),)WW)))),,)WW.exe:*:Enabled:Ghost Relay"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Counter-Strike Source\\hl2.exe"="C:\\Program Files\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\undead_rated_killer\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\undead_rated_killer\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\WINDOWS\\system32\\winver.exe"="C:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver"
"C:\\Documents and Settings\\steph\\Mes documents\\Downloads\\microtorrent_torrent_1.8_build_11742_anglais_18245.exe"="C:\\Documents and Settings\\steph\\Mes documents\\Downloads\\microtorrent_torrent_1.8_build_11742_anglais_18245.exe:*:Enabled:æTorrent"
"D:\\Program Files\\KONAMI\\PES2008\\PES2008.exe"="D:\\Program Files\\KONAMI\\PES2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Program Files\\Download Express\\dep.exe"="C:\\Program Files\\Download Express\\dep.exe:*:Enabled:Browser download plugin"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"="D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\\Documents and Settings\\steph\\Bureau\\pes2009.exe"="C:\\Documents and Settings\\steph\\Bureau\\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\\Program Files\\Left4Dead\\hl2.exe"="C:\\Program Files\\Left4Dead\\hl2.exe:*:Enabled:hl2"
"D:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="D:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"D:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="D:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"D:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"="D:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe:*:Enabled:Prince of Persia Dx"
"D:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"="D:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update"
"D:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"="D:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe:*:Enabled:Football Manager 2009"
"G:\\Pro Evolution Soccer 2009\\pes2009.exe"="G:\\Pro Evolution Soccer 2009\\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Wed 7 Feb 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 29 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 23 May 2007 1,513,096 A..HR --- "C:\Program Files\Citrix\GoToMeeting\198\G2MInstallerExtractor.exe"
Fri 17 Oct 2008 5,710 ...HR --- "C:\Documents and Settings\steph\Application Data\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]
0
Réponse 23 / 38
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
reposte un rapport hijackthis
0
Réponse 24 / 38
zantetsu-76 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention   1
 
Pour hijackthis il faut poster les 2 rapports c'est ça??
voici le log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by steph at 2009-01-21 18:06:59
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 7 GB (12%) free of 60 GB
Total RAM: 1023 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:02, on 21/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\steph\Bureau\Raccourcis Bureau non utilisés\entretient et utilitaires divers\RSIT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\steph.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\,))))),WW),W),)WW)))),)WW.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Systran Professional Premium 4.0 - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\PROGRA~1\Systran\4_0\Premium\IEPlugin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S91.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: UnFREEz 2.1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {475DF11A-2BC2-41A9-8A97-E989E023E517} (SetupComponent Class) - http://gw.eu.hanjin.com/ezIcd.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 38
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
re

bon essaye de faire analyser ceci C:\WINDOWS\system3­2\,))))),WW),W),)WW)))),)WW.exe,

ici https://www.virustotal.com/gui/ clic sur parcourir et va chercher le fichier

avant affiche les dossier et fichier caché

Panneau de configuration/Options des dossiers/onglet Affichage/cocher Afficher les fichiers et dossiers cachés, décocher Masquer les extensions de fichiers connus, décocher Masquer les fichiers protégés du Système .
0
Réponse 26 / 38
zantetsu-76 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention   1
 
desolé mais je ne trouve pas le fichier. Il est si inquiétant que ça??
0
Réponse 27 / 38
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
ben en tout cas il est pas l'air gentil

on va passer un fix puissant donc pendant le scan ferme tous, deconnecte toi d'internet et ne touche pas a ton PC, meme pas à la souris...

telecharge combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
sur ton bureau execute le et poste le rapport à la fin
0
Réponse 28 / 38
zantetsu-76 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention   1
 
voila le rapport de combofix:

ComboFix 09-01-21.01 - steph 2009-01-21 20:45:13.1 - NTFSx86
Lancé depuis: c:\documents and settings\steph\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
[i] ADS - svchost.exe: deleted 68 bytes in 1 streams. /i
[i] ADS - explorer.exe: deleted 228 bytes in 1 streams. /i

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\BReWErS.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-21 au 2009-01-21 ))))))))))))))))))))))))))))))))))))
.

2009-01-21 17:15 . 2009-01-21 17:15 <REP> d-------- c:\windows\ERUNT
2009-01-21 17:06 . 2009-01-21 17:41 <REP> d-------- C:\SDFix
2009-01-21 14:47 . 2009-01-21 16:36 1,009 --a------ C:\ManqueFichiers.vbs
2009-01-21 13:51 . 2009-01-21 13:51 <REP> d-------- c:\program files\QuickTime
2009-01-21 13:51 . 2009-01-21 13:51 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-01-21 13:49 . 2009-01-21 13:49 <REP> d-------- c:\program files\Apple Software Update
2009-01-21 13:49 . 2009-01-21 13:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-21 13:37 . 2009-01-21 13:36 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-21 13:37 . 2009-01-21 13:36 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-20 22:44 . 2009-01-20 22:44 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-20 22:44 . 2009-01-20 22:44 <REP> d-------- c:\documents and settings\steph\Application Data\Malwarebytes
2009-01-20 22:44 . 2009-01-20 22:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-20 22:44 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-20 22:44 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-20 22:37 . 2009-01-20 22:37 <REP> d-------- c:\program files\Avira
2009-01-20 22:37 . 2009-01-20 22:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-20 20:25 . 2009-01-20 20:27 <REP> d-------- C:\rsit
2009-01-20 20:25 . 2009-01-21 18:08 <REP> d-------- c:\program files\trend micro
2009-01-16 20:23 . 2009-01-16 20:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-01-12 16:11 . 2009-01-12 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-01-05 16:33 . 2009-01-05 16:33 <REP> d-------- c:\windows\Logs

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 19:50 --------- d-----w c:\program files\Steam
2009-01-21 19:42 --------- d-----w c:\documents and settings\steph\Application Data\uTorrent
2009-01-21 13:03 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-21 12:54 --------- d-----w c:\program files\Winamp
2009-01-21 12:50 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-21 12:39 --------- d-----w c:\program files\Java
2009-01-20 19:41 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-16 19:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-16 18:08 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-16 17:24 --------- d-----w c:\program files\Windows Live
2009-01-16 14:46 --------- d-----w c:\documents and settings\steph\Application Data\EPSON
2009-01-16 13:03 --------- d-----w c:\program files\PhotoFiltre Studio
2009-01-12 15:11 --------- d-----w c:\documents and settings\steph\Application Data\Sports Interactive
2008-12-23 19:49 --------- d-----w c:\program files\Left4Dead
2008-12-12 18:11 --------- d-----w c:\program files\Alcohol Soft
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-29 17:38 --------- d-----w c:\documents and settings\All Users\Application Data\KONAMI
2008-11-28 21:38 --------- d-----w c:\documents and settings\steph\Application Data\MegauploadToolbar
2008-11-27 17:52 --------- d-----w c:\program files\VirtualDubMOD
2007-04-21 09:53 4,301,387 -c--a-w c:\program files\shareaza_2.2.5.0.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"EPSON Stylus DX6000 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE" [2006-09-22 139264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Steam"="c:\program files\steam\steam.exe" [2008-10-09 1410296]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 216520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SystrayORAHSS"="c:\program files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 94208]
"ORAHSSSessionManager"="c:\program files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 102400]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.exe]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\system32\P0630Pin.dll]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

c:\documents and settings\steph\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-07-20 344064]

c:\documents and settings\steph\Menu D‚marrer\Programmes\D‚marrage\UnFREEz 2.1
UnFREEz.lnk - c:\program files\UnFREEz\UnFREEz.exe [2001-08-17 29696]
Uninstall.lnk - c:\program files\UnFREEz\Uninstall.exe [2008-04-16 60616]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-18 65588]
Rappels du Calendrier Microsoft Works.lnk - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe [1999-08-06 53317]
Run Google Web Accelerator.lnk - c:\program files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 1134592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"d:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"d:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"d:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\undead_rated_killer\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\steph\\Bureau\\pes2009.exe"=
"c:\\Program Files\\Left4Dead\\hl2.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [2007-02-25 114496]
R3 FT8A91;FT8A91 Filter;c:\windows\system32\drivers\FT8A91.sys [2008-05-07 69701]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2007-04-13 91841]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5627d82e-3930-11dc-8e77-0016e66ece46}]
\Shell\AutoRun\command - setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-16 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-11-10 23:03]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
Toolbar-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)


.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.fr/
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.ustart.org
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: orange.fr\www
DPF: {475DF11A-2BC2-41A9-8A97-E989E023E517} - hxxp://gw.eu.hanjin.com/ezIcd.cab
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
FF - ProfilePath - c:\documents and settings\steph\Application Data\Mozilla\Firefox\Profiles\k8fg0h95.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\steph\Application Data\Mozilla\Firefox\Profiles\k8fg0h95.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 20:50:49
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1708537768-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2000478354-1708537768-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:08,77,4e,48,b7,17,a3,73,f2,fd,cd,f3,e9,01,3b,65,f5,35,b2,9f,3e,05,3f,
aa,39,1b,4f,00,0c,fc,85,48,d6,63,16,2d,12,26,94,6a,af,22,7e,ed,59,77,8a,e5,\
"??"=hex:d3,21,64,06,0d,9f,a7,42,89,e0,07,f9,1f,2b,40,48

[HKEY_USERS\S-1-5-21-2000478354-1708537768-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:40,69,e0,cf,df,99,a5,16,53,ad,d0,db,75,c9,e3,9e,9d,eb,fd,63,45,
ef,ff,d6,01,5c,57,3a,4e,50,89,d8,8f,6f,78,a1,47,58,5e,b2,c9,7c,fc,ad,16,75,\
"rkeysecu"=hex:1b,7a,0b,3c,2e,35,3c,be,a4,1f,d8,24,0b,61,ef,87

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{27f67e96-5d9e-4cbb-a18a-699c481b2c90}]
@Denied: (Full) (Everyone)
"Model"=dword:000000aa
"Therad"=dword:00000020
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):99,19,a2,0f,86,2d,f3,6a,25,8a,cd,f2,45,f5,37,cb,2a,46,1a,9b,56,
d3,9a,a4,24,b0,43,e3,ed,55,93,6b,93,4e,80,30,54,29,22,5e,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\F€:*=**ß*ÐtF8¾*'*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="\"c:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\""
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Google\Web Accelerator\GoogleWebAccClient.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-21 20:54:18 - La machine a redémarré [steph]
ComboFix-quarantined-files.txt 2009-01-21 19:54:16

Avant-CF: 7 304 454 144 octets libres
Après-CF: 7,243,206,656 octets libres

217 --- E O F --- 2009-01-19 13:52:16
0
Réponse 29 / 38
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
peut tu reposte un rapport hijackthis stp
0
Réponse 30 / 38
zantetsu-76 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention   1
 
Et voila:

Logfile of random's system information tool 1.05 (written by random/random)
Run by steph at 2009-01-21 21:16:50
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 7 GB (12%) free of 60 GB
Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16, on 21/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\program files\steam\steam.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\systray\systrayapp.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\steph\Bureau\Raccourcis Bureau non utilisés\entretient et utilitaires divers\RSIT.exe
C:\Program Files\trend micro\steph.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Systran Professional Premium 4.0 - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\PROGRA~1\Systran\4_0\Premium\IEPlugin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S91.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: UnFREEz 2.1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {475DF11A-2BC2-41A9-8A97-E989E023E517} (SetupComponent Class) - http://gw.eu.hanjin.com/ezIcd.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
0
Réponse 31 / 38
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
re

sa va mieux non ?

arrive tu as faire genproc maintenant

GENPROC Ouvre ce lien d'aide < < http://www.alt-shift-return.org/Info/GenProc-HowTo.html >

, et le téléchargement est dedans < http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip >. repond oui à la question à la fin et poste le rapport stp
0
Réponse 32 / 38
zantetsu-76 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention   1
 
salut,
voici le rapport genproc qui a effectivement trouvé quelque chose.
je fais ce qui est indiquer dedans?


Rapport GenProc 2.346 [1] - 22/01/2009 - Windows XP

# Etape 1/ Télécharge :

- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo)
Ce logiciel va permettre de supprimer tous les fichiers temporaires.
Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- Lop S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 (Eric 71 & Angeldark) sur ton Bureau.

- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.


Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** steph ***


# Etape 2/

Lance Toolbar-S&D situé sur le Bureau.
Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

# Etape 3/

Double-clique sur Lop S&D pour lancer l'installation, séléctionne la langue souhaitée, puis choisis l'Option 2 - Suppression - et patiente jusqu'à ce qu'il ait terminé.

# Etape 4/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 5/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport C:\TB.txt ;
- Le contenu du rapport C:\lopR.txt ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

____________________________________________________________________________________________________________

Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
0
Réponse 33 / 38
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
fait exactement ce qui a d'ecrit et poste les rapports stp

le + gros est parti avec combofix c'est ce qui posé probleme je pense
0
Réponse 34 / 38
zantetsu-76 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention   1
 
bon j'ai fini tout ça .voici les rapports.

1) le TB.txt


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.40GHz )
BIOS : Award Modular BIOS v6.00PG
USER : steph ( Administrator )
BOOT : Fail-safe boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:58 Go (Free:6 Go)
D:\ (Local Disk) - NTFS - Total:94 Go (Free:62 Go)
E:\ (CD or DVD)
F:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 22/01/2009|18:41 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\Multi_Media_France\INSTALL.LOG
Supprime! - C:\Program Files\MultiMedia France Toolbar\INSTALL.LOG
Supprime! - C:\Program Files\MultiMedia France Toolbar\Multi_Media_France.exe
Supprime! - C:\Program Files\MultiMedia France Toolbar\Multi_Media_France.xpi
Supprime! - C:\Program Files\MultiMedia France Toolbar\UNWISE.EXE
Supprime! - C:\Program Files\Multi_Media_France
Supprime! - C:\Program Files\MultiMedia France Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(steph) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(steph) - {D249FD00-4DF9-11D9-9FDC-0080481ADA61} => mpint
(steph) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\steph\Bureau\Raccourcis Bureau non utilisés\generator keygen EA Games.exe
C:\DOCUME~1\steph\Bureau\Raccourcis Bureau non utilisés\Jardinains!\sound\brickCrack.mp3
C:\DOCUME~1\steph\Bureau\Raccourcis Bureau non utilisés\Les Sims\Keygen + crack Sims2 academie.rar
C:\DOCUME~1\steph\Bureau\Raccourcis Bureau non utilisés\Les Sims\Les Sims 2 Au Fil Des Saisons PC GAME Crack serial keygen all languages.rar
C:\DOCUME~1\steph\Bureau\Raccourcis Bureau non utilisés\Les Sims\Les Sims2 - La Bonne Affaire - Crack Nocd.rar
C:\DOCUME~1\steph\Favoris\Guillaume\GTA San Andreas - Tout les telechargements pour GTA San Andreas Divers Patchs-Cracks Patch Francais.url
C:\DOCUME~1\steph\Mes documents\BitTorrent Downloads\torrent\cod 5.com}o_Call_Of_Duty_World_At_War_NOCD_Crack__Keygen
C:\DOCUME~1\steph\Mes documents\Guillaume\musique\Dr. T Presents 50 Cent, Dr. Dre & Eminem - The Revival BY MIDO-MIX\Jimmy Crack Corn (Ft. 50 Cent).mp3
C:\DOCUME~1\steph\Mes documents\Guillaume\musique\Rim-K-Famille_Nombreuse-FR-2007-H5N1\11-rim-k-pilotes_crack_musik_feat._hamza.mp3
C:\DOCUME~1\steph\Mes documents\pes 2008 patch 2008-2009\Pro_Evolution_Soccer_(PES)_2008_Keygen.zip



1 - "C:\ToolBar SD\TB_1.txt" - 22/01/2009|18:44 - Option : [2]

-----------\\ Fin du rapport a 18:44:19,34

2) le lopR.txt


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.40GHz )
BIOS : Award Modular BIOS v6.00PG
USER : steph ( Administrator )
BOOT : Fail-safe boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:58 Go (Free:6 Go)
D:\ (Local Disk) - NTFS - Total:94 Go (Free:62 Go)
E:\ (CD or DVD)
F:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 22/01/2009|18:47 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[21/01/2009|14:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[13/04/2008|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
[21/01/2009|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[21/01/2009|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[20/01/2009|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[22/05/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[16/01/2009|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[25/08/2008|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EmailNotifier
[27/06/2007|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[19/05/2008|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[22/01/2009|15:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[29/11/2008|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\KONAMI
[20/01/2009|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[25/08/2008|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Megaupload
[31/08/2007|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23/09/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/12/2006|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[24/08/2008|16:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OutilsWW
[20/07/2008|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[12/01/2009|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sports Interactive
[22/12/2006|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[01/06/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[22/12/2006|18:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[04/06/2008|08:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
[27/06/2007|14:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[09/07/2007|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[23/09/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[12/08/2008|21:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[22/12/2006|16:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[21/04/2007|10:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/12/2006|16:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[26/05/2007|16:09] C:\DOCUME~1\steph\APPLIC~1\Ableton
[08/05/2008|16:38] C:\DOCUME~1\steph\APPLIC~1\AccurateRip
[22/12/2006|18:21] C:\DOCUME~1\steph\APPLIC~1\ACD Systems
[05/03/2008|17:17] C:\DOCUME~1\steph\APPLIC~1\Adobe
[24/03/2007|15:32] C:\DOCUME~1\steph\APPLIC~1\Ahead
[22/10/2007|18:56] C:\DOCUME~1\steph\APPLIC~1\Apple Computer
[14/07/2007|16:23] C:\DOCUME~1\steph\APPLIC~1\Creative
[07/04/2008|18:33] C:\DOCUME~1\steph\APPLIC~1\DAEMON Tools
[02/09/2007|19:12] C:\DOCUME~1\steph\APPLIC~1\DeepBurner
[25/06/2008|18:59] C:\DOCUME~1\steph\APPLIC~1\DMCache
[25/08/2008|22:26] C:\DOCUME~1\steph\APPLIC~1\EmailNotifier
[16/01/2009|15:46] C:\DOCUME~1\steph\APPLIC~1\EPSON
[30/06/2008|13:03] C:\DOCUME~1\steph\APPLIC~1\GetRightToGo
[01/05/2007|10:48] C:\DOCUME~1\steph\APPLIC~1\Google
[27/12/2006|19:05] C:\DOCUME~1\steph\APPLIC~1\Help
[26/10/2007|18:38] C:\DOCUME~1\steph\APPLIC~1\ICAClient
[22/12/2006|16:26] C:\DOCUME~1\steph\APPLIC~1\Identities
[26/06/2008|06:02] C:\DOCUME~1\steph\APPLIC~1\IDM
[18/08/2008|12:26] C:\DOCUME~1\steph\APPLIC~1\InstallShield
[22/12/2006|19:21] C:\DOCUME~1\steph\APPLIC~1\InterTrust
[22/12/2006|19:43] C:\DOCUME~1\steph\APPLIC~1\Kazaa Lite
[03/10/2008|18:39] C:\DOCUME~1\steph\APPLIC~1\Leadertech
[05/03/2008|22:46] C:\DOCUME~1\steph\APPLIC~1\LimeWire
[25/01/2008|14:36] C:\DOCUME~1\steph\APPLIC~1\Macromedia
[20/01/2009|22:44] C:\DOCUME~1\steph\APPLIC~1\Malwarebytes
[22/12/2006|19:45] C:\DOCUME~1\steph\APPLIC~1\Media Player Classic
[28/11/2008|22:38] C:\DOCUME~1\steph\APPLIC~1\MegauploadToolbar
[19/12/2008|19:23] C:\DOCUME~1\steph\APPLIC~1\Microsoft
[01/07/2008|17:24] C:\DOCUME~1\steph\APPLIC~1\Microsoft Web Folders
[25/06/2008|19:03] C:\DOCUME~1\steph\APPLIC~1\Mozilla
[08/05/2007|10:07] C:\DOCUME~1\steph\APPLIC~1\SecuROM
[20/07/2008|20:27] C:\DOCUME~1\steph\APPLIC~1\Sony Corporation
[01/10/2008|18:28] C:\DOCUME~1\steph\APPLIC~1\Spore
[12/01/2009|16:11] C:\DOCUME~1\steph\APPLIC~1\Sports Interactive
[26/12/2006|22:51] C:\DOCUME~1\steph\APPLIC~1\Sun
[21/06/2008|14:07] C:\DOCUME~1\steph\APPLIC~1\temp
[22/12/2006|18:43] C:\DOCUME~1\steph\APPLIC~1\TuneUp Software
[04/06/2008|08:48] C:\DOCUME~1\steph\APPLIC~1\Ubisoft
[21/01/2009|20:42] C:\DOCUME~1\steph\APPLIC~1\uTorrent
[21/01/2009|17:31] C:\DOCUME~1\steph\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[21/01/2009 13:49][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[16/01/2009 17:16][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[22/01/2009 18:38][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/08/2001 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[22/12/2006|18:21] C:\Program Files\ACD
[22/12/2006|18:21] C:\Program Files\ACD Systems
[21/01/2009|14:02] C:\Program Files\Adobe
[22/12/2006|19:26] C:\Program Files\Ahead
[12/12/2008|19:11] C:\Program Files\Alcohol Soft
[21/01/2009|13:49] C:\Program Files\Apple Software Update
[02/09/2007|19:11] C:\Program Files\Astonsoft
[20/01/2009|22:37] C:\Program Files\Avira
[26/10/2007|18:32] C:\Program Files\Citrix
[26/07/2007|18:02] C:\Program Files\ClearProg
[12/01/2008|17:55] C:\Program Files\Common Files
[22/12/2006|16:06] C:\Program Files\ComPlus Applications
[13/04/2007|12:03] C:\Program Files\Creative
[07/04/2008|18:35] C:\Program Files\DAEMON Tools Lite
[05/09/2008|16:18] C:\Program Files\EA GAMES
[30/06/2008|14:35] C:\Program Files\Easy Video to MP4 Converter
[27/06/2007|14:20] C:\Program Files\EPSON
[16/02/2008|17:51] C:\Program Files\Exact Audio Copy PSP Edition
[21/01/2009|20:46] C:\Program Files\Fichiers communs
[18/03/2008|18:20] C:\Program Files\FireBurner
[26/09/2008|19:06] C:\Program Files\FlashGet
[30/06/2008|14:04] C:\Program Files\FLV Player
[08/05/2008|15:50] C:\Program Files\Free Audio Pack
[08/09/2007|12:01] C:\Program Files\GeoLabo
[22/12/2006|17:06] C:\Program Files\GIGABYTE
[12/08/2008|21:05] C:\Program Files\Google
[07/07/2008|19:45] C:\Program Files\Icone
[08/05/2008|16:38] C:\Program Files\Illustrate
[16/01/2009|20:11] C:\Program Files\InstallShield Installation Information
[22/12/2006|17:03] C:\Program Files\Intel
[11/12/2008|03:01] C:\Program Files\Internet Explorer
[08/09/2008|19:14] C:\Program Files\IrfanView
[21/01/2009|13:39] C:\Program Files\Java
[04/05/2008|14:03] C:\Program Files\JetAudio
[22/12/2006|18:27] C:\Program Files\K-Lite Codec Pack
[22/12/2006|19:12] C:\Program Files\Lavalys
[22/12/2006|18:16] C:\Program Files\Lavasoft
[23/12/2008|20:49] C:\Program Files\Left4Dead
[07/07/2008|19:45] C:\Program Files\LETMIN
[20/01/2009|22:44] C:\Program Files\Malwarebytes' Anti-Malware
[22/12/2006|19:45] C:\Program Files\Media Player Classic
[15/08/2008|02:01] C:\Program Files\Messenger
[23/09/2008|17:37] C:\Program Files\Messenger Plus! Live
[01/07/2008|17:24] C:\Program Files\microsoft frontpage
[01/07/2008|17:24] C:\Program Files\Microsoft Office
[02/07/2008|20:42] C:\Program Files\Microsoft Works
[01/07/2008|17:10] C:\Program Files\Microsoft Works Suite 2000
[22/12/2006|16:07] C:\Program Files\Movie Maker
[22/01/2009|18:33] C:\Program Files\Mozilla Firefox
[26/12/2006|14:34] C:\Program Files\MSN
[22/12/2006|16:06] C:\Program Files\MSN Gaming Zone
[23/09/2008|17:11] C:\Program Files\MSN Messenger
[13/11/2008|03:00] C:\Program Files\MSXML 4.0
[22/12/2006|16:07] C:\Program Files\NetMeeting
[22/12/2006|16:06] C:\Program Files\Online Services
[03/01/2008|14:09] C:\Program Files\Orange HSS
[24/08/2008|16:48] C:\Program Files\OutilsWW
[13/06/2007|19:37] C:\Program Files\Outlook Express
[02/11/2008|18:04] C:\Program Files\PhotoActions
[17/06/2007|00:03] C:\Program Files\PhotoFiltre
[16/01/2009|14:03] C:\Program Files\PhotoFiltre Studio
[26/08/2007|10:40] C:\Program Files\Pochette Express 2
[01/10/2007|16:45] C:\Program Files\Portrait Professional
[07/05/2008|10:23] C:\Program Files\PS TO PC (2P) CONVERTOR
[25/06/2008|16:24] C:\Program Files\psx emulation cheater
[21/01/2009|13:51] C:\Program Files\QuickTime
[22/12/2006|17:05] C:\Program Files\Realtek
[22/12/2006|19:24] C:\Program Files\RegSupreme
[06/02/2008|17:13] C:\Program Files\SAGEM
[03/01/2008|14:06] C:\Program Files\Securitoo
[22/12/2006|16:08] C:\Program Files\Services en ligne
[13/04/2007|12:02] C:\Program Files\SightSpeed
[12/04/2008|18:41] C:\Program Files\Smart Projects
[20/07/2008|20:24] C:\Program Files\Sony
[26/07/2007|18:01] C:\Program Files\Spybot - Search & Destroy
[26/07/2007|17:58] C:\Program Files\SpywareBlaster
[22/01/2009|14:57] C:\Program Files\Steam
[18/04/2007|11:04] C:\Program Files\Styliste3
[22/12/2006|19:51] C:\Program Files\Systran
[21/01/2009|21:16] C:\Program Files\trend micro
[22/12/2006|18:43] C:\Program Files\TuneUp Utilities 2006
[22/12/2006|18:40] C:\Program Files\TZ Connection Booster
[14/09/2008|21:34] C:\Program Files\UBISOFT
[16/04/2008|11:21] C:\Program Files\UnFREEz
[22/12/2006|16:26] C:\Program Files\Uninstall Information
[11/08/2008|18:24] C:\Program Files\uTorrent
[27/11/2008|18:52] C:\Program Files\VirtualDubMOD
[03/01/2008|13:19] C:\Program Files\Wanadoo
[26/12/2006|14:21] C:\Program Files\Wanadoo Messager
[21/01/2009|13:54] C:\Program Files\Winamp
[16/01/2009|18:24] C:\Program Files\Windows Live
[16/01/2009|19:08] C:\Program Files\Windows Media Connect 2
[16/01/2009|20:21] C:\Program Files\Windows Media Player
[22/12/2006|16:06] C:\Program Files\Windows NT
[22/12/2006|16:08] C:\Program Files\WindowsUpdate
[04/09/2008|19:44] C:\Program Files\WinLame
[26/08/2008|18:12] C:\Program Files\WinRAR
[22/12/2006|16:09] C:\Program Files\xerox
[03/05/2008|21:38] C:\Program Files\XMPlayer
[22/12/2006|16:56] C:\Program Files\xp-AntiSpy
[07/04/2008|18:46] C:\Program Files\Zero G Registry

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[21/01/2009|14:03] C:\Program Files\Fichiers communs\Adobe
[22/12/2006|19:26] C:\Program Files\Fichiers communs\Ahead
[21/01/2009|13:51] C:\Program Files\Fichiers communs\Apple
[13/01/2007|13:46] C:\Program Files\Fichiers communs\Barbie
[04/05/2008|13:55] C:\Program Files\Fichiers communs\COWON
[01/07/2008|17:25] C:\Program Files\Fichiers communs\Designer
[03/01/2008|14:08] C:\Program Files\Fichiers communs\France Telecom
[29/04/2007|16:23] C:\Program Files\Fichiers communs\InstallShield
[22/12/2006|19:41] C:\Program Files\Fichiers communs\Java
[05/11/2008|19:40] C:\Program Files\Fichiers communs\Microsoft Shared
[22/12/2006|16:07] C:\Program Files\Fichiers communs\MSSoap
[22/12/2006|19:14] C:\Program Files\Fichiers communs\Nero
[22/12/2006|17:02] C:\Program Files\Fichiers communs\ODBC
[24/08/2008|16:48] C:\Program Files\Fichiers communs\PC SOFT
[22/12/2006|16:07] C:\Program Files\Fichiers communs\Services
[22/12/2006|17:02] C:\Program Files\Fichiers communs\SpeechEngines
[20/06/2008|15:28] C:\Program Files\Fichiers communs\System
[23/09/2008|17:10] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[18/03/2008|18:19] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 10 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 18:49:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\DOCUME~1\steph\LOCALS~1\APPLIC~1\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1087 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden files: 55

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\steph\Bureau\Raccourcis Bureau non utilisés\generator keygen EA Games.exe
C:\DOCUME~1\steph\Bureau\Raccourcis Bureau non utilisés\Jardinains!\sound\brickCrack.mp3
C:\DOCUME~1\steph\Bureau\Raccourcis Bureau non utilisés\Les Sims\Keygen + crack Sims2 academie.rar
C:\DOCUME~1\steph\Bureau\Raccourcis Bureau non utilisés\Les Sims\Les Sims 2 Au Fil Des Saisons PC GAME Crack serial keygen all languages.rar
C:\DOCUME~1\steph\Bureau\Raccourcis Bureau non utilisés\Les Sims\Les Sims2 - La Bonne Affaire - Crack Nocd.rar
C:\DOCUME~1\steph\Favoris\Guillaume\GTA San Andreas - Tout les telechargements pour GTA San Andreas Divers Patchs-Cracks Patch Francais.url
C:\DOCUME~1\steph\Mes documents\BitTorrent Downloads\torrent\cod 5.com}o_Call_Of_Duty_World_At_War_NOCD_Crack__Keygen
C:\DOCUME~1\steph\Mes documents\Guillaume\musique\Dr. T Presents 50 Cent, Dr. Dre & Eminem - The Revival BY MIDO-MIX\Jimmy Crack Corn (Ft. 50 Cent).mp3
C:\DOCUME~1\steph\Mes documents\Guillaume\musique\Rim-K-Famille_Nombreuse-FR-2007-H5N1\11-rim-k-pilotes_crack_musik_feat._hamza.mp3
C:\DOCUME~1\steph\Mes documents\pes 2008 patch 2008-2009\Pro_Evolution_Soccer_(PES)_2008_Keygen.zip


[F:50][D:2]-> C:\DOCUME~1\steph\LOCALS~1\Temp
[F:41][D:0]-> C:\DOCUME~1\steph\Cookies
[F:2913][D:4]-> C:\DOCUME~1\steph\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 22/01/2009|18:50 - Option : [2]

--------------------\\ Fin du rapport a 18:50:31

Et enfin le rapport hijackthis.

Logfile of random's system information tool 1.05 (written by random/random)
Run by steph at 2009-01-22 18:56:07
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 6 GB (11%) free of 60 GB
Total RAM: 1023 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56, on 22/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\steph\Bureau\Raccourcis Bureau non utilisés\entretient et utilitaires divers\RSIT.exe
C:\Program Files\trend micro\steph.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Systran Professional Premium 4.0 - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\PROGRA~1\Systran\4_0\Premium\IEPlugin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S91.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: UnFREEz 2.1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {475DF11A-2BC2-41A9-8A97-E989E023E517} (SetupComponent Class) - http://gw.eu.hanjin.com/ezIcd.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
0
Réponse 35 / 38
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
as tu encore des problemes si oui quels genre stp
0
Réponse 36 / 38
zantetsu-76 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention   1
 
non c'est bon j'ai plus rien!
je te remercie de ton aide et d'avoir sacrifier autant de temps pour m'aider.
salut!
0
Réponse 37 / 38
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
ok donc j'ai demandé conseil a une personne sur 2 lignes de ton rapport (donc repasse + tard voir si j'ai pas rajouté 1chose à faire)

au fait tes problemes les voila :

C:\DOCUME~1\steph\Bureau\Raccourcis Bureau non utilisés\generator keygen EA Games.exe
C:\DOCUME~1\steph\Bureau\Raccourcis Bureau non utilisés\Jardinains!\sound\brickCrack.mp3
C:\DOCUME~1\steph\Bureau\Raccourcis Bureau non utilisés\Les Sims\Keygen + crack Sims2 academie.rar
C:\DOCUME~1\steph\Bureau\Raccourcis Bureau non utilisés\Les Sims\Les Sims 2 Au Fil Des Saisons PC GAME Crack serial keygen all languages.rar
C:\DOCUME~1\steph\Bureau\Raccourcis Bureau non utilisés\Les Sims\Les Sims2 - La Bonne Affaire - Crack Nocd.rar
C:\DOCUME~1\steph\Favoris\Guillaume\GTA San Andreas - Tout les telechargements pour GTA San Andreas Divers Patchs-Cracks Patch Francais.url
C:\DOCUME~1\steph\Mes documents\BitTorrent Downloads\torrent\cod 5.com}o_Call_Of_Duty_World_At_War_NOCD_Crack__Keygen
C:\DOCUME~1\steph\Mes documents\Guillaume\musique\Dr. T Presents 50 Cent, Dr. Dre & Eminem - The Revival BY MIDO-MIX\Jimmy Crack Corn (Ft. 50 Cent).mp3
C:\DOCUME~1\steph\Mes documents\Guillaume\musique\Rim-K-Famille_Nombreuse-FR-2007-H5N1\11-rim-k-pilotes_crack_musik_feat._hamza.mp3
C:\DOCUME~1\steph\Mes documents\pes 2008 patch 2008-2009\Pro_Evolution_Soccer_(PES)_2008_Keygen.zip

donc si t'as pas envie de revenir nous voire demain efface ces fichiers


sinon c'est bien

tu peut passer Toolscleaner pour nettoyer les outils que tu as telecharge
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
clik sur recherche laisse le scanner ton pc et parès clik sur suppression et poste le rapport

puis purge ta restauration avec sa http://www.commentcamarche.net/faq/sujet 5097 virus system volume information
puis creer un point de restauration sain avec sa http://www.commentcamarche.net/faq/sujet 740 windows points de restauration

et met tes logiciel a jour important :
via windows update
et ce site (clic sur start scan) https://www.flexera.com/products/operations/software-vulnerability-management.html

et met ton sujet en resolu et pense a revenir jetté un coup d'oeil si je rajoute quelquechose

bonne soirée
0
Réponse 38 / 38
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
ok c'est bon tu as + rien d'infectieux fait le poste 37
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
cheval de troie trojan
idnoder -
idnoder -

42 réponses
[Virus] Trojan ou virus dans csrss.exe et spo
Igor -
Igor -

5 réponses