des spywares et Trojans envahissent mon pcRésolu/Fermé

Question

Bonjour,
J'ai un problème que je n'arrive pas à résoudre. 
Dans la barre en bas à gauche il y a une croix blanche sur fond rouge et de temps en temps j'ai un message qui m'indique que j'ai un virus et que je dois lancer spyware cleaner tool.

J'ai fait une analysse avec MalwareByte's Anti-Malware  en mode sans echecs  la croix est parti mais quand j'ai rallumer mon ordinateur 2 sésions ne marchent plus. Mon antis virus me demande si je veux bloqué wmsncs.exe j'ai accepté et le par feu windows à bloqué l' explorateur windows j'ai cliqué sur maintenir le blocage parce que je ne sais pas ce que c'est. Et quand je me connecte sur internet ca m'écrit Warning! Your system is in danger. YOUR COMPUTER IS IN need OF full scanning.

Je commence à désespérer et en plus je ne suis pas du tout une pro en informatique !!! Alors si quelqu'un peut me venir en aide avec une solution simple et efficace MERCI d'avance. 

Voici le rapport Malwarebyte's anti-Malware
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1747
Windows 5.1.2600 Service Pack 3

11/02/2009 16:39:27
mbam-log-2009-02-11 (16-39-27).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 160225
Temps écoulé: 1 hour(s), 58 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 19

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f4653484-f38c-455f-bb15-1175e527754e} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\book ante (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Phanélie\Local Settings\Application Data\ociqmwe_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phanélie\Local Settings\Application Data\ociqmwe_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phanélie\Local Settings\Application Data\ociqmwe.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phanélie\Local Settings\Temp\IXP000.TMP\bbpic.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Magloire\Local Settings\Temporary Internet Files\Content.IE5\950L8ETL\SetupAntivirusXP[1].exe (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekankcrttkl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekarhmmkjkn.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekamulxmkkb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekavcxdyobo.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Magloire\Local Settings	emp
tdll64.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS	emp\mousehook.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Magloire\Local Settings	emp\mousehook.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\senekarlyrumlx.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekawepyjbai.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

Bonjour,

* Telecharges RSIT sur ton bureau :
http://images.malwareremoval.com/random/RSIT.exe

* Double- cliques sur RSIT.exe pour lancer le programme

--> Cliques sur " Continue " à l'ecran disclaimer

--> Si l'outil Hijackthis n'est pas present ou non detecté
Rsit le telechargera --> acceptes la license

--> A la fin de l'analyse --> 2 fichiers textes s'ouvriront

- Postes le contenu de log.txt à l'ecran et info.txt dans la barre des taches

titite_baby · Answer

Merci de m'avoir répondu
voici log.text




S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-09-18 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-09-18 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-09-18 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-09-18 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-09-18 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-09-18 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-09-18 90800]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2005-09-21 438272]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe [2007-04-26 48072]
R2 FSMA;F-Secure Management Agent; C:\Program Files\Pack Securite\Common\FSMA32.EXE [2007-04-26 113576]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-22 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-04 152984]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe [2007-04-26 457584]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe [2007-04-26 453488]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 WSNCS;Windows Server Network Colocation Service; C:\WINDOWS\system32\wsncs.exe [2009-02-10 191096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe []
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe [2008-12-27 16680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe []
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []

-----------------EOF-----------------


et voici info.tex

info.txt logfile of random's system information tool 1.05 2009-02-11 19:12:13

======Uninstall list======

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD Installation DartyBox THD-->"C:\Program Files\InstallShield Installation Information\{97C0ECE3-F751-4D26-9D2C-CC598F616A1F}\setup.exe" -runfromtemp -l0x040c -removeonly
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
eMule Plus 1.2d-->"C:\Program Files\eMule\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GoToAssist 8.0.0.508-->C:\Program Files\Citrix\GoToAssist\508\G2AUninstaller.exe /uninstall
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Installation de la DartyBox THD en Ethernet-->"C:\Program Files\InstallShield Installation Information\{CC9F9D1B-04BB-46FD-BD48-9C54472695A6}\setup.exe" -runfromtemp -l0x040c -eth -pri /hide_progress -removeonly
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kung Fu Panda(TM)-->C:\Program Files\InstallShield Installation Information\{48ADB3C0-18FB-4922-B172-7C8C4B99409C}\setup.exe -runfromtemp -l0x040c
Les Sims 2-->C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Fichiers communs\Symantec Shared\NSSSetup\{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

======Hosts File======

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com

======Security center information======

AV: Pack Securite Plus 7.00 (outdated)
FW: Pack Securite Plus 7.00

System event log

Computer Name: DÉBARRAS
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 4562
Source Name: Service Control Manager
Time Written: 20090201200121.000000+060
Event Type: Informations
User: DÉBARRAS\Phanélie

Computer Name: DÉBARRAS
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur : 
Le module spécifié est introuvable.


Record Number: 4561
Source Name: Service Control Manager
Time Written: 20090201200121.000000+060
Event Type: erreur
User: 

Computer Name: DÉBARRAS
Event Code: 7036
Message: Le service Gestion d'applications est entré dans l'état : arrêté.

Record Number: 4560
Source Name: Service Control Manager
Time Written: 20090201200121.000000+060
Event Type: Informations
User: 

Computer Name: DÉBARRAS
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 4559
Source Name: Service Control Manager
Time Written: 20090201200121.000000+060
Event Type: Informations
User: DÉBARRAS\Phanélie

Computer Name: DÉBARRAS
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur : 
Le module spécifié est introuvable.


Record Number: 4558
Source Name: Service Control Manager
Time Written: 20090201200121.000000+060
Event Type: erreur
User: 

Application event log

Computer Name: DÉBARRAS
Event Code: 32026
Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI).
Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé.

Record Number: 2391
Source Name: Microsoft Fax
Time Written: 20090209140954.000000+060
Event Type: Avertissement
User: 

Computer Name: DÉBARRAS
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 2390
Source Name: SecurityCenter
Time Written: 20090209140953.000000+060
Event Type: Informations
User: 

Computer Name: DÉBARRAS
Event Code: 0
Message: 
Record Number: 2389
Source Name: gusvc
Time Written: 20090209140948.000000+060
Event Type: Informations
User: 

Computer Name: DÉBARRAS
Event Code: 0
Message: 
Record Number: 2388
Source Name: Acer Media Server
Time Written: 20090209140948.000000+060
Event Type: Informations
User: 

Computer Name: DÉBARRAS
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur DÉBARRAS\Magloire alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. 


Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 2387
Source Name: Userenv
Time Written: 20090208235101.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

-----------------EOF-----------------

Utilisateur anonyme · Answer

Re,

* Il me faut l'autre partie aussi stp !

titite_baby · Answer

re
Quel partie ?

Utilisateur anonyme · Answer

Re,

* Relis bien stp :  Log.txt et info.txt, regardes en bas dans la barre des taches stp..

titite_baby · Answer

Dsl à la fin de l'analyse  j'ai vu que ces 2 fichiers textes s'ouvrirent
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-09-18 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-09-18 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-09-18 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-09-18 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-09-18 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-09-18 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-09-18 90800]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2005-09-21 438272]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe [2007-04-26 48072]
R2 FSMA;F-Secure Management Agent; C:\Program Files\Pack Securite\Common\FSMA32.EXE [2007-04-26 113576]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-22 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-04 152984]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe [2007-04-26 457584]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe [2007-04-26 453488]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 WSNCS;Windows Server Network Colocation Service; C:\WINDOWS\system32\wsncs.exe [2009-02-10 191096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe []
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe [2008-12-27 16680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe []
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-02-11 19:12:13

======Uninstall list======

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD Installation DartyBox THD-->"C:\Program Files\InstallShield Installation Information\{97C0ECE3-F751-4D26-9D2C-CC598F616A1F}\setup.exe" -runfromtemp -l0x040c -removeonly
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
eMule Plus 1.2d-->"C:\Program Files\eMule\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GoToAssist 8.0.0.508-->C:\Program Files\Citrix\GoToAssist\508\G2AUninstaller.exe /uninstall
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Installation de la DartyBox THD en Ethernet-->"C:\Program Files\InstallShield Installation Information\{CC9F9D1B-04BB-46FD-BD48-9C54472695A6}\setup.exe" -runfromtemp -l0x040c -eth -pri /hide_progress -removeonly
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kung Fu Panda(TM)-->C:\Program Files\InstallShield Installation Information\{48ADB3C0-18FB-4922-B172-7C8C4B99409C}\setup.exe -runfromtemp -l0x040c
Les Sims 2-->C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Fichiers communs\Symantec Shared\NSSSetup\{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

======Hosts File======

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com

======Security center information======

AV: Pack Securite Plus 7.00 (outdated)
FW: Pack Securite Plus 7.00

System event log

Computer Name: DÉBARRAS
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 4562
Source Name: Service Control Manager
Time Written: 20090201200121.000000+060
Event Type: Informations
User: DÉBARRAS\Phanélie

Computer Name: DÉBARRAS
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur : 
Le module spécifié est introuvable.


Record Number: 4561
Source Name: Service Control Manager
Time Written: 20090201200121.000000+060
Event Type: erreur
User: 

Computer Name: DÉBARRAS
Event Code: 7036
Message: Le service Gestion d'applications est entré dans l'état : arrêté.

Record Number: 4560
Source Name: Service Control Manager
Time Written: 20090201200121.000000+060
Event Type: Informations
User: 

Computer Name: DÉBARRAS
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 4559
Source Name: Service Control Manager
Time Written: 20090201200121.000000+060
Event Type: Informations
User: DÉBARRAS\Phanélie

Computer Name: DÉBARRAS
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur : 
Le module spécifié est introuvable.


Record Number: 4558
Source Name: Service Control Manager
Time Written: 20090201200121.000000+060
Event Type: erreur
User: 

Application event log

Computer Name: DÉBARRAS
Event Code: 32026
Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI).
Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé.

Record Number: 2391
Source Name: Microsoft Fax
Time Written: 20090209140954.000000+060
Event Type: Avertissement
User: 

Computer Name: DÉBARRAS
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 2390
Source Name: SecurityCenter
Time Written: 20090209140953.000000+060
Event Type: Informations
User: 

Computer Name: DÉBARRAS
Event Code: 0
Message: 
Record Number: 2389
Source Name: gusvc
Time Written: 20090209140948.000000+060
Event Type: Informations
User: 

Computer Name: DÉBARRAS
Event Code: 0
Message: 
Record Number: 2388
Source Name: Acer Media Server
Time Written: 20090209140948.000000+060
Event Type: Informations
User: 

Computer Name: DÉBARRAS
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur DÉBARRAS\Magloire alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. 


Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 2387
Source Name: Userenv
Time Written: 20090208235101.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

-----------------EOF-----------------

Utilisateur anonyme · Answer

Re,


* Supprimes RSIT de ton bureau et recommences au début, suis bien les instructions :

--> Si l'outil Hijackthis n'est pas detecté ou non-présent, RSIT le telechargera
--> il faudra accepter la license

* A la fin de l'analyse --> 2 fichiers-textes s'ouvriront :

1 à l'ecran et 1 dans la barre des taches

* Il me le faut absolument

titite_baby · Answer

J'ai bien suivi tes instructions .
1) J'ai double cliqué sur le lien
2) Une fenetre c'est ouverte
3) J'ai cliquer sur  enregistrer puis bureau
4)J'ai double cliquer sur le lien RSIT sur le bureau
5) L'analyse à démarer mais il n'y a q'une seul fenetre qui s'ouvre dsl ( log-Bloc-notes) 



S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-09-18 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-09-18 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-09-18 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-09-18 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-09-18 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-09-18 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-09-18 90800]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2005-09-21 438272]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe [2007-04-26 48072]
R2 FSMA;F-Secure Management Agent; C:\Program Files\Pack Securite\Common\FSMA32.EXE [2007-04-26 113576]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-22 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-04 152984]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe [2007-04-26 457584]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe [2007-04-26 453488]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 WSNCS;Windows Server Network Colocation Service; C:\WINDOWS\system32\wsncs.exe [2009-02-10 191096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe []
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe [2008-12-27 16680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe []
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []

-----------------EOF-----------------

titite_baby · Answer

C'est pas ça ?


Logfile of random's system information tool 1.05 (written by random/random)
Run by Magloire at 2009-02-11 19:58:02
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 51 GB (55%) free of 93 GB
Total RAM: 959 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:12, on 11/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DartyBoxTHD_v1\Netgear\AssistantDB\AssistantDB_Netgear.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wsncs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Magloire\Local Settings\Temporary Internet Files\Content.IE5\XDJH6Z3Q\RSIT[1].exe
C:\Program Files	rend micro\Magloire.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dartybox.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [emaukom] c:\documents and settings\magloire\local settings\application data\emaukom.exe emaukom
O4 - HKCU\..\Run: [Assistant DartyBox] C:\Program Files\DartyBoxTHD_v1\Netgear\AssistantDB\AssistantDB_Netgear.exe -m
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\ADOBE\SHOCKW~1\SWHELP~4.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://www.funlabo.com/foot/penalty/jeu-penalty-3d.htm"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - ?p=ZC
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\docume~1\phanélie\locals~1	emp
tdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\phanélie\locals~1	emp
tdll64.dll
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://eslgameplazza.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Windows Server Network Colocation Service (WSNCS) - Unknown owner - C:\WINDOWS\system32\wsncs.exe

Utilisateur anonyme · Answer

Re, * Vides la quarantaine de Malwarebytes : --> ouvres MBAM et cliques sur " Quarantaine " --> supprimes la complètement * Telecharges Combofix sur ton bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe /!\ Desactives ton antivirus et la garde de ton antispyware /!\ * Deconnectes toi et fermes toutes les applications en cours --> Double cliques sur Combofix.exe --> Un pop-up apparait --> reponds " oui " ( Il est conseillé d'installer la console de recuperation) --> Choisis la langue et tapes sur la touche 1 ( Yes) pour lancer le scan /!\ras> Ne touche ni à ta souris, ni à ton clavier pendant le scan /!\ras> --> Aux risques de figer l'ordi * En fin de scan, il est possible que Combofix ait besoin de redemarrer le pc, laisses faire *Une fois le scan terminé, un rapport s'affiche, postes le stp --

titite_baby · Answer

Re, Voici le rapport Combofix ComboFix 09-02-11.01 - Magloire 2009-02-11 22:11:49.2 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.959.476 [GMT 1:00] Lancé depuis: c:\documents and settings\Magloire\Bureau\ComboFix.exe AV: Pack Securite Plus 7.00 *On-access scanning disabled* (Updated) FW: Pack Securite Plus 7.00 *enabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\adware.exe C:\install.exe c:\windows\system32\303369.exe c:\windows\system32\init32.exe c:\windows\system32\uniq.tll c:\windows\system32\win32hlp.cnf . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-11 au 2009-02-11 )))))))))))))))))))))))))))))))))))) . 2009-02-11 20:39 . 2009-02-11 20:39 d-------- c:\program files\Trojan Remover 2009-02-11 20:39 . 2009-02-11 20:39 d-------- c:\documents and settings\Magloire\Application Data\Simply Super Software 2009-02-11 20:39 . 2009-02-11 20:39 d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-02-11 19:11 . 2009-02-11 19:11 d-------- C: sit 2009-02-11 16:56 . 2009-02-11 16:56 d--hs---- C:\FOUND.000 2009-02-11 14:27 . 2009-02-11 14:27 285 --a------ c:\windows\system32\MRT.INI 2009-02-11 14:24 . 2009-02-11 14:24 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-11 14:24 . 2009-02-11 14:24 d-------- c:\documents and settings\Magloire\Application Data\Malwarebytes 2009-02-11 14:24 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 14:24 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-11 14:15 . 2009-02-11 14:15 244 --ah----- C:\sqmnoopt19.sqm 2009-02-11 14:15 . 2009-02-11 14:15 232 --ah----- C:\sqmdata19.sqm 2009-02-11 14:11 . 2008-01-03 14:27 94,208 --a------ C: ope.dll 2009-02-11 14:06 . 2009-02-11 14:06 244 --ah----- C:\sqmnoopt18.sqm 2009-02-11 14:06 . 2009-02-11 14:06 232 --ah----- C:\sqmdata18.sqm 2009-02-11 14:05 . 2007-11-01 16:16 38 --a------ C: ope.bat 2009-02-11 13:58 . 2009-02-11 13:58 244 --ah----- C:\sqmnoopt17.sqm 2009-02-11 13:58 . 2009-02-11 13:58 232 --ah----- C:\sqmdata17.sqm 2009-02-11 13:51 . 2009-02-11 14:11 135,567 --a------ C:\beia.exe 2009-02-11 13:50 . 2009-02-11 13:50 244 --ah----- C:\sqmnoopt16.sqm 2009-02-11 13:50 . 2009-02-11 13:50 232 --ah----- C:\sqmdata16.sqm 2009-02-11 13:44 . 2009-02-11 13:44 244 --ah----- C:\sqmnoopt15.sqm 2009-02-11 13:44 . 2009-02-11 13:44 232 --ah----- C:\sqmdata15.sqm 2009-02-10 22:22 . 2009-02-10 22:22 191,096 -r-hs---- c:\windows\system32\wsncs.exe 2009-02-10 22:21 . 2009-02-10 22:21 268 --ah----- C:\sqmdata14.sqm 2009-02-10 22:21 . 2009-02-10 22:21 244 --ah----- C:\sqmnoopt14.sqm 2009-02-10 22:18 . 2009-02-10 22:18 244 --ah----- C:\sqmnoopt13.sqm 2009-02-10 22:18 . 2009-02-10 22:18 232 --ah----- C:\sqmdata13.sqm 2009-02-08 22:28 . 2009-02-08 22:28 d-------- c:\documents and settings\Phanélie\Application Data\Activision 2009-02-08 22:19 . 2009-02-08 22:19 d-------- c:\program files\Activision 2009-02-08 19:26 . 2009-02-08 19:26 d-------- c:\windows\Logs 2009-02-08 17:58 . 2009-02-08 17:58 d-------- c:\documents and settings\All Users\Application Data\Fugazo 2009-02-01 20:33 . 2009-02-01 20:33 d-------- c:\program files\MSN Messenger 2009-01-31 22:21 . 2009-01-31 22:21 d-------- c:\program files\DivX 2009-01-30 22:08 . 2009-02-11 14:26 1,374 --a------ c:\windows\imsins.BAK 2009-01-30 21:35 . 2009-01-30 21:35 d-------- c:\program files\Windows Live SkyDrive 2009-01-30 21:31 . 2009-01-30 21:31 d-------- c:\program files\MessengerPlus! 3 2009-01-30 19:55 . 2009-01-30 19:55 d-------- c:\windows\SxsCaPendDel 2009-01-29 20:30 . 2009-01-29 20:30 d-------- c:\documents and settings\Phanélie\Tracing 2009-01-29 20:30 . 2009-01-29 20:30 d-------- c:\documents and settings\Phanélie\Tracing 2009-01-29 20:24 . 2009-01-29 20:24 d-------- c:\program files\Microsoft 2009-01-29 20:19 . 2009-01-29 20:19 d-------- c:\program files\Fichiers communs\Windows Live 2009-01-28 16:17 . 2009-01-28 16:17 d-------- c:\program files\Microsoft Silverlight 2009-01-28 15:41 . 2009-01-28 15:41 d-------- c:\program files\CCleaner 2009-01-28 12:01 . 2009-01-28 12:01 268 --ah----- C:\sqmdata12.sqm 2009-01-28 12:01 . 2009-01-28 12:01 244 --ah----- C:\sqmnoopt12.sqm 2009-01-27 14:52 . 2009-01-27 14:52 268 --ah----- C:\sqmdata11.sqm 2009-01-27 14:52 . 2009-01-27 14:52 244 --ah----- C:\sqmnoopt11.sqm 2009-01-23 13:22 . 2009-01-23 13:22 268 --ah----- C:\sqmdata10.sqm 2009-01-23 13:22 . 2009-01-23 13:22 244 --ah----- C:\sqmnoopt10.sqm 2009-01-22 18:00 . 2009-01-22 18:00 d-------- c:\program files\Star Downloader 2009-01-21 13:09 . 2009-01-21 13:09 268 --ah----- C:\sqmdata09.sqm 2009-01-21 13:09 . 2009-01-21 13:09 244 --ah----- C:\sqmnoopt09.sqm 2009-01-21 11:35 . 2009-01-21 11:35 268 --ah----- C:\sqmdata08.sqm 2009-01-21 11:35 . 2009-01-21 11:35 244 --ah----- C:\sqmnoopt08.sqm 2009-01-19 15:57 . 2009-01-19 15:57 268 --ah----- C:\sqmdata07.sqm 2009-01-19 15:57 . 2009-01-19 15:57 244 --ah----- C:\sqmnoopt07.sqm 2009-01-19 14:30 . 2009-01-19 14:30 268 --ah----- C:\sqmdata06.sqm 2009-01-19 14:30 . 2009-01-19 14:30 244 --ah----- C:\sqmnoopt06.sqm 2009-01-19 13:05 . 2009-01-19 13:05 268 --ah----- C:\sqmdata05.sqm 2009-01-19 13:05 . 2009-01-19 13:05 244 --ah----- C:\sqmnoopt05.sqm 2009-01-17 15:10 . 2009-01-17 15:10 268 --ah----- C:\sqmdata04.sqm 2009-01-17 15:10 . 2009-01-17 15:10 244 --ah----- C:\sqmnoopt04.sqm 2009-01-15 18:51 . 2009-01-15 18:51 268 --ah----- C:\sqmdata03.sqm 2009-01-15 18:51 . 2009-01-15 18:51 244 --ah----- C:\sqmnoopt03.sqm 2009-01-14 16:47 . 2009-01-14 16:47 d--h----- c:\windows\$hf_mig$ 2009-01-14 12:09 . 2009-01-14 12:09 268 --ah----- C:\sqmdata02.sqm 2009-01-14 12:09 . 2009-01-14 12:09 244 --ah----- C:\sqmnoopt02.sqm 2009-01-13 13:16 . 2009-01-13 13:16 268 --ah----- C:\sqmdata01.sqm 2009-01-13 13:16 . 2009-01-13 13:16 244 --ah----- C:\sqmnoopt01.sqm 2009-01-12 17:25 . 2009-02-11 14:23 244 --ah----- C:\sqmnoopt00.sqm 2009-01-12 17:25 . 2009-02-11 14:23 232 --ah----- C:\sqmdata00.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-11 12:59 104,960 ----a-w c:\windows\system32\userinit.exe.vir 2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll 2009-01-07 18:29 --------- d-----w c:\program files\MRU-Blaster 2009-01-07 17:43 --------- d-----w c:\program files\EA GAMES 2009-01-05 16:37 --------- d-----w c:\documents and settings\Phanélie\Application Data\DartyBoxTHD 2009-01-04 20:41 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-27 18:03 --------- d-----w c:\program files\Paint.NET 2008-12-27 12:02 --------- d-----w c:\documents and settings\Magloire\Application Data\DartyBoxTHD 2008-12-27 12:00 --------- d-----w c:\program files\DartyBoxTHD_v1 2008-12-27 11:58 --------- d-----w c:\program files\Citrix 2008-12-27 11:56 --------- d-----w c:\program files\CD_DartyBox_THD 2008-12-27 11:51 --------- d-----w c:\documents and settings\All Users\Application Data\DartyBox 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll 2008-12-20 22:47 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll 2008-12-20 22:47 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll 2008-12-20 22:47 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll 2008-12-20 22:47 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll 2008-12-20 22:47 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll 2008-12-20 22:47 105,984 ----a-w c:\windows\system32\dllcache\url.dll 2008-12-20 22:47 102,912 ----a-w c:\windows\system32\dllcache\occache.dll 2008-12-20 22:47 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll 2008-12-19 09:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-10 68856] "Assistant DartyBox"="c:\program files\DartyBoxTHD_v1\Netgear\AssistantDB\AssistantDB_Netgear.exe" [2008-10-08 3237888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="c:\program files\Pack Securite\Common\FSM32.EXE" [2007-04-26 183208] "F-Secure TNB"="c:\program files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 740208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\Phan‚lie\Menu D‚marrer\Programmes\D‚marrage\ BoontyBox 01net.lnk - c:\program files\Boonty\BoontyBox\BoontyBox.exe [2006-07-31 857696] OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216] c:\documents and settings\Magloire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-07-27 262144] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\GoToAssist] 2008-12-27 12:58 10536 c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ SsiEfr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "c:\Program Files\Messenger\msmsgs.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "c:\Program Files\eMule\emule.exe"= "c:\Program Files\MSN Messenger\msnmsgr.exe"= "c:\Program Files\MSN Messenger\livecall.exe"= "c:\WINDOWS\system32\wsncs.exe"= R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-03-02 51072] R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Pack Securite\HIPS\fshs.sys [2008-03-02 41184] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2008-03-02 59760] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-19 33752] S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Pack Securite\Anti-Virus\win2k\fsfilter.sys [2008-03-02 40048] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Pack Securite\Anti-Virus\win2k\fsrec.sys [2008-03-02 25456] --- Autres Services/Pilotes en mémoire --- *Deregistered* - W32Time *Deregistered* - WebClient *Deregistered* - WinDefend *Deregistered* - winmgmt *Deregistered* - WmiApSrv *Deregistered* - WSNCS *Deregistered* - wuauserv *Deregistered* - WZCSVC [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\Autorun.exe . Contenu du dossier 'Tâches planifiées' 2009-02-11 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2009-02-10 c:\windows\Tasks\Norton Security Scan for Phanélie.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18] 2007-06-12 c:\windows\Tasks\MP Scheduled Quick Scan.job - c:\program files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe [] 2009-02-11 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~1\PACKSE~1\ANTI-V~1\fsav.exe [2007-04-26 12:42] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-RunOnce-Shockwave Updater - c:\windows\system32\ADOBE\SHOCKW~1\SWHELP~4.EXE -Update -1103470 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 1.1.4322; .NET . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.dartybox.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR IE: &Search - ?p=ZC IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites LSP: c:\docume~1\PHANc9,LIE\LOCALS~1\Temp tdll64.dll DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://eslgameplazza.powerchallenge.com/applet/PowerLoader.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-11 22:13:11 Windows 5.1.2600 Service Pack 3 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(644) c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll c:\program files\Pack Securite\FWES\Program\fsdc.dll - - - - - - - > 'lsass.exe'(700) c:\program files\Pack Securite\FWES\Program\fsdc.dll - - - - - - - > 'csrss.exe'(620) c:\program files\Pack Securite\FWES\Program\fsdc.dll . Heure de fin: 2009-02-11 22:14:40 ComboFix-quarantined-files.txt 2009-02-11 21:14:38 Avant-CF: 53 099 364 352 octets libres Après-CF: 54,688,776,192 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect 244 --- E O F --- 2009-02-11 13:27:16

Utilisateur anonyme · Answer

Re,



* Tu devras fermer toutes les applications en cours, desactives ton antivirus et la
garde de ton antispyware qui generait le scan

* Créé un nouveau document texte --> Clic-droit de souris sur le bureau :

--> Nouveau --> Document textes

* Copies ( CTRL) à l'interieur les lignes ci-dessous




File::

C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\sqmdata06.sqm
C:\sqmnoopt06.sqm
C:\sqmdata07.sqm
C:\sqmnoopt07.sqm
C:\sqmdata08.sqm
C:\sqmnoopt08.sqm
C:\sqmdata09.sqm
C:\sqmnoopt09.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
C:\sqmdata11.sqm
C:\sqmnoopt11.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata18.sqm
C:\sqmnoopt18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:
ope.bat
C:
ope.dll
C:\beia.exe






--> Enregistres le fichier dans --> " Bureau "

--> Nom du fichier --> CFScript

--> Type de fichier  --> tous les fichiers

--> Cliques sur " Enregistrer "

--> Quitte le bloc-note

* Fais un glissé/déposé du fichier CFScript sur l'icone de Combofix
 - comme ceci : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

* Une fenetre bleu va apparaitre --> au message : ( type 1 to continue or 2 to abort) 
--> Tapes 1 et valides

* Patientes pendant le scan, le bureau va disparaitre plusieurs fois, c'est normal !

--> Ne touches pas au pc pendant le scan surtout

* A la fin un rapport sera généré, postes le stp !

__

titite_baby · Answer

Re, voilà le rapport ComboFix 09-02-11.01 - Magloire 2009-02-11 23:50:17.3 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.959.490 [GMT 1:00] Lancé depuis: c:\documents and settings\Magloire\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Magloire\Bureau\CFScript.txt AV: Pack Securite Plus 7.00 *On-access scanning disabled* (Updated) FW: Pack Securite Plus 7.00 *enabled* * Un nouveau point de restauration a été créé FILE :: C:\beia.exe C: ope.bat C: ope.dll C:\sqmdata00.sqm C:\sqmdata01.sqm C:\sqmdata02.sqm C:\sqmdata03.sqm C:\sqmdata04.sqm C:\sqmdata05.sqm C:\sqmdata06.sqm C:\sqmdata07.sqm C:\sqmdata08.sqm C:\sqmdata09.sqm C:\sqmdata10.sqm C:\sqmdata11.sqm C:\sqmdata12.sqm C:\sqmdata13.sqm C:\sqmdata14.sqm C:\sqmdata15.sqm C:\sqmdata16.sqm C:\sqmdata17.sqm C:\sqmdata18.sqm C:\sqmdata19.sqm C:\sqmnoopt00.sqm C:\sqmnoopt01.sqm C:\sqmnoopt02.sqm C:\sqmnoopt03.sqm C:\sqmnoopt04.sqm C:\sqmnoopt05.sqm C:\sqmnoopt06.sqm C:\sqmnoopt07.sqm C:\sqmnoopt08.sqm C:\sqmnoopt09.sqm C:\sqmnoopt10.sqm C:\sqmnoopt11.sqm C:\sqmnoopt12.sqm C:\sqmnoopt13.sqm C:\sqmnoopt14.sqm C:\sqmnoopt15.sqm C:\sqmnoopt16.sqm C:\sqmnoopt17.sqm C:\sqmnoopt18.sqm C:\sqmnoopt19.sqm . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\beia.exe C: ope.bat C: ope.dll C:\sqmdata00.sqm C:\sqmdata01.sqm C:\sqmdata02.sqm C:\sqmdata03.sqm C:\sqmdata04.sqm C:\sqmdata05.sqm C:\sqmdata06.sqm C:\sqmdata07.sqm C:\sqmdata08.sqm C:\sqmdata09.sqm C:\sqmdata10.sqm C:\sqmdata11.sqm C:\sqmdata12.sqm C:\sqmdata13.sqm C:\sqmdata14.sqm C:\sqmdata15.sqm C:\sqmdata16.sqm C:\sqmdata17.sqm C:\sqmdata18.sqm C:\sqmdata19.sqm C:\sqmnoopt00.sqm C:\sqmnoopt01.sqm C:\sqmnoopt02.sqm C:\sqmnoopt03.sqm C:\sqmnoopt04.sqm C:\sqmnoopt05.sqm C:\sqmnoopt06.sqm C:\sqmnoopt07.sqm C:\sqmnoopt08.sqm C:\sqmnoopt09.sqm C:\sqmnoopt10.sqm C:\sqmnoopt11.sqm C:\sqmnoopt12.sqm C:\sqmnoopt13.sqm C:\sqmnoopt14.sqm C:\sqmnoopt15.sqm C:\sqmnoopt16.sqm C:\sqmnoopt17.sqm C:\sqmnoopt18.sqm C:\sqmnoopt19.sqm c:\windows\system32\win32hlp.cnf . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-11 au 2009-02-11 )))))))))))))))))))))))))))))))))))) . 2009-02-11 20:39 . 2009-02-11 20:39 d-------- c:\program files\Trojan Remover 2009-02-11 20:39 . 2009-02-11 20:39 d-------- c:\documents and settings\Magloire\Application Data\Simply Super Software 2009-02-11 20:39 . 2009-02-11 20:39 d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-02-11 19:11 . 2009-02-11 19:11 d-------- C: sit 2009-02-11 16:56 . 2009-02-11 16:56 d--hs---- C:\FOUND.000 2009-02-11 14:27 . 2009-02-11 14:27 285 --a------ c:\windows\system32\MRT.INI 2009-02-11 14:24 . 2009-02-11 14:24 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-11 14:24 . 2009-02-11 14:24 d-------- c:\documents and settings\Magloire\Application Data\Malwarebytes 2009-02-11 14:24 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 14:24 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-10 22:22 . 2009-02-10 22:22 191,096 -r-hs---- c:\windows\system32\wsncs.exe 2009-02-08 22:28 . 2009-02-08 22:28 d-------- c:\documents and settings\Phanélie\Application Data\Activision 2009-02-08 22:19 . 2009-02-08 22:19 d-------- c:\program files\Activision 2009-02-08 19:26 . 2009-02-08 19:26 d-------- c:\windows\Logs 2009-02-08 17:58 . 2009-02-08 17:58 d-------- c:\documents and settings\All Users\Application Data\Fugazo 2009-02-01 20:33 . 2009-02-01 20:33 d-------- c:\program files\MSN Messenger 2009-01-31 22:21 . 2009-01-31 22:21 d-------- c:\program files\DivX 2009-01-30 22:08 . 2009-02-11 14:26 1,374 --a------ c:\windows\imsins.BAK 2009-01-30 21:35 . 2009-01-30 21:35 d-------- c:\program files\Windows Live SkyDrive 2009-01-30 21:31 . 2009-01-30 21:31 d-------- c:\program files\MessengerPlus! 3 2009-01-30 19:55 . 2009-01-30 19:55 d-------- c:\windows\SxsCaPendDel 2009-01-29 20:30 . 2009-01-29 20:30 d-------- c:\documents and settings\Phanélie\Tracing 2009-01-29 20:30 . 2009-01-29 20:30 d-------- c:\documents and settings\Phanélie\Tracing 2009-01-29 20:24 . 2009-01-29 20:24 d-------- c:\program files\Microsoft 2009-01-29 20:19 . 2009-01-29 20:19 d-------- c:\program files\Fichiers communs\Windows Live 2009-01-28 16:17 . 2009-01-28 16:17 d-------- c:\program files\Microsoft Silverlight 2009-01-28 15:41 . 2009-01-28 15:41 d-------- c:\program files\CCleaner 2009-01-22 18:00 . 2009-01-22 18:00 d-------- c:\program files\Star Downloader 2009-01-14 16:47 . 2009-01-14 16:47 d--h----- c:\windows\$hf_mig$ . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-11 12:59 104,960 ----a-w c:\windows\system32\userinit.exe.vir 2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll 2009-01-07 18:29 --------- d-----w c:\program files\MRU-Blaster 2009-01-07 17:43 --------- d-----w c:\program files\EA GAMES 2009-01-05 16:37 --------- d-----w c:\documents and settings\Phanélie\Application Data\DartyBoxTHD 2009-01-04 20:41 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-27 18:03 --------- d-----w c:\program files\Paint.NET 2008-12-27 12:02 --------- d-----w c:\documents and settings\Magloire\Application Data\DartyBoxTHD 2008-12-27 12:00 --------- d-----w c:\program files\DartyBoxTHD_v1 2008-12-27 11:58 --------- d-----w c:\program files\Citrix 2008-12-27 11:56 --------- d-----w c:\program files\CD_DartyBox_THD 2008-12-27 11:51 --------- d-----w c:\documents and settings\All Users\Application Data\DartyBox 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll 2008-12-20 22:47 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll 2008-12-20 22:47 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll 2008-12-20 22:47 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll 2008-12-20 22:47 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll 2008-12-20 22:47 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll 2008-12-20 22:47 105,984 ----a-w c:\windows\system32\dllcache\url.dll 2008-12-20 22:47 102,912 ----a-w c:\windows\system32\dllcache\occache.dll 2008-12-20 22:47 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll 2008-12-19 09:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-10 68856] "Assistant DartyBox"="c:\program files\DartyBoxTHD_v1\Netgear\AssistantDB\AssistantDB_Netgear.exe" [2008-10-08 3237888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="c:\program files\Pack Securite\Common\FSM32.EXE" [2007-04-26 183208] "F-Secure TNB"="c:\program files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 740208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\Phan‚lie\Menu D‚marrer\Programmes\D‚marrage\ BoontyBox 01net.lnk - c:\program files\Boonty\BoontyBox\BoontyBox.exe [2006-07-31 857696] OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216] c:\documents and settings\Magloire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-07-27 262144] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\GoToAssist] 2008-12-27 12:58 10536 c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ SsiEfr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "c:\Program Files\Messenger\msmsgs.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "c:\Program Files\eMule\emule.exe"= "c:\Program Files\MSN Messenger\msnmsgr.exe"= "c:\Program Files\MSN Messenger\livecall.exe"= "c:\WINDOWS\system32\wsncs.exe"= R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-03-02 51072] R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Pack Securite\HIPS\fshs.sys [2008-03-02 41184] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2008-03-02 59760] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Pack Securite\Anti-Virus\win2k\fsfilter.sys [2008-03-02 40048] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Pack Securite\Anti-Virus\win2k\fsrec.sys [2008-03-02 25456] --- Autres Services/Pilotes en mémoire --- *Deregistered* - Acer Media Server *Deregistered* - ALG *Deregistered* - AudioSrv *Deregistered* - Browser *Deregistered* - CryptSvc *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - Dnscache *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - F-Secure Gatekeeper Handler Starter *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fax *Deregistered* - FSAUA *Deregistered* - FSDFWD *Deregistered* - FSMA *Deregistered* - gusvc *Deregistered* - helpsvc *Deregistered* - HidServ *Deregistered* - HTTPFilter *Deregistered* - JavaQuickStarterService *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - PolicyAgent *Deregistered* - ProtectedStorage *Deregistered* - RasMan *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - Spooler *Deregistered* - srservice *Deregistered* - SSDPSRV *Deregistered* - stisvc *Deregistered* - TapiSrv *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - upnphost *Deregistered* - W32Time *Deregistered* - WebClient *Deregistered* - WinDefend *Deregistered* - winmgmt *Deregistered* - WmiApSrv *Deregistered* - WSNCS *Deregistered* - wuauserv *Deregistered* - WZCSVC [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\Autorun.exe . Contenu du dossier 'Tâches planifiées' 2009-02-11 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2009-02-10 c:\windows\Tasks\Norton Security Scan for Phanélie.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18] 2007-06-12 c:\windows\Tasks\MP Scheduled Quick Scan.job - c:\program files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe [] 2009-02-11 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~1\PACKSE~1\ANTI-V~1\fsav.exe [2007-04-26 12:42] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.dartybox.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR IE: &Search - ?p=ZC IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites LSP: c:\docume~1\PHANc9,LIE\LOCALS~1\Temp tdll64.dll DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://eslgameplazza.powerchallenge.com/applet/PowerLoader.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-11 23:51:24 Windows 5.1.2600 Service Pack 3 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(644) c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll c:\program files\Pack Securite\FWES\Program\fsdc.dll - - - - - - - > 'lsass.exe'(700) c:\program files\Pack Securite\FWES\Program\fsdc.dll - - - - - - - > 'csrss.exe'(620) c:\program files\Pack Securite\FWES\Program\fsdc.dll . Heure de fin: 2009-02-11 23:52:37 ComboFix-quarantined-files.txt 2009-02-11 22:52:36 ComboFix2.txt 2009-02-11 21:14:42 Avant-CF: 54 620 061 696 octets libres Après-CF: 54,623,961,088 octets libres 319 --- E O F --- 2009-02-11 13:27:16

titite_baby · Answer

Rapport RSIT 

Logfile of random's system information tool 1.05 (written by random/random)
Run by Magloire at 2009-02-12 00:19:11
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 52 GB (56%) free of 93 GB
Total RAM: 959 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:19:20, on 12/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DartyBoxTHD_v1\Netgear\AssistantDB\AssistantDB_Netgear.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wsncs.exe
C:\WINDOWS\system32
otepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Magloire\Bureau\RSIT.exe
C:\Program Files	rend micro\Magloire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dartybox.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Assistant DartyBox] C:\Program Files\DartyBoxTHD_v1\Netgear\AssistantDB\AssistantDB_Netgear.exe -m
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - ?p=ZC
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\docume~1\phanélie\locals~1	emp
tdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\phanélie\locals~1	emp
tdll64.dll
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://eslgameplazza.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Windows Server Network Colocation Service (WSNCS) - Unknown owner - C:\WINDOWS\system32\wsncs.exe

Utilisateur anonyme · Answer

Re,


* Telecharges SmitfraudFix  sur ton bureau :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

* Desactives ton antivirus et la garde de ton antispyware

* Double clique sur l'icone de ton bureau --> un fichier est créé

---> Double cliques sur SmitfraudFix.exe et laisses toi guider

---> Choisis l'option 1 et patientes jusqu'à la fin de la recherche

* Un rapport sera généré, postes le stp

__

titite_baby · Answer

Voici le rapport 

SmitFraudFix v2.395

Rapport fait à  0:53:29,46, 12/02/2009
Executé à partir de C:\Documents and Settings\Magloire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DartyBoxTHD_v1\Netgear\AssistantDB\AssistantDB_Netgear.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wsncs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1	www.legal-at-spybot.info
127.0.0.1	legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Magloire


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Magloire\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Magloire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MAGLOIRE\FAVORIS


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 89.2.0.1
DNS Server Search Order: 89.2.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1854FF33-82CD-4A34-8C84-7AC14D87CAFC}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1854FF33-82CD-4A34-8C84-7AC14D87CAFC}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1854FF33-82CD-4A34-8C84-7AC14D87CAFC}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Utilisateur anonyme · Answer

Re,

* Telecharges HostXpert sur ton bureau:
http://www.funkytoad.com/download/HostsXpert.zip

--> Decompresses le sur ton bureau --> Clic-droit extraire

--> double cliques sur le fichier pour lancer le programme

--> Regardes si le cadenas est bien ouvert

--> Cliques sur le bouton " Restore Ms Host File "

--> puis refermes le programme

* Redemarre le pc en mode sans echec

--> Tu tapotes sur la touche F8 ou F5 de ton pc au demarrage

--> un ecran noir avec diverses options apparait

--> Choisis " mode sans echec " et valides par la touche " entrée " de ton clavier

-->Une fois en MSE relances Smitfraudfix et choisis l'option 2

--> patientes pendant que l'outil travaille

* Postes le rapport généré

* Telecharges OYMoveIt de Oldtimer sur ton bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

* Double-cliques sur OTMoveIt3.exe

--> assures toi que la case " Unregister Dll's and Ocx's " soit bien coché

--> Copies les lignes ci dessous :




:file
c:\docume~1\phanélie\locals~1	emp
tdll64.dll
c:\docume~1\phanélie\locals~1	emp
tdll64.dll




Colles les dans le cadre de gauche de OTMoveIt nommé :
" Past list of Files\Folders to be moved "

--> Cliques sur " MoveIt ! pour lancer la suppression

--> Lorsque le resultats apparait dans le cadre " results "
Cliques sur " exit "

* Dans certains cas l'outil aura besoin de redemarrer le pc pour finir la desinfection,
si il ne le fait pas lui meme, fais le stp

* Postes le rapport généré, il se trouve à c:\___OtmoveIt\ Moved Files

__

titite_baby · Answer

SmitFraudFix v2.395

Rapport fait à  1:57:17,21, 12/02/2009
Executé à partir de C:\Documents and Settings\Magloire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1854FF33-82CD-4A34-8C84-7AC14D87CAFC}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1854FF33-82CD-4A34-8C84-7AC14D87CAFC}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1854FF33-82CD-4A34-8C84-7AC14D87CAFC}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

titite_baby · Answer

Error: Unable to interpret <:file > in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02122009_020832

Utilisateur anonyme · Answer

Pour Avancer, * Mets Adobe reader à jour ici : https://get2.adobe.com/reader/otherversions/ ( N'installes pas la barre d'outil google, décoches la ) * Mets Java à jour ici : https://www.java.com/fr/download/manual.jsp * Une fois à jour, telecharges JavaRa.zip http://raproducts.org/click/click.php?id=1 --> Decompresses le fichier sur ton bureau ( clic-droit --> extraire) --> Double-clique sur le fichier obtenu >>> JavaRa.exe <<< ( le " exe " peut ne peut pas apparaitre) --> Cliques sur " Search For Updates " --> Selectionnes " Update Using junck.exe --> puis cliques sur Search --> Autorises le processus a se connectersi il te le ddemandes --> Cliques sur Install et suis les instructions * Quand l'installation est finie, reviens à l'ecran JavaRa --> Cliques sur " Remove Old Versions " --> Cliques sur " Oui " --> Laisses l'outil travailler --> Cliques ensuite sur " Ok " et à nouveau sur " Ok " --> Un rapport s'affichera, postes le stp * Pour te debarasser des outils téléchargés, télécharges Toolscleaner2 http://pc-system.fr/ * double-cliques sur l'icone de ton bureau --> Cliques sur " Recherche " et patientes --> cliques sur Suppression pour finaliser * Un rapport sera généré, postes le * Telecharges Ccleaner : https://filehippo.com/download_ccleaner/ --> Lors de l'installation, decoches la Toolbar Yahoo discretement proposé --> decoches aussi la case : " ajouter l'options.....recherche de mises a jour --> Une fois installé, fermes tous les programmes en cours --> lances Ccleaner et cliques sur --> options --> avancé et decoches la case : " effacer les fihiers du systeme...plus vieux que 48h " ( ne touches pas aux autres parametres) --> Cliques sur Nettoyeur et lances analyse + nettoyage refermes ccleaner, on s'en servira aprés * Fais un scan en ligne avec Bitdefender : http://www.bitdefender.fr/scan_fr/scan8/ie.html ( avec Internet explorer exclusivement) --> Il faudra desactiver ton antivirus 1) Tu dois accepter l'accord de license 2) Une fenetre concernant l'ActiveX s'ouvrira --> clic-sur la bannière anti pop-up, puis cliques sur : " Installer l'ActiveX " 3) Cliques ensuite sur " Installer " 4) Le scan va pouvoir debuter : --> Cliques sur " Demarrer l'analys " --> Bitdefender va se mettre à jour et pouvoir commencer l'analyse --> Patientes durant le scan 5) Une fois le scan terminé, cliques sur " ici pour exporter le rapport --> Une page de l'explorateur Windows s'ouvrira --> Nom de fichier : Bitdefender.txt --> Type : HTML * Postes le rapport généré stp ____

titite_baby · Answer

Quand je  double-clique sur le fichier obtenu >>> JavaRa.exe il n'ya pas  " Search For Updates " 
Il me dise de s'électionner une langue puis de sélectionner rechercher des mises à jour

titite_baby · Answer

Rapport javaRa

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Feb 12 13:10:13 2009

Found and removed: C:\Program Files\Java\jre1.5.0_05

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.5.0_11

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_05

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_09\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_11\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_07\bin\

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Feb 12 13:11:10 2009

------------------------------------

Finished reporting.

Utilisateur anonyme · Answer

Ok,


* J'attends le rapport Bitdefender, ToolsCeaner2 et un nouveau
rapport Hijackthis stp  !

titine · Answer

j'ai eu le même problème que toi, j'ai restauré mon ordi à une date antérieure et ça a l'air de marcher pour le moment. A voir... Bon courage.

titite_baby · Answer

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Combofix.txt: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Magloire\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Magloire\Bureau\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\Magloire\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Magloire\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\Magloire\Bureau\SmitFraudfix: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\Magloire\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Magloire\Bureau\SmitFraudFix.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\Magloire\Bureau\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Magloire\Bureau\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\hijackthis.log: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\Magloire\Bureau\SmitFraudfix: supprimé !

titite_baby · Answer

Logfile of random's system information tool 1.05 (written by random/random)
Run by Magloire at 2009-02-12 20:08:31
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 52 GB (56%) free of 93 GB
Total RAM: 959 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:51, on 12/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DartyBoxTHD_v1\Netgear\AssistantDB\AssistantDB_Netgear.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\WINDOWS\system32\wsncs.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Magloire\Bureau\RSIT.exe
C:\Program Files	rend micro\Magloire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dartybox.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Assistant DartyBox] C:\Program Files\DartyBoxTHD_v1\Netgear\AssistantDB\AssistantDB_Netgear.exe -m
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - ?p=ZC
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\docume~1\phanélie\locals~1	emp
tdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\phanélie\locals~1	emp
tdll64.dll
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://eslgameplazza.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Windows Server Network Colocation Service (WSNCS) - Unknown owner - C:\WINDOWS\system32\wsncs.exe

titite_baby · Answer

info.txt logfile of random's system information tool 1.05 2009-02-12 20:08:53

======Uninstall list======

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD Installation DartyBox THD-->"C:\Program Files\InstallShield Installation Information\{97C0ECE3-F751-4D26-9D2C-CC598F616A1F}\setup.exe" -runfromtemp -l0x040c -removeonly
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GoToAssist 8.0.0.508-->C:\Program Files\Citrix\GoToAssist\508\G2AUninstaller.exe /uninstall
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Installation de la DartyBox THD en Ethernet-->"C:\Program Files\InstallShield Installation Information\{CC9F9D1B-04BB-46FD-BD48-9C54472695A6}\setup.exe" -runfromtemp -l0x040c -eth -pri /hide_progress -removeonly
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kung Fu Panda(TM)-->C:\Program Files\InstallShield Installation Information\{48ADB3C0-18FB-4922-B172-7C8C4B99409C}\setup.exe -runfromtemp -l0x040c
Les Sims 2-->C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Fichiers communs\Symantec Shared\NSSSetup\{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Pack Securite Plus 7.00 (outdated)
FW: Pack Securite Plus 7.00

System event log

Computer Name: DÉBARRAS
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur : 
Le module spécifié est introuvable.


Record Number: 4801
Source Name: Service Control Manager
Time Written: 20090201200130.000000+060
Event Type: erreur
User: 

Computer Name: DÉBARRAS
Event Code: 7036
Message: Le service Gestion d'applications est entré dans l'état : arrêté.

Record Number: 4800
Source Name: Service Control Manager
Time Written: 20090201200130.000000+060
Event Type: Informations
User: 

Computer Name: DÉBARRAS
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 4799
Source Name: Service Control Manager
Time Written: 20090201200130.000000+060
Event Type: Informations
User: DÉBARRAS\Phanélie

Computer Name: DÉBARRAS
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur : 
Le module spécifié est introuvable.


Record Number: 4798
Source Name: Service Control Manager
Time Written: 20090201200130.000000+060
Event Type: erreur
User: 

Computer Name: DÉBARRAS
Event Code: 7036
Message: Le service Gestion d'applications est entré dans l'état : arrêté.

Record Number: 4797
Source Name: Service Control Manager
Time Written: 20090201200130.000000+060
Event Type: Informations
User: 

Application event log

Computer Name: DÉBARRAS
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur DÉBARRAS\Magloire alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. 


Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 2490
Source Name: Userenv
Time Written: 20090212021041.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: DÉBARRAS
Event Code: 1524
Message: Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé.  



Record Number: 2489
Source Name: Userenv
Time Written: 20090212021037.000000+060
Event Type: Avertissement
User: DÉBARRAS\Magloire

Computer Name: DÉBARRAS
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur DÉBARRAS\Phanélie alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. 


Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 2488
Source Name: Userenv
Time Written: 20090212020209.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: DÉBARRAS
Event Code: 1524
Message: Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé.  



Record Number: 2487
Source Name: Userenv
Time Written: 20090212020201.000000+060
Event Type: Avertissement
User: DÉBARRAS\Phanélie

Computer Name: DÉBARRAS
Event Code: 4356
Message: Le système d'événements de COM+ n'a pas pu créer d'instance de l'abonné partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject a renvoyé HRESULT 8000401A.
Record Number: 2486
Source Name: EventSystem
Time Written: 20090212020042.000000+060
Event Type: Avertissement
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

-----------------EOF-----------------

titite_baby · Answer

BitDefender Online Scanner - Rapport d'analyse

BitDefender Online Scanner

Rapport d'analyse généré à: Thu, Feb 12, 2009 - 18:58:15

Voie d'analyse: C:\;D:\;E:\;F:\;G:\;H:\;I:\;

Statistiques
Temps	00:29:19
Fichiers	79637
Directoires	8999
Secteurs de boot	0
Archives	1504
Paquets programmes	6269

Résultats
Virus identifiés	2
Fichiers infectés	2
Fichiers suspects	0
Avertissements	0
Désinfectés	0
Fichiers effacés	0

Info sur les moteurs
Définition virus	2640579
Version des moteurs	AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Analyse des plugins	17
Archive des plugins	45
Unpack des plugins	7
E-mail plugins	6
Système plugins	4

Paramètres d'analyse
Première action	Désinfecté
Seconde Action	Supprimé
Heuristique	Oui
Acceptez les avertissements	Oui
Extensions analysées	exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails	Oui
Analyse des Archives	Oui
Analyser paquets programmes	Oui
Analyse des fichiers	Oui
Analyse de boot	Oui

Fichier analysé	Statut
C:\WINDOWS\system32\wsncs.exe	Infecté par: Gen:Trojan.Heur.455843
C:\WINDOWS\system32\wsncs.exe	Echec de la désinfection
C:\WINDOWS\system32\wsncs.exe	Echec de la suppression
C:\Documents and Settings\Phanélie\Local Settings\Temp tdll64.dll	Infecté par: Trojan.Peed.Gen
C:\Documents and Settings\Phanélie\Local Settings\Temp tdll64.dll	Echec de la désinfection
C:\Documents and Settings\Phanélie\Local Settings\Temp tdll64.dll	Echec de la suppression

Utilisateur anonyme · Answer

Euh,


* J'aurais préféré en HTML --> parce que la, je piges que dal !

titite_baby · Answer

J'ai trouvé ceci. Peut etre que ca peut te servir. 



[General]
App	= "BitDefender Online Scanner v8"
Date	= 12:02:2009
Time	= 18:58:15
Scan Path	= C:\;D:\;E:\;F:\;G:\;H:\;I:\;

[Engines Info]
Virus Definitions	= 2640579
Engine build	= "AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)"
Scan plugins	= 17
Archive plugins	= 45
Unpack plugins	= 7
E-mail plugins	= 6
System plugins	= 4

[Scan Statistics]
Folders	= 8999
Files	= 79637
Archives	= 1504
Packed files	= 6269
Identified viruses	= 2
Infected files	= 2
Warnings	= 0
Suspect files	= 0
Disinfected files	= 0
Deleted files	= 0
Copied files	= 0
Moved files	= 0
Renamed files	= 0
I/O Errors	= 8

[Scan Settings]
SecondAction	= Delete
FirstAction	= Disinfect
Heuristics	= 1
Enable Warnings	= 1
Exclude Ext	= 
Extensions	= exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Scan Emails	= 1
Scan Archives	= 1
Scan Packed	= 1
Scan Files	= 1
Scan Boot	= 1
Verify Memory	= 0

[Scan Results]
Line00000005	= "C:\WINDOWS\system32\wsncs.exe Infecté par: Gen:Trojan.Heur.455843"
Line00000004	= "C:\WINDOWS\system32\wsncs.exe Echec de la désinfection"
Line00000003	= "C:\WINDOWS\system32\wsncs.exe Echec de la suppression"
Line00000002	= "C:\Documents and Settings\Phanélie\Local Settings\Temp
tdll64.dll Infecté par: Trojan.Peed.Gen"
Line00000001	= "C:\Documents and Settings\Phanélie\Local Settings\Temp
tdll64.dll Echec de la désinfection"
Line00000000	= "C:\Documents and Settings\Phanélie\Local Settings\Temp
tdll64.dll Echec de la suppression"

Utilisateur anonyme · Answer

non,

*  laisses tomber, je vais te donner la suite !

Utilisateur anonyme · Answer

Re,

* Relances Hijackthis et clique sur " Do a scan only "

coches les cases devant les lignes suivantes


02- BHO: (no name) - {7e853D72-626A-48Ec-A868-BA8D5E045}- (no file)

02- BHO : (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

03- Toolbar : (no name) - {BDBD1DAD-C946A17-ADC1-64B5B4FF55D0} - ( no file)

04- HKLM\..\ Run: [AdobePhoto Downloader] c:\program Files\Adobe\Photoshop Album Starter Edition

04- HKLM \..\ Run: [SunJavaUpdate Shef] c:\program files\java\jrc6\bin\jushed.exe

04- HKCU \..\ Run [CTFMON.EXE] c:\WINDOWS\system32\ctfmon.exe

04- HKCU\..\ Run [ Assistant Darty Box] c:\program Files\DartyBox THD_v1\Netgear\Assistant DB\Assistant

04 HKUS\s-1.5.18\..\Run :[DWQueuedReporting]c:\PROGRA~1\

04 HKUS\- DEFAULT\..\ Run :[DWQueuReporting]c:\PROGRA~1\

04 - Startup : OpenOffice.org 2.2 Ink =C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

010- Unknown file in Winsock Lsp : c:\docume~1\phanélie\locals~1	emp
tdll64.dll

010-Unknown file in winsock Lsp : c:\docume~1\phanélie\locals~1	emp
tdll64.dll


* Veilles a te deconnecter et fermes tous les programmes en cours

--> cliques sur Fix chicked

--> Refermes le programme

* Telecharges LSPFix sur ton bureau

http://www.cexx.org/lspfix.exe

/!\  Deconnectes toi et fermes toutes les applications en cours /!\

--> Coches la case " I know what I'm doing "

--> Selectionnes les dll suivantes


ntdll64.dll
ntdll64.dll
et verifie aussi:
nlaapi.dll
napinsp.dll
mdnsnsp.dll

--> Glisses les du panneau de gauche " Keep " au panneau Remove

--> Cliques sur Finish
( si elles sont déjà dans le panneau Remove --> cliques simplement sur Finish)


* Telecharges OTMoveit3 sur ton bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

--> Double-cliques sur OTMoveIt pour le lancer

--> assures toi que la case : Unregister Dll's and Ocx's  soit coché

--> Copie les lignes ci-dessous



:processes
explorer.exe

:file
c:\documents and settings\phanélie\Local Settings\Temp
tdll64.dll
C:\WINDOWS\System32\wsncs.exe


:commands
[emptytemp]
[purity]
[start explorer]
[reboot]






et colles les dans le cadre de gauche de OTMoveIt :
" Past List Of Files/ Folders to move

--> Cliques sur Moveit pour lancer la suppression

--> Lorsque le resultat apparaitra dans " Results " --> cliques sur Exit

Note : dans certains cas, il faudra redemarrer manuellement le pc

Le rapport se trouve à c:\__OTMoveIt\Moved files

* Postes le rapport et un nouveau rapport hijackthis stp 

__

titite_baby · Answer

========== PROCESSES ========== Process explorer.exe killed successfully. Error: Unable to interpret <:file > in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS emp\WSCNS_000.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS emp vcbin.def.6E73AF6C.TMP scheduled to be deleted on reboot. File delete failed. C:\WINDOWS emp\JET7C63.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS emp\Perflib_Perfdata_85c.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS emp\Perflib_Perfdata_1c8.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02132009_005133 Files moved on Reboot... File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. C:\WINDOWS emp\WSCNS_000.tmp moved successfully. File move failed. C:\WINDOWS emp vcbin.def.6E73AF6C.TMP scheduled to be moved on reboot. C:\WINDOWS emp\JET7C63.tmp moved successfully. C:\WINDOWS emp\Perflib_Perfdata_85c.dat moved successfully. File C:\WINDOWS emp\Perflib_Perfdata_1c8.dat not found!

titite_baby · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:12:59, on 13/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wsncs.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS
otepad.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files	rend micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dartybox.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - ?p=ZC
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://eslgameplazza.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Windows Server Network Colocation Service (WSNCS) - Unknown owner - C:\WINDOWS\system32\wsncs.exe

titite_baby · Answer

Ca marche !!!! Ca m'écrit plus "Warning! Your system is in danger. YOUR COMPUTER IS IN need OF full scanning. "

Merci beaucoup !!!

Est ce que c'est tout parti stp ?
 ET encore merci !!!

Utilisateur anonyme · Answer

Bonsoir,

* Désolé,Ce nest pas fini !

* Peux tu envoyer un rapport RSIT stp, ce n'est pas terminé -->( WSNCS)
 --> C\WINDOWS\system32\wsncs.exe  --> Infection

--> RSIT nous en dira plus !

___

titite_baby · Answer

Bonjour,

Volià le rapport RSIT




Logfile of random's system information tool 1.05 (written by random/random)
Run by Magloire at 2009-02-14 14:29:18
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 52 GB (56%) free of 93 GB
Total RAM: 959 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:29:37, on 14/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Magloire\Bureau\RSIT.exe
C:\Program Files	rend micro\Magloire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dartybox.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - ?p=ZC
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://eslgameplazza.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Windows Server Network Colocation Service (WSNCS) - Unknown owner - C:\WINDOWS\system32\wsncs.exe (file missing)

Des spywares et Trojans envahissent mon pc

37 réponses

Discussions similaires

Newsletters