Virus qui provoque gros bug
mssy
-
6m -
6m -
Bonsoir,
Voila mon pc a pleins de probleme et malgré differents nettoyage etc il n'y a rien à faire, j'ai toujours des gros bugs et quand je vais dans mes videos ou tout autre dossier qui ocntient des videos il y a une fenetre qui me dit "explorer.exe a rencontré un probleme et doit fermer..."
donc ça m'enleve pendant qqes seconces la barre des taches et me la remet.
Quand il bug completement ça me le fait aussi avec internet explorer.
https://forums.cnetfrance.fr
donc impossible aussi daller sur free converter video pour convertir mes videos : jai une fenetre qui me dit: "free converter a rencontrer un probleme et doit fermer ..."
Je me faisait aidé sur un autre forum mais j'attend toujours des réponses depuis quelques semaines...
En effectuant une analyse virus en ligne avec panda et pleins d'analyse avec spybot, hijackthis et un nettoyage avec ccleaner (qu'on mavait conseillé suite a de gros bugs répétés depuis une semaine qui m'obligeait a éteindre mon pc "par la maniere forte" lol ) j'ai trouvé que mon pc etait infectés par 2 virus.
voici le rapport de panda :
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-01-03 13:32:10
PROTECTIONS: 1
MALWARE: 16
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1296 [VPS 090102-0] 4.8.1296 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00040722 adware/navipromo Adware No 1 Yes No hkey_current_user\software\mc
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@fastclick[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@bs.serving-sys[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@advertising[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@bluestreak[1].txt
00343731 Application/CloseApp HackTools No 0 Yes No C:\WINDOWS\SYSTEM32\CLOSEAPP.EXE
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Aussi, des qu'une nouvelle page d'un site internet s'affiche j'ai une fenetre qui s'affiche et qui annonce :
Internet Explorer ne peut pas afficher cette page Web
Essayez la chose suivante :
Diagnostiquer les problèmes de connexion
Informations
Ce problème peut avoir différentes causes, notamment :
•La connexion Internet a été perdue.
•Le site Web est temporairement indisponible.
•Le serveur de noms de domaine (DNS) est inaccessible.
•Le serveur de noms de domaine (DNS) ne contient pas d’entrée pour le domaine du site Web.
•Il se peut que l’adresse contienne une erreur de frappe.
•S’il s’agit d’une adresse HTTPS (sécurisée), cliquez sur Outils, sur Options Internet, puis sur Avancées et vérifiez que les protocoles SSL et TLS sont activés dans la section relative à la sécurité.
Pour les utilisateurs hors connexion
Vous pouvez encore afficher les flux auxquels vous êtes abonné et certaines pages Web visitées.
Pour afficher les flux auxquels vous êtes abonné
1.Cliquez sur le bouton Centre des favoris , cliquez sur Flux, puis cliquez sur le flux que vous souhaitez afficher.
Pour afficher les dernières pages Web visitées (peut ne pas fonctionner pour toutes les pages)
1.Cliquez sur Outils , puis sur Travailler hors connexion.
2.Cliquez sur le bouton Centre des favoris , cliquez sur Historique, puis cliquez sur la page que vous souhaitez afficher.
Je vous demande donc ce que je dois faire .
Merci d'avance.
Voila mon pc a pleins de probleme et malgré differents nettoyage etc il n'y a rien à faire, j'ai toujours des gros bugs et quand je vais dans mes videos ou tout autre dossier qui ocntient des videos il y a une fenetre qui me dit "explorer.exe a rencontré un probleme et doit fermer..."
donc ça m'enleve pendant qqes seconces la barre des taches et me la remet.
Quand il bug completement ça me le fait aussi avec internet explorer.
https://forums.cnetfrance.fr
donc impossible aussi daller sur free converter video pour convertir mes videos : jai une fenetre qui me dit: "free converter a rencontrer un probleme et doit fermer ..."
Je me faisait aidé sur un autre forum mais j'attend toujours des réponses depuis quelques semaines...
En effectuant une analyse virus en ligne avec panda et pleins d'analyse avec spybot, hijackthis et un nettoyage avec ccleaner (qu'on mavait conseillé suite a de gros bugs répétés depuis une semaine qui m'obligeait a éteindre mon pc "par la maniere forte" lol ) j'ai trouvé que mon pc etait infectés par 2 virus.
voici le rapport de panda :
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-01-03 13:32:10
PROTECTIONS: 1
MALWARE: 16
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1296 [VPS 090102-0] 4.8.1296 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00040722 adware/navipromo Adware No 1 Yes No hkey_current_user\software\mc
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@fastclick[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@bs.serving-sys[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@advertising[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Sihem\Cookies\sihem@bluestreak[1].txt
00343731 Application/CloseApp HackTools No 0 Yes No C:\WINDOWS\SYSTEM32\CLOSEAPP.EXE
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Aussi, des qu'une nouvelle page d'un site internet s'affiche j'ai une fenetre qui s'affiche et qui annonce :
Internet Explorer ne peut pas afficher cette page Web
Essayez la chose suivante :
Diagnostiquer les problèmes de connexion
Informations
Ce problème peut avoir différentes causes, notamment :
•La connexion Internet a été perdue.
•Le site Web est temporairement indisponible.
•Le serveur de noms de domaine (DNS) est inaccessible.
•Le serveur de noms de domaine (DNS) ne contient pas d’entrée pour le domaine du site Web.
•Il se peut que l’adresse contienne une erreur de frappe.
•S’il s’agit d’une adresse HTTPS (sécurisée), cliquez sur Outils, sur Options Internet, puis sur Avancées et vérifiez que les protocoles SSL et TLS sont activés dans la section relative à la sécurité.
Pour les utilisateurs hors connexion
Vous pouvez encore afficher les flux auxquels vous êtes abonné et certaines pages Web visitées.
Pour afficher les flux auxquels vous êtes abonné
1.Cliquez sur le bouton Centre des favoris , cliquez sur Flux, puis cliquez sur le flux que vous souhaitez afficher.
Pour afficher les dernières pages Web visitées (peut ne pas fonctionner pour toutes les pages)
1.Cliquez sur Outils , puis sur Travailler hors connexion.
2.Cliquez sur le bouton Centre des favoris , cliquez sur Historique, puis cliquez sur la page que vous souhaitez afficher.
Je vous demande donc ce que je dois faire .
Merci d'avance.
A voir également:
- Virus qui provoque gros bug
- Virus mcafee - Accueil - Piratage
- Bug chromecast - Guide
- Bug family link - Forum Contrôle parental
- Iptv bug ✓ - Forum TV & Vidéo
- Softonic virus ✓ - Forum Virus
20 réponses
Rapport info :
info.txt logfile of random's system information tool 1.06 2009-04-21 21:48:25
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Alice ADSL - Installation principale-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE5D7CE8-27E7-4452-AF33-F38F074BBD08}\setup.exe" -l0x40c -eth -pri
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
EBP Btrieve 8.6-->"C:\Documents and Settings\All Users\Application Data\{B33CBE2B-A739-401D-A5E0-041195C4A17B}\EBP_Btrieve8.6_SETUP.exe" REMOVE=TRUE MODIFY=FALSE
EBP Btrieve 8.6-->C:\Documents and Settings\All Users\Application Data\{B33CBE2B-A739-401D-A5E0-041195C4A17B}\EBP_Btrieve8.6_SETUP.exe
EBP Comptabilité 12.1-->"C:\Documents and Settings\All Users\Application Data\{AC5124E4-1239-42FB-9B14-963A3370BAD4}\EBP_Comptabilite.exe" REMOVE=TRUE MODIFY=FALSE
EBP Comptabilité 12.1-->C:\Documents and Settings\All Users\Application Data\{AC5124E4-1239-42FB-9B14-963A3370BAD4}\EBP_Comptabilite.exe
EBP Etats Financiers 12.0-->"C:\Documents and Settings\All Users\Application Data\{9BC9F1A9-D325-4800-A75F-E6CE13C36EB3}\EBP_EtatsFinanciers.exe" REMOVE=TRUE MODIFY=FALSE
EBP Etats Financiers 12.0-->C:\Documents and Settings\All Users\Application Data\{9BC9F1A9-D325-4800-A75F-E6CE13C36EB3}\EBP_EtatsFinanciers.exe
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Guide routier France-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC828A42-3901-4178-81AF-712A55AC5A65}\SETUP.exe" -l0x40c -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x040c -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Navilog1 3.7.6-->"C:\Program Files\Navilog1\unins000.exe"
NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
NTI HomeVideo-Maker-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8A6F713-D72D-47AD-A92D-B5C0E13F98C1}\setup.exe" -l0x40c
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
ObjectDock-->C:\PROGRA~1\STARDOCK\OBJECT~1\UNWISE.EXE C:\PROGRA~1\STARDOCK\OBJECT~1\INSTALL.LOG
OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
SAIDMUSIC Toolbar-->C:\PROGRA~1\SAIDMU~1\UNWISE.EXE /U C:\PROGRA~1\SAIDMU~1\INSTALL.LOG
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem ^^-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe -u
Vista Transformation Pack 8.0-->C:\WINDOWS\system32\viwc.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
======Security center information======
AV: avast! antivirus 4.8.1335 [VPS 090421-0]
======System event log======
Computer Name: BOUGHANEM
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{7AFCE7F5-7841-497B-819D-55AD8CA0585C} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.
Record Number: 32145
Source Name: Tcpip
Time Written: 20090325174804.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 3100
Message: Le pilote de l'édition Développeur IPv6 Microsoft a été démarré.
Record Number: 32144
Source Name: Tcpip6
Time Written: 20090325174804.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 32143
Source Name: EventLog
Time Written: 20090325174737.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 32142
Source Name: EventLog
Time Written: 20090325174737.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.
Record Number: 32141
Source Name: EventLog
Time Written: 20090325141002.000000+060
Event Type: Informations
User:
=====Application event log=====
Computer Name: BOUGHANEM
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 5
Source Name: SecurityCenter
Time Written: 20090106193625.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 4
Source Name: SecurityCenter
Time Written: 20090105194719.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 3
Source Name: SecurityCenter
Time Written: 20090105105332.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 2
Source Name: SecurityCenter
Time Written: 20090104194608.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 1001
Message: Vérification du système de fichiers sur C:
Le type du système de fichiers est FAT32.
L'intégrité de l'un de vos disques doit être vérifiée.
Vous pouvez annuler cette vérification, mais son exécution est
fortement recommandée.
Windows va maintenant vérifier le disque.
Le numéro de série du volume est 320D-180E
75310368 Ko d'espace disque au total.
2593408 Ko dans 1177 fichiers cachés.
165120 Ko dans 5106 dossiers.
63810368 Ko dans 88347 fichiers.
8741440 Ko sont disponibles.
32768 octets dans chaque unité d'allocation.
2353449 unités d'allocation au total sur le disque.
273170 unités d'allocation disponibles sur le disque.
Record Number: 1
Source Name: Winlogon
Time Written: 20090104194518.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\PVSW\Bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\Fichiers communs\GIS\Tools;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
Rapport log :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sihem at 2009-04-21 21:45:56
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 237 MB (0%) free of 74 GB
Total RAM: 958 MB (24% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:37, on 21/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TrueTransparency\TrueTransparency.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Sihem\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sihem.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.paruvendu.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SAIDMUSIC Toolbar - {01b76fec-14a9-4252-81c1-eac837ed85b1} - C:\Program Files\SAIDMUSIC\tbSAID.dll
O2 - BHO: SAIDMUSIC Toolbar - {01b76fec-14a9-4252-81c1-eac837ed85b1} - C:\Program Files\SAIDMUSIC\tbSAID.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {62046625-36c7-43e4-8dec-f630ed9c3297} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: SAIDMUSIC Toolbar - {01b76fec-14a9-4252-81c1-eac837ed85b1} - C:\Program Files\SAIDMUSIC\tbSAID.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\supilime.dll",b
O4 - HKLM\..\Run: [CPM313e2b3d] Rundll32.exe "c:\windows\system32\hepozili.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TrueTransparency] "C:\Program Files\TrueTransparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
1214127648875
O20 - AppInit_DLLs: c:\windows\system32\hepozili.dll,C:\WINDOWS\system32\favukumi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hepozili.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hepozili.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
info.txt logfile of random's system information tool 1.06 2009-04-21 21:48:25
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Alice ADSL - Installation principale-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE5D7CE8-27E7-4452-AF33-F38F074BBD08}\setup.exe" -l0x40c -eth -pri
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
EBP Btrieve 8.6-->"C:\Documents and Settings\All Users\Application Data\{B33CBE2B-A739-401D-A5E0-041195C4A17B}\EBP_Btrieve8.6_SETUP.exe" REMOVE=TRUE MODIFY=FALSE
EBP Btrieve 8.6-->C:\Documents and Settings\All Users\Application Data\{B33CBE2B-A739-401D-A5E0-041195C4A17B}\EBP_Btrieve8.6_SETUP.exe
EBP Comptabilité 12.1-->"C:\Documents and Settings\All Users\Application Data\{AC5124E4-1239-42FB-9B14-963A3370BAD4}\EBP_Comptabilite.exe" REMOVE=TRUE MODIFY=FALSE
EBP Comptabilité 12.1-->C:\Documents and Settings\All Users\Application Data\{AC5124E4-1239-42FB-9B14-963A3370BAD4}\EBP_Comptabilite.exe
EBP Etats Financiers 12.0-->"C:\Documents and Settings\All Users\Application Data\{9BC9F1A9-D325-4800-A75F-E6CE13C36EB3}\EBP_EtatsFinanciers.exe" REMOVE=TRUE MODIFY=FALSE
EBP Etats Financiers 12.0-->C:\Documents and Settings\All Users\Application Data\{9BC9F1A9-D325-4800-A75F-E6CE13C36EB3}\EBP_EtatsFinanciers.exe
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Guide routier France-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC828A42-3901-4178-81AF-712A55AC5A65}\SETUP.exe" -l0x40c -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x040c -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Navilog1 3.7.6-->"C:\Program Files\Navilog1\unins000.exe"
NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
NTI HomeVideo-Maker-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8A6F713-D72D-47AD-A92D-B5C0E13F98C1}\setup.exe" -l0x40c
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
ObjectDock-->C:\PROGRA~1\STARDOCK\OBJECT~1\UNWISE.EXE C:\PROGRA~1\STARDOCK\OBJECT~1\INSTALL.LOG
OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
SAIDMUSIC Toolbar-->C:\PROGRA~1\SAIDMU~1\UNWISE.EXE /U C:\PROGRA~1\SAIDMU~1\INSTALL.LOG
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem ^^-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe -u
Vista Transformation Pack 8.0-->C:\WINDOWS\system32\viwc.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
======Security center information======
AV: avast! antivirus 4.8.1335 [VPS 090421-0]
======System event log======
Computer Name: BOUGHANEM
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{7AFCE7F5-7841-497B-819D-55AD8CA0585C} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.
Record Number: 32145
Source Name: Tcpip
Time Written: 20090325174804.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 3100
Message: Le pilote de l'édition Développeur IPv6 Microsoft a été démarré.
Record Number: 32144
Source Name: Tcpip6
Time Written: 20090325174804.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 32143
Source Name: EventLog
Time Written: 20090325174737.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 32142
Source Name: EventLog
Time Written: 20090325174737.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.
Record Number: 32141
Source Name: EventLog
Time Written: 20090325141002.000000+060
Event Type: Informations
User:
=====Application event log=====
Computer Name: BOUGHANEM
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 5
Source Name: SecurityCenter
Time Written: 20090106193625.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 4
Source Name: SecurityCenter
Time Written: 20090105194719.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 3
Source Name: SecurityCenter
Time Written: 20090105105332.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 2
Source Name: SecurityCenter
Time Written: 20090104194608.000000+060
Event Type: Informations
User:
Computer Name: BOUGHANEM
Event Code: 1001
Message: Vérification du système de fichiers sur C:
Le type du système de fichiers est FAT32.
L'intégrité de l'un de vos disques doit être vérifiée.
Vous pouvez annuler cette vérification, mais son exécution est
fortement recommandée.
Windows va maintenant vérifier le disque.
Le numéro de série du volume est 320D-180E
75310368 Ko d'espace disque au total.
2593408 Ko dans 1177 fichiers cachés.
165120 Ko dans 5106 dossiers.
63810368 Ko dans 88347 fichiers.
8741440 Ko sont disponibles.
32768 octets dans chaque unité d'allocation.
2353449 unités d'allocation au total sur le disque.
273170 unités d'allocation disponibles sur le disque.
Record Number: 1
Source Name: Winlogon
Time Written: 20090104194518.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\PVSW\Bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\Fichiers communs\GIS\Tools;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
Rapport log :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sihem at 2009-04-21 21:45:56
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 237 MB (0%) free of 74 GB
Total RAM: 958 MB (24% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:37, on 21/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TrueTransparency\TrueTransparency.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Sihem\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sihem.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.paruvendu.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SAIDMUSIC Toolbar - {01b76fec-14a9-4252-81c1-eac837ed85b1} - C:\Program Files\SAIDMUSIC\tbSAID.dll
O2 - BHO: SAIDMUSIC Toolbar - {01b76fec-14a9-4252-81c1-eac837ed85b1} - C:\Program Files\SAIDMUSIC\tbSAID.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {62046625-36c7-43e4-8dec-f630ed9c3297} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: SAIDMUSIC Toolbar - {01b76fec-14a9-4252-81c1-eac837ed85b1} - C:\Program Files\SAIDMUSIC\tbSAID.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\supilime.dll",b
O4 - HKLM\..\Run: [CPM313e2b3d] Rundll32.exe "c:\windows\system32\hepozili.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TrueTransparency] "C:\Program Files\TrueTransparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
1214127648875
O20 - AppInit_DLLs: c:\windows\system32\hepozili.dll,C:\WINDOWS\system32\favukumi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hepozili.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hepozili.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
a+
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
a+
Voici le rapport
ComboFix 09-04-22.02 - Sihem 21/04/2009 22:23.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.958.613 [GMT 2:00]
Lancé depuis: c:\documents and settings\Sihem\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090421-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\emilipus.ini
c:\windows\system32\hepozili.dll
c:\windows\system32\supilime.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-21 au 2009-04-21 ))))))))))))))))))))))))))))))))))))
.
2009-04-21 19:45 . 2009-04-21 19:45 -------- d-----w C:\rsit
2009-04-18 17:38 . 2009-04-18 17:38 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-17 10:01 . 2009-04-17 10:01 -------- d-----w C:\ConvertTemp
2009-04-16 21:21 . 2009-04-16 21:21 -------- d--h--w c:\documents and settings\All Users\Application Data\{9BC9F1A9-D325-4800-A75F-E6CE13C36EB3}
2009-04-16 21:15 . 2009-04-16 21:15 -------- d-----w C:\PVSW
2009-04-16 21:15 . 2009-04-16 21:15 -------- d--h--w c:\documents and settings\All Users\Application Data\{B33CBE2B-A739-401D-A5E0-041195C4A17B}
2009-04-16 21:15 . 2009-04-16 21:15 -------- d-----w c:\documents and settings\Sihem\Application Data\EBP
2009-04-16 21:15 . 2009-04-16 21:15 -------- d-----w c:\documents and settings\All Users\Application Data\EBP
2009-04-16 21:14 . 2009-04-16 21:14 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-16 21:14 . 2006-07-18 12:31 1966080 ----a-w c:\windows\system32\cdintf251.dll
2009-04-16 21:13 . 2009-04-16 21:13 -------- d--h--w c:\documents and settings\All Users\Application Data\{AC5124E4-1239-42FB-9B14-963A3370BAD4}
2009-04-15 06:03 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 06:03 . 2009-03-06 14:20 286720 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 06:03 . 2009-02-09 11:23 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 06:03 . 2009-02-09 10:53 685568 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 06:03 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 06:03 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 06:03 . 2009-02-09 10:53 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 06:03 . 2009-02-09 10:53 735744 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 06:03 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 06:02 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-01 12:13 . 2009-04-01 12:13 -------- d-sh--w c:\documents and settings\Administrateur\IETldCache
2009-04-01 11:35 . 2009-04-01 11:35 -------- d-----w C:\GenProc
2009-03-31 17:55 . 2009-03-31 17:55 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\SAIDMUSIC
2009-03-31 17:55 . 2009-03-31 17:55 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-03-25 16:04 . 2009-03-25 16:04 -------- d-----w c:\documents and settings\Sihem\Local Settings\Application Data\SAIDMUSIC
2009-03-25 16:04 . 2009-03-25 16:04 -------- d-----w c:\documents and settings\Sihem\Local Settings\Application Data\Conduit
2009-03-24 21:11 . 2009-03-24 21:11 -------- d--h--w c:\windows\ie8
2009-03-24 17:55 . 2009-03-24 17:55 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-03-22 21:26 . 2009-03-22 21:26 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-22 21:23 . 2009-03-22 21:23 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 15:24 . 2009-01-19 15:24 52224 --sha-w c:\windows\system32\zeyoheko.exe
2009-04-18 17:38 . 2009-04-18 17:38 -------- d-----w c:\program files\iPod
2009-04-17 14:33 . 2005-01-23 10:37 98892 ----a-w c:\windows\system32\perfc00C.dat
2009-04-17 14:33 . 2005-01-23 10:37 517072 ----a-w c:\windows\system32\perfh00C.dat
2009-04-16 21:14 . 2009-04-16 21:13 -------- d-----w c:\program files\Fichiers communs\EBP
2009-04-16 21:14 . 2009-04-16 21:13 -------- d-----w c:\program files\EBP
2009-04-01 13:35 . 2009-04-01 12:14 3007 ----a-w C:\cleannavi.txt
2009-04-01 13:29 . 2009-01-26 13:24 3019 ----a-w C:\fixnavi.txt
2009-04-01 12:37 . 2009-04-01 12:37 8048 ----a-w C:\hijackthis.log
2009-04-01 12:36 . 2009-04-01 12:36 -------- d-----w c:\program files\Trend Micro
2009-04-01 12:20 . 2009-04-01 12:20 2997 ----a-w C:\fixnavi2.txt
2009-03-25 16:04 . 2009-03-25 16:04 -------- d-----w c:\program files\SAIDMUSIC
2009-03-22 21:26 . 2009-03-22 21:26 -------- d-----w c:\program files\iTunes
2009-03-22 21:25 . 2009-03-22 21:25 -------- d-----w c:\program files\Bonjour
2009-03-22 21:24 . 2009-03-22 21:24 -------- d-----w c:\program files\QuickTime
2009-03-22 21:23 . 2009-03-22 21:23 -------- d-----w c:\program files\Apple Software Update
2009-03-22 21:23 . 2009-03-22 21:23 -------- d-----w c:\program files\Fichiers communs\Apple
2009-03-22 09:25 . 2009-03-22 09:25 -------- d-----w c:\program files\Panda Security
2009-03-21 14:07 . 2009-03-21 14:07 1054720 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-19 14:32 . 2008-01-29 10:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 12:09 . 2004-08-05 03:00 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 12:09 . 2004-08-05 03:00 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 02:41 . 2005-07-19 17:04 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 02:34 . 2005-07-03 01:16 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2005-07-03 01:16 914944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 02:34 . 2005-07-03 01:16 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 02:34 . 2004-08-05 03:00 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 02:34 . 2004-08-05 03:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:34 . 2004-08-05 03:00 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 02:34 . 2004-08-05 04:00 105984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 02:34 . 2005-07-03 01:16 193536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 02:34 . 2004-08-05 03:00 109568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 02:33 . 2004-08-05 03:00 759296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 02:33 . 2007-08-13 16:42 18944 ----a-w c:\windows\system32\dllcache\corpol.dll
2009-03-08 02:33 . 2004-08-05 03:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-05 03:00 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 02:33 . 2007-08-13 16:38 726528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 02:33 . 2004-08-05 03:00 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 02:33 . 2007-08-13 16:54 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 02:33 . 2004-08-05 03:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:33 . 2004-08-05 03:00 125952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 02:32 . 2004-08-05 03:00 72704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 02:32 . 2004-08-05 03:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-05 03:00 173056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 02:32 . 2004-08-05 03:00 163840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 02:32 . 2004-08-05 03:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:32 . 2004-08-05 03:00 71680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 02:32 . 2004-08-05 03:00 55808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 02:32 . 2004-08-05 04:00 128512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 02:32 . 2005-07-03 01:16 94720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 02:32 . 2004-08-05 03:00 611840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 02:31 . 2005-07-03 01:16 183808 ----a-w c:\windows\system32\dllcache\iepeers.dll
2009-03-08 02:31 . 2004-08-05 03:00 348160 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
2009-03-08 02:31 . 2004-08-05 03:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-05 03:00 34816 ----a-w c:\windows\system32\dllcache\imgutil.dll
2009-03-08 02:31 . 2004-08-05 03:00 216064 ----a-w c:\windows\system32\dllcache\dxtrans.dll
2009-03-08 02:31 . 2005-07-03 01:16 46592 ----a-w c:\windows\system32\dllcache\pngfilt.dll
2009-03-08 02:31 . 2005-07-03 01:16 66560 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2009-03-08 02:31 . 2004-08-05 03:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-05 03:00 48128 ----a-w c:\windows\system32\dllcache\mshtmler.dll
2009-03-08 02:31 . 2004-08-05 03:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:31 . 2004-08-05 03:00 45568 ----a-w c:\windows\system32\dllcache\mshta.exe
2009-03-08 02:24 . 2004-08-05 03:00 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 02:22 . 2004-08-05 03:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 02:22 . 2004-08-05 03:00 156160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-06 14:20 . 2004-08-05 03:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-02-28 03:55 . 2009-02-07 13:14 105984 ------w c:\windows\system32\dllcache\iecompat.dll
2009-02-10 17:06 . 2008-10-16 12:14 2068096 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-10 17:06 . 2005-03-02 17:07 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 13:05 . 2008-10-16 12:14 1846912 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 13:05 . 2005-03-02 17:07 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:24 . 2008-10-16 12:14 2191104 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:24 . 2005-03-02 17:08 2191104 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 2008-10-16 12:14 2025984 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:23 . 2008-10-16 12:14 2147328 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:23 . 2004-08-05 03:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2005-04-28 18:32 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:53 . 2004-10-28 00:24 735744 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2004-08-05 03:00 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 2004-08-05 03:00 685568 ----a-w c:\windows\system32\advapi32.dll
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2004-08-05 03:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:39 . 2004-08-05 03:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-03 19:58 . 2009-02-03 19:58 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:58 . 2004-08-05 03:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-08-01 10:34 . 2008-06-21 19:42 72712 ----a-w c:\documents and settings\Sihem\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-06-21 21:55 . 2008-06-21 21:55 128 ----a-w c:\documents and settings\Sihem\Local Settings\Application Data\fusioncache.dat
2008-07-10 16:54 . 2008-07-10 16:54 23 --sha-w c:\windows\system32\ccddeba9_z.dll
.
------- Sigcheck -------
[-] 2008-04-13 17:34 1428480 FC5653A8BF818D02CCF466B392A6514C c:\windows\Explorer.exe
[-] 2008-04-13 17:34 1037824 64F3E2110C75CC0D04AADE08833BB948 c:\windows\system32\VITrans\explorer.exe
[7] 2004-08-05 03:00 1036288 4C33E5B9A6197B6ED215F6CFBA0A2DAA c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-13 17:34 1037824 64F3E2110C75CC0D04AADE08833BB948 c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01b76fec-14a9-4252-81c1-eac837ed85b1}]
2009-03-10 09:47 2079256 ----a-w c:\program files\SAIDMUSIC\tbSAID.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{01b76fec-14a9-4252-81c1-eac837ed85b1}"= "c:\program files\SAIDMUSIC\tbSAID.dll" [2009-03-10 2079256]
[HKEY_CLASSES_ROOT\clsid\{01b76fec-14a9-4252-81c1-eac837ed85b1}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{01B76FEC-14A9-4252-81C1-EAC837ED85B1}"= "c:\program files\SAIDMUSIC\tbSAID.dll" [2009-03-10 2079256]
[HKEY_CLASSES_ROOT\clsid\{01b76fec-14a9-4252-81c1-eac837ed85b1}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TrueTransparency"="c:\program files\TrueTransparency\TrueTransparency.exe" [2007-10-28 133120]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-10 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-10 86016]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-22 90112]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-11-10 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\Sihem\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-22 3450608]
c:\documents and settings\Sihem\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-22 3450608]
c:\documents and settings\Sihem\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-22 3450608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\EMULE.EXE"=
"c:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\PVSW\\Bin\\w3dbsmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'
2009-04-21 c:\windows\Tasks\User_Feed_Synchronization-{1B8EAB5D-44AC-4A12-8652-D12F377E68F8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{62046625-36c7-43e4-8dec-f630ed9c3297} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.paruvendu.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 22:28
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2691124827-810443948-1755010125-1006\Software\Local AppWizard-Generated Applications\Launch Tool]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Lake\LakeControl]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\DependentComponents]
@DACL=(02 0000)
@SACL=
"AvRack"="AvRack"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="3B28694BC48A2E0B626A6D18B9F7F892FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CC038D530D6EB3452C038D530D6EB3452E60E4BFE570E1F3B6BAE968F71F6F2EE2E88591A93351329AD92723AB09FE47D5C6C932C26629B2D6A8DB7E1861672E89E41AB5D7B25094DB7732D69AF7BBCC466CC1110D212A1AAD19F8175A33C0246B1A447ED11D27014EE06A0F9E521EEDB60BDB17B0DB01A190D417DCED75A7035037DEAA564ABA490C123673B06987FD8AA458BD2488350328BC458097813F3B2B48900F24BCFE2A4A0944111059FD524A4DAD58E3A867687BF6DE1CF9DBDA714EAFA0DD6DF944E8A011B11F11EA7BCFDB8696A39DE6721F9A374116422650781CDF6C268FD026C4F5E67DD684E5764754DD14C747588C6C031877E1DA6CA73F48A19715246D3A8D2B3A151155987DFF155E79DF40200C466E7C7E46310E0B340516D8FD21F7B514B85E4BBAA43C5A6AC41F42702C9995BCA4D4A2733864FF0065778B63C321E18BFD74010F058D215338633D3F7D9D22F9F6618C99D7571363E54AD25F3EA14920EB3B6634326256868A3D234C87F5F496BC1ACF44A8DD6783586F8BCF57AE7BDE628BEF18FFDE645809278FB76CF24940AEBFA77EF42438A8AACB7824ED75CF54EC6C49BDA7573B386D83C039A21BCE2297BE7BF5DCC2D27B00D3BA1213BE47E9E2426E03BE85E9DD77D2A45610E78E6CC06CAE47328C26B70EF4B68A2222B7D035BB6EA5C756D54A60A42E3897557BB4BA7729DA79560586721204620CC897DFC08BD037CFC970A770D77206A7C125A4E80204903999BD482726953F440926DE1CDF51971A58CD4A598B3636987122656B48667227ABAA78537474915C68A1E59510E4020DA2E33DDC452BA04C47762356AD01CB7C5B97F0B49518486ED694760BC2AAD05C88F82222C22D3CAA113B791CE9BB1084B49EEFB849109E384DB8348BD603EAE627C86C76C6884E150EBB16510F715EC1F4B69994A04FADA21C1CF36853BEF41DD71667A29DDC380C93DC102636A565219D749777F1DA52D9E311021C93BE5F336212EB5082C2CF349733B08FEEBAABB56BACC7D8BC1F53297F009D74451E69028EECC4D3475809C4CB357EE9F6AEA3CB67314675CCC7E536D7E677A33E6DDF8377795655CCCA2EE16D33202844514FE5D352444E00B7410C60B387DD656599DA705407733BA1B72B0DDCC5F71D2C640B2E768F7103FB2F90BF8EC2976ED0E86069BE853EF3B9544638F8B7A2EDCC851E427AC3C609FB5B6E9E3DD9BD97050D01FEE0D1A4CBD6213405C3598851F039861C1A299CFD4A002D015C445D0951CAA056991408726F4A4196B7755C7CA010D5E3BDFF25E7EB8A8F78FBF6A2C0911568DA83E10"
[HKEY_LOCAL_MACHINE\software\muvee Technologies\[u]0[/u]30625]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\muvee Technologies\muvee SDK - NTI_5]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\NewTech Infosystems\NTI CD-MakerV7\OEMUrl]
@DACL=(02 0000)
@SACL=
"Home"="https://www.acer.com/worldwide/selection.html"
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek AC'97 Audio]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\SETUPAPI.dll
- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\scecli.dll
c:\windows\system32\SETUPAPI.dll
- - - - - - - > 'explorer.exe'(2144)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\TrueTransparency\TrueTransparencyHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\pvsw\BIN\WGE_SRV.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
c:\pvsw\BIN\W3DBSMGR.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHDISP.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-04-21 22:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-21 20:30
Avant-CF: 656 113 664 octets libres
Après-CF: 606 273 536 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
315 --- E O F --- 2009-04-16 19:19
Merci.
ComboFix 09-04-22.02 - Sihem 21/04/2009 22:23.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.958.613 [GMT 2:00]
Lancé depuis: c:\documents and settings\Sihem\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090421-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\emilipus.ini
c:\windows\system32\hepozili.dll
c:\windows\system32\supilime.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-21 au 2009-04-21 ))))))))))))))))))))))))))))))))))))
.
2009-04-21 19:45 . 2009-04-21 19:45 -------- d-----w C:\rsit
2009-04-18 17:38 . 2009-04-18 17:38 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-17 10:01 . 2009-04-17 10:01 -------- d-----w C:\ConvertTemp
2009-04-16 21:21 . 2009-04-16 21:21 -------- d--h--w c:\documents and settings\All Users\Application Data\{9BC9F1A9-D325-4800-A75F-E6CE13C36EB3}
2009-04-16 21:15 . 2009-04-16 21:15 -------- d-----w C:\PVSW
2009-04-16 21:15 . 2009-04-16 21:15 -------- d--h--w c:\documents and settings\All Users\Application Data\{B33CBE2B-A739-401D-A5E0-041195C4A17B}
2009-04-16 21:15 . 2009-04-16 21:15 -------- d-----w c:\documents and settings\Sihem\Application Data\EBP
2009-04-16 21:15 . 2009-04-16 21:15 -------- d-----w c:\documents and settings\All Users\Application Data\EBP
2009-04-16 21:14 . 2009-04-16 21:14 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-16 21:14 . 2006-07-18 12:31 1966080 ----a-w c:\windows\system32\cdintf251.dll
2009-04-16 21:13 . 2009-04-16 21:13 -------- d--h--w c:\documents and settings\All Users\Application Data\{AC5124E4-1239-42FB-9B14-963A3370BAD4}
2009-04-15 06:03 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 06:03 . 2009-03-06 14:20 286720 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 06:03 . 2009-02-09 11:23 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 06:03 . 2009-02-09 10:53 685568 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 06:03 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 06:03 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 06:03 . 2009-02-09 10:53 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 06:03 . 2009-02-09 10:53 735744 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 06:03 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 06:02 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-01 12:13 . 2009-04-01 12:13 -------- d-sh--w c:\documents and settings\Administrateur\IETldCache
2009-04-01 11:35 . 2009-04-01 11:35 -------- d-----w C:\GenProc
2009-03-31 17:55 . 2009-03-31 17:55 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\SAIDMUSIC
2009-03-31 17:55 . 2009-03-31 17:55 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-03-25 16:04 . 2009-03-25 16:04 -------- d-----w c:\documents and settings\Sihem\Local Settings\Application Data\SAIDMUSIC
2009-03-25 16:04 . 2009-03-25 16:04 -------- d-----w c:\documents and settings\Sihem\Local Settings\Application Data\Conduit
2009-03-24 21:11 . 2009-03-24 21:11 -------- d--h--w c:\windows\ie8
2009-03-24 17:55 . 2009-03-24 17:55 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-03-22 21:26 . 2009-03-22 21:26 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-22 21:23 . 2009-03-22 21:23 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 15:24 . 2009-01-19 15:24 52224 --sha-w c:\windows\system32\zeyoheko.exe
2009-04-18 17:38 . 2009-04-18 17:38 -------- d-----w c:\program files\iPod
2009-04-17 14:33 . 2005-01-23 10:37 98892 ----a-w c:\windows\system32\perfc00C.dat
2009-04-17 14:33 . 2005-01-23 10:37 517072 ----a-w c:\windows\system32\perfh00C.dat
2009-04-16 21:14 . 2009-04-16 21:13 -------- d-----w c:\program files\Fichiers communs\EBP
2009-04-16 21:14 . 2009-04-16 21:13 -------- d-----w c:\program files\EBP
2009-04-01 13:35 . 2009-04-01 12:14 3007 ----a-w C:\cleannavi.txt
2009-04-01 13:29 . 2009-01-26 13:24 3019 ----a-w C:\fixnavi.txt
2009-04-01 12:37 . 2009-04-01 12:37 8048 ----a-w C:\hijackthis.log
2009-04-01 12:36 . 2009-04-01 12:36 -------- d-----w c:\program files\Trend Micro
2009-04-01 12:20 . 2009-04-01 12:20 2997 ----a-w C:\fixnavi2.txt
2009-03-25 16:04 . 2009-03-25 16:04 -------- d-----w c:\program files\SAIDMUSIC
2009-03-22 21:26 . 2009-03-22 21:26 -------- d-----w c:\program files\iTunes
2009-03-22 21:25 . 2009-03-22 21:25 -------- d-----w c:\program files\Bonjour
2009-03-22 21:24 . 2009-03-22 21:24 -------- d-----w c:\program files\QuickTime
2009-03-22 21:23 . 2009-03-22 21:23 -------- d-----w c:\program files\Apple Software Update
2009-03-22 21:23 . 2009-03-22 21:23 -------- d-----w c:\program files\Fichiers communs\Apple
2009-03-22 09:25 . 2009-03-22 09:25 -------- d-----w c:\program files\Panda Security
2009-03-21 14:07 . 2009-03-21 14:07 1054720 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-19 14:32 . 2008-01-29 10:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 12:09 . 2004-08-05 03:00 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 12:09 . 2004-08-05 03:00 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 02:41 . 2005-07-19 17:04 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 02:34 . 2005-07-03 01:16 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2005-07-03 01:16 914944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 02:34 . 2005-07-03 01:16 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 02:34 . 2004-08-05 03:00 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 02:34 . 2004-08-05 03:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:34 . 2004-08-05 03:00 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 02:34 . 2004-08-05 04:00 105984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 02:34 . 2005-07-03 01:16 193536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 02:34 . 2004-08-05 03:00 109568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 02:33 . 2004-08-05 03:00 759296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 02:33 . 2007-08-13 16:42 18944 ----a-w c:\windows\system32\dllcache\corpol.dll
2009-03-08 02:33 . 2004-08-05 03:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-05 03:00 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 02:33 . 2007-08-13 16:38 726528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 02:33 . 2004-08-05 03:00 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 02:33 . 2007-08-13 16:54 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 02:33 . 2004-08-05 03:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:33 . 2004-08-05 03:00 125952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 02:32 . 2004-08-05 03:00 72704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 02:32 . 2004-08-05 03:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-05 03:00 173056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 02:32 . 2004-08-05 03:00 163840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 02:32 . 2004-08-05 03:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:32 . 2004-08-05 03:00 71680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 02:32 . 2004-08-05 03:00 55808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 02:32 . 2004-08-05 04:00 128512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 02:32 . 2005-07-03 01:16 94720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 02:32 . 2004-08-05 03:00 611840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 02:31 . 2005-07-03 01:16 183808 ----a-w c:\windows\system32\dllcache\iepeers.dll
2009-03-08 02:31 . 2004-08-05 03:00 348160 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
2009-03-08 02:31 . 2004-08-05 03:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-05 03:00 34816 ----a-w c:\windows\system32\dllcache\imgutil.dll
2009-03-08 02:31 . 2004-08-05 03:00 216064 ----a-w c:\windows\system32\dllcache\dxtrans.dll
2009-03-08 02:31 . 2005-07-03 01:16 46592 ----a-w c:\windows\system32\dllcache\pngfilt.dll
2009-03-08 02:31 . 2005-07-03 01:16 66560 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2009-03-08 02:31 . 2004-08-05 03:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-05 03:00 48128 ----a-w c:\windows\system32\dllcache\mshtmler.dll
2009-03-08 02:31 . 2004-08-05 03:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:31 . 2004-08-05 03:00 45568 ----a-w c:\windows\system32\dllcache\mshta.exe
2009-03-08 02:24 . 2004-08-05 03:00 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 02:22 . 2004-08-05 03:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 02:22 . 2004-08-05 03:00 156160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-06 14:20 . 2004-08-05 03:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-02-28 03:55 . 2009-02-07 13:14 105984 ------w c:\windows\system32\dllcache\iecompat.dll
2009-02-10 17:06 . 2008-10-16 12:14 2068096 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-10 17:06 . 2005-03-02 17:07 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 13:05 . 2008-10-16 12:14 1846912 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 13:05 . 2005-03-02 17:07 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:24 . 2008-10-16 12:14 2191104 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:24 . 2005-03-02 17:08 2191104 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 2008-10-16 12:14 2025984 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:23 . 2008-10-16 12:14 2147328 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:23 . 2004-08-05 03:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2005-04-28 18:32 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:53 . 2004-10-28 00:24 735744 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2004-08-05 03:00 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 2004-08-05 03:00 685568 ----a-w c:\windows\system32\advapi32.dll
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2004-08-05 03:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:39 . 2004-08-05 03:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-03 19:58 . 2009-02-03 19:58 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:58 . 2004-08-05 03:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-08-01 10:34 . 2008-06-21 19:42 72712 ----a-w c:\documents and settings\Sihem\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-06-21 21:55 . 2008-06-21 21:55 128 ----a-w c:\documents and settings\Sihem\Local Settings\Application Data\fusioncache.dat
2008-07-10 16:54 . 2008-07-10 16:54 23 --sha-w c:\windows\system32\ccddeba9_z.dll
.
------- Sigcheck -------
[-] 2008-04-13 17:34 1428480 FC5653A8BF818D02CCF466B392A6514C c:\windows\Explorer.exe
[-] 2008-04-13 17:34 1037824 64F3E2110C75CC0D04AADE08833BB948 c:\windows\system32\VITrans\explorer.exe
[7] 2004-08-05 03:00 1036288 4C33E5B9A6197B6ED215F6CFBA0A2DAA c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-13 17:34 1037824 64F3E2110C75CC0D04AADE08833BB948 c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01b76fec-14a9-4252-81c1-eac837ed85b1}]
2009-03-10 09:47 2079256 ----a-w c:\program files\SAIDMUSIC\tbSAID.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{01b76fec-14a9-4252-81c1-eac837ed85b1}"= "c:\program files\SAIDMUSIC\tbSAID.dll" [2009-03-10 2079256]
[HKEY_CLASSES_ROOT\clsid\{01b76fec-14a9-4252-81c1-eac837ed85b1}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{01B76FEC-14A9-4252-81C1-EAC837ED85B1}"= "c:\program files\SAIDMUSIC\tbSAID.dll" [2009-03-10 2079256]
[HKEY_CLASSES_ROOT\clsid\{01b76fec-14a9-4252-81c1-eac837ed85b1}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TrueTransparency"="c:\program files\TrueTransparency\TrueTransparency.exe" [2007-10-28 133120]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-10 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-10 86016]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-22 90112]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-11-10 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\Sihem\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-22 3450608]
c:\documents and settings\Sihem\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-22 3450608]
c:\documents and settings\Sihem\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-22 3450608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\EMULE.EXE"=
"c:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\PVSW\\Bin\\w3dbsmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'
2009-04-21 c:\windows\Tasks\User_Feed_Synchronization-{1B8EAB5D-44AC-4A12-8652-D12F377E68F8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{62046625-36c7-43e4-8dec-f630ed9c3297} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.paruvendu.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 22:28
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2691124827-810443948-1755010125-1006\Software\Local AppWizard-Generated Applications\Launch Tool]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Lake\LakeControl]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\DependentComponents]
@DACL=(02 0000)
@SACL=
"AvRack"="AvRack"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="3B28694BC48A2E0B626A6D18B9F7F892FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CC038D530D6EB3452C038D530D6EB3452E60E4BFE570E1F3B6BAE968F71F6F2EE2E88591A93351329AD92723AB09FE47D5C6C932C26629B2D6A8DB7E1861672E89E41AB5D7B25094DB7732D69AF7BBCC466CC1110D212A1AAD19F8175A33C0246B1A447ED11D27014EE06A0F9E521EEDB60BDB17B0DB01A190D417DCED75A7035037DEAA564ABA490C123673B06987FD8AA458BD2488350328BC458097813F3B2B48900F24BCFE2A4A0944111059FD524A4DAD58E3A867687BF6DE1CF9DBDA714EAFA0DD6DF944E8A011B11F11EA7BCFDB8696A39DE6721F9A374116422650781CDF6C268FD026C4F5E67DD684E5764754DD14C747588C6C031877E1DA6CA73F48A19715246D3A8D2B3A151155987DFF155E79DF40200C466E7C7E46310E0B340516D8FD21F7B514B85E4BBAA43C5A6AC41F42702C9995BCA4D4A2733864FF0065778B63C321E18BFD74010F058D215338633D3F7D9D22F9F6618C99D7571363E54AD25F3EA14920EB3B6634326256868A3D234C87F5F496BC1ACF44A8DD6783586F8BCF57AE7BDE628BEF18FFDE645809278FB76CF24940AEBFA77EF42438A8AACB7824ED75CF54EC6C49BDA7573B386D83C039A21BCE2297BE7BF5DCC2D27B00D3BA1213BE47E9E2426E03BE85E9DD77D2A45610E78E6CC06CAE47328C26B70EF4B68A2222B7D035BB6EA5C756D54A60A42E3897557BB4BA7729DA79560586721204620CC897DFC08BD037CFC970A770D77206A7C125A4E80204903999BD482726953F440926DE1CDF51971A58CD4A598B3636987122656B48667227ABAA78537474915C68A1E59510E4020DA2E33DDC452BA04C47762356AD01CB7C5B97F0B49518486ED694760BC2AAD05C88F82222C22D3CAA113B791CE9BB1084B49EEFB849109E384DB8348BD603EAE627C86C76C6884E150EBB16510F715EC1F4B69994A04FADA21C1CF36853BEF41DD71667A29DDC380C93DC102636A565219D749777F1DA52D9E311021C93BE5F336212EB5082C2CF349733B08FEEBAABB56BACC7D8BC1F53297F009D74451E69028EECC4D3475809C4CB357EE9F6AEA3CB67314675CCC7E536D7E677A33E6DDF8377795655CCCA2EE16D33202844514FE5D352444E00B7410C60B387DD656599DA705407733BA1B72B0DDCC5F71D2C640B2E768F7103FB2F90BF8EC2976ED0E86069BE853EF3B9544638F8B7A2EDCC851E427AC3C609FB5B6E9E3DD9BD97050D01FEE0D1A4CBD6213405C3598851F039861C1A299CFD4A002D015C445D0951CAA056991408726F4A4196B7755C7CA010D5E3BDFF25E7EB8A8F78FBF6A2C0911568DA83E10"
[HKEY_LOCAL_MACHINE\software\muvee Technologies\[u]0[/u]30625]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\muvee Technologies\muvee SDK - NTI_5]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\NewTech Infosystems\NTI CD-MakerV7\OEMUrl]
@DACL=(02 0000)
@SACL=
"Home"="https://www.acer.com/worldwide/selection.html"
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek AC'97 Audio]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\SETUPAPI.dll
- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\scecli.dll
c:\windows\system32\SETUPAPI.dll
- - - - - - - > 'explorer.exe'(2144)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\TrueTransparency\TrueTransparencyHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\pvsw\BIN\WGE_SRV.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
c:\pvsw\BIN\W3DBSMGR.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHDISP.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-04-21 22:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-21 20:30
Avant-CF: 656 113 664 octets libres
Après-CF: 606 273 536 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
315 --- E O F --- 2009-04-16 19:19
Merci.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
OK....
Fais un scan avec cet antispyware :Telecharges malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copies et colles le rapport stp.
A+
Fais un scan avec cet antispyware :Telecharges malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copies et colles le rapport stp.
A+
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2021
Windows 5.1.2600 Service Pack 3
21/04/2009 22:54:59
mbam-log-2009-04-21 (22-54-52).txt
Type de recherche: Examen rapide
Eléments examinés: 74698
Temps écoulé: 6 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\Advantage (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\zeyoheko.exe (Trojan.Vundo) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> No action taken.
Merci.
Version de la base de données: 2021
Windows 5.1.2600 Service Pack 3
21/04/2009 22:54:59
mbam-log-2009-04-21 (22-54-52).txt
Type de recherche: Examen rapide
Eléments examinés: 74698
Temps écoulé: 6 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\Advantage (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\zeyoheko.exe (Trojan.Vundo) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> No action taken.
Merci.
LIS BIEN LES INSTRUCTIONS STP...
je t'avais demandé:
Si des elements on ete trouvés > click sur supprimer la selection.
Et je vois partout: NO ACTION TAKEN!!!!!
Relances MBAM et APPLIQUES...
ENSUITE :
1 Nouveau RSIT stp...Il reste encore du boulot certainement....
a+
je t'avais demandé:
Si des elements on ete trouvés > click sur supprimer la selection.
Et je vois partout: NO ACTION TAKEN!!!!!
Relances MBAM et APPLIQUES...
ENSUITE :
1 Nouveau RSIT stp...Il reste encore du boulot certainement....
a+
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2021
Windows 5.1.2600 Service Pack 3
21/04/2009 23:20:02
mbam-log-2009-04-21 (23-20-02).txt
Type de recherche: Examen rapide
Eléments examinés: 74698
Temps écoulé: 6 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Advantage (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\zeyoheko.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.
Version de la base de données: 2021
Windows 5.1.2600 Service Pack 3
21/04/2009 23:20:02
mbam-log-2009-04-21 (23-20-02).txt
Type de recherche: Examen rapide
Eléments examinés: 74698
Temps écoulé: 6 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Advantage (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\zeyoheko.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.
Je m'excuse j'avais pas vu ...
Voici :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sihem at 2009-04-22 18:26:24
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 240 MB (0%) free of 74 GB
Total RAM: 958 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:58, on 22/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TrueTransparency\TrueTransparency.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Sihem\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sihem.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paruvendu.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SAIDMUSIC Toolbar - {01b76fec-14a9-4252-81c1-eac837ed85b1} - C:\Program Files\SAIDMUSIC\tbSAID.dll
O2 - BHO: SAIDMUSIC Toolbar - {01b76fec-14a9-4252-81c1-eac837ed85b1} - C:\Program Files\SAIDMUSIC\tbSAID.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: SAIDMUSIC Toolbar - {01b76fec-14a9-4252-81c1-eac837ed85b1} - C:\Program Files\SAIDMUSIC\tbSAID.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TrueTransparency] "C:\Program Files\TrueTransparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Voici :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sihem at 2009-04-22 18:26:24
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 240 MB (0%) free of 74 GB
Total RAM: 958 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:58, on 22/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TrueTransparency\TrueTransparency.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Sihem\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sihem.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paruvendu.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SAIDMUSIC Toolbar - {01b76fec-14a9-4252-81c1-eac837ed85b1} - C:\Program Files\SAIDMUSIC\tbSAID.dll
O2 - BHO: SAIDMUSIC Toolbar - {01b76fec-14a9-4252-81c1-eac837ed85b1} - C:\Program Files\SAIDMUSIC\tbSAID.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: SAIDMUSIC Toolbar - {01b76fec-14a9-4252-81c1-eac837ed85b1} - C:\Program Files\SAIDMUSIC\tbSAID.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TrueTransparency] "C:\Program Files\TrueTransparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Eh bien deja toujours les memes problemes ...
Bug et probleme pour les dossiers ou il y a des videos..
Bug et probleme pour les dossiers ou il y a des videos..
Telecharge GENPROC
lien +tuto :
http://www.alt-shift-return.org/Info/GenProc-HowTo.html
Copie et colle le rapport stp...
a+
lien +tuto :
http://www.alt-shift-return.org/Info/GenProc-HowTo.html
Copie et colle le rapport stp...
a+
Rapport GenProc 2.525 [1] - 22/04/2009 à 20:11:46 - Windows XP
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
