Help !! plantages a repetition

lly -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

je ne sais plus ou poster... j espere que quelqu un ici pourra me donner un coup de main...

depuis plusieurs semaines, mon pc plante, aleatoirement, au bout de 30 secondes,
ou au bout de 10 minutes, que je ne fasse rien, que je surfe sur le net, ou que
j essaye d ecouter de la musique, peu importe.

"il plante", j entends par là, que brusquement, il ne se passe plus rien, il ne fait plus rien,
le disque dur ne fait plus "grat-grat", juste la souris bouge.

alors j ai essayé pas mal de choses, en vrac :

j avais 2 cartes reseau, celle reliée au routeur, et une integree a la CM, j ai viré la premiere
nettoyage de toute la poussiere
j ai enlevé une carte video qui me servait a recevoir la tele
j ai desinstallé une 20taine de programmes avec revo uninstaller (dont antivirus, desfois que...)
je suis revenu a la plus ancienne sauvegarde de windows (je ne sais plus comment on appelle ca,
pour revenir a une version antérieur, c est un des outils d´XP)

et là je sèche...
je ne sais plus quoi faire...
et ce que je peux copier coller le rapport d hijackthis ici au cas ou j ai loupé quelque chose ?

je remercie ceux qui voudront bien me donner un coup de main, je desespere et je suis pas du tout douee
en informatique mais j ai besoin de mon pc... c est mon outil de travail...

je dois ajouter aussi que je suis incapable de remettre la main sur le CD de windows depuis mon demenagement
donc je ne peux pas reinstaller...
Configuration: Windows XP
Firefox 3.0.5

30 réponses

  • 1
  • 2
Résumé de la discussion

Un PC sous Windows XP plante de façon aléatoire après 30 secondes ou jusqu’à 10 minutes, quel que soit le programme utilisé (navigation, musique) et sans messages d’erreur apparents. Des pistes évoquent une infection ou un rootkit de MBR et proposent d’utiliser un outil dédié (mbr.exe) pour restaurer le MBR et générer un rapport mbr.log, en cas d’infection. En parallèle, des tests antivirus (Avira) et des analyses système sont recommandés, avec partage des rapports pour identifier une éventuelle infection et vérifier les erreurs système ou pilotes. Des éléments soulignent aussi la difficulté de réinstaller sans CD et évoquent l’option de sauvegardes système ou d’images disque comme solution provisoire, ou d'autres alternatives techniques possibles.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt pas evident cela peut etre un conflit logciel, un souci materiel ou une infection

    comme tu es dans la partie securité:

    scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

    ______________________

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  2. lly
     
    merci beaucoup d avoir répondu,

    voilà le rapport

    info.txt logfile of random's system information tool 1.06 2009-04-22 22:27:04

    ======Uninstall list======

    -->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
    Adobe AIR-->c:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
    Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
    Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
    Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
    Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
    Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
    Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
    Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
    Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
    Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
    Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
    Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
    Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
    Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
    Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
    Adobe Setup-->MsiExec.exe /I{28773E11-6E44-46DC-90BD-273A3FA2CAC1}
    Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
    Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
    Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
    Architecture 3D 1.5b-->"C:\Programme\LiveCAD\Architecture 3D\unins000.exe"
    Archiveur WinRAR-->C:\Programme\WinRAR\uninstall.exe
    ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    Baby Majhong-->c:\babymajh\Uninstal.exe
    CacheMot-->C:\Programme\CacheMot\unins000.exe
    CompuApps SwissKnife V3-->C:\WINDOWS\ISUNINST.EXE -fC:\SWISNIFE\SKUninst.ISU -cC:\SWISNIFE\SKUNINST.DLL
    Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
    DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
    DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Ecole Primaire - ABCDaire-->C:\WINDOWS\st6unst.exe -n "C:\Programme\Ecole Primaire - ABCDaire\ST6UNST.LOG"
    Ecole primaire - Mémoire-->C:\WINDOWS\st6unst.exe -n "C:\Programme\Ecole primaire - Mémoire\ST6UNST.LOG"
    EtiketaGoGo v3.3.2-->"C:\Programme\EtiketaGoGo\unins000.exe"
    Folding@home-x86-->MsiExec.exe /I{87C85D28-0633-453D-8D29-98C3A1043F6C}
    GéoKid-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Programme\denouvel\GéoKid\UnInst.log" "/APPNAME=GéoKid"
    GOM Player-->"C:\Programme\GRETECH\GomPlayer\Uninstall.exe"
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    Google SketchUp 6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly
    Google SketchUp 6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly
    GTK+ 2.10.13 runtime environment-->"C:\Programme\Gemeinsame Dateien\GTK\2.0\setup\unins000.exe"
    GVAO-->C:\WINDOWS\unin040c.exe -fC:\Programme\Ord-ixSofts\GVAO\DeIsL1.isu -cC:\Programme\Ord-ixSofts\GVAO\_ISREG32.DLL
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
    Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix für Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
    Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    IziSpot 4-->MsiExec.exe /X{78DEE332-4FE2-469F-9CF7-F54C47E11F21}
    Jarkanoid 3-->"C:\Programme\Jarkanoid 3\unins000.exe"
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Jong 3D (version d'évaluation)-->MsiExec.exe /X{758A1306-8AA8-11D7-9EC4-0050FC3A098F}
    K-Lite Codec Pack 3.2.5 Full-->"C:\Programme\K-Lite Codec Pack\unins000.exe"
    kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
    Lauyan TOWeb V2-->"C:\Programme\Lauyan\TOWeb V2\unins000.exe"
    Learn2 Player (Uninstall Only)-->C:\Programme\Learn2.com\StRunner\stuninst.exe
    Messenger Plus! Live & Sponsor (CiD)-->"C:\Programme\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    MioMap v3 Updater-->MsiExec.exe /I{9C6E2ABE-B3E6-49BA-807C-BDFA54496DA5}
    Mozilla Firefox (3.0.1)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
    MSN-->C:\Programme\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    My Free Mahjong v.2.0-->"C:\Programme\My Free Mahjong\unins000.exe"
    Pacman Come Back-->MsiExec.exe /I{BC8F9331-522C-4B24-B610-94EAAA23E43E}
    Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
    Picasa 2-->"C:\Programme\Picasa2\Uninstall.exe"
    QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
    RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
    Revo Uninstaller 1.80-->C:\Programme\VS Revo Group\Revo Uninstaller\uninst.exe
    Roxio CinePlayer-->MsiExec.exe /I{1B683082-8791-4D00-8ADE-6C8986FCCC68}
    SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    Samsung Contacts Copier-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FECB001A-62F8-4E84-8FD0-4B963D039A63}\setup.exe" -l0x9 -removeonly
    SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
    SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio 3 USB Driver Installer-->"C:\Programme\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung PC Studio 3-->"C:\Programme\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
    ShadowFlare-->C:\Programme\ShadowFlare\SFUninst.exe
    Shareaza 2.3.1.0-->"C:\CreativesFiles\Uninstall\unins000.exe"
    Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic RecordNow! Plus-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
    Sonic Simple Backup-->MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
    Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Spyware Doctor 6.0-->C:\Programme\Spyware Doctor\unins000.exe /LOG
    Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
    SuperTux 0.1.3-->C:\Programme\SuperTux\unins000.exe
    SupervisionCam-->C:\Programme\SupervisionCam\SupervisionCam.exe /deinstall
    SupraLec 1.50-->"C:\Programme\SupraLec\unins000.exe"
    The GIMP 2.2.17-->"C:\Programme\GIMP-2.0\unins000.exe"
    T-Online 4.0 Hilfe-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\TOHELP4.ISU
    T-Online Browser 4.5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{00490EBE-23A5-4976-B95B-BE6B9DF6E2FB}\Setup.exe"
    T-Online Copas Client 4.0-->C:\t-online\CoPaS\UNWISE.EXE /U C:\t-online\CoPaS\INSTALL.LOG
    T-Online eMail 4.0-->C:\t-online\EMAIL4\UNWISE.EXE /U C:\t-online\EMAIL4\INSTALL.LOG
    T-Online OnlineBanking 4.0-->C:\t-online\OB4HBCI\UNWISE.EXE /U C:\t-online\OB4HBCI\INSTALL.LOG
    Update für Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
    Update für Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
    Update für Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
    Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update Rollup 2 für Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    VideoCap 1.0-->C:\Programme\VideoCap\unins000.exe
    VideoLAN VLC media player 0.8.6c-->C:\Programme\VideoLAN\VLC\uninstall.exe
    Viewpoint Media Player-->C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    VIMICRO USB PC Camera V-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}\setup.exe" -l0x7
    Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
    Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log

    =====HijackThis Backups=====

    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://blooppe.spaces.live.com/PhotoUpload/MsnPUpld.cab [2008-09-07]
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-09-07]
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2008-09-07]
    O4 - HKLM\..\Run: [Base frag grid bows] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cast ping base frag\poke manager.exe [2008-09-07]
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-09-07]
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [2008-09-07]
    O4 - HKCU\..\Run: [Chinweb] C:\DOKUME~1\HEINRI~1\ANWEND~1\ONLINE~1\programfree.exe [2008-10-18]
    O23 - Service: CPDDVFWI - Sysinternals - www.sysinternals.com - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\CPDDVFWI.exe [2008-10-18]
    [2009-04-04]
    [2009-04-04]
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-04-04]
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab [2009-04-21]
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-04-21]
    O23 - Service: MXVCMFUEVP - Sysinternals - www.sysinternals.com - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\MXVCMFUEVP.exe [2009-04-21]
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (file missing) [2009-04-22]
    O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll (file missing) [2009-04-22]
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-04-22]
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (file missing) [2009-04-22]
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-04-22]
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab [2009-04-22]
    O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll (file missing) [2009-04-22]
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (file missing) [2009-04-22]
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (file missing) [2009-04-22]
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) [2009-04-22]
    O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing) [2009-04-22]

    ======Hosts File======

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

    ======Security center information======

    FW: Norton Internet Worm Protection (disabled)

    ======System event log======

    Computer Name: HEINRICH
    Event Code: 1007
    Message: Die IP-Adresse für die Netzwerkkarte mit der Netzwerkadresse 00105AB06D07
    wurde automatisch durch diesen Computer konfiguriert. Die verwendete IP-Adresse ist 169.254.168.242.

    Record Number: 17790
    Source Name: Dhcp
    Time Written: 20090408104346.000000+120
    Event Type: warning
    User:

    Computer Name: HEINRICH
    Event Code: 29
    Message: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
    konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
    der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
    mit der Quelle herzustellen.
    Der NtpClient verfügt über keine Quelle mit genauer Zeit.

    Record Number: 17786
    Source Name: W32Time
    Time Written: 20090408091432.000000+120
    Event Type: error
    User:

    Computer Name: HEINRICH
    Event Code: 17
    Message: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
    "ntp.unice.fr,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
    wiederholt.
    Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)

    Record Number: 17785
    Source Name: W32Time
    Time Written: 20090408091432.000000+120
    Event Type: error
    User:

    Computer Name: HEINRICH
    Event Code: 29
    Message: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
    konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
    der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
    mit der Quelle herzustellen.
    Der NtpClient verfügt über keine Quelle mit genauer Zeit.

    Record Number: 17781
    Source Name: W32Time
    Time Written: 20090408091421.000000+120
    Event Type: error
    User:

    Computer Name: HEINRICH
    Event Code: 17
    Message: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
    "ntp.unice.fr,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
    wiederholt.
    Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)

    Record Number: 17780
    Source Name: W32Time
    Time Written: 20090408091421.000000+120
    Event Type: error
    User:

    =====Application event log=====

    Computer Name: HEINRICH
    Event Code: 1000
    Message: Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x014bdcf9.

    Record Number: 46
    Source Name: Application Error
    Time Written: 20090408224413.000000+120
    Event Type: error
    User:

    Computer Name: HEINRICH
    Event Code: 1000
    Message: Fehlgeschlagene Anwendung firefox.exe, Version 1.8.20081.21709, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x0271dcf9.

    Record Number: 31
    Source Name: Application Error
    Time Written: 20090408152103.000000+120
    Event Type: error
    User:

    Computer Name: HEINRICH
    Event Code: 1000
    Message: Fehlgeschlagene Anwendung firefox.exe, Version 1.8.20081.21709, fehlgeschlagenes Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x000372e3.

    Record Number: 16
    Source Name: Application Error
    Time Written: 20090408113739.000000+120
    Event Type: error
    User:

    Computer Name: HEINRICH
    Event Code: 1000
    Message: Fehlgeschlagene Anwendung firefox.exe, Version 1.8.20081.21709, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x025fdcf9.

    Record Number: 15
    Source Name: Application Error
    Time Written: 20090408113652.000000+120
    Event Type: error
    User:

    Computer Name: HEINRICH
    Event Code: 1000
    Message: Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x014cdcf9.

    Record Number: 11
    Source Name: Application Error
    Time Written: 20090408112116.000000+120
    Event Type: error
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\GEMEIN~1\SONICS~1\;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\;C:\Programme\Samsung\Samsung PC Studio 3\;C:\Programme\Gemeinsame Dateien\GTK\2.0\bin
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=0407
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "HPA"=0
    "LANG"=fr

    -----------------EOF-----------------
    0
  3. lly
     
    pour maladwarebyte, j ai voulu aller trop vite (avant de planter!) et du coup j ai cliquer sur "complet" (je crois)
    bref ca fait 40 minutes qu il tourne me dit avoir detecté 2 infections, et je prie pour qu il ne plante pas...
    0
  4. lly
     
    ca y est !! je supprime tout ca :)

    Malwarebytes' Anti-Malware 1.36
    Version de la base de données: 2028
    Windows 5.1.2600 Service Pack 3

    22/04/2009 23:29:29
    mbam-log-2009-04-22 (23-29-21).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 182687
    Temps écoulé: 51 minute(s), 53 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Dokumente und Einstellungen\Heinrich Grimminger\Lokale Einstellungen\Temp\_ir_sf7_temp_0\irsetup.exe (Trojan.Agent) -> No action taken.
    C:\Programme\CTV PROD\DEMO\IMMOGEST LOYER\Uninstall\uninstall.exe (Trojan.Agent) -> No action taken.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lly
     
    j ai effacé les fichiers detectés mais ca plante toujours, par contre depuis 5 ou 6 reboot, j ai un truc tout nouveau :

    windows me trouve un nouveau matériel, inconnu, quand je clique droit dessus, sur l´onglet détail, il me dit
    ROOT\LEGACY_AVGIO\0000
    sur google tous les liens que j ai trouvé parlent d avira, mais ca je l ai desinstallé (avec revo dont il ne devrait rien rester, mais visiblement c est pas le cas !) ce que je ne comprends pas c est que avira c´est pas du matériel... bref je dois faire quelque chose pour ca, ou aucune importance, je laisse comme c´est ?
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    il manque la moitité du rapport RSIT

    tu as bien viré ce qui a été trouvé par malwarebyte?

    puis
    tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    * Double-clique dessus pour lancer l'installation
    * Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
    * Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
    * Patiente jusqu'à la fin du scan
    * Poste le rapport généré (C:\lopR.txt)
    0
    1. lly
       
      merci a nouveau de ton aide, j ai dû enlever à la main ce qui allait pas avec maladwarebyte parce que pc plantait, et je refait rsit tout de suite !
      voici le rapport de lop S&D

      --------------------\\ Lop S&D 4.2.5-0 XP/Vista

      Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
      BIOS : Default System BIOS
      USER : Heinrich Grimminger ( Administrator )
      BOOT : Normal boot
      Firewall : Norton Internet Worm Protection 2006 (Not Activated)
      C:\ (Local Disk) - NTFS - Total:170 Go (Free:9 Go)
      E:\ (CD or DVD)
      F:\ (CD or DVD)
      G:\ (USB)
      H:\ (USB)
      I:\ (USB)
      J:\ (USB)

      "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
      Option : [1] ( 23/04/2009| 9:25 )

      --------------------\\ Listing des dossiers dans ANWEND~1

      [18/07/2007|14:15] C:\DOKUME~1\ADMINI~1\ANWEND~1\AOL
      [18/10/2008|08:24] C:\DOKUME~1\ADMINI~1\ANWEND~1\ATI
      [03/03/2006|21:34] C:\DOKUME~1\ADMINI~1\ANWEND~1\Identities
      [05/03/2006|11:49] C:\DOKUME~1\ADMINI~1\ANWEND~1\Microsoft
      [05/03/2006|17:02] C:\DOKUME~1\ADMINI~1\ANWEND~1\You've Got Pictures Screensaver
      [0|Datei(en)] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes
      [7|Verzeichnis(se),] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes frei

      [22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
      [22/04/2009|20:41] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe
      [22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic
      [18/07/2007|14:15] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AOL
      [13/02/2008|23:43] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag
      [29/01/2009|01:11] C:\DOKUME~1\ALLUSE~1\ANWEND~1\FLEXnet
      [22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google
      [18/07/2007|13:48] C:\DOKUME~1\ALLUSE~1\ANWEND~1\GRETECH
      [05/03/2006|18:03] C:\DOKUME~1\ALLUSE~1\ANWEND~1\InstallShield
      [22/04/2009|22:36] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Malwarebytes
      [22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Messenger Plus!
      [22/04/2009|10:20] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft
      [14/03/2006|13:35] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle
      [10/03/2009|22:46] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle VideoSpin
      [31/07/2007|19:41] C:\DOKUME~1\ALLUSE~1\ANWEND~1\QuickTime
      [31/03/2006|07:49] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Sonic
      [14/02/2008|23:06] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Symantec
      [22/04/2009|10:08] C:\DOKUME~1\ALLUSE~1\ANWEND~1\TEMP
      [21/07/2007|23:10] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Trymedia
      [10/03/2009|22:43] C:\DOKUME~1\ALLUSE~1\ANWEND~1\VideoSpin
      [05/03/2006|17:02] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Viewpoint
      [05/03/2006|11:49] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage
      [17/03/2006|12:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\X10 Settings
      [0|Datei(en)] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes
      [25|Verzeichnis(se),] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes frei

      [18/07/2007|14:15] C:\DOKUME~1\DEFAUL~1\ANWEND~1\AOL
      [18/10/2008|08:24] C:\DOKUME~1\DEFAUL~1\ANWEND~1\ATI
      [03/03/2006|21:34] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Identities
      [07/08/2008|04:32] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Macromedia
      [05/03/2006|11:49] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Microsoft
      [05/03/2006|17:02] C:\DOKUME~1\DEFAUL~1\ANWEND~1\You've Got Pictures Screensaver
      [0|Datei(en)] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes
      [8|Verzeichnis(se),] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes frei

      [22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Adobe
      [27/05/2008|20:15] C:\DOKUME~1\HEINRI~1\ANWEND~1\AdobeUM
      [06/09/2008|21:39] C:\DOKUME~1\HEINRI~1\ANWEND~1\Anuman Interactive
      [18/07/2007|14:15] C:\DOKUME~1\HEINRI~1\ANWEND~1\AOL
      [18/10/2008|08:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\ATI
      [30/01/2009|18:54] C:\DOKUME~1\HEINRI~1\ANWEND~1\com.adobe.ExMan
      [18/07/2007|19:55] C:\DOKUME~1\HEINRI~1\ANWEND~1\ConvertTemp
      [22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\CoreFTP
      [20/07/2007|21:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\DivX
      [01/02/2009|14:56] C:\DOKUME~1\HEINRI~1\ANWEND~1\Download Manager
      [18/01/2009|00:21] C:\DOKUME~1\HEINRI~1\ANWEND~1\Folding@home-x86
      [15/07/2007|18:30] C:\DOKUME~1\HEINRI~1\ANWEND~1\Google
      [18/07/2007|13:47] C:\DOKUME~1\HEINRI~1\ANWEND~1\GRETECH
      [07/04/2009|00:17] C:\DOKUME~1\HEINRI~1\ANWEND~1\gtk-2.0
      [25/07/2007|08:12] C:\DOKUME~1\HEINRI~1\ANWEND~1\Help
      [06/08/2007|10:26] C:\DOKUME~1\HEINRI~1\ANWEND~1\ICQ Toolbar
      [03/03/2006|21:34] C:\DOKUME~1\HEINRI~1\ANWEND~1\Identities
      [20/07/2007|16:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\InstallShield
      [26/05/2006|13:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Leadertech
      [26/08/2008|18:22] C:\DOKUME~1\HEINRI~1\ANWEND~1\Lexmark Productivity Studio
      [01/04/2009|11:08] C:\DOKUME~1\HEINRI~1\ANWEND~1\Macromedia
      [22/04/2009|22:36] C:\DOKUME~1\HEINRI~1\ANWEND~1\Malwarebytes
      [20/07/2007|21:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Media Player Classic
      [11/10/2008|19:27] C:\DOKUME~1\HEINRI~1\ANWEND~1\Microsoft
      [22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Mozilla
      [07/08/2007|00:13] C:\DOKUME~1\HEINRI~1\ANWEND~1\MSNInstaller
      [22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Notepad++
      [19/05/2008|20:16] C:\DOKUME~1\HEINRI~1\ANWEND~1\Online Barb 01
      [22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\PC Tools
      [24/07/2007|22:02] C:\DOKUME~1\HEINRI~1\ANWEND~1\Qualcomm
      [18/07/2007|13:43] C:\DOKUME~1\HEINRI~1\ANWEND~1\Real
      [18/07/2007|19:50] C:\DOKUME~1\HEINRI~1\ANWEND~1\Samsung
      [24/05/2008|07:53] C:\DOKUME~1\HEINRI~1\ANWEND~1\Shareaza
      [26/05/2006|13:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Sonic
      [10/08/2007|08:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\Sun
      [18/07/2007|13:43] C:\DOKUME~1\HEINRI~1\ANWEND~1\Talkback
      [22/08/2007|22:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Temporary
      [22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Thunderbird
      [29/07/2007|14:13] C:\DOKUME~1\HEINRI~1\ANWEND~1\TransRender
      [11/11/2008|00:58] C:\DOKUME~1\HEINRI~1\ANWEND~1\Tsarevna
      [16/07/2007|00:36] C:\DOKUME~1\HEINRI~1\ANWEND~1\vlc
      [21/09/2008|10:42] C:\DOKUME~1\HEINRI~1\ANWEND~1\Win Novation
      [21/08/2007|21:45] C:\DOKUME~1\HEINRI~1\ANWEND~1\WinRAR
      [11/08/2007|22:14] C:\DOKUME~1\HEINRI~1\ANWEND~1\X-Chat 2
      [05/03/2006|17:02] C:\DOKUME~1\HEINRI~1\ANWEND~1\You've Got Pictures Screensaver
      [0|Datei(en)] C:\DOKUME~1\HEINRI~1\ANWEND~1\Bytes
      [47|Verzeichnis(se),] C:\DOKUME~1\HEINRI~1\ANWEND~1\Bytes frei

      [18/07/2007|15:04] C:\DOKUME~1\LOCALS~1\ANWEND~1\DivX
      [03/03/2006|21:28] C:\DOKUME~1\LOCALS~1\ANWEND~1\Microsoft
      [15/03/2006|15:25] C:\DOKUME~1\LOCALS~1\ANWEND~1\X10 Commander
      [0|Datei(en)] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes
      [5|Verzeichnis(se),] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes frei

      [03/03/2006|21:33] C:\DOKUME~1\NETWOR~1\ANWEND~1\Microsoft
      [0|Datei(en)] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes
      [3|Verzeichnis(se),] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes frei

      --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

      [21/04/2009 12:37][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
      [23/04/2009 09:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
      [10/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

      --------------------\\ Listing des dossiers dans C:\Programme

      [01/04/2009|11:09] C:\Programme\Adobe
      [22/04/2009|18:01] C:\Programme\Adverts
      [22/04/2009|18:01] C:\Programme\AgentWebRanking PRO
      [22/04/2009|18:01] C:\Programme\AntiVir PersonalEdition Classic
      [14/03/2006|13:44] C:\Programme\ATI Technologies
      [24/05/2008|10:25] C:\Programme\BOINC
      [10/01/2009|00:27] C:\Programme\CacheMot
      [22/04/2009|18:01] C:\Programme\Circle Developement
      [15/03/2006|15:22] C:\Programme\Common Files
      [22/04/2009|18:00] C:\Programme\CoreFTP
      [17/07/2007|14:20] C:\Programme\CTV PROD
      [21/09/2008|10:34] C:\Programme\denouvel
      [14/03/2006|13:35] C:\Programme\DIFX
      [09/01/2009|23:05] C:\Programme\DivX
      [22/04/2009|18:00] C:\Programme\EasyPHP 3.0
      [29/08/2008|16:54] C:\Programme\Ecole Primaire - ABCDaire
      [29/08/2008|16:47] C:\Programme\Ecole primaire - Mémoire
      [22/04/2009|20:53] C:\Programme\eMule
      [22/04/2009|18:01] C:\Programme\EtiketaGoGo
      [25/07/2007|08:33] C:\Programme\FoxMail
      [22/04/2009|18:01] C:\Programme\Gemeinsame Dateien
      [21/07/2007|12:51] C:\Programme\GIMP-2.0
      [21/07/2007|23:11] C:\Programme\Global Star Software
      [31/03/2009|22:18] C:\Programme\Google
      [18/07/2007|13:47] C:\Programme\GRETECH
      [07/08/2007|13:31] C:\Programme\ICQToolbar
      [22/04/2009|10:20] C:\Programme\InstallShield Installation Information
      [22/04/2009|18:01] C:\Programme\Internet Explorer
      [20/03/2009|16:55] C:\Programme\Jarkanoid 3
      [31/03/2009|21:13] C:\Programme\Java
      [18/07/2007|13:56] C:\Programme\K-Lite Codec Pack
      [05/03/2006|17:02] C:\Programme\Learn2.com
      [06/09/2008|23:31] C:\Programme\LiveCAD
      [20/01/2009|22:12] C:\Programme\Maido Production
      [22/04/2009|22:36] C:\Programme\Malwarebytes' Anti-Malware
      [30/09/2008|01:09] C:\Programme\Messenger
      [22/04/2009|18:01] C:\Programme\Messenger Plus! Live
      [03/03/2006|21:29] C:\Programme\microsoft frontpage
      [18/08/2008|11:54] C:\Programme\Mio Technology
      [30/09/2008|01:03] C:\Programme\Movie Maker
      [23/04/2009|09:03] C:\Programme\Mozilla Firefox
      [07/08/2007|00:12] C:\Programme\MSN
      [03/03/2006|21:20] C:\Programme\MSN Gaming Zone
      [22/04/2009|21:05] C:\Programme\MSN Messenger
      [19/07/2007|03:00] C:\Programme\MSXML 4.0
      [21/09/2008|08:40] C:\Programme\My Free Mahjong
      [30/09/2008|00:59] C:\Programme\NetMeeting
      [20/08/2008|13:09] C:\Programme\Neuer Ordner
      [22/04/2009|18:01] C:\Programme\Notepad++
      [13/02/2008|23:42] C:\Programme\Online Barb 01
      [03/03/2006|21:23] C:\Programme\Online Services
      [20/05/2008|21:55] C:\Programme\Online-Dienste
      [17/07/2007|14:24] C:\Programme\Ord-ixSofts
      [30/09/2008|00:59] C:\Programme\Outlook Express
      [22/04/2009|18:01] C:\Programme\Picasa2
      [10/03/2009|22:43] C:\Programme\Pinnacle
      [24/07/2007|20:51] C:\Programme\Qualcomm
      [22/04/2009|18:01] C:\Programme\QuickTime
      [05/03/2006|17:01] C:\Programme\Real
      [14/03/2006|13:32] C:\Programme\Realtek
      [31/03/2006|07:49] C:\Programme\Roxio
      [18/07/2007|19:46] C:\Programme\Samsung
      [24/05/2008|10:29] C:\Programme\Shareaza Applications
      [26/08/2008|22:53] C:\Programme\SodeaSoft
      [05/03/2006|18:02] C:\Programme\Sonic
      [22/04/2009|18:01] C:\Programme\Spyware Doctor
      [20/09/2008|21:03] C:\Programme\SuperTux
      [10/08/2007|02:07] C:\Programme\SupervisionCam
      [10/01/2009|00:57] C:\Programme\SupraLec
      [21/09/2008|10:28] C:\Programme\Transsoft Games
      [07/09/2008|12:29] C:\Programme\Trend Micro
      [06/12/2007|23:20] C:\Programme\Uninstall Information
      [16/02/2008|19:22] C:\Programme\VideoCap
      [15/07/2007|23:31] C:\Programme\VideoLAN
      [05/03/2006|17:02] C:\Programme\Viewpoint
      [08/08/2007|18:43] C:\Programme\Vimicro
      [21/04/2009|10:46] C:\Programme\VS Revo Group
      [22/04/2009|18:01] C:\Programme\Windows Live
      [05/03/2006|18:18] C:\Programme\Windows Media Connect 2
      [15/08/2007|03:00] C:\Programme\Windows Media Player
      [30/09/2008|00:59] C:\Programme\Windows NT
      [03/03/2006|21:23] C:\Programme\Windows Plus
      [22/04/2009|18:01] C:\Programme\WinHTTrack
      [21/08/2007|21:45] C:\Programme\WinRAR
      [15/03/2006|15:22] C:\Programme\X10 Hardware
      [08/11/2008|22:46] C:\Programme\xchat
      [22/04/2009|18:01] C:\Programme\Xenu
      [03/03/2006|21:29] C:\Programme\xerox
      [0|Datei(en)] C:\Programme\Bytes
      [90|Verzeichnis(se),] C:\Programme\Bytes frei

      --------------------\\ Listing des dossiers dans C:\Programme\Gemeinsame Dateien

      [01/04/2009|11:01] C:\Programme\Gemeinsame Dateien\Adobe
      [29/01/2009|00:43] C:\Programme\Gemeinsame Dateien\Adobe AIR
      [18/07/2007|16:11] C:\Programme\Gemeinsame Dateien\aol
      [03/03/2006|21:26] C:\Programme\Gemeinsame Dateien\Dienste
      [22/04/2009|18:01] C:\Programme\Gemeinsame Dateien\fun communications
      [21/07/2007|12:49] C:\Programme\Gemeinsame Dateien\GTK
      [14/03/2006|13:32] C:\Programme\Gemeinsame Dateien\InstallShield
      [10/08/2007|08:19] C:\Programme\Gemeinsame Dateien\Java
      [20/01/2009|22:12] C:\Programme\Gemeinsame Dateien\Microsoft Shared
      [03/03/2006|21:26] C:\Programme\Gemeinsame Dateien\MSSoap
      [05/03/2006|17:01] C:\Programme\Gemeinsame Dateien\Nullsoft
      [10/12/2008|00:29] C:\Programme\Gemeinsame Dateien\Real
      [31/03/2006|07:49] C:\Programme\Gemeinsame Dateien\Roxio Shared
      [31/03/2006|07:49] C:\Programme\Gemeinsame Dateien\Sonic Shared
      [03/03/2006|21:15] C:\Programme\Gemeinsame Dateien\SpeechEngines
      [05/03/2006|18:02] C:\Programme\Gemeinsame Dateien\SureThing Shared
      [22/04/2009|18:01] C:\Programme\Gemeinsame Dateien\Symantec Shared
      [30/09/2008|00:59] C:\Programme\Gemeinsame Dateien\System
      [10/12/2008|00:29] C:\Programme\Gemeinsame Dateien\xing shared
      [10/03/2009|22:43] C:\Programme\Gemeinsame Dateien\Yahoo!
      [0|Datei(en)] C:\Programme\Gemeinsame Dateien\Bytes
      [22|Verzeichnis(se),] C:\Programme\Gemeinsame Dateien\Bytes frei

      --------------------\\ Process

      ( 29 Processes )

      ... OK !

      --------------------\\ Recherche avec S_Lop

      Aucun fichier / dossier Lop trouvé !

      --------------------\\ Recherche de Fichiers / Dossiers Lop

      C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag
      C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag\poke manager.exe
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsa2B.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsc70.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nscopy.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsh139.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsh7D.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsi1F.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISGSearchCheck.dll
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISPromotion.dll
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISPromotion.ini
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nskE.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-1.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-10.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-11.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-2.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-3.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-4.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-5.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-6.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-7.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-8.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-9.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail.eml
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nso85.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsoB.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsq1147.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsq8E.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsr7CF.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsr91.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\Nss.exe
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst14.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst17.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst7A.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsu8.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsv13E.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx145.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx5.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx6D.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx82.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsy8B.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsz104.tmp
      C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\stadistic.log
      C:\Programme\Adverts
      C:\Programme\Circle Developement
      C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@advertstream[2].txt
      C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@adin.bigpoint[1].txt
      C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@bigpoint[1].txt
      C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@de.gladiatoren2.bigpoint[1].txt
      C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@glorykings.bigpoint[1].txt
      C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@adopt.euroclick[1].txt
      C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@888[1].txt

      --------------------\\ Verification du Registre

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

      ..... OK !

      --------------------\\ Verification du fichier Hosts

      Fichier Hosts MODIFIE

      127.0.0.1 bin.errorprotector.com ## added by CiD
      127.0.0.1 br.errorsafe.com ## added by CiD
      127.0.0.1 br.winantivirus.com ## added by CiD
      127.0.0.1 br.winfixer.com ## added by CiD
      127.0.0.1 cdn.drivecleaner.com ## added by CiD
      127.0.0.1 cdn.errorsafe.com ## added by CiD

      127.0.0.1 cdn.winsoftware.com ## added by CiD
      127.0.0.1 de.errorsafe.com ## added by CiD
      127.0.0.1 de.winantivirus.com ## added by CiD
      127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
      127.0.0.1 download.cdn.errorsafe.com ## added by CiD
      127.0.0.1 download.cdn.winsoftware.com ## added by CiD
      127.0.0.1 download.errorsafe.com ## added by CiD
      127.0.0.1 download.systemdoctor.com ## added by CiD
      127.0.0.1 download.winantispyware.com ## added by CiD
      127.0.0.1 download.windrivecleaner.com ## added by CiD
      127.0.0.1 download.winfixer.com ## added by CiD
      127.0.0.1 drivecleaner.com ## added by CiD
      127.0.0.1 dynamique.drivecleaner.com ## added by CiD
      127.0.0.1 errorprotector.com ## added by CiD
      127.0.0.1 errorsafe.com ## added by CiD
      127.0.0.1 es.winantivirus.com ## added by CiD
      127.0.0.1 fr.winantivirus.com ## added by CiD
      127.0.0.1 fr.winfixer.com ## added by CiD
      127.0.0.1 go.drivecleaner.com ## added by CiD
      127.0.0.1 go.errorsafe.com ## added by CiD
      127.0.0.1 go.winantispyware.com ## added by CiD
      127.0.0.1 go.winantivirus.com ## added by CiD
      127.0.0.1 hk.winantivirus.com ## added by CiD
      127.0.0.1 instlog.errorsafe.com ## added by CiD
      127.0.0.1 instlog.winantivirus.com ## added by CiD
      127.0.0.1 instlog.winfixer.com ## added by CiD
      127.0.0.1 jsp.drivecleaner.com ## added by CiD
      127.0.0.1 kb.errorsafe.com ## added by CiD
      127.0.0.1 kb.winantivirus.com ## added by CiD
      127.0.0.1 nl.errorsafe.com ## added by CiD
      127.0.0.1 se.errorsafe.com ## added by CiD
      127.0.0.1 secure.drivecleaner.com ## added by CiD
      127.0.0.1 secure.errorsafe.com ## added by CiD
      127.0.0.1 secure.winantispam.com ## added by CiD
      127.0.0.1 secure.winantispy.com ## added by CiD
      127.0.0.1 secure.winantivirus.com ## added by CiD
      127.0.0.1 support.winantivirus.com ## added by CiD
      127.0.0.1 trial.updates.winsoftware.com ## added by CiD
      127.0.0.1 ulog.winantivirus.com ## added by CiD
      127.0.0.1 utils.errorsafe.com ## added by CiD
      127.0.0.1 utils.winantivirus.com ## added by CiD
      127.0.0.1 utils.winfixer.com ## added by CiD
      127.0.0.1 winantispyware.com ## added by CiD
      127.0.0.1 winantivirus.com ## added by CiD
      127.0.0.1 winfixer.com ## added by CiD
      127.0.0.1 winfixer2006.com ## added by CiD
      127.0.0.1 winsoftware.com ## added by CiD
      127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
      127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
      127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
      127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
      127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
      127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
      127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
      127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
      127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
      127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
      127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
      127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

      -> 72 [ 70 ## added by CiD ]

      --------------------\\ Recherche de fichiers avec Catchme

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-04-23 09:26:59
      Windows 5.1.2600 Service Pack 3 NTFS
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 0

      --------------------\\ Recherche d'autres infections

      --------------------\\ Cracks & Keygens ..

      C:\DOKUME~1\HEINRI~1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\sus2_deb@hotmail.fr\Sharing Folders\sadmsn@hotmail.fr\Insaniquarium Deluxe Game - PopCap - Full+crack


      [F:3725][D:544]-> C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp
      [F:1408][D:0]-> C:\DOKUME~1\HEINRI~1\Cookies
      [F:11228][D:42]-> C:\DOKUME~1\HEINRI~1\LOKALE~1\TEMPOR~1\content.IE5

      1 - "C:\Lop SD\LopR_1.txt" - 23/04/2009| 9:29 - Option : [1]

      --------------------\\ Fin du rapport a 9:29:34
      0
  8. lly
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Heinrich Grimminger at 2009-04-23 09:32:24
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 10 GB (6%) free of 174 GB
    Total RAM: 2047 MB (77% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:32:26, on 23/04/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Dokumente und Einstellungen\Heinrich Grimminger\Desktop\RSIT.exe
    C:\Programme\Trend Micro\HijackThis\Heinrich Grimminger.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AA3501D8-B4BF-41D9-9BCA-8A349A0CC421}: NameServer = 195.50.140.114 195.50.140.252
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
    1. lly
       
      en parcourant ce forum, j ai vu que certains conseillaient ccleaner, je l ai telechargé et lancé pour nettoyer la base de registre, j´ai egalement relancé malwarebytes qui detectait de nouveau des fichiers infectés...

      ces 2 là me disent qu´il n´y plus rien à supprimer (c´est déjà ca!) et j´attends le prochain plantage pour voir si ca change quelque chose...
      0
      1. lly > lly
         
        bon, ben... j´ai eu ma réponse, je viens de planter à nouveau, ce n´est que le 17 redemarrage de la matinée...
        0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu as un message d'erreur?

    _____________

    Télécharge et installe UsbFix de C_XX & Chiquitine29

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir</gras>

    # Double clic sur le raccourci UsbFix présent sur ton bureau .

    # Choisi l option 1 ( Recherche )

    # Laisse travailler l outil.

    # Ensuite post le rapport UsbFix.txt qui apparaitra.

    # Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    # Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
    1. lly
       
      non :(
      aucun message d erreur...

      du coup j ai continué a desinstaller un max de trucs avec revo, relancé ccleaner suite à ca, renettoyer la base de registre,
      donc voici le nouveau rapport rsit :

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Heinrich Grimminger at 2009-04-23 14:02:30
      Microsoft Windows XP Professional Service Pack 3
      System drive C: has 11 GB (6%) free of 174 GB
      Total RAM: 2047 MB (82% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:02:31, on 23/04/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\Programme\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Dokumente und Einstellungen\Heinrich Grimminger\Desktop\RSIT.exe
      C:\Programme\Trend Micro\HijackThis\Heinrich Grimminger.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      0
      1. lly > lly
         
        voila ! c´est fait
        mais je n´ai rien branché de plus... il n y a que ma souris qui soit branchée sur le port usb (avant il y avait mon tel portable, depuis il a rendu l âme, et je n´ai pas de clé usb)

        ############################## [ UsbFix V3.011 ]

        # User : Heinrich Grimminger (Administratoren) # HEINRICH
        # Update on 23/04/09 by C_XX & Chiquitine29
        # Start at: 14:10:56 | 23/04/2009

        # Intel(R) Pentium(R) D CPU 2.66GHz
        # Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
        # Internet Explorer 7.0.5730.13
        # Windows Firewall Status : Disabled
        # FW : Norton Internet Worm Protection[ (!) Disabled ]2006

        # C:\ # Lokale Festplatte # 170,31 Go (10,31 Go free) # NTFS
        # E:\ # CD
        # F:\ # CD
        # G:\ # Wechseldatenträger
        # H:\ # Wechseldatenträger
        # I:\ # Wechseldatenträger
        # J:\ # Wechseldatenträger

        ############################## [ Processus actifs ]

        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\WINDOWS\Explorer.EXE
        C:\Programme\Java\jre6\bin\jqs.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\wdfmgr.exe
        C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\system32\wscntfy.exe
        C:\Programme\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe

        ################## [ Registre # Startup ]

        HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
        HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
        HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
        HKCU_Main: "Window Title"=""
        HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
        HKLM_logon: "DefaultUserName"="Heinrich Grimminger"
        HKLM_logon: "AltDefaultUserName"="Heinrich Grimminger"
        HKLM_logon: "LegalNoticeCaption"=""
        HKLM_logon: "LegalNoticeText"=""
        HKLM_Run: High Definition Audio Property Page Shortcut=HDAShCut.exe
        HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
        HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
        HKCU_Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=

        ################## [ Informations ]

        # C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

        # -> ( Value | Good = 0x0 Bad = 0x1 )

        # HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
        # HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
        # HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
        # HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
        # HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
        # HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)

        ################## [ Fichiers # Dossiers infectieux ]

        Found ! C:\recycler\S-1-5-21-3871476309-2915037576-3965653451-1005\Dc85\UNWISE.EXE
        Found ! C:\recycler\S-1-5-21-3871476309-2915037576-3965653451-1005\Dc86\UNWISE.EXE

        ################## [ Registre # Clés Run infectieuses ]


        ################## [ Registre # Mountpoints2 ]

        # -> Not Found !

        ################## [ ! Fin du rapport # UsbFix V3.011 ! ]
        0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fais l'option 2 et mets le rapport

    _____________
    ton antivirus trouve des inections?

    ___________________

    regarde la temperature du pc: avec seedfan pour voir
    https://www.01net.com/telecharger/windows/Utilitaire/optimiseurs_et_tests/fiches/25436.html

    si elevée nettoie les ventilo

    ___________________
    teste ta memoire vive:
    http://www.world-informatique.com/pasapas/faq/voir.html?qid=48
    0
    1. lly
       
      Ok !

      alors speedfan me detecte 5 temperatures, Ambient, Remote 1, Remote 2, Hdd0, Hdd 1 qui tournent toutes autour de 35° (pour l´instant)

      par contre memtest me parait bien compliqué !! e vais tacher de trouver une disquette, et surtout un lecteur de disquette (parce que graver un cd, je ne sais pas comment on fait)

      reste la question de mon antivirus, c´est simple je n en ai plus, j ai désinstallé tout ce qui n´était pas absolument nécessaire (me reste par contre Windows live messenger qui ne veut pas partir)

      as tu vu mon message plus haut concernant ce nouveau matériel détecté, est ce que ca peu avoir un rapport avec mes soucis ?

      voici le rapport d´usbfix après avoir tapé l´option 2

      ############################## [ UsbFix V3.011 ]

      # User : Heinrich Grimminger (Administratoren) # HEINRICH
      # Update on 23/04/09 by C_XX & Chiquitine29
      # Start at: 16:25:17 | 23/04/2009

      # Intel(R) Pentium(R) D CPU 2.66GHz
      # Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
      # Internet Explorer 7.0.5730.13
      # Windows Firewall Status : Enabled
      # FW : Norton Internet Worm Protection[ (!) Disabled ]2006

      # C:\ # Lokale Festplatte # 170,31 Go (10,31 Go free) # NTFS
      # E:\ # CD
      # F:\ # CD
      # G:\ # Wechseldatenträger
      # H:\ # Wechseldatenträger
      # I:\ # Wechseldatenträger
      # J:\ # Wechseldatenträger

      ############################## [ Processus actifs ]

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\Programme\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## [ Fichiers # Dossiers infectieux ]


      ################## [ Registre # Clés Run infectieuses ]


      ################## [ Registre # Startup ]

      HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
      HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      HKCU_Main: "Window Title"=""
      HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      HKLM_logon: "DefaultUserName"=""
      HKLM_logon: "AltDefaultUserName"="Heinrich Grimminger"
      HKLM_logon: "LegalNoticeCaption"=""
      HKLM_logon: "LegalNoticeText"=""
      HKLM_Run: High Definition Audio Property Page Shortcut=HDAShCut.exe
      HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
      HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
      HKCU_Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=

      ################## [ Registre # Mountpoints2 ]

      # -> Not Found !

      ################## [ Listing des fichiers présent ]

      C:\AUTOEXEC.BAT
      C:\NTDETECT.COM
      C:\boot.ini
      C:\autorun.inf

      ################## [ Vaccination ]

      # C:\autorun.inf -> Folder created by UsbFix.

      ################## [ ! Fin du rapport # UsbFix V3.011 ! ]
      0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    au fait refais lopsd option 2 et colle le rapport

    et vire ce crack

    C:\DOKUME~1\HEINRI~1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\sus2_deb@hotmail.fr\Sharing Folders\sadmsn@hotmail.fr\Insaniquarium Deluxe Game - PopCap - Full+crack

    puis teste la memoire vive et dis si encore des soucis

    au fait ton antivirus a trouvé des infections?
    0
  12. lly
     
    heu c´est a partir de combien qu´il faut s´affoler pour la temperature ?

    parce qu en fait ca grimpe, je suis a 45° pour les 2 HDD (nb je savais meme pas que j avais 2 disques durs !!), speedfan me les met en rouge

    j´ai vu que sur ce logiciel je pouvais changer la vitesse des ventilos, j ai tout coché sur automatique, depuis ils sont a 100 %
    pourtant j´ai deja essayé d´enlever un max de poussière...
    0
    1. lly
       
      bon j ai trouvé, 55° ca me laisse encore de la marge
      0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fais le message 16
    0
    1. lly
       
      quelques news !

      j ai pas encore trouvé de lecteur de disquettes (mais c´est en cours dans la semaine je devrais en récupérer un)

      pour le reste, j avais plus d antivirus (j avais desinstallé tout ce qui n est pas absolument essentiel), et impossible de remettre avira, j´ai attaque la base de registre à la main pour rechercher d eventuelles traces, et effectivement avira a bien voulu s installer

      Starting master boot sector scan:
      Master boot sector HD1
      [DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
      [WARNING] The boot sector cannot be repaired! You can find more information in the help

      installation de doctor web :
      Backdoor Maosboot indiqué comme éradiqué mais réapparait à chaque scan

      re-scan avec avira :
      Master boot sector HD1
      [DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
      [WARNING] The boot sector cannot be repaired! You can find more information in the help
      kvitheme.dll
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
      C:\Dokumente und Einstellungen\Heinrich Grimminger\DoctorWeb\Quarantine\
      1B1.tmp
      [DETECTION] Contains recognition pattern of the RKIT/MBR.Sinowal root kit
      A0284366.dll
      [DETECTION] Contains recognition pattern of the ADSPY/Shareaza adware or spyware

      re-scan avec doctor web, il retrouve sinowal.A, aucun changement
      re-scan avira
      Master boot sector HD1
      [DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
      [WARNING] The boot sector cannot be repaired! You can find more information in the help
      C:\System Volume Information\_restore{0F07B807-AA9C-4F37-970A-99D31EBAF277}\RP414\A0284362.dll
      [DETECTION] Contains recognition pattern of the SPR/Spy.M program
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{0F07B807-AA9C-4F37-970A-99D31EBAF277}\RP416\A0292513.exe
      [DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{0F07B807-AA9C-4F37-970A-99D31EBAF277}\RP416\A0293928.dll
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
      [NOTE] The file was deleted!

      telechargement de gmer, j´ai rien compris au log, je crois qu il a rien trouvé (??)

      je suis pas sure de m´en sortir...
      0
  14. lly
     
    avec tout ca j avais oublié le rapport de lop S&D (option 2) !

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
    BIOS : Default System BIOS
    USER : Heinrich Grimminger ( Administrator )
    BOOT : Normal boot
    Firewall : Norton Internet Worm Protection 2006 (Not Activated)
    C:\ (Local Disk) - NTFS - Total:170 Go (Free:10 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( 23/04/2009|17:34 )

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag\poke manager.exe
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsa2B.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsc70.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nscopy.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsh139.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsh7D.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsi1F.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISGSearchCheck.dll
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISPromotion.dll
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISPromotion.ini
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nskE.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-1.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-10.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-11.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-2.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-3.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-4.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-5.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-6.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-7.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-8.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-9.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail.eml
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nso85.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsoB.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsq1147.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsq8E.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsr7CF.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsr91.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\Nss.exe
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst14.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst17.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst7A.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsu8.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsv13E.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx145.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx5.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx6D.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx82.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsy8B.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsz104.tmp
    Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\stadistic.log
    Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@advertstream[2].txt
    Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@adin.bigpoint[1].txt
    Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@bigpoint[1].txt
    Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@de.gladiatoren2.bigpoint[1].txt
    Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@glorykings.bigpoint[1].txt
    Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@adopt.euroclick[1].txt
    Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@888[1].txt
    Supprime! - C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag
    Supprime! - C:\Programme\Adverts
    Supprime! - C:\Programme\Circle Developement
    -
    [ Fichier Hosts ] .. Restaure!

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans ANWEND~1

    [18/07/2007|14:15] C:\DOKUME~1\ADMINI~1\ANWEND~1\AOL
    [18/10/2008|08:24] C:\DOKUME~1\ADMINI~1\ANWEND~1\ATI
    [03/03/2006|21:34] C:\DOKUME~1\ADMINI~1\ANWEND~1\Identities
    [05/03/2006|11:49] C:\DOKUME~1\ADMINI~1\ANWEND~1\Microsoft
    [05/03/2006|17:02] C:\DOKUME~1\ADMINI~1\ANWEND~1\You've Got Pictures Screensaver
    [0|Datei(en)] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes
    [7|Verzeichnis(se),] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes frei

    [22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
    [22/04/2009|20:41] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe
    [22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic
    [18/07/2007|14:15] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AOL
    [29/01/2009|01:11] C:\DOKUME~1\ALLUSE~1\ANWEND~1\FLEXnet
    [22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google
    [05/03/2006|18:03] C:\DOKUME~1\ALLUSE~1\ANWEND~1\InstallShield
    [22/04/2009|22:36] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Malwarebytes
    [22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Messenger Plus!
    [22/04/2009|10:20] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft
    [14/03/2006|13:35] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle
    [10/03/2009|22:46] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle VideoSpin
    [23/04/2009|13:06] C:\DOKUME~1\ALLUSE~1\ANWEND~1\QuickTime
    [31/03/2006|07:49] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Sonic
    [14/02/2008|23:06] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Symantec
    [22/04/2009|10:08] C:\DOKUME~1\ALLUSE~1\ANWEND~1\TEMP
    [21/07/2007|23:10] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Trymedia
    [10/03/2009|22:43] C:\DOKUME~1\ALLUSE~1\ANWEND~1\VideoSpin
    [05/03/2006|11:49] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage
    [17/03/2006|12:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\X10 Settings
    [0|Datei(en)] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes
    [22|Verzeichnis(se),] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes frei

    [18/07/2007|14:15] C:\DOKUME~1\DEFAUL~1\ANWEND~1\AOL
    [18/10/2008|08:24] C:\DOKUME~1\DEFAUL~1\ANWEND~1\ATI
    [03/03/2006|21:34] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Identities
    [07/08/2008|04:32] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Macromedia
    [05/03/2006|11:49] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Microsoft
    [05/03/2006|17:02] C:\DOKUME~1\DEFAUL~1\ANWEND~1\You've Got Pictures Screensaver
    [0|Datei(en)] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes
    [8|Verzeichnis(se),] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes frei

    [22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Adobe
    [27/05/2008|20:15] C:\DOKUME~1\HEINRI~1\ANWEND~1\AdobeUM
    [06/09/2008|21:39] C:\DOKUME~1\HEINRI~1\ANWEND~1\Anuman Interactive
    [18/07/2007|14:15] C:\DOKUME~1\HEINRI~1\ANWEND~1\AOL
    [18/10/2008|08:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\ATI
    [30/01/2009|18:54] C:\DOKUME~1\HEINRI~1\ANWEND~1\com.adobe.ExMan
    [18/07/2007|19:55] C:\DOKUME~1\HEINRI~1\ANWEND~1\ConvertTemp
    [22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\CoreFTP
    [20/07/2007|21:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\DivX
    [01/02/2009|14:56] C:\DOKUME~1\HEINRI~1\ANWEND~1\Download Manager
    [23/04/2009|12:25] C:\DOKUME~1\HEINRI~1\ANWEND~1\Folding@home-x86
    [15/07/2007|18:30] C:\DOKUME~1\HEINRI~1\ANWEND~1\Google
    [07/04/2009|00:17] C:\DOKUME~1\HEINRI~1\ANWEND~1\gtk-2.0
    [25/07/2007|08:12] C:\DOKUME~1\HEINRI~1\ANWEND~1\Help
    [06/08/2007|10:26] C:\DOKUME~1\HEINRI~1\ANWEND~1\ICQ Toolbar
    [03/03/2006|21:34] C:\DOKUME~1\HEINRI~1\ANWEND~1\Identities
    [20/07/2007|16:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\InstallShield
    [26/05/2006|13:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Leadertech
    [26/08/2008|18:22] C:\DOKUME~1\HEINRI~1\ANWEND~1\Lexmark Productivity Studio
    [01/04/2009|11:08] C:\DOKUME~1\HEINRI~1\ANWEND~1\Macromedia
    [22/04/2009|22:36] C:\DOKUME~1\HEINRI~1\ANWEND~1\Malwarebytes
    [11/10/2008|19:27] C:\DOKUME~1\HEINRI~1\ANWEND~1\Microsoft
    [22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Mozilla
    [23/04/2009|13:00] C:\DOKUME~1\HEINRI~1\ANWEND~1\MSNInstaller
    [22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Notepad++
    [19/05/2008|20:16] C:\DOKUME~1\HEINRI~1\ANWEND~1\Online Barb 01
    [22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\PC Tools
    [24/07/2007|22:02] C:\DOKUME~1\HEINRI~1\ANWEND~1\Qualcomm
    [23/04/2009|13:12] C:\DOKUME~1\HEINRI~1\ANWEND~1\Real
    [18/07/2007|19:50] C:\DOKUME~1\HEINRI~1\ANWEND~1\Samsung
    [23/04/2009|13:27] C:\DOKUME~1\HEINRI~1\ANWEND~1\Shareaza
    [26/05/2006|13:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Sonic
    [10/08/2007|08:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\Sun
    [18/07/2007|13:43] C:\DOKUME~1\HEINRI~1\ANWEND~1\Talkback
    [22/08/2007|22:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Temporary
    [22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Thunderbird
    [29/07/2007|14:13] C:\DOKUME~1\HEINRI~1\ANWEND~1\TransRender
    [11/11/2008|00:58] C:\DOKUME~1\HEINRI~1\ANWEND~1\Tsarevna
    [16/07/2007|00:36] C:\DOKUME~1\HEINRI~1\ANWEND~1\vlc
    [21/09/2008|10:42] C:\DOKUME~1\HEINRI~1\ANWEND~1\Win Novation
    [21/08/2007|21:45] C:\DOKUME~1\HEINRI~1\ANWEND~1\WinRAR
    [11/08/2007|22:14] C:\DOKUME~1\HEINRI~1\ANWEND~1\X-Chat 2
    [05/03/2006|17:02] C:\DOKUME~1\HEINRI~1\ANWEND~1\You've Got Pictures Screensaver
    [0|Datei(en)] C:\DOKUME~1\HEINRI~1\ANWEND~1\Bytes
    [45|Verzeichnis(se),] C:\DOKUME~1\HEINRI~1\ANWEND~1\Bytes frei

    [18/07/2007|15:04] C:\DOKUME~1\LOCALS~1\ANWEND~1\DivX
    [03/03/2006|21:28] C:\DOKUME~1\LOCALS~1\ANWEND~1\Microsoft
    [15/03/2006|15:25] C:\DOKUME~1\LOCALS~1\ANWEND~1\X10 Commander
    [0|Datei(en)] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes
    [5|Verzeichnis(se),] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes frei

    [03/03/2006|21:33] C:\DOKUME~1\NETWOR~1\ANWEND~1\Microsoft
    [0|Datei(en)] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes
    [3|Verzeichnis(se),] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes frei

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [21/04/2009 12:37][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [23/04/2009 16:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [10/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Programme

    [01/04/2009|11:09] C:\Programme\Adobe
    [22/04/2009|18:01] C:\Programme\AgentWebRanking PRO
    [22/04/2009|18:01] C:\Programme\AntiVir PersonalEdition Classic
    [14/03/2006|13:44] C:\Programme\ATI Technologies
    [24/05/2008|10:25] C:\Programme\BOINC
    [23/04/2009|12:19] C:\Programme\CacheMot
    [23/04/2009|10:55] C:\Programme\CCleaner
    [15/03/2006|15:22] C:\Programme\Common Files
    [22/04/2009|18:00] C:\Programme\CoreFTP
    [17/07/2007|14:20] C:\Programme\CTV PROD
    [23/04/2009|12:26] C:\Programme\denouvel
    [14/03/2006|13:35] C:\Programme\DIFX
    [22/04/2009|18:00] C:\Programme\EasyPHP 3.0
    [22/04/2009|20:53] C:\Programme\eMule
    [22/04/2009|18:01] C:\Programme\EtiketaGoGo
    [25/07/2007|08:33] C:\Programme\FoxMail
    [23/04/2009|13:52] C:\Programme\Gemeinsame Dateien
    [21/07/2007|23:11] C:\Programme\Global Star Software
    [23/04/2009|12:45] C:\Programme\Google
    [23/04/2009|12:40] C:\Programme\GRETECH
    [07/08/2007|13:31] C:\Programme\ICQToolbar
    [23/04/2009|13:57] C:\Programme\InstallShield Installation Information
    [22/04/2009|18:01] C:\Programme\Internet Explorer
    [31/03/2009|21:13] C:\Programme\Java
    [23/04/2009|12:49] C:\Programme\Maido Production
    [22/04/2009|22:36] C:\Programme\Malwarebytes' Anti-Malware
    [30/09/2008|01:09] C:\Programme\Messenger
    [22/04/2009|18:01] C:\Programme\Messenger Plus! Live
    [03/03/2006|21:29] C:\Programme\microsoft frontpage
    [23/04/2009|12:51] C:\Programme\Mio Technology
    [30/09/2008|01:03] C:\Programme\Movie Maker
    [23/04/2009|16:26] C:\Programme\Mozilla Firefox
    [23/04/2009|13:00] C:\Programme\MSN
    [03/03/2006|21:20] C:\Programme\MSN Gaming Zone
    [22/04/2009|21:05] C:\Programme\MSN Messenger
    [19/07/2007|03:00] C:\Programme\MSXML 4.0
    [30/09/2008|00:59] C:\Programme\NetMeeting
    [20/08/2008|13:09] C:\Programme\Neuer Ordner
    [22/04/2009|18:01] C:\Programme\Notepad++
    [13/02/2008|23:42] C:\Programme\Online Barb 01
    [03/03/2006|21:23] C:\Programme\Online Services
    [20/05/2008|21:55] C:\Programme\Online-Dienste
    [23/04/2009|12:44] C:\Programme\Ord-ixSofts
    [30/09/2008|00:59] C:\Programme\Outlook Express
    [10/03/2009|22:43] C:\Programme\Pinnacle
    [24/07/2007|20:51] C:\Programme\Qualcomm
    [22/04/2009|18:01] C:\Programme\QuickTime
    [05/03/2006|17:01] C:\Programme\Real
    [23/04/2009|13:09] C:\Programme\Roxio
    [23/04/2009|13:50] C:\Programme\Samsung
    [24/05/2008|10:29] C:\Programme\Shareaza Applications
    [26/08/2008|22:53] C:\Programme\SodeaSoft
    [23/04/2009|13:14] C:\Programme\Sonic
    [23/04/2009|17:25] C:\Programme\SpeedFan
    [23/04/2009|13:34] C:\Programme\SupervisionCam
    [23/04/2009|13:02] C:\Programme\Transsoft Games
    [07/09/2008|12:29] C:\Programme\Trend Micro
    [06/12/2007|23:20] C:\Programme\Uninstall Information
    [15/07/2007|23:31] C:\Programme\VideoLAN
    [21/04/2009|10:46] C:\Programme\VS Revo Group
    [22/04/2009|18:01] C:\Programme\Windows Live
    [05/03/2006|18:18] C:\Programme\Windows Media Connect 2
    [15/08/2007|03:00] C:\Programme\Windows Media Player
    [30/09/2008|00:59] C:\Programme\Windows NT
    [03/03/2006|21:23] C:\Programme\Windows Plus
    [22/04/2009|18:01] C:\Programme\WinHTTrack
    [21/08/2007|21:45] C:\Programme\WinRAR
    [15/03/2006|15:22] C:\Programme\X10 Hardware
    [08/11/2008|22:46] C:\Programme\xchat
    [22/04/2009|18:01] C:\Programme\Xenu
    [03/03/2006|21:29] C:\Programme\xerox
    [0|Datei(en)] C:\Programme\Bytes
    [73|Verzeichnis(se),] C:\Programme\Bytes frei

    --------------------\\ Listing des dossiers dans C:\Programme\Gemeinsame Dateien

    [01/04/2009|11:01] C:\Programme\Gemeinsame Dateien\Adobe
    [18/07/2007|16:11] C:\Programme\Gemeinsame Dateien\aol
    [03/03/2006|21:26] C:\Programme\Gemeinsame Dateien\Dienste
    [22/04/2009|18:01] C:\Programme\Gemeinsame Dateien\fun communications
    [23/04/2009|13:50] C:\Programme\Gemeinsame Dateien\InstallShield
    [10/08/2007|08:19] C:\Programme\Gemeinsame Dateien\Java
    [20/01/2009|22:12] C:\Programme\Gemeinsame Dateien\Microsoft Shared
    [03/03/2006|21:26] C:\Programme\Gemeinsame Dateien\MSSoap
    [05/03/2006|17:01] C:\Programme\Gemeinsame Dateien\Nullsoft
    [23/04/2009|13:13] C:\Programme\Gemeinsame Dateien\Real
    [23/04/2009|13:07] C:\Programme\Gemeinsame Dateien\Roxio Shared
    [03/03/2006|21:15] C:\Programme\Gemeinsame Dateien\SpeechEngines
    [22/04/2009|18:01] C:\Programme\Gemeinsame Dateien\Symantec Shared
    [30/09/2008|00:59] C:\Programme\Gemeinsame Dateien\System
    [10/03/2009|22:43] C:\Programme\Gemeinsame Dateien\Yahoo!
    [0|Datei(en)] C:\Programme\Gemeinsame Dateien\Bytes
    [17|Verzeichnis(se),] C:\Programme\Gemeinsame Dateien\Bytes frei

    --------------------\\ Process

    ( 28 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nss3B.tmp

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-23 17:36:08
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:3596][D:419]-> C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp
    [F:1401][D:0]-> C:\DOKUME~1\HEINRI~1\Cookies
    [F:11228][D:42]-> C:\DOKUME~1\HEINRI~1\LOKALE~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 23/04/2009| 9:29 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 23/04/2009|17:37 - Option : [2]

    --------------------\\ Fin du rapport a 17:37:59
    0
  15. lly
     
    je tiens a ajouter qu il y a quand meme une tres tres nette amelioration depuis ces derniers jours, le pc tient plusieurs heures sans planter, alors qu avant j avais, au mieux, quelques minutes avant de devoir redémarrer...

    alors j ai bon espoir de pouvoir reutiliser un jour msn ou meme de regarder un film (choses qui ne fonctionnent plus depuis longtemps)
    0
  16. lly
     
    voici le dernier rapport d avira, il y a du mieux par rapport aux précédents scan :

    Avira AntiVir Personal
    Report file date: dimanche 26 avril 2009 13:39

    Scanning for 1364969 virus strains and unwanted programs.

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : HEINRICH

    Version information:
    BUILD.DAT : 9.0.0.387 17962 Bytes 24/03/2009 11:04:00
    AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 10:13:26
    AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
    LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
    LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
    ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
    ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 16/04/2009 14:08:24
    ANTIVIR3.VDF : 7.1.3.109 144896 Bytes 25/04/2009 14:08:26
    Engineversion : 8.2.0.156
    AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 15:36:42
    AESCRIPT.DLL : 8.1.1.77 381306 Bytes 25/04/2009 14:08:38
    AESCN.DLL : 8.1.1.10 127348 Bytes 25/04/2009 14:08:37
    AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
    AEPACK.DLL : 8.1.3.14 397685 Bytes 25/04/2009 14:08:37
    AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
    AEHEUR.DLL : 8.1.0.122 1737080 Bytes 25/04/2009 14:08:35
    AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
    AEGEN.DLL : 8.1.1.39 348532 Bytes 25/04/2009 14:08:28
    AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
    AECORE.DLL : 8.1.6.9 176500 Bytes 25/04/2009 14:08:27
    AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
    AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
    AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
    AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 05:52:24
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
    NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
    RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
    RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 13:55:12

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: delete
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: on
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium
    Deviating risk categories...........: +GAME,+JOKE,+PCK,+SPR,

    Start of the scan: dimanche 26 avril 2009 13:39

    Initiating scan of system files:
    Signed -> 'C:\WINDOWS\system32\svchost.exe'
    Signed -> 'C:\WINDOWS\system32\winlogon.exe'
    Signed -> 'C:\WINDOWS\explorer.exe'
    Signed -> 'C:\WINDOWS\system32\smss.exe'
    Signed -> 'C:\WINDOWS\system32\wininet.DLL'
    Signed -> 'C:\WINDOWS\system32\wsock32.DLL'
    Signed -> 'C:\WINDOWS\system32\ws2_32.DLL'
    Signed -> 'C:\WINDOWS\system32\services.exe'
    Signed -> 'C:\WINDOWS\system32\lsass.exe'
    Signed -> 'C:\WINDOWS\system32\csrss.exe'
    Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
    Signed -> 'C:\WINDOWS\system32\spoolsv.exe'
    Signed -> 'C:\WINDOWS\system32\alg.exe'
    Signed -> 'C:\WINDOWS\system32\wuauclt.exe'
    Signed -> 'C:\WINDOWS\system32\advapi32.DLL'
    Signed -> 'C:\WINDOWS\system32\user32.DLL'
    Signed -> 'C:\WINDOWS\system32\gdi32.DLL'
    Signed -> 'C:\WINDOWS\system32\kernel32.DLL'
    Signed -> 'C:\WINDOWS\system32\ntdll.DLL'
    Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe'
    Signed -> 'C:\WINDOWS\system32\ctfmon.exe'
    The system files were scanned ('21' files)

    Starting search for hidden objects.

    [INFO] The process is not visible.
    '75024' objects were checked, '1' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'X10nets.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    25 processes with 25 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD1
    [DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
    [WARNING] The boot sector cannot be repaired! You can find more information in the help

    Start scanning boot sectors:

    Starting to scan executable files (registry).

    The registry was scanned ( '48' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
    C:\Dokumente und Einstellungen\Heinrich Grimminger\Lokale Einstellungen\Temporary Internet Files\Content.IE5\277YWLND\swflash[1].cab
    [0] Archive type: CAB (Microsoft)
    --> FP_AX_CAB_INSTALLER.exe
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    [WARNING] No further files can be extracted from this archive. The archive will be closed

    End of the scan: dimanche 26 avril 2009 14:20
    Used time: 40:23 Minute(s)

    The scan has been done completely.

    5272 Scanned directories
    280933 Files were scanned
    1 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    1 Files cannot be scanned
    280932 Files not concerned
    8105 Archives were scanned
    4 Warnings
    1 Notes
    75024 Objects were scanned with rootkit scan
    1 Hidden objects were found
    0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    aie sinowal!

    Il me semble que c'est une infection Mebroot.

    Ce malware dérobe les informations confidentielles, en particulier Mots de passe et données bancaires.

    Il sera nécessaire que tu changes tout cela en fin de désinfection et que tu vérifies auprès de ta banque que rien d'anormal ne s'est passé.

    Pour éradiquer :

    Télécharge mbr.exe de Gmer :
    http://www2.gmer.net/mbr/mbr.exe
    Sur le bureau.
    Merci à Malekal pour le tutoriel

    Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)

    Double clique sur mbr.exe Un rapport sera généré : mbr.log

    En cas d'infection, ce message MBR rootkit code detected va apparaitre.

    Dans le menu Démarrer- Exécuter tape : "%userprofile%\Bureau\mbr" -f

    Dans le mbr.log cette ligne apparaitra original MBR restored successfully !

    Poste ce rapport et supprimes-le ensuite.

    Relance mbr.exe.

    Poste le nouveau rapport.

    remets ensuite un rapport antivir
    0
    1. lly
       
      ok !

      effectivement il a trouvé quelque chose voici le rapport :

      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.4 by Gmer, http://www.gmer.net

      device: opened successfully
      user: MBR read successfully
      kernel: MBR read successfully
      detected MBR rootkit hooks:
      \Driver\ACPI -> 0x89b265a0
      \Device\Harddisk0\DR0 -> ParseProcedure -> 0x89b2d060
      Warning: possible MBR rootkit infection !
      copy of MBR has been found in sector 1 !
      copy of MBR has been found in sector 10 !
      copy of MBR has been found in sector 0x017BD52D8
      malicious code @ sector 0x017BD52DB !
      PE file found in sector at 0x017BD52F1 !
      MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
      original MBR restored successfully !

      je relance mbr.exe et avira

      merci beaucoup pour les instructions !
      0
      1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041 > lly
         
        ok tu mettras les rapports. À plus
        0
  18. lly
     
    je me sens désespérée, je pensais que cette fois, tout serait clean, mais plantage avant d avoir pu lancer avira... il est en train de tourner donc pas encore le rapport, mais il affiche déjà avoir retrouvé sinowal...

    rapport de mbr.exe :

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.4 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK
    copy of MBR has been found in sector 1 !
    copy of MBR has been found in sector 0x017BD52D8
    malicious code @ sector 0x017BD52DB !
    PE file found in sector at 0x017BD52F1 !

    il me reste des options ?
    je poste le rapport d avira des qu´il est dispo

    surtout qu´il a l air bien méchant ce sinowal et là je crains, je ne sais pas depuis combien de temps il est là, mais pour certaines données ca peut etre catastrophique si est installé depuis plusieurs mois
    0
    1. lly
       
      Avira AntiVir Personal
      Report file date: dimanche 26 avril 2009 19:03

      Scanning for 1365100 virus strains and unwanted programs.

      Licensee : Avira AntiVir Personal - FREE Antivirus
      Serial number : 0000149996-ADJIE-0000001
      Platform : Windows XP
      Windows version : (Service Pack 3) [5.1.2600]
      Boot mode : Normally booted
      Username : SYSTEM
      Computer name : HEINRICH

      Version information:
      BUILD.DAT : 9.0.0.387 17962 Bytes 24/03/2009 11:04:00
      AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 10:13:26
      AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
      LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
      LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
      ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
      ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
      ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 16/04/2009 14:08:24
      ANTIVIR3.VDF : 7.1.3.110 146432 Bytes 25/04/2009 16:38:16
      Engineversion : 8.2.0.156
      AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 15:36:42
      AESCRIPT.DLL : 8.1.1.77 381306 Bytes 25/04/2009 14:08:38
      AESCN.DLL : 8.1.1.10 127348 Bytes 25/04/2009 14:08:37
      AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
      AEPACK.DLL : 8.1.3.14 397685 Bytes 25/04/2009 14:08:37
      AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
      AEHEUR.DLL : 8.1.0.122 1737080 Bytes 25/04/2009 14:08:35
      AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
      AEGEN.DLL : 8.1.1.39 348532 Bytes 25/04/2009 14:08:28
      AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
      AECORE.DLL : 8.1.6.9 176500 Bytes 25/04/2009 14:08:27
      AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
      AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
      AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
      AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
      AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
      AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 05:52:24
      AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
      SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
      SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
      NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
      RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
      RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 13:55:12

      Configuration settings for the scan:
      Jobname.............................: Complete system scan
      Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
      Logging.............................: low
      Primary action......................: delete
      Secondary action....................: ignore
      Scan master boot sector.............: on
      Scan boot sector....................: on
      Boot sectors........................: C:,
      Process scan........................: on
      Scan registry.......................: on
      Search for rootkits.................: on
      Integrity checking of system files..: on
      Scan all files......................: All files
      Scan archives.......................: on
      Recursion depth.....................: 20
      Smart extensions....................: on
      Macro heuristic.....................: on
      File heuristic......................: medium
      Deviating risk categories...........: +GAME,+JOKE,+PCK,+SPR,

      Start of the scan: dimanche 26 avril 2009 19:03

      Initiating scan of system files:
      Signed -> 'C:\WINDOWS\system32\svchost.exe'
      Signed -> 'C:\WINDOWS\system32\winlogon.exe'
      Signed -> 'C:\WINDOWS\explorer.exe'
      Signed -> 'C:\WINDOWS\system32\smss.exe'
      Signed -> 'C:\WINDOWS\system32\wininet.DLL'
      Signed -> 'C:\WINDOWS\system32\wsock32.DLL'
      Signed -> 'C:\WINDOWS\system32\ws2_32.DLL'
      Signed -> 'C:\WINDOWS\system32\services.exe'
      Signed -> 'C:\WINDOWS\system32\lsass.exe'
      Signed -> 'C:\WINDOWS\system32\csrss.exe'
      Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
      Signed -> 'C:\WINDOWS\system32\spoolsv.exe'
      Signed -> 'C:\WINDOWS\system32\alg.exe'
      Signed -> 'C:\WINDOWS\system32\wuauclt.exe'
      Signed -> 'C:\WINDOWS\system32\advapi32.DLL'
      Signed -> 'C:\WINDOWS\system32\user32.DLL'
      Signed -> 'C:\WINDOWS\system32\gdi32.DLL'
      Signed -> 'C:\WINDOWS\system32\kernel32.DLL'
      Signed -> 'C:\WINDOWS\system32\ntdll.DLL'
      Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe'
      Signed -> 'C:\WINDOWS\system32\ctfmon.exe'
      The system files were scanned ('21' files)

      Starting search for hidden objects.
      '74221' objects were checked, '0' hidden objects were found.

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'firefox.exe' - '1' Module(s) have been scanned
      Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'X10nets.exe' - '1' Module(s) have been scanned
      Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'jqs.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      27 processes with 27 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD1
      [DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
      [WARNING] The boot sector cannot be repaired! You can find more information in the help

      Start scanning boot sectors:

      Starting to scan executable files (registry).

      The registry was scanned ( '48' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      [NOTE] This file is a Windows system file.
      [NOTE] This file cannot be opened for scanning.
      C:\Dokumente und Einstellungen\Heinrich Grimminger\Lokale Einstellungen\Temporary Internet Files\Content.IE5\277YWLND\swflash[1].cab
      [0] Archive type: CAB (Microsoft)
      --> FP_AX_CAB_INSTALLER.exe
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      [WARNING] No further files can be extracted from this archive. The archive will be closed


      End of the scan: dimanche 26 avril 2009 19:54
      Used time: 50:48 Minute(s)

      The scan has been done completely.

      5125 Scanned directories
      280085 Files were scanned
      1 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      1 Files cannot be scanned
      280084 Files not concerned
      8094 Archives were scanned
      4 Warnings
      1 Notes
      74221 Objects were scanned with rootkit scan
      0 Hidden objects were found
      0
  19. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    __________________

    refais ensuite le message 24
    0
    1. lly
       
      wahou... les mises en garde sur ce programme m´ont foutu la trouille!
      anyway, voici le rapport :

      ComboFix 09-04-25.A3 - Heinrich Grimminger 26/04/2009 20:53.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.3.1252.33.1031.18.2047.1552 [GMT 2:00]
      Lancé depuis: c:\dokumente und einstellungen\Heinrich Grimminger\Desktop\ComboFix.exe
      FW: Norton Internet Worm Protection *disabled*
      * Un nouveau point de restauration a été créé
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\_000008_.tmp.dll

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-26 au 2009-4-26 ))))))))))))))))))))))))))))))))))))
      .

      2009-04-26 06:49 . 2009-04-26 06:57 -------- d-----w c:\programme\XoftSpySE
      2009-04-25 14:18 . 2009-04-25 14:18 -------- d-sh--w c:\dokumente und einstellungen\LocalService\IETldCache
      2009-04-25 10:44 . 2009-04-25 10:44 -------- d-----w c:\dokumente und einstellungen\Heinrich Grimminger\DoctorWeb
      2009-04-25 10:33 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
      2009-04-25 10:33 . 2009-04-25 10:33 -------- d-----w c:\programme\Avira
      2009-04-25 10:33 . 2009-04-25 10:33 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
      2009-04-23 14:12 . 2009-04-26 07:32 -------- d-----w c:\programme\SpeedFan
      2009-04-23 14:12 . 2009-04-23 14:12 45 ----a-w c:\windows\system32\initdebug.nfo
      2009-04-23 10:01 . 2009-04-23 10:01 -------- d-sha-r C:\autorun.inf
      2009-04-23 09:56 . 2009-04-23 14:25 -------- d-----w C:\UsbFix
      2009-04-23 08:55 . 2009-04-23 08:55 -------- d-----w c:\programme\CCleaner
      2009-04-23 07:21 . 2009-04-23 15:37 -------- d-----w C:\Lop SD
      2009-04-22 20:36 . 2009-04-22 20:36 -------- d-----w c:\dokumente und einstellungen\Heinrich Grimminger\Anwendungsdaten\Malwarebytes
      2009-04-22 20:36 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
      2009-04-22 20:36 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
      2009-04-22 20:36 . 2009-04-22 20:36 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
      2009-04-22 20:36 . 2009-04-22 20:36 -------- d-----w c:\programme\Malwarebytes' Anti-Malware
      2009-04-22 20:22 . 2009-04-22 20:27 -------- d-----w C:\rsit
      2009-04-22 16:01 . 2009-04-22 16:01 -------- d-----w c:\windows\system32\config\systemprofile\Anwendungsdaten\PC Tools
      2009-04-19 09:05 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
      2009-04-19 09:05 . 2009-03-06 14:19 286720 -c----w c:\windows\system32\dllcache\pdh.dll
      2009-04-19 09:05 . 2009-02-09 11:21 111104 -c----w c:\windows\system32\dllcache\services.exe
      2009-04-19 09:05 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
      2009-04-19 09:05 . 2009-02-09 10:51 678400 -c----w c:\windows\system32\dllcache\advapi32.dll
      2009-04-19 09:05 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
      2009-04-19 09:05 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
      2009-04-19 07:59 . 2008-04-21 21:13 217600 -c----w c:\windows\system32\dllcache\wordpad.exe
      2009-04-01 09:56 . 2007-05-23 15:54 260248 ----a-w c:\windows\system32\QMO.dll
      2009-04-01 09:56 . 2007-05-23 15:54 80024 ----a-w c:\windows\system32\TXGYUploader.dll
      2009-04-01 09:56 . 2007-05-23 15:54 92312 ----a-w c:\windows\system32\QMOCameraDll.dll

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-04-23 15:37 . 2009-04-23 07:22 16459 ----a-w C:\lopR.txt
      2009-04-23 14:26 . 2009-04-23 14:23 2874 ----a-w C:\UsbFix.txt
      2009-04-23 11:57 . 2006-03-14 11:13 -------- d--h--w c:\programme\InstallShield Installation Information
      2009-04-23 11:50 . 2006-03-05 16:03 -------- d-----w c:\programme\Gemeinsame Dateien\InstallShield
      2009-04-23 11:06 . 2006-03-05 15:01 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\QuickTime
      2009-04-22 18:53 . 2007-07-15 18:29 -------- d-----w c:\programme\eMule
      2009-04-22 18:21 . 2004-08-10 12:00 76972 ----a-w c:\windows\system32\perfc007.dat
      2009-04-22 18:21 . 2004-08-10 12:00 421830 ----a-w c:\windows\system32\perfh007.dat
      2009-04-22 16:01 . 2009-04-22 16:01 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Messenger Plus!
      2009-04-22 16:01 . 2009-04-22 16:01 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
      2009-04-22 16:01 . 2009-04-22 16:01 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\{66E2F539-12B6-4870-A500-7689CDE75C5E}
      2009-04-22 15:30 . 2006-05-26 10:57 32024 ----a-w c:\dokumente und einstellungen\Heinrich Grimminger\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
      2009-04-22 08:42 . 2009-04-21 20:11 2460 ----a-w C:\aaw7boot.log
      2009-04-22 08:08 . 2008-06-04 00:37 -------- d---a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
      2009-04-21 08:46 . 2009-04-21 08:46 -------- d-----w c:\programme\VS Revo Group
      2009-04-03 14:22 . 2007-07-18 11:40 7835 ----a-w c:\windows\mozver.dat
      2009-04-01 09:01 . 2008-05-27 18:16 -------- d-----w c:\programme\Gemeinsame Dateien\Adobe
      2009-03-31 19:13 . 2007-08-10 06:23 -------- d-----w c:\programme\Java
      2009-03-10 20:46 . 2009-03-10 20:46 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Pinnacle VideoSpin
      2009-03-10 20:43 . 2009-03-10 20:43 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\VideoSpin
      2009-03-09 03:19 . 2008-12-05 13:53 410984 ----a-w c:\windows\system32\deploytk.dll
      2009-03-08 02:34 . 2004-08-10 12:00 914944 ----a-w c:\windows\system32\wininet.dll
      2009-03-08 02:34 . 2004-08-10 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
      2009-03-08 02:33 . 2004-08-10 12:00 18944 ----a-w c:\windows\system32\corpol.dll
      2009-03-08 02:33 . 2004-08-10 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
      2009-03-08 02:32 . 2004-08-10 12:00 72704 ----a-w c:\windows\system32\admparse.dll
      2009-03-08 02:32 . 2004-08-10 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
      2009-03-08 02:31 . 2004-08-10 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
      2009-03-08 02:31 . 2004-08-10 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
      2009-03-08 02:31 . 2004-08-10 12:00 45568 ----a-w c:\windows\system32\mshta.exe
      2009-03-08 02:22 . 2004-08-10 12:00 156160 ----a-w c:\windows\system32\msls31.dll
      2009-03-06 14:19 . 2004-08-10 12:00 286720 ----a-w c:\windows\system32\pdh.dll
      2009-02-09 14:04 . 2007-07-15 16:03 1846912 ----a-w c:\windows\system32\win32k.sys
      2009-02-09 11:21 . 2004-08-04 00:50 2026496 ----a-w c:\windows\system32\ntkrnlpa.exe
      2009-02-09 11:21 . 2004-08-10 12:00 2147840 ----a-w c:\windows\system32\ntoskrnl.exe
      2009-02-09 11:21 . 2004-08-10 12:00 111104 ----a-w c:\windows\system32\services.exe
      2009-02-09 10:51 . 2004-08-10 12:00 736768 ----a-w c:\windows\system32\lsasrv.dll
      2009-02-09 10:51 . 2004-08-10 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
      2009-02-09 10:51 . 2004-08-10 12:00 678400 ----a-w c:\windows\system32\advapi32.dll
      2009-02-09 10:51 . 2004-08-10 12:00 740352 ----a-w c:\windows\system32\ntdll.dll
      2009-02-06 10:39 . 2004-08-10 12:00 35328 ----a-w c:\windows\system32\sc.exe
      2009-02-03 19:57 . 2004-08-10 12:00 56832 ----a-w c:\windows\system32\secur32.dll
      2008-05-22 22:08 . 2006-03-05 14:20 27272 ----a-w c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
      2006-05-26 10:58 . 2006-05-26 10:57 152 ----a-w c:\dokumente und einstellungen\Heinrich Grimminger\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
      2006-03-05 07:50 . 2006-03-05 07:50 146 ----a-w c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
      2008-09-29 23:20 . 2008-09-29 23:20 32768 --sha-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008093020081001\index.dat
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "sdCoreService"=3 (0x3)
      "sdAuxService"=3 (0x3)
      "mnmsrvc"=3 (0x3)
      "McrdSvc"=2 (0x2)
      "lxdi_device"=2 (0x2)
      "lxdiCATSCustConnectService"=2 (0x2)
      "helpsvc"=2 (0x2)
      "gusvc"=2 (0x2)
      "AntiVirService"=2 (0x2)
      "AntiVirScheduler"=2 (0x2)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "10758:TCP"= 10758:TCP:mule
      "26936:UDP"= 26936:UDP:mule2
      "5353:TCP"= 5353:TCP:Adobe CSI CS4

      R0 ptpd;Disk Filter Driver; [x]
      R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-09-02 827008]
      R3 Camdrv30;Philips ToUcam XS;c:\windows\system32\Drivers\camdrv30.sys [2001-08-17 171264]
      R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-04-06 38496]
      R3 PhnxVcd;PhnxVcd;c:\windows\system32\Drivers\PhnxVcd.sys [2005-07-21 44544]
      R3 SecBulk;SECBULK.sys, SEC SOC USBD Driver;c:\windows\system32\Drivers\SECBULK.sys [2008-08-18 10430]
      R3 SetupNTGLM7X;SetupNTGLM7X; [x]
      R3 ZSMC0305;VIMICRO USB PC Camera V; [x]
      R4 CPDDVFWI;CPDDVFWI; [x]
      S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
      S2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [2003-08-13 2304]
      S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
      S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2005-06-13 7040]

      .
      Contenu du dossier 'Tâches planifiées'

      2009-04-26 c:\windows\Tasks\XoftSpySE 2.job
      - c:\programme\XoftSpySE\XoftSpy.exe [2009-04-21 19:45]

      2009-04-26 c:\windows\Tasks\XoftSpySE.job
      - c:\programme\XoftSpySE\XoftSpy.exe [2009-04-21 19:45]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file)
      HKU-Default-Run-Picasa Media Detector - c:\programme\Picasa2\PicasaMediaDetector.exe
      ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)


      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.google.com
      uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
      mStart Page = hxxp://www.google.com
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      Trusted Zone: localhost
      TCP: {AA3501D8-B4BF-41D9-9BCA-8A349A0CC421} = 195.50.140.114 195.50.140.252
      FF - ProfilePath - c:\dokumente und einstellungen\Heinrich Grimminger\Anwendungsdaten\Mozilla\Firefox\Profiles\da4ufzwd.default\
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-04-26 20:56
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\WINDOWS\\system32\\OLE32.DLL"
      "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,d0,5d,1f,e8,21,
      6b,80,c7,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\WINDOWS\\system32\\OLE32.DLL"
      "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,04,1a,3c,8c,9f,
      0f,fd,1e,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\WINDOWS\\system32\\OLE32.DLL"
      "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e1,5d,6b,c6,db,
      ce,e6,cb,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\WINDOWS\\system32\\OLE32.DLL"
      "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,06,c0,90,1b,4e,
      6e,5a,de,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\WINDOWS\\system32\\OLE32.DLL"
      "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,c7,33,91,dc,a2,
      7f,49,8d,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\WINDOWS\\system32\\OLE32.DLL"
      "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,d8,5a,72,dd,66,
      3e,9d,ba,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\WINDOWS\\system32\\OLE32.DLL"
      "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,d5,8b,a5,01,b6,
      83,49,c7,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\WINDOWS\\system32\\OLE32.DLL"
      "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,41,65,d9,57,a0,
      15,25,41,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\WINDOWS\\system32\\OLE32.DLL"
      "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,81,a5,3c,c0,df,
      2e,b5,5c,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\WINDOWS\\system32\\OLE32.DLL"
      "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,6e,6b,be,6f,e0,
      a6,fc,5a,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\WINDOWS\\system32\\OLE32.DLL"
      "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,e0,55,1e,d4,84,
      ba,b3,ca,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\WINDOWS\\system32\\OLE32.DLL"
      "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,06,29,31,4a,a2,
      5c,56,55,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(712)
      c:\windows\system32\Ati2evxx.dll
      .
      Heure de fin: 2009-04-26 20:57
      ComboFix-quarantined-files.txt 2009-04-26 18:57

      Avant-CF: 23 Verzeichnis(se), 19 889 188 864 Bytes frei
      Après-CF: 22 Verzeichnis(se), 20 962 222 080 Bytes frei

      WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut

      251 --- E O F --- 2009-04-23 04:22
      0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour le logiciel meb

    tu as bien tapé ceci

    "%userprofile%\Bureau\mbr" -f

    ______________________

    Télécharge mbr.exe de Gmer :
    http://www2.gmer.net/mbr/mbr.exe
    Sur le bureau.
    Merci à Malekal pour le tutoriel

    Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
    Double clique sur mbr.exe Un rapport sera généré : mbr.log
    En cas d'infection, ce message MBR rootkit code detected va apparaitre.
    Dans le menu Démarrer- Exécuter tape : "%userprofile%\Bureau\mbr" -f
    Dans le mbr.log cette ligne apparaitra original MBR restored successfully !
    Poste ce rapport et supprimes-le ensuite.

    Relance mbr.exe et le nouveau mbr.log devrait être celui-ci :

    Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

    * device: opened successfully

    * user: MBR read successfully

    * kernel: MBR read successfully

    * user & kernel MBR OK

    Sous Vista, ne pas oublier de lancer mbr.exe par clic droit et Exécuter en tant qu'administrateur.
    Note : Si le fichier mbr.exe se trouve dans Téléchargement, cela fonctionne aussi et mbr.log s'y inscrira.
    0
  21. lly
     
    oui jlpjlp, j ai juste remplacer Bureau par Desktop parce que mon foutu windows est tout en allemand et du coup il trouvait pas l´emplacement
    "%userprofile%\Desktop\mbr" -f

    il faut que je relance mbr.exe ?
    0
  • 1
  • 2