Sujet Précédent Sujet Suivant

Virus pp06, LD08, DL32...

Résolu
buse -  
 buse -
Bonjour,

je crois (voir sur) que je suis infecte par un virus/troyen.
Apres avoir ouvert un .exe (sous forme d'un zip) mon PC bugge (j'avais pris la précaution d'analyser le .exe mais avast ne m'a rien trouvé :-( ).
Démarrage impossible (vista) : le PC reste bloqué sur "veuillez patienter"
Demarrage poussif quand meme en mode sans echec et avec les derniers parametres corrects...

Du coup, vraisemblablement j'ai le malware koobface au vue des nom de fichier indiqué en titre
pouvez vous m'aider à le deloger sachant que je vais vous fournir le rapport hijackthis + le rapport smitfraudfix (je n'ai fais que ca pour le moment pour ne pas perturber les etapes suivantes)

merci d'avance

PS : que fait exactement ce virus? car j'ai peur que certaines données soient perdues
A voir également:

49 réponses

Réponse 1 / 49
buse
 
rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:46:13, on 01/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
E:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
E:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
E:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ld08.exe
C:\Windows\System32\reader_s.exe
C:\Windows\pp06.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
E:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
C:\Users\Administrateur\reader_s.exe
C:\Windows\System32\DL32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\mobsync.exe
C:\Users\Administrateur\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: C:\Windows\system32\sjg9s8guigjs.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\Windows\system32\sjg9s8guigjs.dll
O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\Windows\system32\796525\796525.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VolPanel] "E:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "E:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysldtray] C:\Windows\ld08.exe
O4 - HKLM\..\Run: [reader_s] C:\Windows\System32\reader_s.exe
O4 - HKLM\..\Run: [pp] C:\Windows\pp06.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [] C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
O4 - HKCU\..\Run: [reader_s] C:\Users\Administrateur\reader_s.exe
O4 - HKCU\..\Run: [DL32] DL32
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Enregistrement de FIFA 09.lnk = E:\jeux\EA Sports\FIFA 09\Support\EAregister.exe
O4 - Global Startup: BumpTop.lnk = C:\Program Files\BumpTop\BumpTop.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - (no file)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - E:\jeux\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\Windows\system32\sjg9s8guigjs.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c996b3575e4932) (gupdate1c996b3575e4932) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0
Réponse 2 / 49
buse
 
rapport smitfraudfix

SmitFraudFix v2.414

Rapport fait à 9:41:26,38, 01/05/2009
Executé à partir de C:\Users\Administrateur\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\oodag.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
E:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
E:\Program Files\Alwil Software\Avast4\ashDisp.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ld08.exe
C:\Windows\System32\reader_s.exe
C:\Windows\pp06.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
E:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
C:\Users\Administrateur\reader_s.exe
C:\Windows\System32\DL32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

C:\Windows\ld08.exe PRESENT !
C:\Windows\pp06.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

C:\Windows\system32\DL32.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Administrateur

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ADMINI~1\AppData\Local\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Administrateur\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ADMINI~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: 796525.dll
BHO: 796525 Class - {E7F15AC4-E0A9-43F0-921B-70DFEA621220}
BHO CLSID TypeLib: {E63648F7-3933-440E-AAAA-A8584DD7B7EB}
Corrected TypeLib: {E63648F7-3933-440E-B4F6-A8584DD7B7EB}
Interface: {F7D09218-46D7-4D3D-9B7F-315204CD0836}

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{B2BA40A2-74F0-42BD-F434-12345A2C8953}"="jso8joigm409gopgmrlgd"

[HKEY_CLASSES_ROOT\CLSID\{B2BA40A2-74F0-42BD-F434-12345A2C8953}\InProcServer32]
@="C:\Windows\system32\sjg9s8guigjs.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B2BA40A2-74F0-42BD-F434-12345A2C8953}\InProcServer32]
@="C:\Windows\system32\sjg9s8guigjs.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 3 / 49
Utilisateur anonyme
 
Salut ,

# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
0
Réponse 4 / 49
buse
 
Merci pour la rapidité

Voila le resultat :

SmitFraudFix v2.414

Rapport fait à 10:32:36,37, 01/05/2009
Executé à partir de C:\Users\Administrateur\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{B2BA40A2-74F0-42BD-F434-12345A2C8953}"="jso8joigm409gopgmrlgd"

[HKEY_CLASSES_ROOT\CLSID\{B2BA40A2-74F0-42BD-F434-12345A2C8953}\InProcServer32]
@="C:\Windows\system32\sjg9s8guigjs.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B2BA40A2-74F0-42BD-F434-12345A2C8953}\InProcServer32]
@="C:\Windows\system32\sjg9s8guigjs.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\Windows\ld08.exe supprimé
C:\Windows\pp06.exe supprimé
C:\Windows\system32\DL32.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\Windows\system32\796525\796525.dll deleted.
C:\Windows\system32\796525\ deleted.

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{B2BA40A2-74F0-42BD-F434-12345A2C8953}"="jso8joigm409gopgmrlgd"

[HKEY_CLASSES_ROOT\CLSID\{B2BA40A2-74F0-42BD-F434-12345A2C8953}\InProcServer32]
@="C:\Windows\system32\sjg9s8guigjs.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B2BA40A2-74F0-42BD-F434-12345A2C8953}\InProcServer32]
@="C:\Windows\system32\sjg9s8guigjs.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 49
Utilisateur anonyme
 
Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt
0
Réponse 6 / 49
buse
 
vla le resultat :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-05-01 10:49:32
Microsoft® Windows Vista™ Édition Intégrale Service Pack 1
System drive C: has 63 GB (63%) free of 100 GB
Total RAM: 2046 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:34, on 01/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
E:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
E:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
E:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\reader_s.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
E:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Users\Administrateur\reader_s.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Users\Administrateur\Desktop\RSIT.exe
C:\Users\Administrateur\Desktop\Administrateur.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: C:\Windows\system32\sjg9s8guigjs.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\Windows\system32\sjg9s8guigjs.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VolPanel] "E:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "E:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [reader_s] C:\Windows\System32\reader_s.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [] C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
O4 - HKCU\..\Run: [reader_s] C:\Users\Administrateur\reader_s.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Enregistrement de FIFA 09.lnk = E:\jeux\EA Sports\FIFA 09\Support\EAregister.exe
O4 - Global Startup: BumpTop.lnk = C:\Program Files\BumpTop\BumpTop.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - (no file)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - E:\jeux\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O13 - Gopher Prefix:
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\Windows\system32\sjg9s8guigjs.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c996b3575e4932) (gupdate1c996b3575e4932) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0
Réponse 7 / 49
Utilisateur anonyme
 
• Télécharge et install UsbFix

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau .

• Choisis l'option 1 ( Recherche )

• Laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

-
-
@+
0
Réponse 8 / 49
buse
 
voila le rapport usbfix :

############################## [ UsbFix V3.015 # Scan ]

# User : Administrateur (Administrateurs) # LHSWEET-6Y8HJ6P
# Update on 30/04/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 11:15:32 | 01/05/2009

# Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
# Microsoft® Windows Vista™ Édition Intégrale (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1282 [VPS 081203-0] 4.8.1282 [ Enabled | Updated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 97,66 Go (61,72 Go free) # NTFS
# D:\ # Disque fixe local # 465,76 Go (123,08 Go free) [sauvegarde] # NTFS
# E:\ # Disque fixe local # 368,1 Go (284,27 Go free) # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible
# K:\ # Disque amovible
# L:\ # Disque CD-ROM
# M:\ # Disque CD-ROM
# N:\ # Disque CD-ROM
# O:\ # Disque CD-ROM # 2,01 Mo (0 Mo free) [Pop key] # CDFS
# P:\ # Disque amovible # 3,7 Go (1,75 Go free) [Public] # FAT32
# Q:\ # Disque fixe local # 189,92 Go (34,26 Go free) [Nouveau nom] # NTFS
# R:\ # Disque amovible # 244,73 Mo (241,05 Mo free) # FAT

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\oodag.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
E:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
E:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\reader_s.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Users\Administrateur\reader_s.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\windows\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Administrateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM_Run: VolPanel="E:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
HKLM_Run: P17RunE=RunDll32 P17RunE.dll,RunDLLEntry
HKLM_Run: UpdReg=C:\Windows\UpdReg.EXE
HKLM_Run: avast!=E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: CanonMyPrinter=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
HKLM_Run: SSBkgdUpdate="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
HKLM_Run: OpwareSE4="E:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
HKLM_Run: ISUSScheduler="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
HKLM_Run: AppleSyncNotifier=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
HKLM_Run: USB2Check=RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM_Run: iTunesHelper="E:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: reader_s=C:\Windows\System32\reader_s.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKCU_Run: MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
HKCU_Run: ehTray.exe=C:\Windows\ehome\ehTray.exe
HKCU_Run: ISUSPM Startup=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
HKCU_Run: DAEMON Tools Pro Agent="E:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
HKCU_Run: Windows Resurections=C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
HKCU_Run: reader_s=C:\Users\Administrateur\reader_s.exe
HKCU_Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=

################## [ Informations ]

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\Windows\system32\reader_s.exe
Found ! C:\Windows\system32\tmp.reg
Found ! C:\Windows\system32\tmp.txt
Found ! "C:\Users\Administrateur\reader_s.exe"
Found ! O:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "reader_s"
Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "reader_s"
Found ! HKU\S-1-5-21-837058442-2612039814-1966155014-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "reader_s"

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{5522fec1-8745-11dd-b48e-001bfcd29768}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.015 ! ]
0
Réponse 9 / 49
Utilisateur anonyme
 
• Double clic sur le raccourci UsbFix présent sur ton bureau

• choisis l'option 2 ( Suppression )

• Ton bureau disparaitra et le pc redémarrera .

• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 10 / 49
buse
 
le pc a bien redemarré mais il n'y a rien qui s'affiche (peut etre qu'il scanne mais y a rien qui me l'indique fenetre logiciel ou autre...)
je fais quoi?
0
Réponse 11 / 49
Utilisateur anonyme
 
fais un clic droit sur le raccourci usbfix , choisi executer en tant qu administrateur

ensuite refais l option 2 stp
0
Réponse 12 / 49
buse
 
ca ne marche toujours pas.
c'est peut etre du a des logiciels qui s'ouvre au démarrage comme par exemple un bureau virtuel (bumptop)
j'ai aussi l'iphone qui se connecte "tardivement"
0
Réponse 13 / 49
Utilisateur anonyme
 
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
Réponse 14 / 49
buse
 
ComboFix 09-04-30.05 - Administrateur 01/05/2009 11:53.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.33.1036.18.2046.1410 [GMT 2:00]
Lancé depuis: c:\users\Administrateur\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1282 [VPS 081203-0] *On-access scanning enabled* (Updated)
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Administrateur\reader_s.exe
c:\windows\system32\reader_s.exe
c:\windows\system32\sjg9s8guigjs.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-01 au 2009-05-01 ))))))))))))))))))))))))))))))))))))
.

2009-05-01 09:14 . 2009-05-01 09:17 -------- d-----w C:\UsbFix
2009-05-01 08:49 . 2009-05-01 08:49 -------- d-----w C:\rsit
2009-05-01 08:32 . 2009-05-01 08:32 35 ----a-w c:\users\Administrateur\AppData\Roaming\SetValue.bat
2009-05-01 08:32 . 2009-05-01 08:32 35 ----a-w c:\users\ADMINI~1\AppData\Roaming\SetValue.bat
2009-05-01 08:32 . 2009-05-01 08:32 691 ----a-w c:\users\Administrateur\AppData\Roaming\GetValue.vbs
2009-05-01 08:32 . 2009-05-01 08:32 691 ----a-w c:\users\ADMINI~1\AppData\Roaming\GetValue.vbs
2009-04-30 22:50 . 2009-04-30 22:50 94204 ----a-w c:\windows\system32\drivers\glaide32.sys
2009-04-30 22:49 . 2009-04-30 22:49 2 ---h--w c:\windows\t55ft2692f44.dat
2009-04-30 22:49 . 2009-04-30 22:49 101888 ----a-w C:\mrypqar.exe
2009-04-30 22:48 . 2009-04-30 22:48 8704 --sha-w c:\windows\7185F.exe
2009-04-14 08:11 . 2008-10-10 02:52 2036576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2009-04-14 08:11 . 2008-10-10 02:52 452440 ----a-w c:\windows\system32\d3dx10_40.dll
2009-04-14 08:11 . 2008-10-10 02:52 4379984 ----a-w c:\windows\system32\D3DX9_40.dll
2009-04-14 08:11 . 2008-10-27 08:04 70992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2009-04-14 08:11 . 2008-10-27 08:04 514384 ----a-w c:\windows\system32\XAudio2_3.dll
2009-04-14 08:11 . 2008-10-27 08:04 235856 ----a-w c:\windows\system32\xactengine3_3.dll
2009-04-14 08:11 . 2008-10-27 08:04 23376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2009-04-14 07:00 . 2009-04-22 20:24 -------- d-----w c:\program files\BumpTop
2009-04-14 06:59 . 2009-04-14 06:59 -------- d-----w c:\users\Administrateur\AppData\Local\Bump Technologies, Inc
2009-04-14 06:59 . 2009-04-14 06:59 -------- d-----w c:\users\ADMINI~1\AppData\Local\Bump Technologies, Inc
2009-04-14 06:59 . 2009-04-14 06:59 -------- d-----w c:\users\Administrateur\AppData\Roaming\Bump Technologies, Inc
2009-04-14 06:59 . 2009-04-14 06:59 -------- d-----w c:\users\ADMINI~1\AppData\Roaming\Bump Technologies, Inc

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 09:41 . 2006-11-02 16:03 671016 ----a-w c:\windows\system32\perfh00C.dat
2009-05-01 09:41 . 2006-11-02 16:03 124066 ----a-w c:\windows\system32\perfc00C.dat
2009-05-01 06:14 . 2008-02-28 12:55 2032 ----a-w c:\users\Administrateur\AppData\Local\d3d9caps.dat
2009-05-01 06:14 . 2008-02-28 12:55 2032 ----a-w c:\users\ADMINI~1\AppData\Local\d3d9caps.dat
2009-04-14 08:08 . 2008-02-28 13:09 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-12 21:58 . 2009-03-12 21:58 -------- d-----w c:\program files\iPod
2009-03-12 21:58 . 2008-02-28 15:22 -------- d-----w c:\program files\Common Files\Apple
2009-03-12 21:57 . 2008-02-28 14:53 -------- d-----w c:\program files\Bonjour
2009-03-12 21:57 . 2009-03-12 21:57 -------- d-----w c:\program files\QuickTime
2009-03-12 21:56 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-03-12 21:56 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-03-12 21:56 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-03-05 22:59 . 2009-03-05 22:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 22:59 . 2009-03-05 22:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-02-05 09:54 . 2009-02-21 10:20 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-12-04 21:22 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
2007-08-26 14:32 . 2007-08-26 14:32 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"DAEMON Tools Pro Agent"="e:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="e:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="e:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-02-20 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"P17RunE"="P17RunE.dll" - c:\windows\System32\P17RunE.dll [2007-04-09 14848]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
BumpTop.lnk - c:\program files\BumpTop\BumpTop.exe [2009-4-20 4077568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKLM\~\startupfolder\C:^Users^Administrateur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iPhoneRingToneMaker.lnk]
path=c:\users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iPhoneRingToneMaker.lnk
backup=c:\windows\pss\iPhoneRingToneMaker.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DB6BA2E5-4646-4147-A0B5-0BFE8C5B064D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E6F1F7E3-31CF-4989-A148-AF0C9BA9E117}"= e:\program files\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{3DE2D1B7-5A76-4D8A-8F03-9A4834DA9E06}"= UDP:e:\jeux\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{E97118C3-1AE2-47C9-B83E-6E8D19FAD96C}"= TCP:e:\jeux\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8F0FEC7D-1FBC-45AC-9565-7FE593BFF03E}"= UDP:e:\jeux\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{1867577E-85C2-4529-BA71-954A7FAF2AED}"= TCP:e:\jeux\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{215BEEA3-4B05-4CE4-A973-720D1744F5F6}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{30C22D1B-CC34-4887-85FB-0C1FA099BEFC}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{6B9F3852-A383-47D9-B9CE-801112F4864F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{DBB9E2C2-4D92-424B-AE02-14FFA916D330}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{5C39E984-2F71-4FD1-AC8C-79919B3B6446}"= UDP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{3502F4C3-17B9-4942-9FEA-D8705D8E4495}"= TCP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{550A823C-5432-4B5F-9A3B-B724F151F3E7}"= UDP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{C77CC0AC-73F8-4F71-A199-B54BBA893474}"= TCP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{D1885B1D-AC70-499A-A3CC-02A8C43844C7}"= UDP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{8827D9E1-EAB8-4EFC-869C-A716B89B2128}"= TCP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{F6B2209C-355E-40FD-983C-82D78B634164}"= UDP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{E5DA9564-140D-43D4-A6FF-778F08504E18}"= TCP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{A3F17C12-B44E-4DED-ACF7-09CDCACE2970}"= UDP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{DF95E30C-0FE6-4E61-8E1C-D50ECB909FCC}"= TCP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{A2EC33F1-EAA1-45E8-9C9F-E2DC57CA517C}"= UDP:e:\jeux\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{C09873C8-E9E6-4593-878E-4A3D15955BD8}"= TCP:e:\jeux\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{ED48ADB0-659F-4334-AF0D-AB70EF423060}"= UDP:e:\program files\Azureus\Azureus.exe:Azureus Vuze
"{108899C6-0ADF-4DB3-BA7D-69A48721DBCA}"= TCP:e:\program files\Azureus\Azureus.exe:Azureus Vuze
"{ABAE8409-928B-4B93-BF92-2F34D7197471}"= UDP:40845:port azureus
"{40A5A847-7FB7-495F-915E-F921922739DB}"= TCP:40845:port azureus2
"TCP Query User{C3CEAE81-4E80-457E-B68C-29979D1E0CD4}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{7B190847-45AE-4F17-9D15-FAF1C185E949}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{E6D5CCE5-8AF3-44E2-964F-1BB9E3FF03AB}e:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:e:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"UDP Query User{F928E928-DBCE-41D2-B769-29168485A0B2}e:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:e:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"TCP Query User{CAFC549E-39D2-4C7C-B6B5-C7D2ED4BDEE4}e:\\program files\\mozilla firefox\\firefox.exe"= UDP:e:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{482CE51F-79C1-4C15-AC0E-455463C46AF7}e:\\program files\\mozilla firefox\\firefox.exe"= TCP:e:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{50438E4B-7D2C-49B5-AAD7-E6476FB4F67E}e:\\program files\\tvants\\tvants.exe"= UDP:e:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{B07BF5C0-7BC5-427A-B041-BB913D8E509C}e:\\program files\\tvants\\tvants.exe"= TCP:e:\program files\tvants\tvants.exe:TVAnts
"{912F3CBD-79BB-4586-9E94-5FF56111866C}"= UDP:e:\jeux\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{7849EFD2-AD29-4573-93CD-523196BB3DFF}"= TCP:e:\jeux\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{124B3C57-8A77-4750-8723-7E4B769A37DF}"= UDP:e:\jeux\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{0E531CAC-AAD8-4BFF-83F9-E9E96814DD87}"= TCP:e:\jeux\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{7CD28F38-5DCB-43A3-ADB1-8AF3048EB54D}"= UDP:e:\jeux\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{9546D051-59B0-46E7-B5DE-B1EB30A5C5A9}"= TCP:e:\jeux\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{0DE87DD6-B811-4C97-8813-E0D66DA3A2C5}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8FAB4CF4-62EF-40A7-B908-8156BE28299E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{D872930E-E1A1-4E26-93F2-C2A3D9C5E572}"= UDP:e:\jeux\Codemasters\GRID\GRID.exe:GRID
"{996B0956-4520-482D-9A40-8E4F3BBDAB75}"= TCP:e:\jeux\Codemasters\GRID\GRID.exe:GRID
"TCP Query User{3691479F-586B-4F55-8CA2-CA05AC08D953}e:\\jeux\\valve\\steam\\steamapps\\tete2brik\\counter-strike source\\hl2.exe"= UDP:e:\jeux\valve\steam\steamapps\tete2brik\counter-strike source\hl2.exe:hl2
"UDP Query User{F5DC15E0-B065-4A0B-8D2C-DDAF04FAFF88}e:\\jeux\\valve\\steam\\steamapps\\tete2brik\\counter-strike source\\hl2.exe"= TCP:e:\jeux\valve\steam\steamapps\tete2brik\counter-strike source\hl2.exe:hl2
"{1ABC4B40-D64D-4D2C-89B1-C75798F1CC36}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{65CFF084-28B8-4DFB-BC59-11ED19C4E186}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{2A57BFFA-BAC1-4065-BEB5-CD226CEA2A18}"= Disabled:UDP:e:\jeux\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{CF4F1A30-59FB-4A1A-99D7-097C01A894E0}"= Disabled:TCP:e:\jeux\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{65BB55AB-39D1-4836-A003-34B29D8E29EB}"= UDP:e:\jeux\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{38935943-FF16-4E6F-856E-1497D732B5F4}"= TCP:e:\jeux\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{CEB12F0B-8C4E-400F-BBE6-B803EE4DE039}"= UDP:e:\jeux\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{AE7E7A25-500D-4AC7-8827-2688C9ACF976}"= TCP:e:\jeux\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{4E7FBB53-B037-4AC4-8DF2-0E960D04A34F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9CDCA8A3-7AC3-40A0-A2EB-8DEBBED4B161}"= UDP:e:\jeux\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{6DA7449C-9E63-49FE-A095-3571A4506869}"= TCP:e:\jeux\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"TCP Query User{9A338FF7-E6F6-475B-9475-93DEBA1CEF08}e:\\jeux\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:e:\jeux\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{5A4EC517-0F28-4405-B95D-785666638614}e:\\jeux\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:e:\jeux\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{EF8F1957-29A5-4EDB-8D5B-9D84908032A3}"= UDP:e:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{C97CC3F4-70D7-46FE-BE94-027B448ED213}"= TCP:e:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{94260B0B-C737-4F81-B687-CD1C5CB6E161}"= UDP:e:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{A87F3EC5-2E7A-43D1-9AC6-ED0EDE905A92}"= TCP:e:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{813C8279-94AF-4833-A1FE-1D29BF9688C3}"= UDP:e:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{8275C624-773D-475F-A762-F3F54D7F8F22}"= TCP:e:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{5E96AAA1-7384-48AC-9ED2-BDBFCFEABD68}"= UDP:e:\jeux\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{BBA322E6-C672-4D2F-855B-07F38E2596C1}"= TCP:e:\jeux\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{DB7E52F7-C305-4749-9C25-E2F5A77C7FEC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1C53488A-BE9A-4AD5-826B-9C6C5C057751}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AE42A542-5ABF-4479-B650-3E1276F62B5D}"= UDP:e:\program files\iTunes\iTunes.exe:iTunes
"{1403FF0D-24C5-4BD8-AFDB-73E6F69BC3FF}"= TCP:e:\program files\iTunes\iTunes.exe:iTunes
"{CC9EE8A4-9ED5-4FFA-A3F1-9093344F9394}"= Disabled:UDP:e:\jeux\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{DBB4CFE6-D16C-45E6-A58F-0A4ABD733281}"= Disabled:TCP:e:\jeux\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{09120AE0-0440-4A27-B38F-7C6091ED6A69}"= UDP:e:\jeux\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{99C0194B-1D4F-41DC-AA7A-BCD4182868B7}"= TCP:e:\jeux\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{0DF36CF7-110A-470F-973C-682A53FAB917}"= UDP:e:\jeux\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{1AB9A5A9-DE0B-4B91-ADC0-72B52A954495}"= TCP:e:\jeux\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{9126EE4F-3EF3-4A32-9700-D8B9E8348724}"= UDP:80:DL32
"{F5526ABE-1E4E-4947-AAB1-708FAEA46383}"= UDP:7171:DL32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisableNotifications"= 1 (0x1)

R2 gupdate1c996b3575e4932;Google Update Service (gupdate1c996b3575e4932);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 133104]
R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\DRIVERS\MarvinAVS.sys [2007-05-09 434176]
S1 aswSP;avast! Self Protection; [x]
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};e:\program files\PowerDVD\[u]0/u00.fcl [2006-11-02 15:51 13560]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5522fec1-8745-11dd-b48e-001bfcd29768}]
\shell\AutoRun\command - L:\autorun.exe
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: E&xporter vers Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - e:\jeux\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
FF - ProfilePath - c:\users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\sfhomypj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.lemonde.fr/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - component: c:\users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\sfhomypj.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: e:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 11:56
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.aif"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.aifc"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.aiff"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Ant Movie Catalog"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.bmp"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cda"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.dcx"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.dib"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.emf"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.gif"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itb"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.jfif"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.jif"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.jpe"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.jpeg"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.jpg"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M3U8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M4A\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4a"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4v"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.mp2"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.mp3"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\GOM.exe"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.pcx"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.pic"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pls"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.png"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.rle"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.tga"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.tif"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.tiff"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wav"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.wbm"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.wbmp"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.wmf"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ACDSee 9.0.xif"

[HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\SecuROM\License information*]
"datasecu"=hex:df,12,ea,ea,df,50,4d,6f,57,77,01,3f,b1,92,12,6b,ec,eb,53,dc,ea,
c8,75,aa,01,65,3e,ab,49,62,45,99,73,22,b9,47,bc,07,78,20,07,38,bd,aa,91,48,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_USERS\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,d3,ef,53,b5,61,
cc,d3,7d,2e,e8,e1,00,eb,16,2b,de,0b,8d,12,7e,ba,d9,d5,7c,e2,63,26,f1,3f,c8,\

[HKEY_USERS\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,64,d7,7a,5a,b8,
82,a0,42,46,47,15,b0,92,4b,c7,ef,3c,3d,5f,cb,a8,fa,17,bf,6a,9c,d6,61,af,45,\

[HKEY_USERS\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,92,64,cd,c8,18,
17,64,34,7a,45,05,fd,91,e8,6f,31,c3,64,6b,67,0e,8f,cd,22,ff,7c,85,e0,43,d4,\

[HKEY_USERS\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,f1,06,3e,84,5a,
ec,dc,da,6b,65,49,6a,7e,99,74,f7,bb,1c,63,df,75,0d,98,c9,86,8c,21,01,be,91,\

[HKEY_USERS\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,04,bc,40,6e,ca,
dc,c8,49,e9,02,6c,fa,fb,1d,47,57,1f,6a,fe,79,a0,b2,b5,86,f5,1d,4d,73,a8,13,\

[HKEY_USERS\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,bc,2a,ca,b5,3a,
8e,9f,26,50,93,e5,ab,ec,6a,4e,ab,b9,06,53,4b,7f,7e,a4,24,df,20,58,62,78,6b,\

[HKEY_USERS\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,6d,72,21,37,b1,
10,b6,56,97,20,4e,9a,c7,f1,35,ee,0b,1c,e1,48,73,0d,24,9c,fb,a7,78,e6,12,2f,\

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9e.exe,-101"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9e.exe"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,a2,4c,79,e5,d8,
64,d4,71,aa,52,c6,00,84,3c,26,64,e7,c8,c1,a3,d6,4b,50,82,01,3a,48,fc,e8,04,\

[HKEY_USERS\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,a5,59,ef,94,44,
5e,4d,02,b2,46,9a,e2,1b,fe,1b,94,4e,8f,a2,45,5c,a0,4d,0a,f6,0f,4e,58,98,5b,\

[HKEY_USERS\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,98,28,57,f0,81,
c1,c2,b6,37,a4,aa,c3,a6,15,56,0a,aa,d9,b6,cb,58,a4,6d,0a,3d,ce,ea,26,2d,45,\

[HKEY_USERS\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,b5,f7,38,3f,71,
45,e4,0a,f8,31,0f,a9,5f,a0,ec,fb,e8,17,cc,f5,70,53,bf,97,2a,b7,cc,b5,b9,7f,\

[HKEY_USERS\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,d3,9a,e5,6f,18,
41,c1,45,05,73,21,dd,54,d8,4a,c5,1b,97,d2,de,72,85,cd,b4,6c,43,2d,1e,aa,22,\

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B4C8D8F836B052F860DF30C455F341B7E0979E7D64C922391D96139450302BC2901A5547B369561E31B63015E94CF55E2D33ECCFEC9E9733EFE8A1338587BA4779C25092CE0C52398ABCCD8C051E1C961A7D7FDD25B8C4761FFA6BB55D15D994AAB413A150DF1109CA749D8C2390DB874AABD7415EC14C34B4D27D0D1EA14805AF65D7E1947090B224E6A91AD51210BF36766CB980A508848C7A5B52FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933A2D97226D213B555419D88737875FEA3FEB5F29C3068A7B10EE1E4FCAAF914A42B3996E50119C3A203DE331D103A31A74F1C036442FD6361C50FD9A625EA48175E6B61A1D0AC5FA75B47A8AC27F13A9032FA8D0A54CE478B388BEB4D2B366A36213028C4CFFBF0CB54DAFB072CEEC876085723FCB77D0D21B6FEC90797F0E3E75C7055327BAAAE1089E07476E104FC90C07C878D18AF63B42852D34F963091BA8C5587AC27E14017AD668D28620CED3FE376B4F2710EEE7B883521862B8FC05C414F12DCF94A422D873A782E18E1A6028B95564814C5C4526798796FA9AC38A29F117A4F6E17C73D6C7296FB4367A2806570CC0C258A72B7E7B25BB13EAB2F835E12FC74527853584D65006D7701D58435DEAD9F9D90F3CD417EF8586431509CCB0E06204A29E0B32A30813D1D96A67ACFFE404A4A12BE5C3E3935D2EFE9BDAD4603398B4B635AA717B2990F6F94ECF59F310136CA4C384D3E652CF405038999C3B4EBD2A1E623B1BE92FAE77DEDF82CA31BA1F016013DB0B4C8AB761E30BD684AA92B766BF60F725EB40F2F2C940BF66DA6066EF2769AB9A9EDB37108A7D4C6F82EB25A9ADA673047C77035B383DAD4A4004604FEF5943DB72379656624BE04FDCF7748776069515DBBEDA99DB590668117306C2BCC63378D7B67B72D6360149F639DEA1C5446E39C448BA24CABCCF2D3A4C1463BCB2FC7EF4A1C2DA72A910F34FE8154F68D231A8F590219F1EA1E647D9D3313C94B1AAFB42CE6F3723D1EB0A7FEB1F64BE017C658383BE996FC0E4774C2E93AC122B4D7C7FE4E1880E747D87C806E2D302BB1642D5F58D7166C14CDC293048565308649A7E38C9095783E0DC468B0328FCB730ED5932B07A04B1FCE8854512448D48BB469C18EB24D42ADF12B5D222628A7CF07B15E3C033AAD9144F58F562854F733EB3243F4B8161B31D6E94A228E8D2431B230094636B8AC41CAD1924C0745825E6540D59645AF5FD6A8D1DEC153A62F741AD627B9F2CAE37726776D9F1C2D60E53D5EAA7CD9306B257DC60E48C0AD366B69BF89B9F06DF5F3BAD2F56F266F061432F33964DD82A3148CC28E308732AE5973184B9D467606E612694592464567A8A6F63C409C"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(4860)
e:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
Heure de fin: 2009-05-01 11:57
ComboFix-quarantined-files.txt 2009-05-01 09:57

Avant-CF: 66 179 379 200 octets libres
Après-CF: 66 161 356 800 octets libres

588 --- E O F --- 2009-01-10 13:58
0
Réponse 15 / 49
Utilisateur anonyme
 
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
c:\users\Administrateur\AppData\Roaming\GetValue.vbs
c:\users\ADMINI~1\AppData\Roaming\GetValue.vbs
c:\windows\t55ft2692f44.dat
C:\mrypqar.exe
c:\windows\7185F.exe
c:\users\Administrateur\AppData\Roaming\SetValue.bat
c:\windows\system32\drivers\glaide32.sys

:commands
[emptytemp]
[start explorer]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 16 / 49
buse
 
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\users\Administrateur\AppData\Roaming\GetValue.vbs moved successfully.
File/Folder c:\users\ADMINI~1\AppData\Roaming\GetValue.vbs not found.
c:\windows\t55ft2692f44.dat moved successfully.
C:\mrypqar.exe moved successfully.
c:\windows\7185F.exe moved successfully.
c:\users\Administrateur\AppData\Roaming\SetValue.bat moved successfully.
c:\windows\system32\drivers\glaide32.sys moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05012009_121012

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
0
Réponse 17 / 49
Utilisateur anonyme
 
Telecharge malwarebytes
https://www.malwarebytes.com/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log
0
Réponse 18 / 49
buse
 
echec dans la mise a jour du logiciel
pour info je n'ai plus acces a internet depuis le pc infecté du coup je transfert les fichiers d'un autre pc par clé usb
je continue quand meme?
0
Réponse 19 / 49
Utilisateur anonyme
 
oué continue quand meme
0
Réponse 20 / 49
buse
 
RAS apparement
voici le rapport :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1945
Windows 6.0.6001 Service Pack 1

01/05/2009 12:29:34
mbam-log-2009-05-01 (12-29-34).txt

Type de recherche: Examen rapide
Eléments examinés: 67194
Temps écoulé: 2 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
a quoi sert softonic ?
durup1928 -
jacklyn -

25 réponses