Internet bloqué par virus
Fermé
qvn
Messages postés
2
Date d'inscription
mardi 21 août 2007
Statut
Membre
Dernière intervention
12 février 2009
-
12 févr. 2009 à 19:19
Utilisateur anonyme - 1 mars 2009 à 00:40
Utilisateur anonyme - 1 mars 2009 à 00:40
A voir également:
- Internet bloqué par virus
- Code puk bloqué - Guide
- Pavé tactile bloqué - Guide
- Gps sans internet - Guide
- Compte gmail bloqué - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
33 réponses
Utilisateur anonyme
12 févr. 2009 à 19:26
12 févr. 2009 à 19:26
bonsoir :
tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
ensuite :
Télécharge Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Au menu principal, Fais le choix 1 >> Recherche
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... *** >>>>> Le fix peut durer une dizaine de minutes ;)
Appuie sur une touche le bloc note va s'ouvrir.
Copie-colle le rapport ici.
ensuite :
Télécharge ToolBar S&D ( de Eric_71/Team IDN ) sur ton bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )
!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !!
* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...
--> Tapes ( option " recherche " ) puis tape sur [Entrée].
Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
ensuite :
Télécharge Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Au menu principal, Fais le choix 1 >> Recherche
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... *** >>>>> Le fix peut durer une dizaine de minutes ;)
Appuie sur une touche le bloc note va s'ouvrir.
Copie-colle le rapport ici.
ensuite :
Télécharge ToolBar S&D ( de Eric_71/Team IDN ) sur ton bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )
!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !!
* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...
--> Tapes ( option " recherche " ) puis tape sur [Entrée].
Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
Voici les 3 rapport :
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : BIOS Date: 09/26/05 15:16:53 Ver: 08.00.09
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:489 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 13/02/2009|18:58 )
--------------------\\ Listing des dossiers dans APPLIC~1
[16/10/2008|16:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[24/10/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[15/10/2008|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[16/11/2008|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[06/11/2008|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[16/10/2008|15:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[31/10/2008|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[17/12/2008|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/02/2009|07:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[16/10/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[27/12/2008|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[16/10/2008|14:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[17/12/2008|22:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[05/11/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\wmp
[19/10/2008|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[19/10/2008|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[15/10/2008|20:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[31/10/2008|19:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[15/10/2008|20:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[17/10/2008|11:58] C:\DOCUME~1\Paul\APPLIC~1\Adobe
[24/10/2008|22:37] C:\DOCUME~1\Paul\APPLIC~1\ATI
[04/02/2009|08:21] C:\DOCUME~1\Paul\APPLIC~1\Azureus
[06/11/2008|19:52] C:\DOCUME~1\Paul\APPLIC~1\CyberLink
[17/11/2008|18:26] C:\DOCUME~1\Paul\APPLIC~1\DAEMON Tools
[16/10/2008|13:45] C:\DOCUME~1\Paul\APPLIC~1\FrostWire
[08/11/2008|20:34] C:\DOCUME~1\Paul\APPLIC~1\Google
[15/10/2008|20:35] C:\DOCUME~1\Paul\APPLIC~1\Identities
[16/01/2009|11:07] C:\DOCUME~1\Paul\APPLIC~1\ImgBurn
[29/01/2009|20:31] C:\DOCUME~1\Paul\APPLIC~1\LimeWire
[15/10/2008|21:22] C:\DOCUME~1\Paul\APPLIC~1\Macromedia
[24/01/2009|18:27] C:\DOCUME~1\Paul\APPLIC~1\Media Player Classic
[08/01/2009|10:41] C:\DOCUME~1\Paul\APPLIC~1\Microsoft
[17/10/2008|12:04] C:\DOCUME~1\Paul\APPLIC~1\Mozilla
[12/11/2008|16:29] C:\DOCUME~1\Paul\APPLIC~1\Nero
[17/11/2008|13:21] C:\DOCUME~1\Paul\APPLIC~1\SecuROM
[13/02/2009|18:36] C:\DOCUME~1\Paul\APPLIC~1\Skype
[13/02/2009|18:36] C:\DOCUME~1\Paul\APPLIC~1\skypePM
[23/10/2008|06:39] C:\DOCUME~1\Paul\APPLIC~1\Sun
[03/01/2009|11:18] C:\DOCUME~1\Paul\APPLIC~1\vlc
[17/10/2008|14:00] C:\DOCUME~1\Paul\APPLIC~1\Windows Desktop Search
[18/10/2008|08:04] C:\DOCUME~1\Paul\APPLIC~1\Windows Search
[19/10/2008|16:14] C:\DOCUME~1\Paul\APPLIC~1\Yahoo!
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[13/02/2009 18:55][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 21:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[16/10/2008|16:56] C:\Program Files\Adobe
[10/02/2009|08:59] C:\Program Files\Adobe Type Manager
[05/02/2009|21:34] C:\Program Files\adslTV
[15/10/2008|21:31] C:\Program Files\Analog Devices
[16/11/2008|13:17] C:\Program Files\AskSBar
[17/11/2008|18:44] C:\Program Files\Aspyr
[24/10/2008|22:03] C:\Program Files\ATI Technologies
[15/10/2008|22:11] C:\Program Files\Avira
[04/02/2009|07:33] C:\Program Files\Azureus
[19/11/2008|00:04] C:\Program Files\CA Yahoo! Anti-Spy
[17/10/2008|16:45] C:\Program Files\CCleaner
[24/01/2009|18:24] C:\Program Files\Combined Community Codec Pack
[15/10/2008|20:23] C:\Program Files\ComPlus Applications
[06/11/2008|19:51] C:\Program Files\CyberLink
[26/10/2008|10:25] C:\Program Files\EPSON
[17/10/2008|14:54] C:\Program Files\ffdshow
[27/12/2008|20:53] C:\Program Files\Fichiers communs
[26/10/2008|10:35] C:\Program Files\Freeplayer
[08/11/2008|20:34] C:\Program Files\Google
[10/02/2009|08:55] C:\Program Files\Hewlett-Packard
[30/01/2009|23:25] C:\Program Files\ICCup
[06/11/2008|19:51] C:\Program Files\InstallShield Installation Information
[11/02/2009|07:51] C:\Program Files\Internet Explorer
[04/12/2008|15:21] C:\Program Files\Java
[06/01/2009|19:27] C:\Program Files\LimeWire
[17/10/2008|22:25] C:\Program Files\Messenger
[06/02/2009|19:05] C:\Program Files\Messenger Plus! Live
[17/12/2008|17:04] C:\Program Files\Microsoft
[15/10/2008|20:26] C:\Program Files\microsoft frontpage
[01/11/2008|18:28] C:\Program Files\Microsoft Office
[17/12/2008|17:04] C:\Program Files\Microsoft Office Outlook Connector
[17/12/2008|17:04] C:\Program Files\Microsoft Silverlight
[02/11/2008|19:56] C:\Program Files\Microsoft Visual Studio
[01/11/2008|18:24] C:\Program Files\Microsoft Visual Studio 8
[02/11/2008|19:57] C:\Program Files\Microsoft Works
[01/11/2008|18:27] C:\Program Files\Microsoft.NET
[17/01/2009|01:53] C:\Program Files\Movie Maker
[12/02/2009|21:02] C:\Program Files\Mozilla Firefox
[02/11/2008|19:57] C:\Program Files\MSBuild
[15/10/2008|20:23] C:\Program Files\MSN
[15/10/2008|20:22] C:\Program Files\MSN Gaming Zone
[12/11/2008|16:28] C:\Program Files\Nero 9
[15/10/2008|21:12] C:\Program Files\NETGEAR
[17/10/2008|22:18] C:\Program Files\NetMeeting
[16/10/2008|17:36] C:\Program Files\NOS
[17/01/2009|01:53] C:\Program Files\Outlook Express
[10/02/2009|08:58] C:\Program Files\PhotoDeluxe EE 1.1
[12/02/2009|00:53] C:\Program Files\PKR
[05/12/2008|10:25] C:\Program Files\PurFlirt
[24/10/2008|22:24] C:\Program Files\Reference Assemblies
[15/10/2008|20:23] C:\Program Files\Services en ligne
[05/11/2008|19:56] C:\Program Files\sina
[27/12/2008|20:53] C:\Program Files\Skype
[12/02/2009|23:59] C:\Program Files\Starcraft
[18/10/2008|11:21] C:\Program Files\SuperCopier
[12/02/2009|07:41] C:\Program Files\Trend Micro
[15/10/2008|21:56] C:\Program Files\VIA
[17/10/2008|13:59] C:\Program Files\Windows Desktop Search
[17/12/2008|18:10] C:\Program Files\Windows Live
[31/10/2008|18:34] C:\Program Files\Windows Media Connect 2
[31/10/2008|19:05] C:\Program Files\Windows Media Player
[17/10/2008|22:18] C:\Program Files\Windows NT
[15/10/2008|21:47] C:\Program Files\WindowsUpdate
[15/10/2008|20:26] C:\Program Files\xerox
[19/10/2008|08:39] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[16/10/2008|16:56] C:\Program Files\Fichiers communs\Adobe
[02/11/2008|19:56] C:\Program Files\Fichiers communs\DESIGNER
[10/02/2009|09:04] C:\Program Files\Fichiers communs\EPSON
[15/10/2008|21:56] C:\Program Files\Fichiers communs\InstallShield
[16/10/2008|13:35] C:\Program Files\Fichiers communs\Java
[17/12/2008|17:00] C:\Program Files\Fichiers communs\Microsoft Shared
[15/10/2008|20:24] C:\Program Files\Fichiers communs\MSSoap
[12/11/2008|16:28] C:\Program Files\Fichiers communs\Nero
[15/10/2008|20:43] C:\Program Files\Fichiers communs\ODBC
[19/11/2008|00:02] C:\Program Files\Fichiers communs\Scanner
[15/10/2008|20:24] C:\Program Files\Fichiers communs\Services
[27/12/2008|20:53] C:\Program Files\Fichiers communs\Skype
[15/10/2008|20:43] C:\Program Files\Fichiers communs\SpeechEngines
[17/12/2008|17:04] C:\Program Files\Fichiers communs\System
[17/12/2008|16:52] C:\Program Files\Fichiers communs\Windows Live
[17/10/2008|16:46] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 47 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\Paul\LOCALS~1\Temp\msgpl_5330.exe
C:\DOCUME~1\Paul\Cookies\paul@d2.advertserve[1].txt
C:\DOCUME~1\Paul\Cookies\paul@imagevenue.advertserve[2].txt
C:\DOCUME~1\Paul\Cookies\paul@adultfriendfinder[2].txt
C:\DOCUME~1\Paul\Cookies\paul@advertising[2].txt
C:\DOCUME~1\Paul\Cookies\paul@bigpoint[1].txt
C:\DOCUME~1\Paul\Cookies\paul@fr.seafight.bigpoint[2].txt
C:\DOCUME~1\Paul\Cookies\paul@adopt.euroclick[2].txt
C:\DOCUME~1\Paul\Cookies\paul@fr.seafight.bigpoint[2].txt
C:\DOCUME~1\Paul\Cookies\paul@32vegas[1].txt
C:\DOCUME~1\Paul\Cookies\paul@banner.32vegas[2].txt
C:\DOCUME~1\Paul\Cookies\paul@www.32vegas[1].txt
C:\DOCUME~1\Paul\Cookies\paul@2xmoinscher[1].txt
C:\DOCUME~1\Paul\Cookies\paul@www.2xmoinscher[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 19:00:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.exe
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_nav.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_navps.dat
[b]==> EGDACCESS <==/b
[F:1512][D:87]-> C:\DOCUME~1\Paul\LOCALS~1\Temp
[F:943][D:0]-> C:\DOCUME~1\Paul\Cookies
[F:76][D:17]-> C:\DOCUME~1\Paul\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 13/02/2009|19:01 - Option : [1]
--------------------\\ Fin du rapport a 19:01:39
le deuxième :
Search Navipromo version 3.7.3 commencé le 13/02/2009 à 19:03:51,76
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 13.02.2009 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : BIOS Date: 09/26/05 15:16:53 Ver: 08.00.09
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:489 Mo (Free:0 Go)
Recherche executé en mode normal
*** Recherche Programmes installés ***
Favorit
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Paul\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Paul\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Paul\menudm~1\progra~1" ***
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Paul\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
HKEY_CURRENT_USER\Software\Lanconfig
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"acqeu"="\"c:\\documents and settings\\paul\\local settings\\application data\\acqeu.exe\" acqeu"
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Paul\locals~1\applic~1" :
acqeu.exe trouvé !
acqeu.dat trouvé !
acqeu_nav.dat trouvé !
acqeu_navps.dat trouvé !
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 13/02/2009 à 19:05:05,26 ***
le dernier:
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : BIOS Date: 09/26/05 15:16:53 Ver: 08.00.09
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:489 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 13/02/2009|19:06 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar
C:\Program Files\AskSBar\SrchAstt
C:\Program Files\AskSBar\bar\1.bin
C:\Program Files\AskSBar\bar\Cache
C:\Program Files\AskSBar\bar\History
C:\Program Files\AskSBar\bar\Settings
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL
C:\Program Files\AskSBar\bar\Cache\0168BDCA.bin
C:\Program Files\AskSBar\bar\Cache\0168BFDE.bin
C:\Program Files\AskSBar\bar\Cache\0168C1C2.bin
C:\Program Files\AskSBar\bar\Cache\0168C3C6.bin
C:\Program Files\AskSBar\bar\Cache\0168C58B.bin
C:\Program Files\AskSBar\bar\Cache\0168C78E.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskSBar\SrchAstt\1.bin
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.postarticles.net"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.exe
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_nav.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_navps.dat
[b]==> EGDACCESS <==/b
1 - "C:\ToolBar SD\TB_1.txt" - 13/02/2009|19:06 - Option : [1]
-----------\\ Fin du rapport a 19:06:46,26
Voilà j'attend avec impatience votre réponse.
Merci
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : BIOS Date: 09/26/05 15:16:53 Ver: 08.00.09
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:489 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 13/02/2009|18:58 )
--------------------\\ Listing des dossiers dans APPLIC~1
[16/10/2008|16:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[24/10/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[15/10/2008|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[16/11/2008|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[06/11/2008|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[16/10/2008|15:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[31/10/2008|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[17/12/2008|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/02/2009|07:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[16/10/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[27/12/2008|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[16/10/2008|14:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[17/12/2008|22:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[05/11/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\wmp
[19/10/2008|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[19/10/2008|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[15/10/2008|20:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[31/10/2008|19:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[15/10/2008|20:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[17/10/2008|11:58] C:\DOCUME~1\Paul\APPLIC~1\Adobe
[24/10/2008|22:37] C:\DOCUME~1\Paul\APPLIC~1\ATI
[04/02/2009|08:21] C:\DOCUME~1\Paul\APPLIC~1\Azureus
[06/11/2008|19:52] C:\DOCUME~1\Paul\APPLIC~1\CyberLink
[17/11/2008|18:26] C:\DOCUME~1\Paul\APPLIC~1\DAEMON Tools
[16/10/2008|13:45] C:\DOCUME~1\Paul\APPLIC~1\FrostWire
[08/11/2008|20:34] C:\DOCUME~1\Paul\APPLIC~1\Google
[15/10/2008|20:35] C:\DOCUME~1\Paul\APPLIC~1\Identities
[16/01/2009|11:07] C:\DOCUME~1\Paul\APPLIC~1\ImgBurn
[29/01/2009|20:31] C:\DOCUME~1\Paul\APPLIC~1\LimeWire
[15/10/2008|21:22] C:\DOCUME~1\Paul\APPLIC~1\Macromedia
[24/01/2009|18:27] C:\DOCUME~1\Paul\APPLIC~1\Media Player Classic
[08/01/2009|10:41] C:\DOCUME~1\Paul\APPLIC~1\Microsoft
[17/10/2008|12:04] C:\DOCUME~1\Paul\APPLIC~1\Mozilla
[12/11/2008|16:29] C:\DOCUME~1\Paul\APPLIC~1\Nero
[17/11/2008|13:21] C:\DOCUME~1\Paul\APPLIC~1\SecuROM
[13/02/2009|18:36] C:\DOCUME~1\Paul\APPLIC~1\Skype
[13/02/2009|18:36] C:\DOCUME~1\Paul\APPLIC~1\skypePM
[23/10/2008|06:39] C:\DOCUME~1\Paul\APPLIC~1\Sun
[03/01/2009|11:18] C:\DOCUME~1\Paul\APPLIC~1\vlc
[17/10/2008|14:00] C:\DOCUME~1\Paul\APPLIC~1\Windows Desktop Search
[18/10/2008|08:04] C:\DOCUME~1\Paul\APPLIC~1\Windows Search
[19/10/2008|16:14] C:\DOCUME~1\Paul\APPLIC~1\Yahoo!
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[13/02/2009 18:55][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 21:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[16/10/2008|16:56] C:\Program Files\Adobe
[10/02/2009|08:59] C:\Program Files\Adobe Type Manager
[05/02/2009|21:34] C:\Program Files\adslTV
[15/10/2008|21:31] C:\Program Files\Analog Devices
[16/11/2008|13:17] C:\Program Files\AskSBar
[17/11/2008|18:44] C:\Program Files\Aspyr
[24/10/2008|22:03] C:\Program Files\ATI Technologies
[15/10/2008|22:11] C:\Program Files\Avira
[04/02/2009|07:33] C:\Program Files\Azureus
[19/11/2008|00:04] C:\Program Files\CA Yahoo! Anti-Spy
[17/10/2008|16:45] C:\Program Files\CCleaner
[24/01/2009|18:24] C:\Program Files\Combined Community Codec Pack
[15/10/2008|20:23] C:\Program Files\ComPlus Applications
[06/11/2008|19:51] C:\Program Files\CyberLink
[26/10/2008|10:25] C:\Program Files\EPSON
[17/10/2008|14:54] C:\Program Files\ffdshow
[27/12/2008|20:53] C:\Program Files\Fichiers communs
[26/10/2008|10:35] C:\Program Files\Freeplayer
[08/11/2008|20:34] C:\Program Files\Google
[10/02/2009|08:55] C:\Program Files\Hewlett-Packard
[30/01/2009|23:25] C:\Program Files\ICCup
[06/11/2008|19:51] C:\Program Files\InstallShield Installation Information
[11/02/2009|07:51] C:\Program Files\Internet Explorer
[04/12/2008|15:21] C:\Program Files\Java
[06/01/2009|19:27] C:\Program Files\LimeWire
[17/10/2008|22:25] C:\Program Files\Messenger
[06/02/2009|19:05] C:\Program Files\Messenger Plus! Live
[17/12/2008|17:04] C:\Program Files\Microsoft
[15/10/2008|20:26] C:\Program Files\microsoft frontpage
[01/11/2008|18:28] C:\Program Files\Microsoft Office
[17/12/2008|17:04] C:\Program Files\Microsoft Office Outlook Connector
[17/12/2008|17:04] C:\Program Files\Microsoft Silverlight
[02/11/2008|19:56] C:\Program Files\Microsoft Visual Studio
[01/11/2008|18:24] C:\Program Files\Microsoft Visual Studio 8
[02/11/2008|19:57] C:\Program Files\Microsoft Works
[01/11/2008|18:27] C:\Program Files\Microsoft.NET
[17/01/2009|01:53] C:\Program Files\Movie Maker
[12/02/2009|21:02] C:\Program Files\Mozilla Firefox
[02/11/2008|19:57] C:\Program Files\MSBuild
[15/10/2008|20:23] C:\Program Files\MSN
[15/10/2008|20:22] C:\Program Files\MSN Gaming Zone
[12/11/2008|16:28] C:\Program Files\Nero 9
[15/10/2008|21:12] C:\Program Files\NETGEAR
[17/10/2008|22:18] C:\Program Files\NetMeeting
[16/10/2008|17:36] C:\Program Files\NOS
[17/01/2009|01:53] C:\Program Files\Outlook Express
[10/02/2009|08:58] C:\Program Files\PhotoDeluxe EE 1.1
[12/02/2009|00:53] C:\Program Files\PKR
[05/12/2008|10:25] C:\Program Files\PurFlirt
[24/10/2008|22:24] C:\Program Files\Reference Assemblies
[15/10/2008|20:23] C:\Program Files\Services en ligne
[05/11/2008|19:56] C:\Program Files\sina
[27/12/2008|20:53] C:\Program Files\Skype
[12/02/2009|23:59] C:\Program Files\Starcraft
[18/10/2008|11:21] C:\Program Files\SuperCopier
[12/02/2009|07:41] C:\Program Files\Trend Micro
[15/10/2008|21:56] C:\Program Files\VIA
[17/10/2008|13:59] C:\Program Files\Windows Desktop Search
[17/12/2008|18:10] C:\Program Files\Windows Live
[31/10/2008|18:34] C:\Program Files\Windows Media Connect 2
[31/10/2008|19:05] C:\Program Files\Windows Media Player
[17/10/2008|22:18] C:\Program Files\Windows NT
[15/10/2008|21:47] C:\Program Files\WindowsUpdate
[15/10/2008|20:26] C:\Program Files\xerox
[19/10/2008|08:39] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[16/10/2008|16:56] C:\Program Files\Fichiers communs\Adobe
[02/11/2008|19:56] C:\Program Files\Fichiers communs\DESIGNER
[10/02/2009|09:04] C:\Program Files\Fichiers communs\EPSON
[15/10/2008|21:56] C:\Program Files\Fichiers communs\InstallShield
[16/10/2008|13:35] C:\Program Files\Fichiers communs\Java
[17/12/2008|17:00] C:\Program Files\Fichiers communs\Microsoft Shared
[15/10/2008|20:24] C:\Program Files\Fichiers communs\MSSoap
[12/11/2008|16:28] C:\Program Files\Fichiers communs\Nero
[15/10/2008|20:43] C:\Program Files\Fichiers communs\ODBC
[19/11/2008|00:02] C:\Program Files\Fichiers communs\Scanner
[15/10/2008|20:24] C:\Program Files\Fichiers communs\Services
[27/12/2008|20:53] C:\Program Files\Fichiers communs\Skype
[15/10/2008|20:43] C:\Program Files\Fichiers communs\SpeechEngines
[17/12/2008|17:04] C:\Program Files\Fichiers communs\System
[17/12/2008|16:52] C:\Program Files\Fichiers communs\Windows Live
[17/10/2008|16:46] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 47 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\Paul\LOCALS~1\Temp\msgpl_5330.exe
C:\DOCUME~1\Paul\Cookies\paul@d2.advertserve[1].txt
C:\DOCUME~1\Paul\Cookies\paul@imagevenue.advertserve[2].txt
C:\DOCUME~1\Paul\Cookies\paul@adultfriendfinder[2].txt
C:\DOCUME~1\Paul\Cookies\paul@advertising[2].txt
C:\DOCUME~1\Paul\Cookies\paul@bigpoint[1].txt
C:\DOCUME~1\Paul\Cookies\paul@fr.seafight.bigpoint[2].txt
C:\DOCUME~1\Paul\Cookies\paul@adopt.euroclick[2].txt
C:\DOCUME~1\Paul\Cookies\paul@fr.seafight.bigpoint[2].txt
C:\DOCUME~1\Paul\Cookies\paul@32vegas[1].txt
C:\DOCUME~1\Paul\Cookies\paul@banner.32vegas[2].txt
C:\DOCUME~1\Paul\Cookies\paul@www.32vegas[1].txt
C:\DOCUME~1\Paul\Cookies\paul@2xmoinscher[1].txt
C:\DOCUME~1\Paul\Cookies\paul@www.2xmoinscher[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 19:00:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.exe
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_nav.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_navps.dat
[b]==> EGDACCESS <==/b
[F:1512][D:87]-> C:\DOCUME~1\Paul\LOCALS~1\Temp
[F:943][D:0]-> C:\DOCUME~1\Paul\Cookies
[F:76][D:17]-> C:\DOCUME~1\Paul\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 13/02/2009|19:01 - Option : [1]
--------------------\\ Fin du rapport a 19:01:39
le deuxième :
Search Navipromo version 3.7.3 commencé le 13/02/2009 à 19:03:51,76
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 13.02.2009 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : BIOS Date: 09/26/05 15:16:53 Ver: 08.00.09
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:489 Mo (Free:0 Go)
Recherche executé en mode normal
*** Recherche Programmes installés ***
Favorit
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Paul\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Paul\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Paul\menudm~1\progra~1" ***
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Paul\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
HKEY_CURRENT_USER\Software\Lanconfig
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"acqeu"="\"c:\\documents and settings\\paul\\local settings\\application data\\acqeu.exe\" acqeu"
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Paul\locals~1\applic~1" :
acqeu.exe trouvé !
acqeu.dat trouvé !
acqeu_nav.dat trouvé !
acqeu_navps.dat trouvé !
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 13/02/2009 à 19:05:05,26 ***
le dernier:
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : BIOS Date: 09/26/05 15:16:53 Ver: 08.00.09
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:489 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 13/02/2009|19:06 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar
C:\Program Files\AskSBar\SrchAstt
C:\Program Files\AskSBar\bar\1.bin
C:\Program Files\AskSBar\bar\Cache
C:\Program Files\AskSBar\bar\History
C:\Program Files\AskSBar\bar\Settings
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL
C:\Program Files\AskSBar\bar\Cache\0168BDCA.bin
C:\Program Files\AskSBar\bar\Cache\0168BFDE.bin
C:\Program Files\AskSBar\bar\Cache\0168C1C2.bin
C:\Program Files\AskSBar\bar\Cache\0168C3C6.bin
C:\Program Files\AskSBar\bar\Cache\0168C58B.bin
C:\Program Files\AskSBar\bar\Cache\0168C78E.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskSBar\SrchAstt\1.bin
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.postarticles.net"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.exe
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_nav.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_navps.dat
[b]==> EGDACCESS <==/b
1 - "C:\ToolBar SD\TB_1.txt" - 13/02/2009|19:06 - Option : [1]
-----------\\ Fin du rapport a 19:06:46,26
Voilà j'attend avec impatience votre réponse.
Merci
Utilisateur anonyme
14 févr. 2009 à 16:02
14 févr. 2009 à 16:02
Bonjour :
Suppression + Hosts
double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option "Suppression + Hosts"
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
ensuite :
Option 2 - Suppression :
* Double clique sur le raccourci de Navilog.
* Choisis l'option 2 puis valide. (Entrée)
* Laisse toi guider.
* Ton ordinateur va redémarrer, sinon fais le manuellement.
* Ton bureau va disparaître.
* Après un certain temps, le Bloc-notes va s'ouvrir.
* Sauvegarde le rapport.
* Referme le Bloc-notes. Ton bureau va maintenant réapparaître.
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
Démarrer -> panneau de configuration -> options internet
Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :
VIP
Si tu les trouves, fais ceci :
* Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
* Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.
Ensuite pour chacun des certificats présents sur ton bureau :
* Va sur le site Web :
https://www.bleepingcomputer.com/submit-malware.php?channel=35
* Copie/colle ceci dans la case 'Link to Topic' :
le nom du certificat (Montorgueil ,......)
* Copie/colle ceci dans la case 'Browse to the File' :
Le certificat correspondant que tu avais exportés vers ton bureau
Si c'est fait, supprime enfin le certificat présent sur ton bureau.
Les programmes suivants installent cette infection :
* Go-astro
* GoRecord
* HotTVPlayer
* Live Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
* Sur le site www.games-desktop.com (Ne pas aller dessus!)
ensuite :
Relance Toolbar-S&D en double-cliquant sur le raccourci
.
Ø Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
-
On vous aide ailleurs ? signalez-le !!!!!
Mettre en resolu pour les autres Merci
®© ----™g3и-н@¢км@и™---- ©®
Suppression + Hosts
double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option "Suppression + Hosts"
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
ensuite :
Option 2 - Suppression :
* Double clique sur le raccourci de Navilog.
* Choisis l'option 2 puis valide. (Entrée)
* Laisse toi guider.
* Ton ordinateur va redémarrer, sinon fais le manuellement.
* Ton bureau va disparaître.
* Après un certain temps, le Bloc-notes va s'ouvrir.
* Sauvegarde le rapport.
* Referme le Bloc-notes. Ton bureau va maintenant réapparaître.
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
Démarrer -> panneau de configuration -> options internet
Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :
VIP
Si tu les trouves, fais ceci :
* Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
* Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.
Ensuite pour chacun des certificats présents sur ton bureau :
* Va sur le site Web :
https://www.bleepingcomputer.com/submit-malware.php?channel=35
* Copie/colle ceci dans la case 'Link to Topic' :
le nom du certificat (Montorgueil ,......)
* Copie/colle ceci dans la case 'Browse to the File' :
Le certificat correspondant que tu avais exportés vers ton bureau
Si c'est fait, supprime enfin le certificat présent sur ton bureau.
Les programmes suivants installent cette infection :
* Go-astro
* GoRecord
* HotTVPlayer
* Live Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
* Sur le site www.games-desktop.com (Ne pas aller dessus!)
ensuite :
Relance Toolbar-S&D en double-cliquant sur le raccourci
.
Ø Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
-
On vous aide ailleurs ? signalez-le !!!!!
Mettre en resolu pour les autres Merci
®© ----™g3и-н@¢км@и™---- ©®
Voici les rapports suite aux suppression:
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : BIOS Date: 09/26/05 15:16:53 Ver: 08.00.09
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:489 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 16/02/2009|18:45 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\Paul\LOCALS~1\Temp\msgpl_5330.exe
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[16/10/2008|16:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[24/10/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[15/10/2008|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[16/11/2008|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[06/11/2008|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[16/10/2008|15:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[31/10/2008|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[17/12/2008|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/02/2009|07:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[16/10/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[27/12/2008|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[16/10/2008|14:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[17/12/2008|22:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[05/11/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\wmp
[19/10/2008|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[19/10/2008|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[15/10/2008|20:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[16/02/2009|10:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[16/02/2009|10:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[31/10/2008|19:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[15/10/2008|20:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[17/10/2008|11:58] C:\DOCUME~1\Paul\APPLIC~1\Adobe
[24/10/2008|22:37] C:\DOCUME~1\Paul\APPLIC~1\ATI
[04/02/2009|08:21] C:\DOCUME~1\Paul\APPLIC~1\Azureus
[06/11/2008|19:52] C:\DOCUME~1\Paul\APPLIC~1\CyberLink
[17/11/2008|18:26] C:\DOCUME~1\Paul\APPLIC~1\DAEMON Tools
[16/10/2008|13:45] C:\DOCUME~1\Paul\APPLIC~1\FrostWire
[08/11/2008|20:34] C:\DOCUME~1\Paul\APPLIC~1\Google
[15/10/2008|20:35] C:\DOCUME~1\Paul\APPLIC~1\Identities
[16/01/2009|11:07] C:\DOCUME~1\Paul\APPLIC~1\ImgBurn
[14/02/2009|22:05] C:\DOCUME~1\Paul\APPLIC~1\LimeWire
[15/10/2008|21:22] C:\DOCUME~1\Paul\APPLIC~1\Macromedia
[24/01/2009|18:27] C:\DOCUME~1\Paul\APPLIC~1\Media Player Classic
[08/01/2009|10:41] C:\DOCUME~1\Paul\APPLIC~1\Microsoft
[17/10/2008|12:04] C:\DOCUME~1\Paul\APPLIC~1\Mozilla
[12/11/2008|16:29] C:\DOCUME~1\Paul\APPLIC~1\Nero
[17/11/2008|13:21] C:\DOCUME~1\Paul\APPLIC~1\SecuROM
[16/02/2009|18:32] C:\DOCUME~1\Paul\APPLIC~1\Skype
[16/02/2009|17:32] C:\DOCUME~1\Paul\APPLIC~1\skypePM
[23/10/2008|06:39] C:\DOCUME~1\Paul\APPLIC~1\Sun
[03/01/2009|11:18] C:\DOCUME~1\Paul\APPLIC~1\vlc
[17/10/2008|14:00] C:\DOCUME~1\Paul\APPLIC~1\Windows Desktop Search
[18/10/2008|08:04] C:\DOCUME~1\Paul\APPLIC~1\Windows Search
[19/10/2008|16:14] C:\DOCUME~1\Paul\APPLIC~1\Yahoo!
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[16/02/2009 17:31][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 21:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[16/02/2009|10:47] C:\Program Files\%systemdir%
[16/10/2008|16:56] C:\Program Files\Adobe
[10/02/2009|08:59] C:\Program Files\Adobe Type Manager
[05/02/2009|21:34] C:\Program Files\adslTV
[15/10/2008|21:31] C:\Program Files\Analog Devices
[16/11/2008|13:17] C:\Program Files\AskSBar
[17/11/2008|18:44] C:\Program Files\Aspyr
[24/10/2008|22:03] C:\Program Files\ATI Technologies
[15/10/2008|22:11] C:\Program Files\Avira
[04/02/2009|07:33] C:\Program Files\Azureus
[19/11/2008|00:04] C:\Program Files\CA Yahoo! Anti-Spy
[17/10/2008|16:45] C:\Program Files\CCleaner
[24/01/2009|18:24] C:\Program Files\Combined Community Codec Pack
[15/10/2008|20:23] C:\Program Files\ComPlus Applications
[06/11/2008|19:51] C:\Program Files\CyberLink
[26/10/2008|10:25] C:\Program Files\EPSON
[17/10/2008|14:54] C:\Program Files\ffdshow
[27/12/2008|20:53] C:\Program Files\Fichiers communs
[26/10/2008|10:35] C:\Program Files\Freeplayer
[08/11/2008|20:34] C:\Program Files\Google
[10/02/2009|08:55] C:\Program Files\Hewlett-Packard
[30/01/2009|23:25] C:\Program Files\ICCup
[06/11/2008|19:51] C:\Program Files\InstallShield Installation Information
[11/02/2009|07:51] C:\Program Files\Internet Explorer
[04/12/2008|15:21] C:\Program Files\Java
[06/01/2009|19:27] C:\Program Files\LimeWire
[17/10/2008|22:25] C:\Program Files\Messenger
[06/02/2009|19:05] C:\Program Files\Messenger Plus! Live
[17/12/2008|17:04] C:\Program Files\Microsoft
[15/10/2008|20:26] C:\Program Files\microsoft frontpage
[01/11/2008|18:28] C:\Program Files\Microsoft Office
[17/12/2008|17:04] C:\Program Files\Microsoft Office Outlook Connector
[17/12/2008|17:04] C:\Program Files\Microsoft Silverlight
[02/11/2008|19:56] C:\Program Files\Microsoft Visual Studio
[01/11/2008|18:24] C:\Program Files\Microsoft Visual Studio 8
[02/11/2008|19:57] C:\Program Files\Microsoft Works
[01/11/2008|18:27] C:\Program Files\Microsoft.NET
[17/01/2009|01:53] C:\Program Files\Movie Maker
[16/02/2009|18:39] C:\Program Files\Mozilla Firefox
[02/11/2008|19:57] C:\Program Files\MSBuild
[15/10/2008|20:23] C:\Program Files\MSN
[15/10/2008|20:22] C:\Program Files\MSN Gaming Zone
[13/02/2009|19:05] C:\Program Files\Navilog1
[12/11/2008|16:28] C:\Program Files\Nero 9
[15/10/2008|21:12] C:\Program Files\NETGEAR
[17/10/2008|22:18] C:\Program Files\NetMeeting
[16/10/2008|17:36] C:\Program Files\NOS
[17/01/2009|01:53] C:\Program Files\Outlook Express
[10/02/2009|08:58] C:\Program Files\PhotoDeluxe EE 1.1
[13/02/2009|22:28] C:\Program Files\PKR
[05/12/2008|10:25] C:\Program Files\PurFlirt
[24/10/2008|22:24] C:\Program Files\Reference Assemblies
[15/10/2008|20:23] C:\Program Files\Services en ligne
[05/11/2008|19:56] C:\Program Files\sina
[27/12/2008|20:53] C:\Program Files\Skype
[16/02/2009|17:34] C:\Program Files\Starcraft
[18/10/2008|11:21] C:\Program Files\SuperCopier
[12/02/2009|07:41] C:\Program Files\Trend Micro
[15/10/2008|21:56] C:\Program Files\VIA
[17/10/2008|13:59] C:\Program Files\Windows Desktop Search
[17/12/2008|18:10] C:\Program Files\Windows Live
[31/10/2008|18:34] C:\Program Files\Windows Media Connect 2
[31/10/2008|19:05] C:\Program Files\Windows Media Player
[17/10/2008|22:18] C:\Program Files\Windows NT
[15/10/2008|21:47] C:\Program Files\WindowsUpdate
[13/02/2009|19:53] C:\Program Files\WinPcap
[15/10/2008|20:26] C:\Program Files\xerox
[19/10/2008|08:39] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[16/10/2008|16:56] C:\Program Files\Fichiers communs\Adobe
[02/11/2008|19:56] C:\Program Files\Fichiers communs\DESIGNER
[10/02/2009|09:04] C:\Program Files\Fichiers communs\EPSON
[15/10/2008|21:56] C:\Program Files\Fichiers communs\InstallShield
[16/10/2008|13:35] C:\Program Files\Fichiers communs\Java
[17/12/2008|17:00] C:\Program Files\Fichiers communs\Microsoft Shared
[15/10/2008|20:24] C:\Program Files\Fichiers communs\MSSoap
[12/11/2008|16:28] C:\Program Files\Fichiers communs\Nero
[15/10/2008|20:43] C:\Program Files\Fichiers communs\ODBC
[19/11/2008|00:02] C:\Program Files\Fichiers communs\Scanner
[15/10/2008|20:24] C:\Program Files\Fichiers communs\Services
[27/12/2008|20:53] C:\Program Files\Fichiers communs\Skype
[15/10/2008|20:43] C:\Program Files\Fichiers communs\SpeechEngines
[17/12/2008|17:04] C:\Program Files\Fichiers communs\System
[17/12/2008|16:52] C:\Program Files\Fichiers communs\Windows Live
[17/10/2008|16:46] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 49 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 18:47:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
? [1712]
? [1168]
? [1420]
? [2188]
? [2624]
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.exe
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_nav.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_navps.dat
[b]==> EGDACCESS <==/b
[F:1543][D:88]-> C:\DOCUME~1\Paul\LOCALS~1\Temp
[F:25][D:0]-> C:\DOCUME~1\Paul\Cookies
[F:1013][D:17]-> C:\DOCUME~1\Paul\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 13/02/2009|19:01 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 16/02/2009|18:47 - Option : [2]
--------------------\\ Fin du rapport a 18:47:39
le dernier
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : BIOS Date: 09/26/05 15:16:53 Ver: 08.00.09
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:21 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:489 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 16/02/2009|19:04 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\AskSBar\bar
Supprime! - C:\Program Files\AskSBar\SrchAstt
Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
Supprime! - C:\Program Files\AskSBar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.postarticles.net"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 13/02/2009|19:06 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 16/02/2009|19:05 - Option : [2]
-----------\\ Fin du rapport a 19:05:09,78
j'ai oublier de sauvegarder le deuxieme celui du navilog quand je refait la manip sa ne marche pas
J'attend votre réponse
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : BIOS Date: 09/26/05 15:16:53 Ver: 08.00.09
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:489 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 16/02/2009|18:45 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\Paul\LOCALS~1\Temp\msgpl_5330.exe
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[16/10/2008|16:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[24/10/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[15/10/2008|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[16/11/2008|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[06/11/2008|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[16/10/2008|15:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[31/10/2008|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[17/12/2008|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/02/2009|07:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[16/10/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[27/12/2008|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[16/10/2008|14:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[17/12/2008|22:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[05/11/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\wmp
[19/10/2008|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[19/10/2008|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[15/10/2008|20:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[16/02/2009|10:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[16/02/2009|10:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[31/10/2008|19:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[15/10/2008|20:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[17/10/2008|11:58] C:\DOCUME~1\Paul\APPLIC~1\Adobe
[24/10/2008|22:37] C:\DOCUME~1\Paul\APPLIC~1\ATI
[04/02/2009|08:21] C:\DOCUME~1\Paul\APPLIC~1\Azureus
[06/11/2008|19:52] C:\DOCUME~1\Paul\APPLIC~1\CyberLink
[17/11/2008|18:26] C:\DOCUME~1\Paul\APPLIC~1\DAEMON Tools
[16/10/2008|13:45] C:\DOCUME~1\Paul\APPLIC~1\FrostWire
[08/11/2008|20:34] C:\DOCUME~1\Paul\APPLIC~1\Google
[15/10/2008|20:35] C:\DOCUME~1\Paul\APPLIC~1\Identities
[16/01/2009|11:07] C:\DOCUME~1\Paul\APPLIC~1\ImgBurn
[14/02/2009|22:05] C:\DOCUME~1\Paul\APPLIC~1\LimeWire
[15/10/2008|21:22] C:\DOCUME~1\Paul\APPLIC~1\Macromedia
[24/01/2009|18:27] C:\DOCUME~1\Paul\APPLIC~1\Media Player Classic
[08/01/2009|10:41] C:\DOCUME~1\Paul\APPLIC~1\Microsoft
[17/10/2008|12:04] C:\DOCUME~1\Paul\APPLIC~1\Mozilla
[12/11/2008|16:29] C:\DOCUME~1\Paul\APPLIC~1\Nero
[17/11/2008|13:21] C:\DOCUME~1\Paul\APPLIC~1\SecuROM
[16/02/2009|18:32] C:\DOCUME~1\Paul\APPLIC~1\Skype
[16/02/2009|17:32] C:\DOCUME~1\Paul\APPLIC~1\skypePM
[23/10/2008|06:39] C:\DOCUME~1\Paul\APPLIC~1\Sun
[03/01/2009|11:18] C:\DOCUME~1\Paul\APPLIC~1\vlc
[17/10/2008|14:00] C:\DOCUME~1\Paul\APPLIC~1\Windows Desktop Search
[18/10/2008|08:04] C:\DOCUME~1\Paul\APPLIC~1\Windows Search
[19/10/2008|16:14] C:\DOCUME~1\Paul\APPLIC~1\Yahoo!
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[16/02/2009 17:31][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 21:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[16/02/2009|10:47] C:\Program Files\%systemdir%
[16/10/2008|16:56] C:\Program Files\Adobe
[10/02/2009|08:59] C:\Program Files\Adobe Type Manager
[05/02/2009|21:34] C:\Program Files\adslTV
[15/10/2008|21:31] C:\Program Files\Analog Devices
[16/11/2008|13:17] C:\Program Files\AskSBar
[17/11/2008|18:44] C:\Program Files\Aspyr
[24/10/2008|22:03] C:\Program Files\ATI Technologies
[15/10/2008|22:11] C:\Program Files\Avira
[04/02/2009|07:33] C:\Program Files\Azureus
[19/11/2008|00:04] C:\Program Files\CA Yahoo! Anti-Spy
[17/10/2008|16:45] C:\Program Files\CCleaner
[24/01/2009|18:24] C:\Program Files\Combined Community Codec Pack
[15/10/2008|20:23] C:\Program Files\ComPlus Applications
[06/11/2008|19:51] C:\Program Files\CyberLink
[26/10/2008|10:25] C:\Program Files\EPSON
[17/10/2008|14:54] C:\Program Files\ffdshow
[27/12/2008|20:53] C:\Program Files\Fichiers communs
[26/10/2008|10:35] C:\Program Files\Freeplayer
[08/11/2008|20:34] C:\Program Files\Google
[10/02/2009|08:55] C:\Program Files\Hewlett-Packard
[30/01/2009|23:25] C:\Program Files\ICCup
[06/11/2008|19:51] C:\Program Files\InstallShield Installation Information
[11/02/2009|07:51] C:\Program Files\Internet Explorer
[04/12/2008|15:21] C:\Program Files\Java
[06/01/2009|19:27] C:\Program Files\LimeWire
[17/10/2008|22:25] C:\Program Files\Messenger
[06/02/2009|19:05] C:\Program Files\Messenger Plus! Live
[17/12/2008|17:04] C:\Program Files\Microsoft
[15/10/2008|20:26] C:\Program Files\microsoft frontpage
[01/11/2008|18:28] C:\Program Files\Microsoft Office
[17/12/2008|17:04] C:\Program Files\Microsoft Office Outlook Connector
[17/12/2008|17:04] C:\Program Files\Microsoft Silverlight
[02/11/2008|19:56] C:\Program Files\Microsoft Visual Studio
[01/11/2008|18:24] C:\Program Files\Microsoft Visual Studio 8
[02/11/2008|19:57] C:\Program Files\Microsoft Works
[01/11/2008|18:27] C:\Program Files\Microsoft.NET
[17/01/2009|01:53] C:\Program Files\Movie Maker
[16/02/2009|18:39] C:\Program Files\Mozilla Firefox
[02/11/2008|19:57] C:\Program Files\MSBuild
[15/10/2008|20:23] C:\Program Files\MSN
[15/10/2008|20:22] C:\Program Files\MSN Gaming Zone
[13/02/2009|19:05] C:\Program Files\Navilog1
[12/11/2008|16:28] C:\Program Files\Nero 9
[15/10/2008|21:12] C:\Program Files\NETGEAR
[17/10/2008|22:18] C:\Program Files\NetMeeting
[16/10/2008|17:36] C:\Program Files\NOS
[17/01/2009|01:53] C:\Program Files\Outlook Express
[10/02/2009|08:58] C:\Program Files\PhotoDeluxe EE 1.1
[13/02/2009|22:28] C:\Program Files\PKR
[05/12/2008|10:25] C:\Program Files\PurFlirt
[24/10/2008|22:24] C:\Program Files\Reference Assemblies
[15/10/2008|20:23] C:\Program Files\Services en ligne
[05/11/2008|19:56] C:\Program Files\sina
[27/12/2008|20:53] C:\Program Files\Skype
[16/02/2009|17:34] C:\Program Files\Starcraft
[18/10/2008|11:21] C:\Program Files\SuperCopier
[12/02/2009|07:41] C:\Program Files\Trend Micro
[15/10/2008|21:56] C:\Program Files\VIA
[17/10/2008|13:59] C:\Program Files\Windows Desktop Search
[17/12/2008|18:10] C:\Program Files\Windows Live
[31/10/2008|18:34] C:\Program Files\Windows Media Connect 2
[31/10/2008|19:05] C:\Program Files\Windows Media Player
[17/10/2008|22:18] C:\Program Files\Windows NT
[15/10/2008|21:47] C:\Program Files\WindowsUpdate
[13/02/2009|19:53] C:\Program Files\WinPcap
[15/10/2008|20:26] C:\Program Files\xerox
[19/10/2008|08:39] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[16/10/2008|16:56] C:\Program Files\Fichiers communs\Adobe
[02/11/2008|19:56] C:\Program Files\Fichiers communs\DESIGNER
[10/02/2009|09:04] C:\Program Files\Fichiers communs\EPSON
[15/10/2008|21:56] C:\Program Files\Fichiers communs\InstallShield
[16/10/2008|13:35] C:\Program Files\Fichiers communs\Java
[17/12/2008|17:00] C:\Program Files\Fichiers communs\Microsoft Shared
[15/10/2008|20:24] C:\Program Files\Fichiers communs\MSSoap
[12/11/2008|16:28] C:\Program Files\Fichiers communs\Nero
[15/10/2008|20:43] C:\Program Files\Fichiers communs\ODBC
[19/11/2008|00:02] C:\Program Files\Fichiers communs\Scanner
[15/10/2008|20:24] C:\Program Files\Fichiers communs\Services
[27/12/2008|20:53] C:\Program Files\Fichiers communs\Skype
[15/10/2008|20:43] C:\Program Files\Fichiers communs\SpeechEngines
[17/12/2008|17:04] C:\Program Files\Fichiers communs\System
[17/12/2008|16:52] C:\Program Files\Fichiers communs\Windows Live
[17/10/2008|16:46] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 49 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 18:47:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
? [1712]
? [1168]
? [1420]
? [2188]
? [2624]
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.exe
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_nav.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_navps.dat
[b]==> EGDACCESS <==/b
[F:1543][D:88]-> C:\DOCUME~1\Paul\LOCALS~1\Temp
[F:25][D:0]-> C:\DOCUME~1\Paul\Cookies
[F:1013][D:17]-> C:\DOCUME~1\Paul\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 13/02/2009|19:01 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 16/02/2009|18:47 - Option : [2]
--------------------\\ Fin du rapport a 18:47:39
le dernier
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : BIOS Date: 09/26/05 15:16:53 Ver: 08.00.09
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:21 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:489 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 16/02/2009|19:04 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\AskSBar\bar
Supprime! - C:\Program Files\AskSBar\SrchAstt
Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
Supprime! - C:\Program Files\AskSBar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.postarticles.net"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 13/02/2009|19:06 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 16/02/2009|19:05 - Option : [2]
-----------\\ Fin du rapport a 19:05:09,78
j'ai oublier de sauvegarder le deuxieme celui du navilog quand je refait la manip sa ne marche pas
J'attend votre réponse
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
16 févr. 2009 à 22:05
16 févr. 2009 à 22:05
peut importe en fait :
Télécharge MalwareByte's :
http://www.malwarebytes.org/mbam.php ou ici :
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )
* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's .
Fais un examen dit "Complet" .
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
Télécharge MalwareByte's :
http://www.malwarebytes.org/mbam.php ou ici :
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )
* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's .
Fais un examen dit "Complet" .
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
Utilisateur anonyme
17 févr. 2009 à 00:07
17 févr. 2009 à 00:07
Telecharge maintenant FindyKill sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
--> Lance l installation avec les parametres par default
--> Au menu principal,choisi l option 1 (Recherche)
--> Post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
--> Lance l installation avec les parametres par default
--> Au menu principal,choisi l option 1 (Recherche)
--> Post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Sa y est j'ai réussi à lancer malwarebytes.
Il n'arrive pas à suprimer certains fichiers dont voici (avant le redémarrage je sais pas s'il a la fait après il y avait une fenêtre qui a indiqué cela).
C:\Windows\System32\afisicx.exe
C:\Windows\System32\roytctm.exe
C:\Windows\System32\tdydowkc.exe
C:\Windows\System32\woldockd.exe
C:\Windows\System32\noytcyr.exe
Voici le rapport :
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1768
Windows 5.1.2600 Service Pack 3
17/02/2009 07:49:08
mbam-log-2009-02-17 (07-49-08).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 118406
Temps écoulé: 25 minute(s), 3 second(s)
Processus mémoire infecté(s): 5
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 21
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 31
Processus mémoire infecté(s):
C:\WINDOWS\wuauclx.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\soxpeca.exe (Backdoor.Bot) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\afisicx (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\roytctm (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\roytctm (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\roytctm (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdydowkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdydowkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdydowkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wsldoekd (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wsldoekd (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wsldoekd (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\noytcyr (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\noytcyr (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noytcyr (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soxpeca (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\soxpeca (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\soxpeca (Backdoor.Bot) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PromoReg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Window UDP Control Servic (Backdoor.Bot) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://postarticles.net) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\wuauclx.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\ad.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\add.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\U.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\G9LR9R8H\uddb[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\KLC7UAJP\ad[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\KLC7UAJP\ad[2].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\%systemdir%\systemac.dll (Trojan.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afisicx.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\roytctm.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\tdydowkc.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\wsldoekd.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\noytcyr.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\helpersvssccs.exe (Trojan.SpamBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ceyxni.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\soxpeca.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\udxfytw.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaesqgutfn.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaktskawul.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekamxdovbob.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekawpractym.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekaxjmjrmux.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekaqpowrnom.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Puis voici le rapport de findykill :
############################## [ FindyKill V4.716 ]
# User : Paul (Administrateurs) # PAUL-NAM
# Update on 10/02/09 by Chiquitine29
# Start at: 07:55:48 | 17/02/2009
# Intel(R) Celeron(R) CPU 2.66GHz
# Microsoft Windows XP dition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # NTFS
# D:\ # Disque fixe local # NTFS
# E:\ # Disque CD-ROM (BROODWAR) # CDFS
# F:\ # Disque CD-ROM
# G:\ # Disque amovible # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\svssccs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
################## [ Fichiers / Dossiers infectieux C:\ ]
################## [ C:\WINDOWS ]
################## [ C:\WINDOWS\Prefetch ]
################## [ C:\WINDOWS\system32 ]
################## [ C:\WINDOWS\system32\drivers ]
################## [ C:\Documents and Settings\Paul\Application Data ]
################## [ C:\DOCUME~1\Paul\LOCALS~1\Temp ]
################## [ Registre / Clés infectieuses ]
################## [ Etat / Services ]
# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
Ndisuio # Type de démarrage = 3
EapHost # Type de démarrage = 3
Ip6Fw # Type de démarrage = 3
SharedAccess # Type de démarrage = 2
wuauserv # Type de démarrage = 2
wscsvc # Type de démarrage = 4
################## [ Recherche dans supports amovibles]
# Contenu de l'autorun : E:\autorun.inf
[autorun]
OPEN=SETUP.EXE
ICON=BW.ICO
# Contenu de l'autorun : G:\autorun.inf
[AutoRun]
open=AdobeR.exe e
shellexecute=AdobeR.exe e
shell\Auto\command=AdobeR.exe e
shell=Auto
# presence des fichiers :
Found ! [13/12/1998 15:43][-r-------] - E:\autorun.inf
Found ! [19/07/2007 17:03][---h-----] - G:\autorun.inf
################## [ Registre / Mountpoint2 ]
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6439ab79-9af0-11dd-af25-00112fb42e27}\Shell\AutoRun\command
################## [ ! Fin du rapport # FindyKill V4.716 ! ]
Merci pour la suite
Il n'arrive pas à suprimer certains fichiers dont voici (avant le redémarrage je sais pas s'il a la fait après il y avait une fenêtre qui a indiqué cela).
C:\Windows\System32\afisicx.exe
C:\Windows\System32\roytctm.exe
C:\Windows\System32\tdydowkc.exe
C:\Windows\System32\woldockd.exe
C:\Windows\System32\noytcyr.exe
Voici le rapport :
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1768
Windows 5.1.2600 Service Pack 3
17/02/2009 07:49:08
mbam-log-2009-02-17 (07-49-08).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 118406
Temps écoulé: 25 minute(s), 3 second(s)
Processus mémoire infecté(s): 5
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 21
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 31
Processus mémoire infecté(s):
C:\WINDOWS\wuauclx.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\soxpeca.exe (Backdoor.Bot) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\afisicx (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\roytctm (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\roytctm (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\roytctm (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdydowkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdydowkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdydowkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wsldoekd (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wsldoekd (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wsldoekd (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\noytcyr (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\noytcyr (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noytcyr (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soxpeca (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\soxpeca (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\soxpeca (Backdoor.Bot) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PromoReg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Window UDP Control Servic (Backdoor.Bot) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://postarticles.net) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\wuauclx.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\ad.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\add.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\U.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\G9LR9R8H\uddb[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\KLC7UAJP\ad[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\KLC7UAJP\ad[2].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\%systemdir%\systemac.dll (Trojan.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afisicx.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\roytctm.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\tdydowkc.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\wsldoekd.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\noytcyr.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\helpersvssccs.exe (Trojan.SpamBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ceyxni.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\soxpeca.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\udxfytw.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaesqgutfn.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaktskawul.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekamxdovbob.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekawpractym.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekaxjmjrmux.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekaqpowrnom.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Puis voici le rapport de findykill :
############################## [ FindyKill V4.716 ]
# User : Paul (Administrateurs) # PAUL-NAM
# Update on 10/02/09 by Chiquitine29
# Start at: 07:55:48 | 17/02/2009
# Intel(R) Celeron(R) CPU 2.66GHz
# Microsoft Windows XP dition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # NTFS
# D:\ # Disque fixe local # NTFS
# E:\ # Disque CD-ROM (BROODWAR) # CDFS
# F:\ # Disque CD-ROM
# G:\ # Disque amovible # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\svssccs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
################## [ Fichiers / Dossiers infectieux C:\ ]
################## [ C:\WINDOWS ]
################## [ C:\WINDOWS\Prefetch ]
################## [ C:\WINDOWS\system32 ]
################## [ C:\WINDOWS\system32\drivers ]
################## [ C:\Documents and Settings\Paul\Application Data ]
################## [ C:\DOCUME~1\Paul\LOCALS~1\Temp ]
################## [ Registre / Clés infectieuses ]
################## [ Etat / Services ]
# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
Ndisuio # Type de démarrage = 3
EapHost # Type de démarrage = 3
Ip6Fw # Type de démarrage = 3
SharedAccess # Type de démarrage = 2
wuauserv # Type de démarrage = 2
wscsvc # Type de démarrage = 4
################## [ Recherche dans supports amovibles]
# Contenu de l'autorun : E:\autorun.inf
[autorun]
OPEN=SETUP.EXE
ICON=BW.ICO
# Contenu de l'autorun : G:\autorun.inf
[AutoRun]
open=AdobeR.exe e
shellexecute=AdobeR.exe e
shell\Auto\command=AdobeR.exe e
shell=Auto
# presence des fichiers :
Found ! [13/12/1998 15:43][-r-------] - E:\autorun.inf
Found ! [19/07/2007 17:03][---h-----] - G:\autorun.inf
################## [ Registre / Mountpoint2 ]
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6439ab79-9af0-11dd-af25-00112fb42e27}\Shell\AutoRun\command
################## [ ! Fin du rapport # FindyKill V4.716 ! ]
Merci pour la suite
Utilisateur anonyme
17 févr. 2009 à 09:18
17 févr. 2009 à 09:18
bonjour :
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Fais clic droit sur le raccourci FindyKill sur ton bureau
--> Au menu principal,choisi l option 2 (Suppression)
/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"
/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !
-------> ensuite post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Fais clic droit sur le raccourci FindyKill sur ton bureau
--> Au menu principal,choisi l option 2 (Suppression)
/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"
/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !
-------> ensuite post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Voici le rapport :
############################## [ FindyKill V4.716 ]
# User : Paul (Administrateurs) # PAUL-NAM
# Update on 10/02/09 by Chiquitine29
# Start at: 17:39:38 | 17/02/2009
# Intel(R) Celeron(R) CPU 2.66GHz
# Microsoft Windows XP dition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # NTFS
# D:\ # Disque fixe local # NTFS
# E:\ # Disque CD-ROM (BROODWAR) # CDFS
# F:\ # Disque CD-ROM
# G:\ # Disque amovible # FAT32
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Infected Files / Folders C:\ ]
################## [ C:\WINDOWS ]
################## [ C:\WINDOWS\Prefetch ]
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-33125E68.pf
################## [ C:\WINDOWS\system32 ]
################## [ C:\WINDOWS\system32\drivers ]
################## [ C:\Documents and Settings\Paul\Application Data ]
################## [ Cleaning Temp Files... ]
################## [ Registry / Infected keys ]
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio # Type of startup = 3
EapHost # Type of startup = 2
Ip6Fw # Type of startup = 2
SharedAccess # Type of startup = 2
wuauserv # Type of startup = 2
wscsvc # Type of startup = 2
################## [ Cleaning Removable drives ]
# Deleting files :
Not deleted !! - E:\autorun.inf
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ Searching Other Infections ]
# -> Nothing found ! ..
################## [ ! End of Report # FindyKill V4.716 ! ]
############################## [ FindyKill V4.716 ]
# User : Paul (Administrateurs) # PAUL-NAM
# Update on 10/02/09 by Chiquitine29
# Start at: 17:39:38 | 17/02/2009
# Intel(R) Celeron(R) CPU 2.66GHz
# Microsoft Windows XP dition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # NTFS
# D:\ # Disque fixe local # NTFS
# E:\ # Disque CD-ROM (BROODWAR) # CDFS
# F:\ # Disque CD-ROM
# G:\ # Disque amovible # FAT32
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Infected Files / Folders C:\ ]
################## [ C:\WINDOWS ]
################## [ C:\WINDOWS\Prefetch ]
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-33125E68.pf
################## [ C:\WINDOWS\system32 ]
################## [ C:\WINDOWS\system32\drivers ]
################## [ C:\Documents and Settings\Paul\Application Data ]
################## [ Cleaning Temp Files... ]
################## [ Registry / Infected keys ]
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio # Type of startup = 3
EapHost # Type of startup = 2
Ip6Fw # Type of startup = 2
SharedAccess # Type of startup = 2
wuauserv # Type of startup = 2
wscsvc # Type of startup = 2
################## [ Cleaning Removable drives ]
# Deleting files :
Not deleted !! - E:\autorun.inf
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ Searching Other Infections ]
# -> Nothing found ! ..
################## [ ! End of Report # FindyKill V4.716 ! ]
Utilisateur anonyme
17 févr. 2009 à 18:03
17 févr. 2009 à 18:03
relance findykill option 2 stp
Say est je l'ai refait meme 2fois voici le rapport:
############################## [ FindyKill V4.716 ]
# User : Paul (Administrateurs) # PAUL-NAM
# Update on 10/02/09 by Chiquitine29
# Start at: 18:56:12 | 17/02/2009
# Intel(R) Celeron(R) CPU 2.66GHz
# Microsoft Windows XP dition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # NTFS
# D:\ # Disque fixe local # NTFS
# E:\ # Disque CD-ROM (BROODWAR) # CDFS
# F:\ # Disque CD-ROM
# G:\ # Disque amovible # FAT32
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Infected Files / Folders C:\ ]
################## [ C:\WINDOWS ]
################## [ C:\WINDOWS\Prefetch ]
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-33125E68.pf
################## [ C:\WINDOWS\system32 ]
################## [ C:\WINDOWS\system32\drivers ]
################## [ C:\Documents and Settings\Paul\Application Data ]
################## [ Cleaning Temp Files... ]
################## [ Registry / Infected keys ]
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio # Type of startup = 3
EapHost # Type of startup = 2
Ip6Fw # Type of startup = 2
SharedAccess # Type of startup = 2
wuauserv # Type of startup = 2
wscsvc # Type of startup = 2
################## [ Cleaning Removable drives ]
# Deleting files :
Not deleted !! - E:\autorun.inf
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ Searching Other Infections ]
# -> Nothing found ! ..
################## [ ! End of Report # FindyKill V4.716 ! ]
Je croit que c le meme
Merci pour la suite
############################## [ FindyKill V4.716 ]
# User : Paul (Administrateurs) # PAUL-NAM
# Update on 10/02/09 by Chiquitine29
# Start at: 18:56:12 | 17/02/2009
# Intel(R) Celeron(R) CPU 2.66GHz
# Microsoft Windows XP dition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # NTFS
# D:\ # Disque fixe local # NTFS
# E:\ # Disque CD-ROM (BROODWAR) # CDFS
# F:\ # Disque CD-ROM
# G:\ # Disque amovible # FAT32
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Infected Files / Folders C:\ ]
################## [ C:\WINDOWS ]
################## [ C:\WINDOWS\Prefetch ]
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-33125E68.pf
################## [ C:\WINDOWS\system32 ]
################## [ C:\WINDOWS\system32\drivers ]
################## [ C:\Documents and Settings\Paul\Application Data ]
################## [ Cleaning Temp Files... ]
################## [ Registry / Infected keys ]
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio # Type of startup = 3
EapHost # Type of startup = 2
Ip6Fw # Type of startup = 2
SharedAccess # Type of startup = 2
wuauserv # Type of startup = 2
wscsvc # Type of startup = 2
################## [ Cleaning Removable drives ]
# Deleting files :
Not deleted !! - E:\autorun.inf
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ Searching Other Infections ]
# -> Nothing found ! ..
################## [ ! End of Report # FindyKill V4.716 ! ]
Je croit que c le meme
Merci pour la suite
Utilisateur anonyme
17 févr. 2009 à 20:24
17 févr. 2009 à 20:24
et bien sur dans ton lecteur cd y a un cd !!! j'aurais pu y penser avant :
relance rsit stp
relance rsit stp
Utilisateur anonyme
17 févr. 2009 à 21:51
17 févr. 2009 à 21:51
oups :
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Voici le premier rapport :
Logfile of random's system information tool 1.05 (written by random/random)
Run by Paul at 2009-02-18 06:13:48
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 22 GB (56%) free of 40 GB
Total RAM: 1023 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:13:53, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\svssccs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
G:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Paul.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\system32\algs.exe
O4 - HKLM\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKLM\..\Run: [Windowsx Updater] wuauclx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Microsft managr] C:\WINDOWS\taskmgr.exe
O4 - HKCU\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Server Colocation Service (WSCS) - Unknown owner - C:\WINDOWS\system32\wscs.exe (file missing)
Logfile of random's system information tool 1.05 (written by random/random)
Run by Paul at 2009-02-18 06:13:48
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 22 GB (56%) free of 40 GB
Total RAM: 1023 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:13:53, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\svssccs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
G:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Paul.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\system32\algs.exe
O4 - HKLM\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKLM\..\Run: [Windowsx Updater] wuauclx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Microsft managr] C:\WINDOWS\taskmgr.exe
O4 - HKCU\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Server Colocation Service (WSCS) - Unknown owner - C:\WINDOWS\system32\wscs.exe (file missing)
Voici le deuxième :
info.txt logfile of random's system information tool 1.05 2009-02-18 06:13:56
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\UNIN040C.EXE -f"C:\Program Files\PhotoDeluxe EE 1.1\DeIsL1.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Type Manager 4.0-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ffdshow [rev 1703] [2007-12-15]-->"C:\Program Files\ffdshow\unins000.exe"
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
HP PrecisionScan--> -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPUninstallIs.dll"
ICCup Launcher-->"C:\Program Files\ICCup\Launcher\unins000.exe"
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->"C:\Program Files\%systemdir%\winasc.exe" -uninstall
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Navilog1 3.7.3-->"C:\Program Files\Navilog1\unins000.exe"
Nero 9.0.9.4 Lite-->"C:\Program Files\Nero 9\unins000.exe"
NETGEAR WN111 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{AFCE4D19-D385-4232-9B0E-809D85A25A10}\setup.exe -runfromtemp -l0x0409
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Sina Web TV-->C:\PROGRA~1\sina\SINAWE~1\304~1.1\UNWISE.EXE C:\PROGRA~1\sina\SINAWE~1\304~1.1\Install.LOG
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
SuperCopier-->"C:\Program Files\SuperCopier\SCUninst.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
VIA Integrated Setup Wizard-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: Avira AntiVir PersonalEdition
System event log
Computer Name: PAUL-NAM
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.
Record Number: 11834
Source Name: Service Control Manager
Time Written: 20090210084900.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: PAUL-NAM
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 11833
Source Name: Service Control Manager
Time Written: 20090210084842.000000+060
Event Type: Informations
User:
Computer Name: PAUL-NAM
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.
Record Number: 11832
Source Name: Service Control Manager
Time Written: 20090210084841.000000+060
Event Type: Informations
User:
Computer Name: PAUL-NAM
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{F7CC2319-0E8E-448E-9538-D298E4B83F8F} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.
Record Number: 11831
Source Name: Tcpip
Time Written: 20090210084836.000000+060
Event Type: Informations
User:
Computer Name: PAUL-NAM
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.
Record Number: 11830
Source Name: Service Control Manager
Time Written: 20090210084835.000000+060
Event Type: Informations
User:
Application event log
Computer Name: PAUL-NAM
Event Code: 103
Message: MsnMsgr (1356) \\.\C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Messenger\qvn@hotmail.fr\SharingMetadata\Working\database_1638_BE02_38BD_E143\dfsr.db: Le moteur de base de données a arrêté une instance (0).
Record Number: 4972
Source Name: ESENT
Time Written: 20090114160902.000000+060
Event Type: Informations
User:
Computer Name: PAUL-NAM
Event Code: 1000
Message: Application défaillante starcraft.exe, version 1.16.0.1, module défaillant , version 0.0.0.0, adresse de défaillance 0x00000000.
Record Number: 4971
Source Name: Application Error
Time Written: 20090114134710.000000+060
Event Type: erreur
User:
Computer Name: PAUL-NAM
Event Code: 32
Message: The store C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst has detected a catalog checkpoint.
Record Number: 4970
Source Name: Outlook
Time Written: 20090114111511.000000+060
Event Type: Informations
User:
Computer Name: PAUL-NAM
Event Code: 32
Message: The store C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Outlook\archive.pst has detected a catalog checkpoint.
Record Number: 4969
Source Name: Outlook
Time Written: 20090114111511.000000+060
Event Type: Informations
User:
Computer Name: PAUL-NAM
Event Code: 302
Message: MsnMsgr (1356) \\.\C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Messenger\qvn@hotmail.fr\SharingMetadata\Working\database_1638_BE02_38BD_E143\dfsr.db: Le moteur de base de données a exécuté la procédure de récupération avec succès.
Record Number: 4968
Source Name: ESENT
Time Written: 20090114105537.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
Et au fait ma connection internet est revenu avec les autres application qui marche suite a la suppression avec malwarebytes mais je ne peut plus telecharger quoi que se soit d'ailleur je suis obliger de le faire depuis un autre poste pour les programmes que tu ma dit d'installer.
Je pense que c'est le virus qui a causer sa merci de le prendre en compte.
J'attend ta réponse
info.txt logfile of random's system information tool 1.05 2009-02-18 06:13:56
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\UNIN040C.EXE -f"C:\Program Files\PhotoDeluxe EE 1.1\DeIsL1.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Type Manager 4.0-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ffdshow [rev 1703] [2007-12-15]-->"C:\Program Files\ffdshow\unins000.exe"
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
HP PrecisionScan--> -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPUninstallIs.dll"
ICCup Launcher-->"C:\Program Files\ICCup\Launcher\unins000.exe"
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->"C:\Program Files\%systemdir%\winasc.exe" -uninstall
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Navilog1 3.7.3-->"C:\Program Files\Navilog1\unins000.exe"
Nero 9.0.9.4 Lite-->"C:\Program Files\Nero 9\unins000.exe"
NETGEAR WN111 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{AFCE4D19-D385-4232-9B0E-809D85A25A10}\setup.exe -runfromtemp -l0x0409
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Sina Web TV-->C:\PROGRA~1\sina\SINAWE~1\304~1.1\UNWISE.EXE C:\PROGRA~1\sina\SINAWE~1\304~1.1\Install.LOG
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
SuperCopier-->"C:\Program Files\SuperCopier\SCUninst.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
VIA Integrated Setup Wizard-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: Avira AntiVir PersonalEdition
System event log
Computer Name: PAUL-NAM
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.
Record Number: 11834
Source Name: Service Control Manager
Time Written: 20090210084900.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: PAUL-NAM
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 11833
Source Name: Service Control Manager
Time Written: 20090210084842.000000+060
Event Type: Informations
User:
Computer Name: PAUL-NAM
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.
Record Number: 11832
Source Name: Service Control Manager
Time Written: 20090210084841.000000+060
Event Type: Informations
User:
Computer Name: PAUL-NAM
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{F7CC2319-0E8E-448E-9538-D298E4B83F8F} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.
Record Number: 11831
Source Name: Tcpip
Time Written: 20090210084836.000000+060
Event Type: Informations
User:
Computer Name: PAUL-NAM
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.
Record Number: 11830
Source Name: Service Control Manager
Time Written: 20090210084835.000000+060
Event Type: Informations
User:
Application event log
Computer Name: PAUL-NAM
Event Code: 103
Message: MsnMsgr (1356) \\.\C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Messenger\qvn@hotmail.fr\SharingMetadata\Working\database_1638_BE02_38BD_E143\dfsr.db: Le moteur de base de données a arrêté une instance (0).
Record Number: 4972
Source Name: ESENT
Time Written: 20090114160902.000000+060
Event Type: Informations
User:
Computer Name: PAUL-NAM
Event Code: 1000
Message: Application défaillante starcraft.exe, version 1.16.0.1, module défaillant , version 0.0.0.0, adresse de défaillance 0x00000000.
Record Number: 4971
Source Name: Application Error
Time Written: 20090114134710.000000+060
Event Type: erreur
User:
Computer Name: PAUL-NAM
Event Code: 32
Message: The store C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst has detected a catalog checkpoint.
Record Number: 4970
Source Name: Outlook
Time Written: 20090114111511.000000+060
Event Type: Informations
User:
Computer Name: PAUL-NAM
Event Code: 32
Message: The store C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Outlook\archive.pst has detected a catalog checkpoint.
Record Number: 4969
Source Name: Outlook
Time Written: 20090114111511.000000+060
Event Type: Informations
User:
Computer Name: PAUL-NAM
Event Code: 302
Message: MsnMsgr (1356) \\.\C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Messenger\qvn@hotmail.fr\SharingMetadata\Working\database_1638_BE02_38BD_E143\dfsr.db: Le moteur de base de données a exécuté la procédure de récupération avec succès.
Record Number: 4968
Source Name: ESENT
Time Written: 20090114105537.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
Et au fait ma connection internet est revenu avec les autres application qui marche suite a la suppression avec malwarebytes mais je ne peut plus telecharger quoi que se soit d'ailleur je suis obliger de le faire depuis un autre poste pour les programmes que tu ma dit d'installer.
Je pense que c'est le virus qui a causer sa merci de le prendre en compte.
J'attend ta réponse
Utilisateur anonyme
18 févr. 2009 à 13:20
18 févr. 2009 à 13:20
bonjour :
Télécharge SDFix sur ton bureau :
ici http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
ou ici http://download.bleepingcomputer.com/andymanchesta/SDFix.exe
ou ici http://sdfix.net/SDFix.exe
--> Double-clique sur SDFix.exe et choisis "Install" .
( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )
Puis une fois l'installe faite ,
Impératif : Démarrer en mode sans echec .
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil .
-->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .
Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .
Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier
C:\SDFix sous le nom "Report.txt".
Poste ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse
ensuite :
tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
Télécharge SDFix sur ton bureau :
ici http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
ou ici http://download.bleepingcomputer.com/andymanchesta/SDFix.exe
ou ici http://sdfix.net/SDFix.exe
--> Double-clique sur SDFix.exe et choisis "Install" .
( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )
Puis une fois l'installe faite ,
Impératif : Démarrer en mode sans echec .
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil .
-->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .
Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .
Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier
C:\SDFix sous le nom "Report.txt".
Poste ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse
ensuite :
tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
Salut la méthode que tu m'a indiqué pour démarrer en mode sans échec ne marche pas. Quand j'appuie sur f8, le pc m'affiche les option de démarage avec le lecteur disquette ou avec les lecteur de cd-rom etc mais pas d'option de démarage en mode sans echec ni dans d'autre mode. Comment je doit faire ?
Redemarrage avec ms config??
Merci pour la réponse
Redemarrage avec ms config??
Merci pour la réponse
Resalut c bon il fallait appuyer sur f5 non f8.
Voici le rapport report.txt :
[b]SDFix: Version 1.240 [/b]
Run by Paul on 18/02/2009 at 18:41
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\adware.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 18:48:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:4d,f6,45,65,ca,f7,92,bb,3b,5f,7c,7d,9f,0c,d2,6c,4f,5c,70,9b,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,92,3e,bb,9b,6a,12,3c,e3,6e,e9,3f,4b,d2,7c,85,01,24,..
"khjeh"=hex:d4,51,78,b5,25,30,26,81,06,a9,35,5c,f5,22,d3,02,fe,41,b2,99,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8c,2a,83,5c,83,98,85,4d,ef,3e,43,c0,f2,eb,9a,fc,5d,a8,f4,80,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:4d,f6,45,65,ca,f7,92,bb,3b,5f,7c,7d,9f,0c,d2,6c,4f,5c,70,9b,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,92,3e,bb,9b,6a,12,3c,e3,6e,e9,3f,4b,d2,7c,85,01,24,..
"khjeh"=hex:d4,51,78,b5,25,30,26,81,06,a9,35,5c,f5,22,d3,02,fe,41,b2,99,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8c,2a,83,5c,83,98,85,4d,ef,3e,43,c0,f2,eb,9a,fc,5d,a8,f4,80,3f,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\Steam\\SteamApps\\naruto1250\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\naruto1250\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\sina\\SAP\\SAPlatform.exe"="C:\\Program Files\\sina\\SAP\\SAPlatform.exe:*:Enabled:SAPlatform.exe"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\adslTV\\vlc.exe"="C:\\Program Files\\adslTV\\vlc.exe:*:Enabled:VLC media player"
"C:\\WINDOWS\\system32\\wscs.exe"="C:\\WINDOWS\\system32\\wscs.exe:*:Enabled:WSCS"
"C:\\WINDOWS\\system32\\algs.exe"="C:\\WINDOWS\\system32\\algs.exe:*:Disabled:algs"
"C:\\WINDOWS\\system32\\bxmrdhe.exe"="C:\\WINDOWS\\system32\\bxmrdhe.exe:*:Disabled:bxmrdhe"
"C:\\WINDOWS\\system32\\cpyc.exe"="C:\\WINDOWS\\system32\\cpyc.exe:*:Disabled:cpyc"
"C:\\WINDOWS\\system32\\mcpahjvx.exe"="C:\\WINDOWS\\system32\\mcpahjvx.exe:*:Disabled:mcpahjvx"
"C:\\WINDOWS\\system32\\wfdbq.exe"="C:\\WINDOWS\\system32\\wfdbq.exe:*:Disabled:wfdbq"
"C:\\WINDOWS\\system32\\cynhbm.exe"="C:\\WINDOWS\\system32\\cynhbm.exe:*:Disabled:cynhbm"
"c:\\cwda.exe"="c:\\cwda.exe:*:Enabled:WSCS"
"c:\\wtf.exe"="c:\\wtf.exe:*:Enabled:WSCS"
"C:\\WINDOWS\\system32\\cjbpy.exe"="C:\\WINDOWS\\system32\\cjbpy.exe:*:Disabled:cjbpy"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\%systemdir%\\winasc.exe"="C:\\Program Files\\%systemdir%\\winasc.exe:*:Disabled:mIRC"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 6 Jan 2009 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 31 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
[b]Finished![/b]
et highjackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:35, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKLM\..\Run: [Windowsx Updater] wuauclx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Microsft managr] C:\WINDOWS\taskmgr.exe
O4 - HKCU\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Server Colocation Service (WSCS) - Unknown owner - C:\WINDOWS\system32\wscs.exe (file missing)
Voici le rapport report.txt :
[b]SDFix: Version 1.240 [/b]
Run by Paul on 18/02/2009 at 18:41
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\adware.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 18:48:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:4d,f6,45,65,ca,f7,92,bb,3b,5f,7c,7d,9f,0c,d2,6c,4f,5c,70,9b,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,92,3e,bb,9b,6a,12,3c,e3,6e,e9,3f,4b,d2,7c,85,01,24,..
"khjeh"=hex:d4,51,78,b5,25,30,26,81,06,a9,35,5c,f5,22,d3,02,fe,41,b2,99,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8c,2a,83,5c,83,98,85,4d,ef,3e,43,c0,f2,eb,9a,fc,5d,a8,f4,80,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:4d,f6,45,65,ca,f7,92,bb,3b,5f,7c,7d,9f,0c,d2,6c,4f,5c,70,9b,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,92,3e,bb,9b,6a,12,3c,e3,6e,e9,3f,4b,d2,7c,85,01,24,..
"khjeh"=hex:d4,51,78,b5,25,30,26,81,06,a9,35,5c,f5,22,d3,02,fe,41,b2,99,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8c,2a,83,5c,83,98,85,4d,ef,3e,43,c0,f2,eb,9a,fc,5d,a8,f4,80,3f,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\Steam\\SteamApps\\naruto1250\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\naruto1250\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\sina\\SAP\\SAPlatform.exe"="C:\\Program Files\\sina\\SAP\\SAPlatform.exe:*:Enabled:SAPlatform.exe"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\adslTV\\vlc.exe"="C:\\Program Files\\adslTV\\vlc.exe:*:Enabled:VLC media player"
"C:\\WINDOWS\\system32\\wscs.exe"="C:\\WINDOWS\\system32\\wscs.exe:*:Enabled:WSCS"
"C:\\WINDOWS\\system32\\algs.exe"="C:\\WINDOWS\\system32\\algs.exe:*:Disabled:algs"
"C:\\WINDOWS\\system32\\bxmrdhe.exe"="C:\\WINDOWS\\system32\\bxmrdhe.exe:*:Disabled:bxmrdhe"
"C:\\WINDOWS\\system32\\cpyc.exe"="C:\\WINDOWS\\system32\\cpyc.exe:*:Disabled:cpyc"
"C:\\WINDOWS\\system32\\mcpahjvx.exe"="C:\\WINDOWS\\system32\\mcpahjvx.exe:*:Disabled:mcpahjvx"
"C:\\WINDOWS\\system32\\wfdbq.exe"="C:\\WINDOWS\\system32\\wfdbq.exe:*:Disabled:wfdbq"
"C:\\WINDOWS\\system32\\cynhbm.exe"="C:\\WINDOWS\\system32\\cynhbm.exe:*:Disabled:cynhbm"
"c:\\cwda.exe"="c:\\cwda.exe:*:Enabled:WSCS"
"c:\\wtf.exe"="c:\\wtf.exe:*:Enabled:WSCS"
"C:\\WINDOWS\\system32\\cjbpy.exe"="C:\\WINDOWS\\system32\\cjbpy.exe:*:Disabled:cjbpy"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\%systemdir%\\winasc.exe"="C:\\Program Files\\%systemdir%\\winasc.exe:*:Disabled:mIRC"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 6 Jan 2009 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 31 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
[b]Finished![/b]
et highjackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:35, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKLM\..\Run: [Windowsx Updater] wuauclx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Microsft managr] C:\WINDOWS\taskmgr.exe
O4 - HKCU\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Server Colocation Service (WSCS) - Unknown owner - C:\WINDOWS\system32\wscs.exe (file missing)
Utilisateur anonyme
18 févr. 2009 à 18:59
18 févr. 2009 à 18:59
Redemarrage avec ms config?? : surement pas
essaie avec F4 , F5 , F12
essaie avec F4 , F5 , F12
Utilisateur anonyme
18 févr. 2009 à 20:02
18 févr. 2009 à 20:02
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:files
C:\Documents and Settings\All Users\DRM\DRMv1.bak
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\algs.exe"="C:\WINDOWS\system32\algs.exe:*:Enabled:algs"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\Program Files\%systemdir%\winasc.exe"="C:\Program Files\%systemdir%\winasc.exe:*:Enabled:mIRC"
"C:\WINDOWS\system32\bxmrdhe.exe"=-
"C:\WINDOWS\system32\cpyc.exe"=-
"C:\WINDOWS\system32\mcpahjvx.exe"=-
"C:\WINDOWS\system32\wfdbq.exe"=-
"C:\WINDOWS\system32\cynhbm.exe"=-
"c:\cwda.exe"=-
"c:\wtf.exe"=-
"C:\WINDOWS\system32\cjbpy.exe"=-
:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
ensuite :
renvoie un rsit stp
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:files
C:\Documents and Settings\All Users\DRM\DRMv1.bak
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\algs.exe"="C:\WINDOWS\system32\algs.exe:*:Enabled:algs"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\Program Files\%systemdir%\winasc.exe"="C:\Program Files\%systemdir%\winasc.exe:*:Enabled:mIRC"
"C:\WINDOWS\system32\bxmrdhe.exe"=-
"C:\WINDOWS\system32\cpyc.exe"=-
"C:\WINDOWS\system32\mcpahjvx.exe"=-
"C:\WINDOWS\system32\wfdbq.exe"=-
"C:\WINDOWS\system32\cynhbm.exe"=-
"c:\cwda.exe"=-
"c:\wtf.exe"=-
"C:\WINDOWS\system32\cjbpy.exe"=-
:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
ensuite :
renvoie un rsit stp
je ne trouve pas le rapport otmoveit il n'y a pas de repertoire de ce nom dans le disque C:
Voici le rapport rsit :
Logfile of random's system information tool 1.05 (written by random/random)
Run by Paul at 2009-02-18 20:35:28
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 22 GB (56%) free of 40 GB
Total RAM: 1023 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:38, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
G:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Paul.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKLM\..\Run: [Windowsx Updater] wuauclx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Microsft managr] C:\WINDOWS\taskmgr.exe
O4 - HKCU\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Server Colocation Service (WSCS) - Unknown owner - C:\WINDOWS\system32\wscs.exe (file missing)
Voici le rapport rsit :
Logfile of random's system information tool 1.05 (written by random/random)
Run by Paul at 2009-02-18 20:35:28
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 22 GB (56%) free of 40 GB
Total RAM: 1023 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:38, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
G:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Paul.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKLM\..\Run: [Windowsx Updater] wuauclx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Microsft managr] C:\WINDOWS\taskmgr.exe
O4 - HKCU\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Server Colocation Service (WSCS) - Unknown owner - C:\WINDOWS\system32\wscs.exe (file missing)
Ah si il a sauvegarder dans la clé usb voici le rapport otmoveit3 :
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\All Users\DRM\DRMv1.bak moved successfully.
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\WINDOWS\system32\algs.exe"|"C:\WINDOWS\system32\algs.exe:*:Enabled:algs" /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\WINDOWS\system32\rundll32.exe"|"C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\Program Files\%systemdir%\winasc.exe"|"C:\Program Files\%systemdir%\winasc.exe:*:Enabled:mIRC" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\bxmrdhe.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\cpyc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\mcpahjvx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\wfdbq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\cynhbm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\c:\cwda.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\c:\wtf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\cjbpy.exe deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFD07.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFD1A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFF2F4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFF343.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6cc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 02182009_203232
Files moved on Reboot...
File C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFD07.tmp not found!
File C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFD1A.tmp not found!
File C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFF2F4.tmp not found!
File C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFF343.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_6cc.dat not found!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\All Users\DRM\DRMv1.bak moved successfully.
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\WINDOWS\system32\algs.exe"|"C:\WINDOWS\system32\algs.exe:*:Enabled:algs" /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\WINDOWS\system32\rundll32.exe"|"C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\Program Files\%systemdir%\winasc.exe"|"C:\Program Files\%systemdir%\winasc.exe:*:Enabled:mIRC" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\bxmrdhe.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\cpyc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\mcpahjvx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\wfdbq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\cynhbm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\c:\cwda.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\c:\wtf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\cjbpy.exe deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFD07.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFD1A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFF2F4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFF343.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6cc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 02182009_203232
Files moved on Reboot...
File C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFD07.tmp not found!
File C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFD1A.tmp not found!
File C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFF2F4.tmp not found!
File C:\DOCUME~1\Paul\LOCALS~1\Temp\~DFF343.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_6cc.dat not found!
Utilisateur anonyme
18 févr. 2009 à 22:43
18 févr. 2009 à 22:43
tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
Voici le rapport lop :
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : BIOS Date: 09/26/05 15:16:53 Ver: 08.00.09
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:21 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:489 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 19/02/2009| 8:03 )
--------------------\\ Listing des dossiers dans APPLIC~1
[16/10/2008|16:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[24/10/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[15/10/2008|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[16/11/2008|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[06/11/2008|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[16/10/2008|15:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[17/02/2009|07:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[31/10/2008|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[17/12/2008|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/02/2009|07:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[16/10/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[27/12/2008|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[16/10/2008|14:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[17/12/2008|22:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[05/11/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\wmp
[19/10/2008|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[19/10/2008|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[15/10/2008|20:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[16/02/2009|10:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[16/02/2009|10:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[31/10/2008|19:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[15/10/2008|20:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[17/10/2008|11:58] C:\DOCUME~1\Paul\APPLIC~1\Adobe
[24/10/2008|22:37] C:\DOCUME~1\Paul\APPLIC~1\ATI
[04/02/2009|08:21] C:\DOCUME~1\Paul\APPLIC~1\Azureus
[06/11/2008|19:52] C:\DOCUME~1\Paul\APPLIC~1\CyberLink
[17/11/2008|18:26] C:\DOCUME~1\Paul\APPLIC~1\DAEMON Tools
[16/10/2008|13:45] C:\DOCUME~1\Paul\APPLIC~1\FrostWire
[08/11/2008|20:34] C:\DOCUME~1\Paul\APPLIC~1\Google
[15/10/2008|20:35] C:\DOCUME~1\Paul\APPLIC~1\Identities
[16/01/2009|11:07] C:\DOCUME~1\Paul\APPLIC~1\ImgBurn
[17/02/2009|17:11] C:\DOCUME~1\Paul\APPLIC~1\LimeWire
[15/10/2008|21:22] C:\DOCUME~1\Paul\APPLIC~1\Macromedia
[17/02/2009|07:14] C:\DOCUME~1\Paul\APPLIC~1\Malwarebytes
[24/01/2009|18:27] C:\DOCUME~1\Paul\APPLIC~1\Media Player Classic
[08/01/2009|10:41] C:\DOCUME~1\Paul\APPLIC~1\Microsoft
[17/10/2008|12:04] C:\DOCUME~1\Paul\APPLIC~1\Mozilla
[12/11/2008|16:29] C:\DOCUME~1\Paul\APPLIC~1\Nero
[17/11/2008|13:21] C:\DOCUME~1\Paul\APPLIC~1\SecuROM
[19/02/2009|07:59] C:\DOCUME~1\Paul\APPLIC~1\Skype
[19/02/2009|08:00] C:\DOCUME~1\Paul\APPLIC~1\skypePM
[23/10/2008|06:39] C:\DOCUME~1\Paul\APPLIC~1\Sun
[03/01/2009|11:18] C:\DOCUME~1\Paul\APPLIC~1\vlc
[17/10/2008|14:00] C:\DOCUME~1\Paul\APPLIC~1\Windows Desktop Search
[18/10/2008|08:04] C:\DOCUME~1\Paul\APPLIC~1\Windows Search
[19/10/2008|16:14] C:\DOCUME~1\Paul\APPLIC~1\Yahoo!
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[19/02/2009 07:59][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 21:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[17/02/2009|07:49] C:\Program Files\%systemdir%
[16/10/2008|16:56] C:\Program Files\Adobe
[10/02/2009|08:59] C:\Program Files\Adobe Type Manager
[17/02/2009|22:14] C:\Program Files\adslTV
[15/10/2008|21:31] C:\Program Files\Analog Devices
[17/11/2008|18:44] C:\Program Files\Aspyr
[24/10/2008|22:03] C:\Program Files\ATI Technologies
[15/10/2008|22:11] C:\Program Files\Avira
[04/02/2009|07:33] C:\Program Files\Azureus
[19/11/2008|00:04] C:\Program Files\CA Yahoo! Anti-Spy
[17/10/2008|16:45] C:\Program Files\CCleaner
[24/01/2009|18:24] C:\Program Files\Combined Community Codec Pack
[15/10/2008|20:23] C:\Program Files\ComPlus Applications
[06/11/2008|19:51] C:\Program Files\CyberLink
[26/10/2008|10:25] C:\Program Files\EPSON
[17/10/2008|14:54] C:\Program Files\ffdshow
[27/12/2008|20:53] C:\Program Files\Fichiers communs
[17/02/2009|18:56] C:\Program Files\FindyKill
[26/10/2008|10:35] C:\Program Files\Freeplayer
[08/11/2008|20:34] C:\Program Files\Google
[10/02/2009|08:55] C:\Program Files\Hewlett-Packard
[30/01/2009|23:25] C:\Program Files\ICCup
[06/11/2008|19:51] C:\Program Files\InstallShield Installation Information
[11/02/2009|07:51] C:\Program Files\Internet Explorer
[04/12/2008|15:21] C:\Program Files\Java
[06/01/2009|19:27] C:\Program Files\LimeWire
[17/02/2009|07:14] C:\Program Files\Malwarebytes' Anti-Malware
[17/10/2008|22:25] C:\Program Files\Messenger
[06/02/2009|19:05] C:\Program Files\Messenger Plus! Live
[17/12/2008|17:04] C:\Program Files\Microsoft
[15/10/2008|20:26] C:\Program Files\microsoft frontpage
[01/11/2008|18:28] C:\Program Files\Microsoft Office
[17/12/2008|17:04] C:\Program Files\Microsoft Office Outlook Connector
[17/12/2008|17:04] C:\Program Files\Microsoft Silverlight
[02/11/2008|19:56] C:\Program Files\Microsoft Visual Studio
[01/11/2008|18:24] C:\Program Files\Microsoft Visual Studio 8
[02/11/2008|19:57] C:\Program Files\Microsoft Works
[01/11/2008|18:27] C:\Program Files\Microsoft.NET
[17/01/2009|01:53] C:\Program Files\Movie Maker
[18/02/2009|20:43] C:\Program Files\Mozilla Firefox
[02/11/2008|19:57] C:\Program Files\MSBuild
[15/10/2008|20:23] C:\Program Files\MSN
[15/10/2008|20:22] C:\Program Files\MSN Gaming Zone
[16/02/2009|19:13] C:\Program Files\Navilog1
[12/11/2008|16:28] C:\Program Files\Nero 9
[15/10/2008|21:12] C:\Program Files\NETGEAR
[17/10/2008|22:18] C:\Program Files\NetMeeting
[16/10/2008|17:36] C:\Program Files\NOS
[17/01/2009|01:53] C:\Program Files\Outlook Express
[10/02/2009|08:58] C:\Program Files\PhotoDeluxe EE 1.1
[17/02/2009|19:02] C:\Program Files\PKR
[05/12/2008|10:25] C:\Program Files\PurFlirt
[24/10/2008|22:24] C:\Program Files\Reference Assemblies
[15/10/2008|20:23] C:\Program Files\Services en ligne
[05/11/2008|19:56] C:\Program Files\sina
[27/12/2008|20:53] C:\Program Files\Skype
[18/02/2009|20:19] C:\Program Files\Starcraft
[18/10/2008|11:21] C:\Program Files\SuperCopier
[12/02/2009|07:41] C:\Program Files\Trend Micro
[15/10/2008|21:56] C:\Program Files\VIA
[17/10/2008|13:59] C:\Program Files\Windows Desktop Search
[17/12/2008|18:10] C:\Program Files\Windows Live
[31/10/2008|18:34] C:\Program Files\Windows Media Connect 2
[31/10/2008|19:05] C:\Program Files\Windows Media Player
[17/10/2008|22:18] C:\Program Files\Windows NT
[15/10/2008|21:47] C:\Program Files\WindowsUpdate
[13/02/2009|19:53] C:\Program Files\WinPcap
[15/10/2008|20:26] C:\Program Files\xerox
[19/10/2008|08:39] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[16/10/2008|16:56] C:\Program Files\Fichiers communs\Adobe
[02/11/2008|19:56] C:\Program Files\Fichiers communs\DESIGNER
[10/02/2009|09:04] C:\Program Files\Fichiers communs\EPSON
[15/10/2008|21:56] C:\Program Files\Fichiers communs\InstallShield
[16/10/2008|13:35] C:\Program Files\Fichiers communs\Java
[17/12/2008|17:00] C:\Program Files\Fichiers communs\Microsoft Shared
[15/10/2008|20:24] C:\Program Files\Fichiers communs\MSSoap
[12/11/2008|16:28] C:\Program Files\Fichiers communs\Nero
[15/10/2008|20:43] C:\Program Files\Fichiers communs\ODBC
[19/11/2008|00:02] C:\Program Files\Fichiers communs\Scanner
[15/10/2008|20:24] C:\Program Files\Fichiers communs\Services
[27/12/2008|20:53] C:\Program Files\Fichiers communs\Skype
[15/10/2008|20:43] C:\Program Files\Fichiers communs\SpeechEngines
[17/12/2008|17:04] C:\Program Files\Fichiers communs\System
[17/12/2008|16:52] C:\Program Files\Fichiers communs\Windows Live
[17/10/2008|16:46] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 45 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 08:04:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 3
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:1][D:1]-> C:\DOCUME~1\Paul\LOCALS~1\Temp
[F:10][D:0]-> C:\DOCUME~1\Paul\Cookies
[F:91][D:4]-> C:\DOCUME~1\Paul\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 13/02/2009|19:01 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 16/02/2009|18:47 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 18/02/2009|18:55 - Option : [1]
4 - "C:\Lop SD\LopR_4.txt" - 19/02/2009| 8:05 - Option : [1]
--------------------\\ Fin du rapport a 8:05:25
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : BIOS Date: 09/26/05 15:16:53 Ver: 08.00.09
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:21 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:489 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 19/02/2009| 8:03 )
--------------------\\ Listing des dossiers dans APPLIC~1
[16/10/2008|16:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[24/10/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[15/10/2008|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[16/11/2008|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[06/11/2008|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[16/10/2008|15:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[17/02/2009|07:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[31/10/2008|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[17/12/2008|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/02/2009|07:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[16/10/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[27/12/2008|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[16/10/2008|14:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[17/12/2008|22:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[05/11/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\wmp
[19/10/2008|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[19/10/2008|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[15/10/2008|20:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[16/02/2009|10:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[16/02/2009|10:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[31/10/2008|19:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[15/10/2008|20:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[17/10/2008|11:58] C:\DOCUME~1\Paul\APPLIC~1\Adobe
[24/10/2008|22:37] C:\DOCUME~1\Paul\APPLIC~1\ATI
[04/02/2009|08:21] C:\DOCUME~1\Paul\APPLIC~1\Azureus
[06/11/2008|19:52] C:\DOCUME~1\Paul\APPLIC~1\CyberLink
[17/11/2008|18:26] C:\DOCUME~1\Paul\APPLIC~1\DAEMON Tools
[16/10/2008|13:45] C:\DOCUME~1\Paul\APPLIC~1\FrostWire
[08/11/2008|20:34] C:\DOCUME~1\Paul\APPLIC~1\Google
[15/10/2008|20:35] C:\DOCUME~1\Paul\APPLIC~1\Identities
[16/01/2009|11:07] C:\DOCUME~1\Paul\APPLIC~1\ImgBurn
[17/02/2009|17:11] C:\DOCUME~1\Paul\APPLIC~1\LimeWire
[15/10/2008|21:22] C:\DOCUME~1\Paul\APPLIC~1\Macromedia
[17/02/2009|07:14] C:\DOCUME~1\Paul\APPLIC~1\Malwarebytes
[24/01/2009|18:27] C:\DOCUME~1\Paul\APPLIC~1\Media Player Classic
[08/01/2009|10:41] C:\DOCUME~1\Paul\APPLIC~1\Microsoft
[17/10/2008|12:04] C:\DOCUME~1\Paul\APPLIC~1\Mozilla
[12/11/2008|16:29] C:\DOCUME~1\Paul\APPLIC~1\Nero
[17/11/2008|13:21] C:\DOCUME~1\Paul\APPLIC~1\SecuROM
[19/02/2009|07:59] C:\DOCUME~1\Paul\APPLIC~1\Skype
[19/02/2009|08:00] C:\DOCUME~1\Paul\APPLIC~1\skypePM
[23/10/2008|06:39] C:\DOCUME~1\Paul\APPLIC~1\Sun
[03/01/2009|11:18] C:\DOCUME~1\Paul\APPLIC~1\vlc
[17/10/2008|14:00] C:\DOCUME~1\Paul\APPLIC~1\Windows Desktop Search
[18/10/2008|08:04] C:\DOCUME~1\Paul\APPLIC~1\Windows Search
[19/10/2008|16:14] C:\DOCUME~1\Paul\APPLIC~1\Yahoo!
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[19/02/2009 07:59][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 21:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[17/02/2009|07:49] C:\Program Files\%systemdir%
[16/10/2008|16:56] C:\Program Files\Adobe
[10/02/2009|08:59] C:\Program Files\Adobe Type Manager
[17/02/2009|22:14] C:\Program Files\adslTV
[15/10/2008|21:31] C:\Program Files\Analog Devices
[17/11/2008|18:44] C:\Program Files\Aspyr
[24/10/2008|22:03] C:\Program Files\ATI Technologies
[15/10/2008|22:11] C:\Program Files\Avira
[04/02/2009|07:33] C:\Program Files\Azureus
[19/11/2008|00:04] C:\Program Files\CA Yahoo! Anti-Spy
[17/10/2008|16:45] C:\Program Files\CCleaner
[24/01/2009|18:24] C:\Program Files\Combined Community Codec Pack
[15/10/2008|20:23] C:\Program Files\ComPlus Applications
[06/11/2008|19:51] C:\Program Files\CyberLink
[26/10/2008|10:25] C:\Program Files\EPSON
[17/10/2008|14:54] C:\Program Files\ffdshow
[27/12/2008|20:53] C:\Program Files\Fichiers communs
[17/02/2009|18:56] C:\Program Files\FindyKill
[26/10/2008|10:35] C:\Program Files\Freeplayer
[08/11/2008|20:34] C:\Program Files\Google
[10/02/2009|08:55] C:\Program Files\Hewlett-Packard
[30/01/2009|23:25] C:\Program Files\ICCup
[06/11/2008|19:51] C:\Program Files\InstallShield Installation Information
[11/02/2009|07:51] C:\Program Files\Internet Explorer
[04/12/2008|15:21] C:\Program Files\Java
[06/01/2009|19:27] C:\Program Files\LimeWire
[17/02/2009|07:14] C:\Program Files\Malwarebytes' Anti-Malware
[17/10/2008|22:25] C:\Program Files\Messenger
[06/02/2009|19:05] C:\Program Files\Messenger Plus! Live
[17/12/2008|17:04] C:\Program Files\Microsoft
[15/10/2008|20:26] C:\Program Files\microsoft frontpage
[01/11/2008|18:28] C:\Program Files\Microsoft Office
[17/12/2008|17:04] C:\Program Files\Microsoft Office Outlook Connector
[17/12/2008|17:04] C:\Program Files\Microsoft Silverlight
[02/11/2008|19:56] C:\Program Files\Microsoft Visual Studio
[01/11/2008|18:24] C:\Program Files\Microsoft Visual Studio 8
[02/11/2008|19:57] C:\Program Files\Microsoft Works
[01/11/2008|18:27] C:\Program Files\Microsoft.NET
[17/01/2009|01:53] C:\Program Files\Movie Maker
[18/02/2009|20:43] C:\Program Files\Mozilla Firefox
[02/11/2008|19:57] C:\Program Files\MSBuild
[15/10/2008|20:23] C:\Program Files\MSN
[15/10/2008|20:22] C:\Program Files\MSN Gaming Zone
[16/02/2009|19:13] C:\Program Files\Navilog1
[12/11/2008|16:28] C:\Program Files\Nero 9
[15/10/2008|21:12] C:\Program Files\NETGEAR
[17/10/2008|22:18] C:\Program Files\NetMeeting
[16/10/2008|17:36] C:\Program Files\NOS
[17/01/2009|01:53] C:\Program Files\Outlook Express
[10/02/2009|08:58] C:\Program Files\PhotoDeluxe EE 1.1
[17/02/2009|19:02] C:\Program Files\PKR
[05/12/2008|10:25] C:\Program Files\PurFlirt
[24/10/2008|22:24] C:\Program Files\Reference Assemblies
[15/10/2008|20:23] C:\Program Files\Services en ligne
[05/11/2008|19:56] C:\Program Files\sina
[27/12/2008|20:53] C:\Program Files\Skype
[18/02/2009|20:19] C:\Program Files\Starcraft
[18/10/2008|11:21] C:\Program Files\SuperCopier
[12/02/2009|07:41] C:\Program Files\Trend Micro
[15/10/2008|21:56] C:\Program Files\VIA
[17/10/2008|13:59] C:\Program Files\Windows Desktop Search
[17/12/2008|18:10] C:\Program Files\Windows Live
[31/10/2008|18:34] C:\Program Files\Windows Media Connect 2
[31/10/2008|19:05] C:\Program Files\Windows Media Player
[17/10/2008|22:18] C:\Program Files\Windows NT
[15/10/2008|21:47] C:\Program Files\WindowsUpdate
[13/02/2009|19:53] C:\Program Files\WinPcap
[15/10/2008|20:26] C:\Program Files\xerox
[19/10/2008|08:39] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[16/10/2008|16:56] C:\Program Files\Fichiers communs\Adobe
[02/11/2008|19:56] C:\Program Files\Fichiers communs\DESIGNER
[10/02/2009|09:04] C:\Program Files\Fichiers communs\EPSON
[15/10/2008|21:56] C:\Program Files\Fichiers communs\InstallShield
[16/10/2008|13:35] C:\Program Files\Fichiers communs\Java
[17/12/2008|17:00] C:\Program Files\Fichiers communs\Microsoft Shared
[15/10/2008|20:24] C:\Program Files\Fichiers communs\MSSoap
[12/11/2008|16:28] C:\Program Files\Fichiers communs\Nero
[15/10/2008|20:43] C:\Program Files\Fichiers communs\ODBC
[19/11/2008|00:02] C:\Program Files\Fichiers communs\Scanner
[15/10/2008|20:24] C:\Program Files\Fichiers communs\Services
[27/12/2008|20:53] C:\Program Files\Fichiers communs\Skype
[15/10/2008|20:43] C:\Program Files\Fichiers communs\SpeechEngines
[17/12/2008|17:04] C:\Program Files\Fichiers communs\System
[17/12/2008|16:52] C:\Program Files\Fichiers communs\Windows Live
[17/10/2008|16:46] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 45 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 08:04:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 3
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:1][D:1]-> C:\DOCUME~1\Paul\LOCALS~1\Temp
[F:10][D:0]-> C:\DOCUME~1\Paul\Cookies
[F:91][D:4]-> C:\DOCUME~1\Paul\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 13/02/2009|19:01 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 16/02/2009|18:47 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 18/02/2009|18:55 - Option : [1]
4 - "C:\Lop SD\LopR_4.txt" - 19/02/2009| 8:05 - Option : [1]
--------------------\\ Fin du rapport a 8:05:25
Utilisateur anonyme
19 févr. 2009 à 14:39
19 févr. 2009 à 14:39
bonjour
redemarre et relance rsit stp
redemarre et relance rsit stp
Bonjour j'ai fais ce que tu ma dit mais comme il n'y a pas d'internet il n'a pas pu installé la console de récupération comme c'est indiqué ds le tutoriel. Alors j'ai laissé internet et voici le rapport :
ComboFix 09-02-18.01 - Paul 2009-02-19 23:00:58.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.680 [GMT 1:00]
Lancé depuis: c:\documents and settings\Paul\Bureau\moi.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-19 au 2009-02-19 ))))))))))))))))))))))))))))))))))))
.
2009-02-18 18:40 . 2009-02-18 18:40 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-18 18:38 . 2009-02-18 18:39 <REP> d-------- c:\windows\ERUNT
2009-02-18 18:27 . 2009-02-18 18:50 <REP> d-------- C:\SDFix
2009-02-18 06:13 . 2009-02-18 20:36 <REP> d-------- C:\rsit
2009-02-17 07:55 . 2009-02-17 18:56 <REP> d-------- c:\program files\FindyKill
2009-02-17 07:14 . 2009-02-17 07:14 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 07:14 . 2009-02-17 07:14 <REP> d-------- c:\documents and settings\Paul\Application Data\Malwarebytes
2009-02-17 07:14 . 2009-02-17 07:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-17 07:14 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 07:14 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-14 19:30 . 2002-02-15 14:02 676,352 --a------ c:\windows\system32\rtl60.bpl
2009-02-13 19:53 . 2009-02-13 19:53 <REP> d-------- c:\program files\WinPcap
2009-02-13 19:05 . 2009-02-16 19:05 <REP> d-------- C:\ToolBar SD
2009-02-13 19:02 . 2009-02-16 19:13 <REP> d-------- c:\program files\Navilog1
2009-02-13 18:58 . 2009-02-19 08:05 <REP> d-------- C:\Lop SD
2009-02-12 07:41 . 2009-02-12 07:41 <REP> d-------- c:\program files\Trend Micro
2009-02-10 10:47 . 2009-02-11 10:52 177,369 --a------ c:\windows\system32\AdobeFnt.lst
2009-02-10 09:05 . 2008-04-13 20:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-10 09:05 . 2008-04-13 20:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-10 09:04 . 2001-08-23 01:04 139,264 --a------ c:\windows\system32\EBAPI2.dll
2009-02-10 09:01 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-10 09:01 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-10 08:59 . 2009-02-10 08:59 <REP> d-------- C:\PSFONTS
2009-02-10 08:59 . 2009-02-10 08:59 <REP> d-------- c:\program files\Adobe Type Manager
2009-02-10 08:59 . 1997-06-17 04:00 212,352 --a------ c:\windows\system32\ATMDRVR.DLL
2009-02-10 08:59 . 1997-06-17 04:00 4,064 --a------ c:\windows\system32\drivers\ATMHELPR.SYS
2009-02-10 08:59 . 2009-02-10 08:59 2,186 --a------ c:\windows\ACROREAD.INI
2009-02-10 08:58 . 2009-02-10 08:58 <REP> d-------- c:\program files\PhotoDeluxe EE 1.1
2009-02-10 08:56 . 1999-10-12 01:20 667,648 --a------ c:\windows\system32\ipeistor12.dll
2009-02-10 08:55 . 2009-02-10 08:55 <REP> d-------- c:\program files\Hewlett-Packard
2009-02-10 08:55 . 2009-02-10 08:55 <REP> d-------- c:\documents and settings\Paul\WINDOWS
2009-01-30 23:25 . 2009-01-30 23:25 <REP> d-------- c:\program files\ICCup
2009-01-24 18:27 . 2009-01-24 18:27 <REP> d-------- c:\documents and settings\Paul\Application Data\Media Player Classic
2009-01-24 18:24 . 2009-01-24 18:24 <REP> d-------- c:\program files\Combined Community Codec Pack
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 21:38 --------- d-----w c:\program files\Starcraft
2009-02-19 17:24 --------- d-----w c:\documents and settings\Paul\Application Data\Skype
2009-02-19 16:57 --------- d-----w c:\documents and settings\Paul\Application Data\skypePM
2009-02-17 21:14 --------- d-----w c:\program files\adslTV
2009-02-17 18:02 --------- d-----w c:\program files\PKR
2009-02-17 16:11 --------- d-----w c:\documents and settings\Paul\Application Data\LimeWire
2009-02-17 08:47 1,880 ----a-w c:\windows\AUTOLNCH.REG
2009-02-11 06:52 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-10 08:04 --------- d-----w c:\program files\Fichiers communs\EPSON
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPRR____.FOT
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPLV____.FOT
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPLST___.FOT
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPLEV___.FOT
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPLED___.FOT
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPLC____.FOT
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPC_____.FOT
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPAJ____.FOT
2009-02-06 18:05 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-04 07:21 --------- d-----w c:\documents and settings\Paul\Application Data\Azureus
2009-02-04 06:33 --------- d-----w c:\program files\Azureus
2009-01-16 19:53 65,549 ----a-w c:\windows\BricoPackUninst.cmd
2009-01-16 19:53 6,112 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-01-16 19:53 219,648 ----a-w c:\windows\system32\uxtheme.dll
2009-01-16 10:07 --------- d-----w c:\documents and settings\Paul\Application Data\ImgBurn
2009-01-06 18:27 --------- d-----w c:\program files\LimeWire
2009-01-03 10:18 --------- d-----w c:\documents and settings\Paul\Application Data\vlc
2008-12-30 20:44 3,645,894 ----a-w c:\documents and settings\Paul\Patch MsnCreative WLM 8.5 final[www.msncreative.net].exe
2008-12-27 19:53 --------- d-----w c:\program files\Skype
2008-12-27 19:53 --------- d-----w c:\program files\Fichiers communs\Skype
2008-12-27 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-26 23:11 9,194,577 ----a-w c:\documents and settings\Paul\g430-Chapitre-429.zip
2008-12-22 12:13 612,416 ----a-w c:\documents and settings\Paul\visualboy-advance_1_9693.zip
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-04 14:21 410,984 ----a-w c:\windows\system32\deploytk.dll
2007-08-21 02:25 460,928 ----a-w c:\windows\inf\WN111\Mrvw245.sys
2007-05-24 12:58 249,856 ----a-w c:\windows\inf\WN111\InsDrv2k.exe
2006-07-05 09:21 212,992 ----a-w c:\windows\inf\WN111\CopyWHQLDriver.exe
2005-11-17 13:46 845,736 ----a-w c:\windows\inf\WN111\DPInst.exe
2008-10-18 05:35 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101820081019\index.dat
.
------- Sigcheck -------
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 4afb3b0919649f95c1964aa1fad27d73 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 4afb3b0919649f95c1964aa1fad27d73 c:\windows\system32\drivers\tcpip.sys
2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
2004-08-20 00:09 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-20 00:10 112640 fc21787f32e3793a4c7c02d2bfaa5ae0 c:\windows\$NtServicePackUninstall$\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"hpppta"="c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe" [2000-12-05 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Paul\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WN111 Smart Wizard.lnk - c:\program files\NETGEAR\WN111\wn111.exe [2007-08-27 1343488]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Paul^Menu Démarrer^Programmes^Démarrage^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Paul\Menu Démarrer\Programmes\Démarrage\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-09-19 16:34 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier.exe]
--a------ 2003-04-24 23:03 683520 c:\program files\SuperCopier\SuperCopier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-10-16 15:46 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\sina\\SAP\\SAPlatform.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\adslTV\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2008-10-15 22336]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2008-10-15 77312]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2009-02-10 4064]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2008-10-15 45376]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R3 QCEmerald;QuickCam Web Logitech;c:\windows\system32\drivers\OVCE.sys [2008-10-15 31872]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\asv5i59k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 23:02:17
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(520)
c:\windows\system32\scecli.dll
.
Heure de fin: 2009-02-19 23:03:54
ComboFix-quarantined-files.txt 2009-02-19 22:03:35
ComboFix2.txt 2009-02-19 21:54:41
Avant-CF: 23 873 564 672 octets libres
Après-CF: 23,861,424,128 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
217 --- E O F --- 2009-02-11 06:53:42
ComboFix 09-02-18.01 - Paul 2009-02-19 23:00:58.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.680 [GMT 1:00]
Lancé depuis: c:\documents and settings\Paul\Bureau\moi.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-19 au 2009-02-19 ))))))))))))))))))))))))))))))))))))
.
2009-02-18 18:40 . 2009-02-18 18:40 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-18 18:38 . 2009-02-18 18:39 <REP> d-------- c:\windows\ERUNT
2009-02-18 18:27 . 2009-02-18 18:50 <REP> d-------- C:\SDFix
2009-02-18 06:13 . 2009-02-18 20:36 <REP> d-------- C:\rsit
2009-02-17 07:55 . 2009-02-17 18:56 <REP> d-------- c:\program files\FindyKill
2009-02-17 07:14 . 2009-02-17 07:14 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 07:14 . 2009-02-17 07:14 <REP> d-------- c:\documents and settings\Paul\Application Data\Malwarebytes
2009-02-17 07:14 . 2009-02-17 07:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-17 07:14 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 07:14 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-14 19:30 . 2002-02-15 14:02 676,352 --a------ c:\windows\system32\rtl60.bpl
2009-02-13 19:53 . 2009-02-13 19:53 <REP> d-------- c:\program files\WinPcap
2009-02-13 19:05 . 2009-02-16 19:05 <REP> d-------- C:\ToolBar SD
2009-02-13 19:02 . 2009-02-16 19:13 <REP> d-------- c:\program files\Navilog1
2009-02-13 18:58 . 2009-02-19 08:05 <REP> d-------- C:\Lop SD
2009-02-12 07:41 . 2009-02-12 07:41 <REP> d-------- c:\program files\Trend Micro
2009-02-10 10:47 . 2009-02-11 10:52 177,369 --a------ c:\windows\system32\AdobeFnt.lst
2009-02-10 09:05 . 2008-04-13 20:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-10 09:05 . 2008-04-13 20:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-10 09:04 . 2001-08-23 01:04 139,264 --a------ c:\windows\system32\EBAPI2.dll
2009-02-10 09:01 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-10 09:01 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-10 08:59 . 2009-02-10 08:59 <REP> d-------- C:\PSFONTS
2009-02-10 08:59 . 2009-02-10 08:59 <REP> d-------- c:\program files\Adobe Type Manager
2009-02-10 08:59 . 1997-06-17 04:00 212,352 --a------ c:\windows\system32\ATMDRVR.DLL
2009-02-10 08:59 . 1997-06-17 04:00 4,064 --a------ c:\windows\system32\drivers\ATMHELPR.SYS
2009-02-10 08:59 . 2009-02-10 08:59 2,186 --a------ c:\windows\ACROREAD.INI
2009-02-10 08:58 . 2009-02-10 08:58 <REP> d-------- c:\program files\PhotoDeluxe EE 1.1
2009-02-10 08:56 . 1999-10-12 01:20 667,648 --a------ c:\windows\system32\ipeistor12.dll
2009-02-10 08:55 . 2009-02-10 08:55 <REP> d-------- c:\program files\Hewlett-Packard
2009-02-10 08:55 . 2009-02-10 08:55 <REP> d-------- c:\documents and settings\Paul\WINDOWS
2009-01-30 23:25 . 2009-01-30 23:25 <REP> d-------- c:\program files\ICCup
2009-01-24 18:27 . 2009-01-24 18:27 <REP> d-------- c:\documents and settings\Paul\Application Data\Media Player Classic
2009-01-24 18:24 . 2009-01-24 18:24 <REP> d-------- c:\program files\Combined Community Codec Pack
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 21:38 --------- d-----w c:\program files\Starcraft
2009-02-19 17:24 --------- d-----w c:\documents and settings\Paul\Application Data\Skype
2009-02-19 16:57 --------- d-----w c:\documents and settings\Paul\Application Data\skypePM
2009-02-17 21:14 --------- d-----w c:\program files\adslTV
2009-02-17 18:02 --------- d-----w c:\program files\PKR
2009-02-17 16:11 --------- d-----w c:\documents and settings\Paul\Application Data\LimeWire
2009-02-17 08:47 1,880 ----a-w c:\windows\AUTOLNCH.REG
2009-02-11 06:52 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-10 08:04 --------- d-----w c:\program files\Fichiers communs\EPSON
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPRR____.FOT
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPLV____.FOT
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPLST___.FOT
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPLEV___.FOT
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPLED___.FOT
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPLC____.FOT
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPC_____.FOT
2009-02-10 07:58 1,409 ----a-w c:\windows\Fonts\MPAJ____.FOT
2009-02-06 18:05 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-04 07:21 --------- d-----w c:\documents and settings\Paul\Application Data\Azureus
2009-02-04 06:33 --------- d-----w c:\program files\Azureus
2009-01-16 19:53 65,549 ----a-w c:\windows\BricoPackUninst.cmd
2009-01-16 19:53 6,112 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-01-16 19:53 219,648 ----a-w c:\windows\system32\uxtheme.dll
2009-01-16 10:07 --------- d-----w c:\documents and settings\Paul\Application Data\ImgBurn
2009-01-06 18:27 --------- d-----w c:\program files\LimeWire
2009-01-03 10:18 --------- d-----w c:\documents and settings\Paul\Application Data\vlc
2008-12-30 20:44 3,645,894 ----a-w c:\documents and settings\Paul\Patch MsnCreative WLM 8.5 final[www.msncreative.net].exe
2008-12-27 19:53 --------- d-----w c:\program files\Skype
2008-12-27 19:53 --------- d-----w c:\program files\Fichiers communs\Skype
2008-12-27 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-26 23:11 9,194,577 ----a-w c:\documents and settings\Paul\g430-Chapitre-429.zip
2008-12-22 12:13 612,416 ----a-w c:\documents and settings\Paul\visualboy-advance_1_9693.zip
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-04 14:21 410,984 ----a-w c:\windows\system32\deploytk.dll
2007-08-21 02:25 460,928 ----a-w c:\windows\inf\WN111\Mrvw245.sys
2007-05-24 12:58 249,856 ----a-w c:\windows\inf\WN111\InsDrv2k.exe
2006-07-05 09:21 212,992 ----a-w c:\windows\inf\WN111\CopyWHQLDriver.exe
2005-11-17 13:46 845,736 ----a-w c:\windows\inf\WN111\DPInst.exe
2008-10-18 05:35 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101820081019\index.dat
.
------- Sigcheck -------
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 4afb3b0919649f95c1964aa1fad27d73 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 4afb3b0919649f95c1964aa1fad27d73 c:\windows\system32\drivers\tcpip.sys
2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
2004-08-20 00:09 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-20 00:10 112640 fc21787f32e3793a4c7c02d2bfaa5ae0 c:\windows\$NtServicePackUninstall$\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"hpppta"="c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe" [2000-12-05 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Paul\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WN111 Smart Wizard.lnk - c:\program files\NETGEAR\WN111\wn111.exe [2007-08-27 1343488]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Paul^Menu Démarrer^Programmes^Démarrage^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Paul\Menu Démarrer\Programmes\Démarrage\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-09-19 16:34 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier.exe]
--a------ 2003-04-24 23:03 683520 c:\program files\SuperCopier\SuperCopier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-10-16 15:46 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\sina\\SAP\\SAPlatform.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\adslTV\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2008-10-15 22336]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2008-10-15 77312]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2009-02-10 4064]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2008-10-15 45376]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R3 QCEmerald;QuickCam Web Logitech;c:\windows\system32\drivers\OVCE.sys [2008-10-15 31872]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\asv5i59k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 23:02:17
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(520)
c:\windows\system32\scecli.dll
.
Heure de fin: 2009-02-19 23:03:54
ComboFix-quarantined-files.txt 2009-02-19 22:03:35
ComboFix2.txt 2009-02-19 21:54:41
Avant-CF: 23 873 564 672 octets libres
Après-CF: 23,861,424,128 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
217 --- E O F --- 2009-02-11 06:53:42
Voici le rapport rsit :
Logfile of random's system information tool 1.05 (written by random/random)
Run by Paul at 2009-02-19 17:59:12
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 22 GB (56%) free of 40 GB
Total RAM: 1023 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:17, on 19/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
G:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Paul.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKLM\..\Run: [Windowsx Updater] wuauclx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Microsft managr] C:\WINDOWS\taskmgr.exe
O4 - HKCU\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Server Colocation Service (WSCS) - Unknown owner - C:\WINDOWS\system32\wscs.exe (file missing)
Logfile of random's system information tool 1.05 (written by random/random)
Run by Paul at 2009-02-19 17:59:12
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 22 GB (56%) free of 40 GB
Total RAM: 1023 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:17, on 19/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
G:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Paul.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKLM\..\Run: [Windowsx Updater] wuauclx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Microsft managr] C:\WINDOWS\taskmgr.exe
O4 - HKCU\..\Run: [nl2plwrk] C:\WINDOWS\system32\svssccs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Server Colocation Service (WSCS) - Unknown owner - C:\WINDOWS\system32\wscs.exe (file missing)
14 févr. 2009 à 11:47
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : BIOS Date: 09/26/05 15:16:53 Ver: 08.00.09
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:489 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 13/02/2009|18:58 )
--------------------\\ Listing des dossiers dans APPLIC~1
[16/10/2008|16:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[24/10/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[15/10/2008|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[16/11/2008|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[06/11/2008|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[16/10/2008|15:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[31/10/2008|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[17/12/2008|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/02/2009|07:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[16/10/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[27/12/2008|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[16/10/2008|14:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[17/12/2008|22:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[05/11/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\wmp
[19/10/2008|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[19/10/2008|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[15/10/2008|20:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[31/10/2008|19:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[15/10/2008|20:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[17/10/2008|11:58] C:\DOCUME~1\Paul\APPLIC~1\Adobe
[24/10/2008|22:37] C:\DOCUME~1\Paul\APPLIC~1\ATI
[04/02/2009|08:21] C:\DOCUME~1\Paul\APPLIC~1\Azureus
[06/11/2008|19:52] C:\DOCUME~1\Paul\APPLIC~1\CyberLink
[17/11/2008|18:26] C:\DOCUME~1\Paul\APPLIC~1\DAEMON Tools
[16/10/2008|13:45] C:\DOCUME~1\Paul\APPLIC~1\FrostWire
[08/11/2008|20:34] C:\DOCUME~1\Paul\APPLIC~1\Google
[15/10/2008|20:35] C:\DOCUME~1\Paul\APPLIC~1\Identities
[16/01/2009|11:07] C:\DOCUME~1\Paul\APPLIC~1\ImgBurn
[29/01/2009|20:31] C:\DOCUME~1\Paul\APPLIC~1\LimeWire
[15/10/2008|21:22] C:\DOCUME~1\Paul\APPLIC~1\Macromedia
[24/01/2009|18:27] C:\DOCUME~1\Paul\APPLIC~1\Media Player Classic
[08/01/2009|10:41] C:\DOCUME~1\Paul\APPLIC~1\Microsoft
[17/10/2008|12:04] C:\DOCUME~1\Paul\APPLIC~1\Mozilla
[12/11/2008|16:29] C:\DOCUME~1\Paul\APPLIC~1\Nero
[17/11/2008|13:21] C:\DOCUME~1\Paul\APPLIC~1\SecuROM
[13/02/2009|18:36] C:\DOCUME~1\Paul\APPLIC~1\Skype
[13/02/2009|18:36] C:\DOCUME~1\Paul\APPLIC~1\skypePM
[23/10/2008|06:39] C:\DOCUME~1\Paul\APPLIC~1\Sun
[03/01/2009|11:18] C:\DOCUME~1\Paul\APPLIC~1\vlc
[17/10/2008|14:00] C:\DOCUME~1\Paul\APPLIC~1\Windows Desktop Search
[18/10/2008|08:04] C:\DOCUME~1\Paul\APPLIC~1\Windows Search
[19/10/2008|16:14] C:\DOCUME~1\Paul\APPLIC~1\Yahoo!
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[13/02/2009 18:55][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 21:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[16/10/2008|16:56] C:\Program Files\Adobe
[10/02/2009|08:59] C:\Program Files\Adobe Type Manager
[05/02/2009|21:34] C:\Program Files\adslTV
[15/10/2008|21:31] C:\Program Files\Analog Devices
[16/11/2008|13:17] C:\Program Files\AskSBar
[17/11/2008|18:44] C:\Program Files\Aspyr
[24/10/2008|22:03] C:\Program Files\ATI Technologies
[15/10/2008|22:11] C:\Program Files\Avira
[04/02/2009|07:33] C:\Program Files\Azureus
[19/11/2008|00:04] C:\Program Files\CA Yahoo! Anti-Spy
[17/10/2008|16:45] C:\Program Files\CCleaner
[24/01/2009|18:24] C:\Program Files\Combined Community Codec Pack
[15/10/2008|20:23] C:\Program Files\ComPlus Applications
[06/11/2008|19:51] C:\Program Files\CyberLink
[26/10/2008|10:25] C:\Program Files\EPSON
[17/10/2008|14:54] C:\Program Files\ffdshow
[27/12/2008|20:53] C:\Program Files\Fichiers communs
[26/10/2008|10:35] C:\Program Files\Freeplayer
[08/11/2008|20:34] C:\Program Files\Google
[10/02/2009|08:55] C:\Program Files\Hewlett-Packard
[30/01/2009|23:25] C:\Program Files\ICCup
[06/11/2008|19:51] C:\Program Files\InstallShield Installation Information
[11/02/2009|07:51] C:\Program Files\Internet Explorer
[04/12/2008|15:21] C:\Program Files\Java
[06/01/2009|19:27] C:\Program Files\LimeWire
[17/10/2008|22:25] C:\Program Files\Messenger
[06/02/2009|19:05] C:\Program Files\Messenger Plus! Live
[17/12/2008|17:04] C:\Program Files\Microsoft
[15/10/2008|20:26] C:\Program Files\microsoft frontpage
[01/11/2008|18:28] C:\Program Files\Microsoft Office
[17/12/2008|17:04] C:\Program Files\Microsoft Office Outlook Connector
[17/12/2008|17:04] C:\Program Files\Microsoft Silverlight
[02/11/2008|19:56] C:\Program Files\Microsoft Visual Studio
[01/11/2008|18:24] C:\Program Files\Microsoft Visual Studio 8
[02/11/2008|19:57] C:\Program Files\Microsoft Works
[01/11/2008|18:27] C:\Program Files\Microsoft.NET
[17/01/2009|01:53] C:\Program Files\Movie Maker
[12/02/2009|21:02] C:\Program Files\Mozilla Firefox
[02/11/2008|19:57] C:\Program Files\MSBuild
[15/10/2008|20:23] C:\Program Files\MSN
[15/10/2008|20:22] C:\Program Files\MSN Gaming Zone
[12/11/2008|16:28] C:\Program Files\Nero 9
[15/10/2008|21:12] C:\Program Files\NETGEAR
[17/10/2008|22:18] C:\Program Files\NetMeeting
[16/10/2008|17:36] C:\Program Files\NOS
[17/01/2009|01:53] C:\Program Files\Outlook Express
[10/02/2009|08:58] C:\Program Files\PhotoDeluxe EE 1.1
[12/02/2009|00:53] C:\Program Files\PKR
[05/12/2008|10:25] C:\Program Files\PurFlirt
[24/10/2008|22:24] C:\Program Files\Reference Assemblies
[15/10/2008|20:23] C:\Program Files\Services en ligne
[05/11/2008|19:56] C:\Program Files\sina
[27/12/2008|20:53] C:\Program Files\Skype
[12/02/2009|23:59] C:\Program Files\Starcraft
[18/10/2008|11:21] C:\Program Files\SuperCopier
[12/02/2009|07:41] C:\Program Files\Trend Micro
[15/10/2008|21:56] C:\Program Files\VIA
[17/10/2008|13:59] C:\Program Files\Windows Desktop Search
[17/12/2008|18:10] C:\Program Files\Windows Live
[31/10/2008|18:34] C:\Program Files\Windows Media Connect 2
[31/10/2008|19:05] C:\Program Files\Windows Media Player
[17/10/2008|22:18] C:\Program Files\Windows NT
[15/10/2008|21:47] C:\Program Files\WindowsUpdate
[15/10/2008|20:26] C:\Program Files\xerox
[19/10/2008|08:39] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[16/10/2008|16:56] C:\Program Files\Fichiers communs\Adobe
[02/11/2008|19:56] C:\Program Files\Fichiers communs\DESIGNER
[10/02/2009|09:04] C:\Program Files\Fichiers communs\EPSON
[15/10/2008|21:56] C:\Program Files\Fichiers communs\InstallShield
[16/10/2008|13:35] C:\Program Files\Fichiers communs\Java
[17/12/2008|17:00] C:\Program Files\Fichiers communs\Microsoft Shared
[15/10/2008|20:24] C:\Program Files\Fichiers communs\MSSoap
[12/11/2008|16:28] C:\Program Files\Fichiers communs\Nero
[15/10/2008|20:43] C:\Program Files\Fichiers communs\ODBC
[19/11/2008|00:02] C:\Program Files\Fichiers communs\Scanner
[15/10/2008|20:24] C:\Program Files\Fichiers communs\Services
[27/12/2008|20:53] C:\Program Files\Fichiers communs\Skype
[15/10/2008|20:43] C:\Program Files\Fichiers communs\SpeechEngines
[17/12/2008|17:04] C:\Program Files\Fichiers communs\System
[17/12/2008|16:52] C:\Program Files\Fichiers communs\Windows Live
[17/10/2008|16:46] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 47 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\Paul\LOCALS~1\Temp\msgpl_5330.exe
C:\DOCUME~1\Paul\Cookies\paul@d2.advertserve[1].txt
C:\DOCUME~1\Paul\Cookies\paul@imagevenue.advertserve[2].txt
C:\DOCUME~1\Paul\Cookies\paul@adultfriendfinder[2].txt
C:\DOCUME~1\Paul\Cookies\paul@advertising[2].txt
C:\DOCUME~1\Paul\Cookies\paul@bigpoint[1].txt
C:\DOCUME~1\Paul\Cookies\paul@fr.seafight.bigpoint[2].txt
C:\DOCUME~1\Paul\Cookies\paul@adopt.euroclick[2].txt
C:\DOCUME~1\Paul\Cookies\paul@fr.seafight.bigpoint[2].txt
C:\DOCUME~1\Paul\Cookies\paul@32vegas[1].txt
C:\DOCUME~1\Paul\Cookies\paul@banner.32vegas[2].txt
C:\DOCUME~1\Paul\Cookies\paul@www.32vegas[1].txt
C:\DOCUME~1\Paul\Cookies\paul@2xmoinscher[1].txt
C:\DOCUME~1\Paul\Cookies\paul@www.2xmoinscher[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 19:00:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.exe
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_nav.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_navps.dat
[b]==> EGDACCESS <==/b
[F:1512][D:87]-> C:\DOCUME~1\Paul\LOCALS~1\Temp
[F:943][D:0]-> C:\DOCUME~1\Paul\Cookies
[F:76][D:17]-> C:\DOCUME~1\Paul\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 13/02/2009|19:01 - Option : [1]
--------------------\\ Fin du rapport a 19:01:39
le deuxième :
Search Navipromo version 3.7.3 commencé le 13/02/2009 à 19:03:51,76
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 13.02.2009 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : BIOS Date: 09/26/05 15:16:53 Ver: 08.00.09
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:489 Mo (Free:0 Go)
Recherche executé en mode normal
*** Recherche Programmes installés ***
Favorit
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Paul\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Paul\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Paul\menudm~1\progra~1" ***
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Paul\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
HKEY_CURRENT_USER\Software\Lanconfig
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"acqeu"="\"c:\\documents and settings\\paul\\local settings\\application data\\acqeu.exe\" acqeu"
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Paul\locals~1\applic~1" :
acqeu.exe trouvé !
acqeu.dat trouvé !
acqeu_nav.dat trouvé !
acqeu_navps.dat trouvé !
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 13/02/2009 à 19:05:05,26 ***
le dernier:
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : BIOS Date: 09/26/05 15:16:53 Ver: 08.00.09
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:489 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 13/02/2009|19:06 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar
C:\Program Files\AskSBar\SrchAstt
C:\Program Files\AskSBar\bar\1.bin
C:\Program Files\AskSBar\bar\Cache
C:\Program Files\AskSBar\bar\History
C:\Program Files\AskSBar\bar\Settings
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL
C:\Program Files\AskSBar\bar\Cache\0168BDCA.bin
C:\Program Files\AskSBar\bar\Cache\0168BFDE.bin
C:\Program Files\AskSBar\bar\Cache\0168C1C2.bin
C:\Program Files\AskSBar\bar\Cache\0168C3C6.bin
C:\Program Files\AskSBar\bar\Cache\0168C58B.bin
C:\Program Files\AskSBar\bar\Cache\0168C78E.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskSBar\SrchAstt\1.bin
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.postarticles.net"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu.exe
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_nav.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1\acqeu_navps.dat
[b]==> EGDACCESS <==/b
1 - "C:\ToolBar SD\TB_1.txt" - 13/02/2009|19:06 - Option : [1]
-----------\\ Fin du rapport a 19:06:46,26
Voilà j'attend avec impatience votre réponse.
Merci