Infection inconnue

Marheck Messages postés 415 Statut Membre -  
 V-X -
Bonjour,
Je pense qu'il ya une infection dans ça

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:31, on 15/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\tazebama.dl_
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\FixCamera.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPeer.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QUAD Windows service] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
O4 - HKCU\..\Run: [QUAD Scheduler] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D90242B-7826-4717-B47E-01907369F5BA}: NameServer = 213.139.92.2,213.136.96.37
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll c:\progra~1\bandoo\bndhook.dll
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 7742 bytes

c'est laquelle??
Merci d'avance

--
Il n'ya rien de tel que de comprendre qu'on est tous prisonniers des machines...
Configuration: Windows XP SP2
Mozilla Firefox 3.0.9

26 réponses

  • 1
  • 2
  1. V-X
     
    Salut,

    ▶ Telecharge et install UsbFix de C_XX & Chiquitine29

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

    ▶ Double clic sur le raccourci UsbFix présent sur ton bureau .

    ▶ Choisi l option 1 ( Recherche )

    ▶ Laisse travailler l outil.

    ▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

    ▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  2. Marheck Messages postés 415 Statut Membre 175
     
    Le rapport

    ############################## [ UsbFix V3.014 ]

    # User : oxmo (Administrateurs) # CABINE3
    # Update on 27/04/09 by C_XX & Chiquitine29
    # Start at: 10:34:05 | 15/05/2009

    # mobile AMD Athlon(tm) MP-M 1800+
    # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    # Internet Explorer 6.0.2900.2180
    # Windows Firewall Status : Disabled

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 9,77 Go (376,35 Mo free) # NTFS
    # D:\ # Disque fixe local # 28,51 Go (26,25 Go free) # NTFS
    # E:\ # Disque CD-ROM

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\tazebama.dl_
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\FixCamera.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\Bandoo\Bandoo.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## [ Registre # Startup ]

    HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    HKCU_Main: "Window Title"="Internet Explorer"
    HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    HKLM_logon: "DefaultUserName"="oxmo"
    HKLM_logon: "AltDefaultUserName"="oxmo"
    HKLM_logon: "LegalNoticeCaption"=""
    HKLM_logon: "LegalNoticeText"=""
    HKLM_Run: FixCamera=C:\WINDOWS\FixCamera.exe
    HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    HKCU_Run: SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe
    HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
    HKCU_Run: QUAD Windows service=C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
    HKCU_Run: QUAD Scheduler=C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe

    ################## [ Informations ]

    # Références MD5 :

    File ... : C:\Documents and Settings\hook.dl_
    CRC32 .. : 0872f01d
    MD5 .... : ae1b2201f9fb0b105e5039dae674e32a

    File ... : C:\Documents and Settings\tazebama.dl_
    CRC32 .. : 492787d7
    MD5 .... : 3a87a9ecf8bfb6ae822afaeb24a5d976

    File ... : C:\Documents and Settings\tazebama.dll
    CRC32 .. : 6ef43cb7
    MD5 .... : b6a03576e595afacb37ada2f1d5a0529

    File ... : C:\zPharaoh.exe
    CRC32 .. : dee3f2e5
    MD5 .... : 74e3e5d492064d00cb10ccda25be1953

    ################## [ Fichiers # Dossiers infectieux ]

    Found ! "C:\Documents and Settings\oxmo\Application Data\tazebama"
    Found ! "C:\Documents and Settings\oxmo\Application Data\tazebama\zPharaoh.dat"
    Found ! "C:\Documents and Settings\hook.dl_"
    Found ! "C:\Documents and Settings\tazebama.dl_"
    Found ! "C:\Documents and Settings\tazebama.dll"
    C:\autorun.inf # -> fichier appelé : "C:\zPharaoh.exe" ( présent ! )
    Found ! C:\autorun.inf
    Found ! C:\zPharaoh.exe
    D:\autorun.inf # -> fichier appelé : "D:\zPharaoh.exe" ( présent ! )
    Found ! D:\autorun.inf
    Found ! D:\zPharaoh.exe

    ################## [ Registre # Clés Run infectieuses ]

    Found ! HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
    Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
    Found ! HKLM\software\microsoft\security center\\ "FirewallOverride"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
    Found ! HKLM\software\microsoft\security center\\ "UacDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
    Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
    Found ! HKLM\software\microsoft\security center\Svc\\ "AntiVirusDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
    Found ! HKLM\software\microsoft\security center\Svc\\ "AntiVirusOverride"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
    Found ! HKLM\software\microsoft\security center\Svc\\ "FirewallDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
    Found ! HKLM\software\microsoft\security center\Svc\\ "FirewallOverride"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
    Found ! HKLM\software\microsoft\security center\Svc\\ "UacDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
    Found ! HKLM\software\microsoft\security center\Svc\\ "UpdatesDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
    Found ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
    Found ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableTaskMgr"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

    ################## [ Registre # Mountpoints2 ]

    HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\explore\Command
    HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\open\Command

    ################## [ ! Fin du rapport # UsbFix V3.014 ! ]

    0
  3. V-X
     
    Re,

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

    ▶ Double clic sur le raccourci UsbFix présent sur ton bureau

    ▶ Choisi l option 2 ( Suppression )

    ▶ Ton bureau disparaitra et le pc redémarrera .

    ▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

    ▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    ▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
    0
  4. Marheck Messages postés 415 Statut Membre 175
     
    Bah voilà

    ############################## [ UsbFix V3.014 ]

    # User : oxmo (Administrateurs) # CABINE3
    # Update on 27/04/09 by C_XX & Chiquitine29
    # Start at: 10:44:41 | 15/05/2009

    # mobile AMD Athlon(tm) MP-M 1800+
    # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    # Internet Explorer 6.0.2900.2180
    # Windows Firewall Status : Disabled

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 9,77 Go (378,82 Mo free) # NTFS
    # D:\ # Disque fixe local # 28,51 Go (26,25 Go free) # NTFS
    # E:\ # Disque CD-ROM

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\Bandoo\Bandoo.exe
    C:\Documents and Settings\tazebama.dl_
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\PROGRA~1\Bandoo\BandooUI.exe
    C:\WINDOWS\Explorer.EXE

    ################## [ Fichiers # Dossiers infectieux ]

    Deleted ! "C:\Documents and Settings\oxmo\Application Data\tazebama"
    Deleted ! "C:\Documents and Settings\hook.dl_"
    (!) Not Deleted ! "C:\Documents and Settings\tazebama.dl_"
    (!) Not Deleted ! "C:\Documents and Settings\tazebama.dll"
    C:\autorun.inf # -> fichier appelé : "C:\zPharaoh.exe" ( présent ! )
    Deleted ! -> C:\zPharaoh.exe
    Deleted ! C:\autorun.inf
    Deleted ! C:\zPharaoh.exe
    D:\autorun.inf # -> fichier appelé : "D:\zPharaoh.exe" ( présent ! )
    Deleted ! -> D:\zPharaoh.exe
    Deleted ! D:\autorun.inf
    Deleted ! D:\zPharaoh.exe

    ################## [ Registre # Clés Run infectieuses ]

    # HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\\ "AntiVirusOverride"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\\ "FirewallOverride"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\\ "UacDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\Svc\\ "AntiVirusDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\Svc\\ "AntiVirusOverride"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\Svc\\ "FirewallDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\Svc\\ "FirewallOverride"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\Svc\\ "UacDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\Svc\\ "UpdatesDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableTaskMgr"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !

    ################## [ Registre # Mountpoints2 ]

    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\explore\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\open\Command

    ################## [ Listing des fichiers présent ]

    [26/11/2008 17:24|--a------|0] - C:\AUTOEXEC.BAT
    [15/05/2009 10:47|-r-hs----|126] - C:\autorun.inf
    [20/03/2009 14:23|--a------|4243] - C:\backblue.gif
    [16/02/2009 17:52|--a------|212] - C:\Boot.bak
    [27/04/2009 15:44|-rahs----|282] - C:\boot.ini
    [30/08/2002 13:00|-rahs----|4952] - C:\Bootfont.bin
    [26/03/2009 21:49|--a------|5105] - C:\busts.exe
    [03/08/2004 23:00|--a------|263488] - C:\cmldr
    [27/04/2009 16:03|--a------|25004] - C:\ComboFix.txt
    [26/11/2008 17:24|--a------|0] - C:\CONFIG.SYS
    [20/03/2009 14:23|--a------|828] - C:\fade.gif
    [20/03/2009 14:23|--a------|5075] - C:\index.html
    [26/11/2008 17:24|-rahs----|0] - C:\IO.SYS
    [09/01/2009 19:29|--a------|0] - C:\Mes Sites Web.whtt
    [26/11/2008 17:24|-rahs----|0] - C:\MSDOS.SYS
    [03/08/2004 21:38|-rahs----|47564] - C:\NTDETECT.COM
    [03/08/2004 21:59|-rahs----|251712] - C:\ntldr
    [?|?|?] - C:\pagefile.sys
    [28/11/2008 14:21|--ah-----|268] - C:\sqmdata00.sqm
    [12/12/2008 19:10|--ah-----|232] - C:\sqmdata01.sqm
    [15/12/2008 13:56|--ah-----|268] - C:\sqmdata02.sqm
    [28/01/2009 14:39|--ah-----|232] - C:\sqmdata03.sqm
    [03/05/2009 15:03|--ah-----|232] - C:\sqmdata04.sqm
    [03/05/2009 17:54|--ah-----|232] - C:\sqmdata05.sqm
    [02/02/2002 10:58|--ah-----|232] - C:\sqmdata06.sqm
    [02/02/2009 11:59|--ah-----|232] - C:\sqmdata07.sqm
    [02/02/2009 12:01|--ah-----|232] - C:\sqmdata08.sqm
    [02/02/2009 14:18|--ah-----|268] - C:\sqmdata09.sqm
    [06/02/2002 15:10|--ah-----|232] - C:\sqmdata10.sqm
    [05/03/2009 17:41|--ah-----|268] - C:\sqmdata11.sqm
    [19/03/2009 22:32|--ah-----|268] - C:\sqmdata12.sqm
    [20/03/2009 10:35|--ah-----|268] - C:\sqmdata13.sqm
    [03/04/2009 11:11|--ah-----|232] - C:\sqmdata14.sqm
    [03/04/2009 15:03|--ah-----|232] - C:\sqmdata15.sqm
    [03/04/2009 18:08|--ah-----|268] - C:\sqmdata16.sqm
    [04/04/2009 10:23|--ah-----|268] - C:\sqmdata17.sqm
    [04/04/2009 10:23|--ah-----|172] - C:\sqmdata18.sqm
    [03/05/2009 15:01|--ah-----|232] - C:\sqmdata19.sqm
    [28/11/2008 14:21|--ah-----|244] - C:\sqmnoopt00.sqm
    [12/12/2008 19:10|--ah-----|244] - C:\sqmnoopt01.sqm
    [15/12/2008 13:56|--ah-----|244] - C:\sqmnoopt02.sqm
    [28/01/2009 14:39|--ah-----|244] - C:\sqmnoopt03.sqm
    [03/05/2009 15:03|--ah-----|244] - C:\sqmnoopt04.sqm
    [03/05/2009 17:54|--ah-----|244] - C:\sqmnoopt05.sqm
    [02/02/2002 10:58|--ah-----|244] - C:\sqmnoopt06.sqm
    [02/02/2009 11:59|--ah-----|244] - C:\sqmnoopt07.sqm
    [02/02/2009 12:01|--ah-----|244] - C:\sqmnoopt08.sqm
    [02/02/2009 14:18|--ah-----|244] - C:\sqmnoopt09.sqm
    [06/02/2002 15:10|--ah-----|244] - C:\sqmnoopt10.sqm
    [05/03/2009 17:41|--ah-----|244] - C:\sqmnoopt11.sqm
    [19/03/2009 22:32|--ah-----|244] - C:\sqmnoopt12.sqm
    [20/03/2009 10:35|--ah-----|244] - C:\sqmnoopt13.sqm
    [03/04/2009 11:11|--ah-----|244] - C:\sqmnoopt14.sqm
    [03/04/2009 15:03|--ah-----|244] - C:\sqmnoopt15.sqm
    [03/04/2009 18:08|--ah-----|244] - C:\sqmnoopt16.sqm
    [04/04/2009 10:23|--ah-----|244] - C:\sqmnoopt17.sqm
    [04/04/2009 10:23|--ah-----|244] - C:\sqmnoopt18.sqm
    [03/05/2009 15:01|--ah-----|244] - C:\sqmnoopt19.sqm
    [28/04/2009 18:17|--a------|4884] - C:\TB.txt
    [15/05/2009 10:47|--a------|7331] - C:\UsbFix.txt
    [15/05/2009 10:46|-r-hs----|155181] - C:\zPharaoh.exe
    [28/04/2009 15:08|--a------|79610] - D:\90qfwh.jpg
    [15/05/2009 10:47|-r-hs----|126] - D:\autorun.inf
    [21/03/2009 14:59|--a------|1101429] - D:\DevCpp.pdf
    [26/04/2009 16:21|--a------|303735] - D:\hfgnkq9b.jpg
    [20/04/2009 16:49|--a------|50888] - D:\url.htm
    [15/05/2009 10:46|-r-hs----|155581] - D:\zPharaoh.exe

    ################## [ Vaccination ]

    ################## [ Cracks / Keygens / Serials ]

    C:\Documents and Settings\oxmo\Bureau\Avast2009Prov4.8_Serial.rar
    C:\Documents and Settings\oxmo\Bureau\Fichier RAR\pwdcrack.zip
    C:\Documents and Settings\oxmo\Bureau\Fichier RAR\ROPatch.rar
    C:\Documents and Settings\oxmo\Bureau\Fichier RAR\Avast2009Prov4.8_Serial\Avast2009Prov4.8+Serial\Avast_AntiVirus_2009_Pro__v4.8.1282_Plus_Serial + life time\Avas.exe
    C:\Documents and Settings\oxmo\Bureau\Fichier RAR\Avast2009Prov4.8_Serial\Avast2009Prov4.8+Serial\Avast_AntiVirus_2009_Pro__v4.8.1282_Plus_Serial + life time\CW info.rar
    C:\Documents and Settings\oxmo\Bureau\pwdcrack\pwdcrack.exe
    C:\Documents and Settings\All Users\Documents\images\WinRAR\WinRAR v3.71\keygenpatch.exe

    ################## [ ! Fin du rapport # UsbFix V3.014 ! ]

    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. V-X
     
    Re,

    Vire tes cracks.

    ▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

    ▶ Double clique sur RSIT.exe pour lancer l'outil.

    ▶ Clique sur ' continue ' à l'écran Disclaimer.

    Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

    ▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports séparément.
    ( log.txt & info.txt )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  7. Marheck Messages postés 415 Statut Membre 175
     
    Le log text

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by oxmo at 2009-05-15 11:04:33
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 376 MB (4%) free of 10 GB
    Total RAM: 223 MB (27% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:04:57, on 15/05/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\Bandoo\Bandoo.exe
    C:\Documents and Settings\tazebama.dl_
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Documents and Settings\oxmo\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\oxmo.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPeer.dll
    O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QUAD Windows service] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
    O4 - HKCU\..\Run: [QUAD Scheduler] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D90242B-7826-4717-B47E-01907369F5BA}: NameServer = 213.139.92.2,213.136.96.37
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll c:\progra~1\bandoo\bndhook.dll
    O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
    O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    0
  8. Marheck Messages postés 415 Statut Membre 175
     
    L'Info text

    info.txt logfile of random's system information tool 1.06 2009-05-15 11:05:04

    ======Uninstall list======

    -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    168-USB PC Camera-->C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x040c -removeonly
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
    C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
    Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
    Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    CyberCafePro Client Version 5 (Remove Only)-->"C:\Program Files\CCP Client\unins000.exe"
    Fake Webcam 5.1.0-->"C:\Program Files\Fake Webcam\unins000.exe"
    Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
    Glary Utilities Pro 2.12.0.658-->"C:\Program Files\Glary Utilities\unins000.exe"
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    myBabylon_English Toolbar-->C:\PROGRA~1\MYBABY~1\UNWISE.EXE /U C:\PROGRA~1\MYBABY~1\INSTALL.LOG
    Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    P2P_Energy Toolbar-->C:\PROGRA~1\P2P_EN~1\UNWISE.EXE C:\PROGRA~1\P2P_EN~1\INSTALL.LOG
    Peer2Peer-FR Toolbar-->C:\PROGRA~1\PEER2P~1\UNWISE.EXE C:\PROGRA~1\PEER2P~1\INSTALL.LOG
    QUAD Registry Cleaner v.1.5.69-->C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
    Revo Uninstaller 1.80-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe"
    SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
    Total Video Converter 3.11-->"C:\Program Files\Total Video Converter\unins000.exe"
    UsbFix-->C:\UsbFix\Uninstal.exe
    VirtualCamera-->C:\Program Files\VirtualCamera\uninst.exe
    VLC media player 0.9.9-->D:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    WinHTTrack Website Copier 3.43-2-->"C:\Program Files\WinHTTrack\unins000.exe"
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

    ======System event log======

    Computer Name: CABINE3
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

    Record Number: 7923
    Source Name: Service Control Manager
    Time Written: 20090428180606.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: CABINE3
    Event Code: 7036
    Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.

    Record Number: 7922
    Source Name: Service Control Manager
    Time Written: 20090428180606.000000+060
    Event Type: Informations
    User:

    Computer Name: CABINE3
    Event Code: 7036
    Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

    Record Number: 7921
    Source Name: Service Control Manager
    Time Written: 20090428180604.000000+060
    Event Type: Informations
    User:

    Computer Name: CABINE3
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

    Record Number: 7920
    Source Name: Service Control Manager
    Time Written: 20090428180604.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: CABINE3
    Event Code: 7036
    Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

    Record Number: 7919
    Source Name: Service Control Manager
    Time Written: 20090428180553.000000+060
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: CABINE3
    Event Code: 0
    Message:
    Record Number: 5
    Source Name: Bandoo Coordinator
    Time Written: 20090425101031.000000+060
    Event Type: Informations
    User:

    Computer Name: CABINE3
    Event Code: 0
    Message:
    Record Number: 4
    Source Name: gusvc
    Time Written: 20090425101030.000000+060
    Event Type: Informations
    User:

    Computer Name: CABINE3
    Event Code: 1004
    Message:
    Record Number: 3
    Source Name: WgaSetup
    Time Written: 20090425101024.000000+060
    Event Type: Informations
    User:

    Computer Name: CABINE3
    Event Code: 1002
    Message:
    Record Number: 2
    Source Name: WgaSetup
    Time Written: 20090425101023.000000+060
    Event Type: Informations
    User:

    Computer Name: CABINE3
    Event Code: 1006
    Message:
    Record Number: 1
    Source Name: WgaSetup
    Time Written: 20090425101023.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
    "PROCESSOR_REVISION"=0801
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------
    0
  9. V-X
     
    Re,

    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

    :processes
    explorer.exe

    :files
    c:\zpharaoh.exe

    :commands
    [purity]
    [emptytemp]
    [start explorer]


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    0
  10. Marheck Messages postés 415 Statut Membre 175
     
    Voila

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    c:\zPharaoh.exe moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\oxmo\LOCALS~1\Temp\A9R90C.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\oxmo\LOCALS~1\Temp\etilqs_QvjjqE6avPc6DU2I6IcI scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\oxmo\LOCALS~1\Temp\~DFDB67.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\oxmo\Local Settings\Temporary Internet Files\Content.Word\~WRS{67815AC9-35EF-4B19-AD10-5C2A2370F276}.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\oxmo\Local Settings\Temporary Internet Files\Content.Word\~WRS{D0981ABD-D43A-4971-8D55-F745DE56B55B}.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\oxmo\Local Settings\Temporary Internet Files\Content.Word\~WRS{F25B7610-2F39-4F84-8769-570038EDF4D8}.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\oxmo\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    User's Temporary Internet Files folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Network Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Network Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_684.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05152009_111818

    Files moved on Reboot...
    File C:\DOCUME~1\oxmo\LOCALS~1\Temp\A9R90C.tmp not found!
    File C:\DOCUME~1\oxmo\LOCALS~1\Temp\etilqs_QvjjqE6avPc6DU2I6IcI not found!
    File C:\DOCUME~1\oxmo\LOCALS~1\Temp\~DFDB67.tmp not found!
    File C:\Documents and Settings\oxmo\Local Settings\Temporary Internet Files\Content.Word\~WRS{67815AC9-35EF-4B19-AD10-5C2A2370F276}.tmp not found!
    File C:\Documents and Settings\oxmo\Local Settings\Temporary Internet Files\Content.Word\~WRS{D0981ABD-D43A-4971-8D55-F745DE56B55B}.tmp not found!
    File C:\Documents and Settings\oxmo\Local Settings\Temporary Internet Files\Content.Word\~WRS{F25B7610-2F39-4F84-8769-570038EDF4D8}.tmp not found!
    File C:\WINDOWS\temp\Perflib_Perfdata_684.dat not found!
    C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\urlclassifier3.sqlite moved successfully.
    C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\XUL.mfl moved successfully.

    0
  11. V-X
     
    Re,

    Redémarre ton pc normalement et refait un rapport avec RSIT.
    0
  12. Marheck Messages postés 415 Statut Membre 175
     
    depuis que jai redemarre la machine, le clavier est devenu qwertym et pourtant cest bel et bien un azerty
    comment le rendre normal?
    0
  13. Marheck Messages postés 415 Statut Membre 175
     
    Merci
    Rapport RSIT

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by oxmo at 2009-05-15 11:55:19
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 611 MB (6%) free of 10 GB
    Total RAM: 223 MB (23% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:56:07, on 15/05/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\Bandoo\Bandoo.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Glary Utilities\Integrator.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\FixCamera.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\oxmo\Bureau\RSIT.exe
    C:\Documents and Settings\tazebama.dl_
    C:\Program Files\Trend Micro\HijackThis\oxmo.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPeer.dll
    O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QUAD Windows service] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
    O4 - HKCU\..\Run: [QUAD Scheduler] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D90242B-7826-4717-B47E-01907369F5BA}: NameServer = 213.139.92.2,213.136.96.37
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll c:\progra~1\bandoo\bndhook.dll
    O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
    O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    0
  14. Marheck Messages postés 415 Statut Membre 175
     
    Alors???
    0
    1. Utilisateur anonyme
       
      bonjour
      pas de doublon, restes sur cette discussion
      0
  15. V-X
     
    Re,

    1) J'ai une vie privée , aussi

    ALORS LA PATIENTE ET UNE VERTUE.

    Télécharge ComboFix (de sUBs) sur ton Bureau.

    /!\Désactive temporairement toute protection résidente /!\ (Antivirus, antispywares..)
    Double clique sur ComboFix.exe.
    Accepte la licence en cliquant sur Oui.
    Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !
    Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide :Comment utiliser ComboFix.

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  16. Marheck Messages postés 415 Statut Membre 175
     
    Il est là

    ############################## [ UsbFix V3.014 ]

    # User : oxmo (Administrateurs) # CABINE3
    # Update on 27/04/09 by C_XX & Chiquitine29
    # Start at: 10:44:41 | 15/05/2009

    # mobile AMD Athlon(tm) MP-M 1800+
    # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    # Internet Explorer 6.0.2900.2180
    # Windows Firewall Status : Disabled

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 9,77 Go (378,82 Mo free) # NTFS
    # D:\ # Disque fixe local # 28,51 Go (26,25 Go free) # NTFS
    # E:\ # Disque CD-ROM

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\Bandoo\Bandoo.exe
    C:\Documents and Settings\tazebama.dl_
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\PROGRA~1\Bandoo\BandooUI.exe
    C:\WINDOWS\Explorer.EXE

    ################## [ Fichiers # Dossiers infectieux ]

    Deleted ! "C:\Documents and Settings\oxmo\Application Data\tazebama"
    Deleted ! "C:\Documents and Settings\hook.dl_"
    (!) Not Deleted ! "C:\Documents and Settings\tazebama.dl_"
    (!) Not Deleted ! "C:\Documents and Settings\tazebama.dll"
    C:\autorun.inf # -> fichier appelé : "C:\zPharaoh.exe" ( présent ! )
    Deleted ! -> C:\zPharaoh.exe
    Deleted ! C:\autorun.inf
    Deleted ! C:\zPharaoh.exe
    D:\autorun.inf # -> fichier appelé : "D:\zPharaoh.exe" ( présent ! )
    Deleted ! -> D:\zPharaoh.exe
    Deleted ! D:\autorun.inf
    Deleted ! D:\zPharaoh.exe

    ################## [ Registre # Clés Run infectieuses ]

    # HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\\ "AntiVirusOverride"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\\ "FirewallOverride"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\\ "UacDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\Svc\\ "AntiVirusDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\Svc\\ "AntiVirusOverride"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\Svc\\ "FirewallDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\Svc\\ "FirewallOverride"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\Svc\\ "UacDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKLM\software\microsoft\security center\Svc\\ "UpdatesDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
    # HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableTaskMgr"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !

    ################## [ Registre # Mountpoints2 ]

    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\explore\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\open\Command

    ################## [ Listing des fichiers présent ]

    [26/11/2008 17:24|--a------|0] - C:\AUTOEXEC.BAT
    [15/05/2009 10:47|-r-hs----|126] - C:\autorun.inf
    [20/03/2009 14:23|--a------|4243] - C:\backblue.gif
    [16/02/2009 17:52|--a------|212] - C:\Boot.bak
    [27/04/2009 15:44|-rahs----|282] - C:\boot.ini
    [30/08/2002 13:00|-rahs----|4952] - C:\Bootfont.bin
    [26/03/2009 21:49|--a------|5105] - C:\busts.exe
    [03/08/2004 23:00|--a------|263488] - C:\cmldr
    [27/04/2009 16:03|--a------|25004] - C:\ComboFix.txt
    [26/11/2008 17:24|--a------|0] - C:\CONFIG.SYS
    [20/03/2009 14:23|--a------|828] - C:\fade.gif
    [20/03/2009 14:23|--a------|5075] - C:\index.html
    [26/11/2008 17:24|-rahs----|0] - C:\IO.SYS
    [09/01/2009 19:29|--a------|0] - C:\Mes Sites Web.whtt
    [26/11/2008 17:24|-rahs----|0] - C:\MSDOS.SYS
    [03/08/2004 21:38|-rahs----|47564] - C:\NTDETECT.COM
    [03/08/2004 21:59|-rahs----|251712] - C:\ntldr
    [?|?|?] - C:\pagefile.sys
    [28/11/2008 14:21|--ah-----|268] - C:\sqmdata00.sqm
    [12/12/2008 19:10|--ah-----|232] - C:\sqmdata01.sqm
    [15/12/2008 13:56|--ah-----|268] - C:\sqmdata02.sqm
    [28/01/2009 14:39|--ah-----|232] - C:\sqmdata03.sqm
    [03/05/2009 15:03|--ah-----|232] - C:\sqmdata04.sqm
    [03/05/2009 17:54|--ah-----|232] - C:\sqmdata05.sqm
    [02/02/2002 10:58|--ah-----|232] - C:\sqmdata06.sqm
    [02/02/2009 11:59|--ah-----|232] - C:\sqmdata07.sqm
    [02/02/2009 12:01|--ah-----|232] - C:\sqmdata08.sqm
    [02/02/2009 14:18|--ah-----|268] - C:\sqmdata09.sqm
    [06/02/2002 15:10|--ah-----|232] - C:\sqmdata10.sqm
    [05/03/2009 17:41|--ah-----|268] - C:\sqmdata11.sqm
    [19/03/2009 22:32|--ah-----|268] - C:\sqmdata12.sqm
    [20/03/2009 10:35|--ah-----|268] - C:\sqmdata13.sqm
    [03/04/2009 11:11|--ah-----|232] - C:\sqmdata14.sqm
    [03/04/2009 15:03|--ah-----|232] - C:\sqmdata15.sqm
    [03/04/2009 18:08|--ah-----|268] - C:\sqmdata16.sqm
    [04/04/2009 10:23|--ah-----|268] - C:\sqmdata17.sqm
    [04/04/2009 10:23|--ah-----|172] - C:\sqmdata18.sqm
    [03/05/2009 15:01|--ah-----|232] - C:\sqmdata19.sqm
    [28/11/2008 14:21|--ah-----|244] - C:\sqmnoopt00.sqm
    [12/12/2008 19:10|--ah-----|244] - C:\sqmnoopt01.sqm
    [15/12/2008 13:56|--ah-----|244] - C:\sqmnoopt02.sqm
    [28/01/2009 14:39|--ah-----|244] - C:\sqmnoopt03.sqm
    [03/05/2009 15:03|--ah-----|244] - C:\sqmnoopt04.sqm
    [03/05/2009 17:54|--ah-----|244] - C:\sqmnoopt05.sqm
    [02/02/2002 10:58|--ah-----|244] - C:\sqmnoopt06.sqm
    [02/02/2009 11:59|--ah-----|244] - C:\sqmnoopt07.sqm
    [02/02/2009 12:01|--ah-----|244] - C:\sqmnoopt08.sqm
    [02/02/2009 14:18|--ah-----|244] - C:\sqmnoopt09.sqm
    [06/02/2002 15:10|--ah-----|244] - C:\sqmnoopt10.sqm
    [05/03/2009 17:41|--ah-----|244] - C:\sqmnoopt11.sqm
    [19/03/2009 22:32|--ah-----|244] - C:\sqmnoopt12.sqm
    [20/03/2009 10:35|--ah-----|244] - C:\sqmnoopt13.sqm
    [03/04/2009 11:11|--ah-----|244] - C:\sqmnoopt14.sqm
    [03/04/2009 15:03|--ah-----|244] - C:\sqmnoopt15.sqm
    [03/04/2009 18:08|--ah-----|244] - C:\sqmnoopt16.sqm
    [04/04/2009 10:23|--ah-----|244] - C:\sqmnoopt17.sqm
    [04/04/2009 10:23|--ah-----|244] - C:\sqmnoopt18.sqm
    [03/05/2009 15:01|--ah-----|244] - C:\sqmnoopt19.sqm
    [28/04/2009 18:17|--a------|4884] - C:\TB.txt
    [15/05/2009 10:47|--a------|7331] - C:\UsbFix.txt
    [15/05/2009 10:46|-r-hs----|155181] - C:\zPharaoh.exe
    [28/04/2009 15:08|--a------|79610] - D:\90qfwh.jpg
    [15/05/2009 10:47|-r-hs----|126] - D:\autorun.inf
    [21/03/2009 14:59|--a------|1101429] - D:\DevCpp.pdf
    [26/04/2009 16:21|--a------|303735] - D:\hfgnkq9b.jpg
    [20/04/2009 16:49|--a------|50888] - D:\url.htm
    [15/05/2009 10:46|-r-hs----|155581] - D:\zPharaoh.exe

    ################## [ Vaccination ]

    ################## [ Cracks / Keygens / Serials ]

    C:\Documents and Settings\oxmo\Bureau\Avast2009Prov4.8_Serial.rar
    C:\Documents and Settings\oxmo\Bureau\Fichier RAR\pwdcrack.zip
    C:\Documents and Settings\oxmo\Bureau\Fichier RAR\ROPatch.rar
    C:\Documents and Settings\oxmo\Bureau\Fichier RAR\Avast2009Prov4.8_Serial\Avast2009Prov4.8+Serial\Avast_AntiVirus_2009_Pro__v4.8.1282_Plus_Serial + life time\Avas.exe
    C:\Documents and Settings\oxmo\Bureau\Fichier RAR\Avast2009Prov4.8_Serial\Avast2009Prov4.8+Serial\Avast_AntiVirus_2009_Pro__v4.8.1282_Plus_Serial + life time\CW info.rar
    C:\Documents and Settings\oxmo\Bureau\pwdcrack\pwdcrack.exe
    C:\Documents and Settings\All Users\Documents\images\WinRAR\WinRAR v3.71\keygenpatch.exe

    ################## [ ! Fin du rapport # UsbFix V3.014 ! ]

    0
  17. Marheck Messages postés 415 Statut Membre 175
     
    Désolé, je me suis trompé
    0
  18. V-X
     
    Re,

    Fait combofix.

    Ensuite tu me poste le rapport et redémarre ton pc et me refait un rapport avec RSIT.

    merci.

    Surtout vire tes cracks .

    Pour l'antivirus , je te conseillerais un gratos assez performant.

    OK.

    Sinon tu seras toujours emmerder avec tes virus , car la source sont tes cracks.
    0
  19. Marheck Messages postés 415 Statut Membre 175
     
    Voilà

    ComboFix 09-04-22.02 - oxmo 27/04/2009 15:46.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.223.79 [GMT 1:00]
    Lancé depuis: c:\documents and settings\oxmo\Bureau\jaCombo.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\autorun.inf
    c:\documents and settings\Administrateur\Application Data\tazebama
    c:\documents and settings\Administrateur\Application Data\tazebama\zPharaoh.dat
    c:\documents and settings\oxmo\Application Data\tazebama
    c:\documents and settings\oxmo\Application Data\tazebama\tazebama.log
    c:\documents and settings\oxmo\Application Data\tazebama\zPharaoh.dat
    c:\windows\ssvichosst.exe
    c:\windows\system32\autorun.ini
    c:\windows\system32\dtirc.dll
    c:\windows\system32\setting.ini
    c:\windows\system32\ssvichosst.exe
    c:\windows\system32\vcmgcd32.dl_
    c:\windows\system32\vcmgcd32.dll
    C:\zPharaoh.exe
    D:\Autorun.inf
    d:\recycler\Office2007 Serial.txt.exe
    d:\recycler\RECYCLER .exe
    D:\zPharaoh.exe

    [COLOR=RED] c:\windows\explorer.exe . . . est infecté!![/COLOR]

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MYWEBSEARCHSERVICE

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-27 au 2009-04-27 ))))))))))))))))))))))))))))))))))))
    .

    2009-04-27 14:54 . 2009-04-27 14:58 155181 --sh--r C:\zPharaoh.exe
    2009-04-27 14:54 . 2009-04-27 14:58 -------- d-----w c:\documents and settings\oxmo\Application Data\tazebama
    2009-04-27 14:48 . 2009-04-27 14:58 126 --sh--r C:\autorun.inf
    2009-04-26 15:55 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-04-26 15:55 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-26 15:55 . 2009-04-26 15:56 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-04-25 18:47 . 2000-05-22 21:58 608448 ----a-w c:\windows\system32\comctl32.ocx
    2009-04-25 18:47 . 2009-04-25 18:48 -------- d-----w c:\program files\Total Video Converter
    2009-04-25 18:13 . 2009-04-27 11:45 -------- d-----w C:\Downloads
    2009-04-25 18:11 . 2009-04-27 14:58 -------- d-----w c:\documents and settings\oxmo\Application Data\Free Download Manager
    2009-04-25 18:10 . 2009-04-25 18:10 -------- d-----w c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
    2009-04-25 17:33 . 2009-04-27 14:25 -------- d-----w c:\documents and settings\oxmo\Application Data\Software Informer
    2009-04-25 17:33 . 2009-04-25 17:33 -------- d-----w c:\program files\Software Informer
    2009-04-25 17:04 . 2009-04-25 17:04 -------- d-----w C:\ToolBar SD
    2009-04-25 17:00 . 2009-04-25 17:00 -------- d-----w c:\documents and settings\LocalService\Bureau
    2009-04-25 16:38 . 2009-04-25 16:38 -------- d-----w C:\_OTMoveIt
    2009-04-25 13:53 . 2009-04-25 13:53 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
    2009-04-25 13:41 . 2009-04-27 14:54 32768 ----a-w c:\documents and settings\tazebama.dll
    2009-04-24 12:35 . 2009-04-24 12:35 230420 ----a-w c:\windows\system32\LastVcImage.vci
    2009-04-23 09:33 . 2009-04-23 09:33 -------- d-----w c:\documents and settings\oxmo\Local Settings\Application Data\Identities
    2009-04-22 21:22 . 2009-04-22 21:22 -------- d-----w c:\documents and settings\oxmo\Application Data\dvdcss
    2009-04-22 20:29 . 2009-04-22 20:29 -------- d-----w c:\documents and settings\NetworkService\Bureau
    2009-04-22 20:13 . 2009-04-22 20:13 -------- d-----w c:\documents and settings\SYSTEM
    2009-04-22 13:30 . 2009-04-22 13:30 -------- d-----w c:\documents and settings\oxmo\Application Data\vlc
    2009-04-22 10:55 . 2009-04-27 14:58 154751 ----a-w c:\documents and settings\hook.dl_
    2009-04-22 10:55 . 2009-04-27 14:54 154751 ----a-w c:\documents and settings\tazebama.dl_
    2009-04-21 17:05 . 2009-04-21 17:05 -------- d-----w c:\program files\MSECache
    2009-04-21 16:53 . 2009-04-21 16:53 -------- d-----w c:\program files\Screamer Radio
    2009-04-21 16:28 . 2009-04-21 16:28 -------- d-----w c:\program files\Trend Micro
    2009-04-21 12:50 . 2009-04-21 12:50 -------- d-----w c:\documents and settings\oxmo\Application Data\Malwarebytes
    2009-04-21 12:50 . 2009-04-21 12:50 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-04-21 12:36 . 2009-04-21 12:36 23 --sha-w c:\windows\system32\edacded0_x.dat
    2009-04-21 12:36 . 2009-04-21 12:36 23 ----a-w c:\windows\system32\bcdadac7_x.xml
    2009-04-21 12:31 . 2009-04-21 12:31 -------- d-----w c:\documents and settings\oxmo\Application Data\GlarySoft
    2009-04-21 12:26 . 2009-04-25 13:00 -------- d-----w c:\program files\Glary Utilities
    2009-04-21 12:11 . 2009-04-21 12:11 -------- d-----w c:\program files\VS Revo Group
    2009-04-21 11:42 . 2007-07-11 15:09 40960 ----a-w c:\windows\FixCamera.exe
    2009-04-21 11:42 . 2009-04-21 17:46 250735 ----a-w c:\windows\amcap.exe
    2009-04-21 11:42 . 2009-04-22 15:17 992111 ----a-w c:\windows\vsnpstd3.exe
    2009-04-21 11:42 . 2009-04-22 15:17 426863 ----a-w c:\windows\tsnpstd3.exe
    2009-04-21 11:42 . 2004-02-27 16:36 15498 ----a-w c:\windows\snpstd3.ini
    2009-04-21 11:42 . 2004-02-27 16:36 13023 ----a-w c:\windows\snpstd3.src
    2009-04-21 11:41 . 2007-07-25 15:59 10372096 ----a-w c:\windows\system32\drivers\snpstd3.sys
    2009-04-21 11:41 . 2007-07-23 17:04 155648 ----a-w c:\windows\system32\rsnpstd3.dll
    2009-04-21 11:41 . 2007-07-23 16:52 57344 ----a-w c:\windows\system32\vsnpstd3.dll
    2009-04-21 11:41 . 2005-11-23 12:55 53248 ----a-w c:\windows\system32\csnpstd3.dll
    2009-04-21 11:41 . 2005-11-23 12:55 53248 ----a-w c:\windows\csnpstd3.dll
    2009-04-21 11:41 . 2009-04-21 11:42 -------- d-----w c:\program files\Fichiers communs\snpstd3
    2009-04-21 11:41 . 2009-04-21 11:41 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-04-21 11:41 . 2009-04-21 11:41 -------- d-----w c:\documents and settings\oxmo\Application Data\InstallShield
    2009-04-20 15:01 . 2009-04-20 15:01 0 ----a-w c:\windows\VCamera.INI
    2009-04-20 14:52 . 2004-08-03 21:58 5504 ----a-w c:\windows\system32\drivers\MSTEE.sys
    2009-04-20 14:52 . 2004-08-03 22:10 10880 ----a-w c:\windows\system32\drivers\NdisIP.sys
    2009-04-20 14:52 . 2004-08-19 15:10 16384 ----a-w c:\windows\system32\ipsink.ax
    2009-04-20 14:52 . 2004-08-03 22:10 15360 ----a-w c:\windows\system32\drivers\StreamIP.sys
    2009-04-20 14:52 . 2004-08-03 22:10 11136 ----a-w c:\windows\system32\drivers\SLIP.sys
    2009-04-20 14:51 . 2004-08-03 22:10 19328 ----a-w c:\windows\system32\drivers\WSTCODEC.SYS
    2009-04-20 14:51 . 2004-08-03 22:10 85376 ----a-w c:\windows\system32\drivers\NABTSFEC.sys
    2009-04-20 14:51 . 2004-08-03 22:10 17024 ----a-w c:\windows\system32\drivers\CCDECODE.sys
    2009-04-20 14:50 . 2004-08-19 15:10 91648 ----a-w c:\windows\system32\kswdmcap.ax
    2009-04-20 14:50 . 2004-08-19 15:10 28672 ----a-w c:\windows\system32\vidcap.ax
    2009-04-20 14:50 . 2004-08-19 15:10 61952 ----a-w c:\windows\system32\kstvtune.ax
    2009-04-20 14:50 . 2004-08-19 15:09 54784 ----a-w c:\windows\system32\vfwwdm32.dll
    2009-04-20 14:50 . 2004-08-19 15:10 43008 ----a-w c:\windows\system32\ksxbar.ax
    2009-04-20 14:40 . 2009-04-20 14:51 -------- d-----w c:\program files\VirtualCamera
    2009-04-20 08:25 . 2009-04-23 09:10 -------- d-----w c:\documents and settings\oxmo\Application Data\uTorrent
    2009-04-17 09:29 . 2009-04-17 09:29 -------- d-----w C:\tmpDownload
    2009-04-13 21:29 . 2009-04-23 13:35 610551 ----a-w c:\windows\system32\KB905474\wgasetup.exe
    2009-04-13 21:29 . 2009-04-23 13:35 1594607 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
    2009-04-13 21:29 . 2009-04-13 21:29 -------- d-----w c:\windows\system32\KB905474
    2009-04-13 21:29 . 2009-02-09 17:51 15450 ----a-w c:\windows\system32\KB905474\wga_eula.txt
    2009-04-04 09:23 . 2009-04-04 09:23 244 ---ha-w C:\sqmnoopt18.sqm
    2009-04-04 09:23 . 2009-04-04 09:23 172 ---ha-w C:\sqmdata18.sqm
    2009-04-04 09:23 . 2009-04-04 09:23 268 ---ha-w C:\sqmdata17.sqm
    2009-04-04 09:23 . 2009-04-04 09:23 244 ---ha-w C:\sqmnoopt17.sqm
    2009-04-03 17:08 . 2009-04-03 17:08 268 ---ha-w C:\sqmdata16.sqm
    2009-04-03 17:08 . 2009-04-03 17:08 244 ---ha-w C:\sqmnoopt16.sqm
    2009-04-03 14:03 . 2009-04-03 14:03 232 ---ha-w C:\sqmdata15.sqm
    2009-04-03 14:03 . 2009-04-03 14:03 244 ---ha-w C:\sqmnoopt15.sqm
    2009-04-03 13:10 . 2009-04-18 16:33 -------- d-----w C:\Ultra3GPFolder
    2009-04-03 11:56 . 2009-04-06 19:44 130 ----a-w c:\windows\system32\temp0001.aok
    2009-04-03 11:32 . 2009-04-06 19:44 131 ----a-w c:\windows\system32\test.aok
    2009-04-03 10:11 . 2009-04-03 10:11 244 ---ha-w C:\sqmnoopt14.sqm
    2009-04-03 10:11 . 2009-04-03 10:11 232 ---ha-w C:\sqmdata14.sqm
    2009-04-01 08:33 . 2009-04-01 08:33 -------- d-----w c:\program files\Conduit
    2009-03-31 08:09 . 2004-01-10 16:02 258048 ----a-w c:\windows\system32\GplMpgDec.ax
    2009-03-31 08:09 . 2004-05-25 16:06 417792 ----a-w c:\windows\system32\ac3filter.ax
    2009-03-31 08:09 . 2005-02-27 20:48 356352 ----a-w c:\windows\system32\RealMediaSplitter.ax

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-27 13:48 . 2008-11-28 07:15 70408 ----a-w c:\documents and settings\oxmo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-26 21:13 . 2008-11-28 11:04 -------- d-----w c:\program files\MSN Messenger
    2009-04-25 18:11 . 2002-02-06 20:58 -------- d-----w c:\program files\Free Download Manager
    2009-04-25 17:46 . 2008-11-28 11:05 -------- d-----w c:\program files\Windows Live Toolbar
    2009-04-25 16:43 . 2004-08-19 14:09 1192815 ----a-w c:\windows\explorer.exe
    2009-04-24 20:32 . 2008-12-02 18:57 -------- d-----w c:\documents and settings\oxmo\Application Data\Skype
    2009-04-24 18:28 . 2004-08-19 14:10 444783 ----a-w c:\windows\winhlp32.exe
    2009-04-24 18:28 . 2002-08-30 12:00 182127 ----a-w c:\windows\twunk_32.exe
    2009-04-24 18:28 . 2004-08-19 14:10 309615 ----a-w c:\windows\regedit.exe
    2009-04-24 18:28 . 2004-08-19 14:09 167279 ----a-w c:\windows\hh.exe
    2009-04-23 13:29 . 2004-08-19 14:09 557423 ----a-w c:\windows\system32\cmd.exe
    2009-04-23 13:24 . 2006-09-28 18:56 302959 ----a-w c:\windows\system32\WudfHost.exe
    2009-04-23 13:24 . 2006-10-26 12:45 449903 ----a-w c:\windows\system32\WISPTIS.EXE
    2009-04-23 13:24 . 2006-10-18 20:00 406383 ----a-w c:\windows\system32\drmupgds.exe
    2009-04-23 13:24 . 2004-04-23 15:02 389999 ----a-w c:\windows\system32\cmirmdrv.exe
    2009-04-23 11:40 . 2009-03-03 18:01 -------- d-----w c:\program files\RegCleaner
    2009-04-21 13:58 . 2009-01-09 18:18 -------- d-----w c:\program files\WinHTTrack
    2009-04-21 12:38 . 2009-02-28 12:43 -------- d-----w c:\program files\SuperCopier2
    2009-04-20 21:14 . 2008-11-26 16:20 317295 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
    2009-04-20 21:14 . 2008-11-26 16:20 925039 ----a-w c:\windows\pchealth\helpctr\binaries\helpctr.exe
    2009-04-20 09:43 . 2009-01-20 15:43 -------- d-----w c:\documents and settings\oxmo\Application Data\LimeWire
    2009-04-18 17:08 . 2008-12-27 14:08 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-04-18 16:37 . 2002-08-30 12:00 49734 ----a-w c:\windows\system32\perfc00C.dat
    2009-04-18 16:37 . 2002-08-30 12:00 370832 ----a-w c:\windows\system32\perfh00C.dat
    2009-04-17 10:10 . 2008-11-28 09:28 -------- d-----w c:\program files\CCP Client
    2009-04-03 18:52 . 2008-12-04 11:46 -------- d-----w c:\documents and settings\oxmo\Application Data\skypePM
    2009-04-01 08:52 . 2009-03-21 13:01 -------- d-----w c:\documents and settings\oxmo\Application Data\Dev-Cpp
    2009-04-01 08:33 . 2009-01-26 12:06 -------- d-----w c:\program files\Eazel-FR
    2009-03-29 17:48 . 2009-03-27 10:17 -------- d-----w c:\documents and settings\oxmo\Application Data\eMule
    2009-03-27 13:09 . 2009-03-27 10:30 -------- d-----w c:\program files\AskBarDis
    2009-03-27 10:30 . 2009-03-27 10:30 -------- d-----w c:\program files\AskSearch
    2009-03-26 20:49 . 2009-03-26 20:49 5105 ----a-w C:\busts.exe
    2009-03-21 13:34 . 2009-03-21 13:34 233472 ----a-w c:\windows\system32\ILDA32.dll
    2009-03-20 19:37 . 2009-03-20 19:37 -------- d-----w c:\documents and settings\oxmo\Application Data\URSE Games
    2009-03-20 19:12 . 2009-03-14 11:49 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-03-20 13:23 . 2009-03-20 13:23 828 ----a-w C:\fade.gif
    2009-03-20 13:23 . 2009-03-20 13:23 5075 ----a-w C:\index.html
    2009-03-20 13:23 . 2009-03-20 13:23 4243 ----a-w C:\backblue.gif
    2009-03-20 09:35 . 2009-03-20 09:35 268 ---ha-w C:\sqmdata13.sqm
    2009-03-20 09:35 . 2009-03-20 09:35 244 ---ha-w C:\sqmnoopt13.sqm
    2009-03-19 21:32 . 2009-03-19 21:32 268 ---ha-w C:\sqmdata12.sqm
    2009-03-19 21:32 . 2009-03-19 21:32 244 ---ha-w C:\sqmnoopt12.sqm
    2009-03-14 12:26 . 2009-03-14 11:49 -------- d-----w c:\documents and settings\oxmo\Application Data\URSoft
    2009-03-07 16:32 . 2009-01-09 17:19 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
    2009-03-06 19:18 . 2009-03-06 19:17 -------- d-----w c:\program files\myBabylon_English
    2009-03-06 14:46 . 2004-08-19 14:09 286208 ----a-w c:\windows\system32\pdh.dll
    2009-03-05 16:41 . 2009-03-05 16:41 268 ---ha-w C:\sqmdata11.sqm
    2009-03-05 16:41 . 2009-03-05 16:41 244 ---ha-w C:\sqmnoopt11.sqm
    2009-03-03 10:21 . 2008-11-28 09:16 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-02-20 08:31 . 2004-08-19 14:09 663552 ----a-w c:\windows\system32\wininet.dll
    2009-02-20 08:31 . 2004-08-19 14:09 81920 ----a-w c:\windows\system32\ieencode.dll
    2009-02-09 14:17 . 2004-08-19 14:00 1846400 ----a-w c:\windows\system32\win32k.sys
    2009-02-09 11:50 . 2004-08-19 16:04 2059776 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-02-09 11:50 . 2004-08-19 14:04 2182528 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-02-09 10:20 . 2004-08-19 14:09 730112 ----a-w c:\windows\system32\lsasrv.dll
    2009-02-09 10:20 . 2004-08-19 14:09 399360 ----a-w c:\windows\system32\rpcss.dll
    2009-02-09 10:20 . 2004-08-19 14:09 685056 ----a-w c:\windows\system32\advapi32.dll
    2009-02-09 10:20 . 2004-08-19 14:09 739840 ----a-w c:\windows\system32\ntdll.dll
    2009-02-09 10:08 . 2004-08-19 14:10 111104 ------w c:\windows\system32\services.exe
    2009-02-06 16:54 . 2002-08-30 12:00 35328 ----a-w c:\windows\system32\sc.exe
    2009-02-03 20:10 . 2004-08-19 14:09 55808 ----a-w c:\windows\system32\secur32.dll
    2009-02-02 13:18 . 2009-02-02 13:18 268 ---ha-w C:\sqmdata09.sqm
    2009-02-02 13:18 . 2009-02-02 13:18 244 ---ha-w C:\sqmnoopt09.sqm
    2009-02-02 11:01 . 2009-02-02 11:01 244 ---ha-w C:\sqmnoopt08.sqm
    2009-02-02 11:01 . 2009-02-02 11:01 232 ---ha-w C:\sqmdata08.sqm
    2009-02-02 10:59 . 2009-02-02 10:59 244 ---ha-w C:\sqmnoopt07.sqm
    2009-02-02 10:59 . 2009-02-02 10:59 232 ---ha-w C:\sqmdata07.sqm
    2009-01-28 13:39 . 2009-01-28 13:39 244 ---ha-w C:\sqmnoopt03.sqm
    2009-01-28 13:39 . 2009-01-28 13:39 232 ---ha-w C:\sqmdata03.sqm
    .

    ------- Sigcheck -------

    [-] 2009-04-25 16:43 1192815 69BA7066F632BB930FF707A2B15EBE3A c:\windows\explorer.exe
    [-] 2009-04-22 15:40 1194351 EBC59AC3A0CF49582B24CFEF780EA8B0 c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\explorer.exe
    [-] 2009-04-23 13:29 1192815 3E61A71BF1852E40C7B520688EB5FBAC c:\windows\system32\dllcache\explorer.exe

    [-] 2009-04-22 15:39 171887 40B38E5A394FDF16EA45C9EE9167CD1C c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\ctfmon.exe
    [-] 2004-08-19 14:09 35840 A93590C584C2274738C4D0058526AEC1 c:\windows\system32\ctfmon.exe
    [-] 2009-04-23 13:29 171887 B29FD7962A45533E33F861D72A26A593 c:\windows\system32\dllcache\ctfmon.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
    2008-11-23 23:03 1784856 ----a-w c:\program files\P2P_Energy\tbP2P_.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
    2009-04-22 09:57 1883672 ----a-w c:\program files\Eazel-FR\tbEaz1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
    2008-11-23 23:03 1784856 ----a-w c:\program files\myBabylon_English\tbmyBa.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
    2008-01-07 18:38 1530904 ----a-w c:\program files\Best_Security_Tips\tbBest.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR\tbPeer.dll" [2008-09-15 1784856]
    "{da30eff8-ccc6-4162-a20d-67402a26a215}"= "c:\program files\Best_Security_Tips\tbBest.dll" [2008-01-07 1530904]
    "{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}"= "c:\program files\Eazel-FR\tbEaz1.dll" [2009-04-22 1883672]
    "{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]
    "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2008-11-23 1784856]

    [HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

    [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

    [HKEY_CLASSES_ROOT\clsid\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]

    [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

    [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= "c:\program files\Best_Security_Tips\tbBest.dll" [2008-01-07 1530904]
    "{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE}"= "c:\program files\Eazel-FR\tbEaz1.dll" [2009-04-22 1883672]
    "{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]
    "{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2008-11-23 1784856]
    "{B00F3D7D-ECAD-4A3B-BCF7-BA5FC1FD0F8D}"= "c:\program files\Peer2Peer-FR\tbPeer.dll" [2008-09-15 1784856]

    [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

    [HKEY_CLASSES_ROOT\clsid\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]

    [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

    [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

    [HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1073152]
    "Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-04-26 1971124]
    "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-04-25 3556254]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 40960]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 35840]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoFileUrl"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFileUrl"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoFileUrl"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\bandoo\bndhook.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\CCP Client\\CCPClient.exe"=
    "c:\\PROGRA~1\\CCPCLI~1\\ccpclient.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\Jadelcorp\\Progs\\News\\atomicmail4\\AtomicMAil4.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Documents and Settings\\All Users\\Documents\\utorrent.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    R3 PsSdk31;PsSdk31;c:\windows\system32\Drivers\pssdk31.drv [2008-12-03 30272]
    R3 PsSdkLBF;PsSdkLBF;c:\windows\system32\Drivers\pssdklbf.drv [2008-12-03 37440]
    S2 Bandoo Coordinator;Bandoo Coordinator;c:\progra~1\Bandoo\Bandoo.exe [2009-02-18 1484736]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - mchInjDrv

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1615DBE6-CB07-A8A9-52FA-66BBF0AC000B}]
    c:\windows\system32:dllhost.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-04-27 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2009-04-21 14:50]

    2009-04-27 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 13:35]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = google.net-studio.org
    mStart Page = hxxp://fr.yahoo.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
    IE: &Search
    IE: E&xporter vers Microsoft Excel
    IE: Envoyer l'Image comme MMS en utilisant MM
    IE: Envoyer le Texte comme SMS en utilisant MM
    IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    TCP: {6D90242B-7826-4717-B47E-01907369F5BA} = 213.139.92.2,213.136.96.37
    FF - ProfilePath - c:\documents and settings\oxmo\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2054110&SearchSource=3&q=
    FF - prefs.js: browser.search.selectedEngine - Live Search
    FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
    FF - component: c:\documents and settings\oxmo\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\extensions\{64711c62-1970-4231-aa8f-c109834921d5}\components\FFExternalAlert.dll
    FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
    FF - plugin: d:\program files\VideoLAN\VLC\npvlc.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-27 15:56
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\oxmo\LOCALS~1\Temp\mc26.tmp"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
    "ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdkLBF]
    "ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(1912)
    c:\program files\SuperCopier2\SC2Hook.dll
    c:\documents and settings\tazebama.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\documents and settings\tazebama.dl_
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\rundll32.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-04-27 16:03 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-04-27 15:03

    Avant-CF: 555 511 808 octets libres
    Après-CF: 624 361 472 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    350 --- E O F --- 2009-04-21 16:44
    0
  20. V-X
     
    Re,

    Redémarre ton pc et refait un rapport avec RSIT.

    merci
    0
  • 1
  • 2