Sujet Précédent Sujet Suivant

Infection inconnue

Marheck Messages postés 415 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
Je pense qu'il ya une infection dans ça

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:31, on 15/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\tazebama.dl_
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\FixCamera.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPeer.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QUAD Windows service] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
O4 - HKCU\..\Run: [QUAD Scheduler] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D90242B-7826-4717-B47E-01907369F5BA}: NameServer = 213.139.92.2,213.136.96.37
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll c:\progra~1\bandoo\bndhook.dll
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

26 réponses

  • 1
  • 2
Réponse 1 / 26
Utilisateur anonyme
 
Salut,

▶ Telecharge et install UsbFix de C_XX & Chiquitine29

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

▶ Double clic sur le raccourci UsbFix présent sur ton bureau .

▶ Choisi l option 1 ( Recherche )

▶ Laisse travailler l outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 2 / 26
Marheck Messages postés 415 Statut Membre 175
 
Le rapport

############################## [ UsbFix V3.014 ]

# User : oxmo (Administrateurs) # CABINE3
# Update on 27/04/09 by C_XX & Chiquitine29
# Start at: 10:34:05 | 15/05/2009

# mobile AMD Athlon(tm) MP-M 1800+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 9,77 Go (376,35 Mo free) # NTFS
# D:\ # Disque fixe local # 28,51 Go (26,25 Go free) # NTFS
# E:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\tazebama.dl_
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\FixCamera.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Window Title"="Internet Explorer"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="oxmo"
HKLM_logon: "AltDefaultUserName"="oxmo"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: FixCamera=C:\WINDOWS\FixCamera.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: QUAD Windows service=C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
HKCU_Run: QUAD Scheduler=C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe

################## [ Informations ]

# Références MD5 :

File ... : C:\Documents and Settings\hook.dl_
CRC32 .. : 0872f01d
MD5 .... : ae1b2201f9fb0b105e5039dae674e32a

File ... : C:\Documents and Settings\tazebama.dl_
CRC32 .. : 492787d7
MD5 .... : 3a87a9ecf8bfb6ae822afaeb24a5d976

File ... : C:\Documents and Settings\tazebama.dll
CRC32 .. : 6ef43cb7
MD5 .... : b6a03576e595afacb37ada2f1d5a0529

File ... : C:\zPharaoh.exe
CRC32 .. : dee3f2e5
MD5 .... : 74e3e5d492064d00cb10ccda25be1953

################## [ Fichiers # Dossiers infectieux ]

Found ! "C:\Documents and Settings\oxmo\Application Data\tazebama"
Found ! "C:\Documents and Settings\oxmo\Application Data\tazebama\zPharaoh.dat"
Found ! "C:\Documents and Settings\hook.dl_"
Found ! "C:\Documents and Settings\tazebama.dl_"
Found ! "C:\Documents and Settings\tazebama.dll"
C:\autorun.inf # -> fichier appelé : "C:\zPharaoh.exe" ( présent ! )
Found ! C:\autorun.inf
Found ! C:\zPharaoh.exe
D:\autorun.inf # -> fichier appelé : "D:\zPharaoh.exe" ( présent ! )
Found ! D:\autorun.inf
Found ! D:\zPharaoh.exe

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "FirewallOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "UacDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\Svc\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\Svc\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\Svc\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\Svc\\ "FirewallOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\Svc\\ "UacDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\Svc\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableTaskMgr"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\open\Command

################## [ ! Fin du rapport # UsbFix V3.014 ! ]

0
Réponse 3 / 26
Utilisateur anonyme
 
Re,

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

▶ Double clic sur le raccourci UsbFix présent sur ton bureau

▶ Choisi l option 2 ( Suppression )

▶ Ton bureau disparaitra et le pc redémarrera .

▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 4 / 26
Marheck Messages postés 415 Statut Membre 175
 
Bah voilà

############################## [ UsbFix V3.014 ]

# User : oxmo (Administrateurs) # CABINE3
# Update on 27/04/09 by C_XX & Chiquitine29
# Start at: 10:44:41 | 15/05/2009

# mobile AMD Athlon(tm) MP-M 1800+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 9,77 Go (378,82 Mo free) # NTFS
# D:\ # Disque fixe local # 28,51 Go (26,25 Go free) # NTFS
# E:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\Documents and Settings\tazebama.dl_
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Bandoo\BandooUI.exe
C:\WINDOWS\Explorer.EXE

################## [ Fichiers # Dossiers infectieux ]

Deleted ! "C:\Documents and Settings\oxmo\Application Data\tazebama"
Deleted ! "C:\Documents and Settings\hook.dl_"
(!) Not Deleted ! "C:\Documents and Settings\tazebama.dl_"
(!) Not Deleted ! "C:\Documents and Settings\tazebama.dll"
C:\autorun.inf # -> fichier appelé : "C:\zPharaoh.exe" ( présent ! )
Deleted ! -> C:\zPharaoh.exe
Deleted ! C:\autorun.inf
Deleted ! C:\zPharaoh.exe
D:\autorun.inf # -> fichier appelé : "D:\zPharaoh.exe" ( présent ! )
Deleted ! -> D:\zPharaoh.exe
Deleted ! D:\autorun.inf
Deleted ! D:\zPharaoh.exe

################## [ Registre # Clés Run infectieuses ]

# HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "FirewallOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "UacDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "FirewallOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "UacDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableTaskMgr"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\open\Command

################## [ Listing des fichiers présent ]

[26/11/2008 17:24|--a------|0] - C:\AUTOEXEC.BAT
[15/05/2009 10:47|-r-hs----|126] - C:\autorun.inf
[20/03/2009 14:23|--a------|4243] - C:\backblue.gif
[16/02/2009 17:52|--a------|212] - C:\Boot.bak
[27/04/2009 15:44|-rahs----|282] - C:\boot.ini
[30/08/2002 13:00|-rahs----|4952] - C:\Bootfont.bin
[26/03/2009 21:49|--a------|5105] - C:\busts.exe
[03/08/2004 23:00|--a------|263488] - C:\cmldr
[27/04/2009 16:03|--a------|25004] - C:\ComboFix.txt
[26/11/2008 17:24|--a------|0] - C:\CONFIG.SYS
[20/03/2009 14:23|--a------|828] - C:\fade.gif
[20/03/2009 14:23|--a------|5075] - C:\index.html
[26/11/2008 17:24|-rahs----|0] - C:\IO.SYS
[09/01/2009 19:29|--a------|0] - C:\Mes Sites Web.whtt
[26/11/2008 17:24|-rahs----|0] - C:\MSDOS.SYS
[03/08/2004 21:38|-rahs----|47564] - C:\NTDETECT.COM
[03/08/2004 21:59|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[28/11/2008 14:21|--ah-----|268] - C:\sqmdata00.sqm
[12/12/2008 19:10|--ah-----|232] - C:\sqmdata01.sqm
[15/12/2008 13:56|--ah-----|268] - C:\sqmdata02.sqm
[28/01/2009 14:39|--ah-----|232] - C:\sqmdata03.sqm
[03/05/2009 15:03|--ah-----|232] - C:\sqmdata04.sqm
[03/05/2009 17:54|--ah-----|232] - C:\sqmdata05.sqm
[02/02/2002 10:58|--ah-----|232] - C:\sqmdata06.sqm
[02/02/2009 11:59|--ah-----|232] - C:\sqmdata07.sqm
[02/02/2009 12:01|--ah-----|232] - C:\sqmdata08.sqm
[02/02/2009 14:18|--ah-----|268] - C:\sqmdata09.sqm
[06/02/2002 15:10|--ah-----|232] - C:\sqmdata10.sqm
[05/03/2009 17:41|--ah-----|268] - C:\sqmdata11.sqm
[19/03/2009 22:32|--ah-----|268] - C:\sqmdata12.sqm
[20/03/2009 10:35|--ah-----|268] - C:\sqmdata13.sqm
[03/04/2009 11:11|--ah-----|232] - C:\sqmdata14.sqm
[03/04/2009 15:03|--ah-----|232] - C:\sqmdata15.sqm
[03/04/2009 18:08|--ah-----|268] - C:\sqmdata16.sqm
[04/04/2009 10:23|--ah-----|268] - C:\sqmdata17.sqm
[04/04/2009 10:23|--ah-----|172] - C:\sqmdata18.sqm
[03/05/2009 15:01|--ah-----|232] - C:\sqmdata19.sqm
[28/11/2008 14:21|--ah-----|244] - C:\sqmnoopt00.sqm
[12/12/2008 19:10|--ah-----|244] - C:\sqmnoopt01.sqm
[15/12/2008 13:56|--ah-----|244] - C:\sqmnoopt02.sqm
[28/01/2009 14:39|--ah-----|244] - C:\sqmnoopt03.sqm
[03/05/2009 15:03|--ah-----|244] - C:\sqmnoopt04.sqm
[03/05/2009 17:54|--ah-----|244] - C:\sqmnoopt05.sqm
[02/02/2002 10:58|--ah-----|244] - C:\sqmnoopt06.sqm
[02/02/2009 11:59|--ah-----|244] - C:\sqmnoopt07.sqm
[02/02/2009 12:01|--ah-----|244] - C:\sqmnoopt08.sqm
[02/02/2009 14:18|--ah-----|244] - C:\sqmnoopt09.sqm
[06/02/2002 15:10|--ah-----|244] - C:\sqmnoopt10.sqm
[05/03/2009 17:41|--ah-----|244] - C:\sqmnoopt11.sqm
[19/03/2009 22:32|--ah-----|244] - C:\sqmnoopt12.sqm
[20/03/2009 10:35|--ah-----|244] - C:\sqmnoopt13.sqm
[03/04/2009 11:11|--ah-----|244] - C:\sqmnoopt14.sqm
[03/04/2009 15:03|--ah-----|244] - C:\sqmnoopt15.sqm
[03/04/2009 18:08|--ah-----|244] - C:\sqmnoopt16.sqm
[04/04/2009 10:23|--ah-----|244] - C:\sqmnoopt17.sqm
[04/04/2009 10:23|--ah-----|244] - C:\sqmnoopt18.sqm
[03/05/2009 15:01|--ah-----|244] - C:\sqmnoopt19.sqm
[28/04/2009 18:17|--a------|4884] - C:\TB.txt
[15/05/2009 10:47|--a------|7331] - C:\UsbFix.txt
[15/05/2009 10:46|-r-hs----|155181] - C:\zPharaoh.exe
[28/04/2009 15:08|--a------|79610] - D:\90qfwh.jpg
[15/05/2009 10:47|-r-hs----|126] - D:\autorun.inf
[21/03/2009 14:59|--a------|1101429] - D:\DevCpp.pdf
[26/04/2009 16:21|--a------|303735] - D:\hfgnkq9b.jpg
[20/04/2009 16:49|--a------|50888] - D:\url.htm
[15/05/2009 10:46|-r-hs----|155581] - D:\zPharaoh.exe

################## [ Vaccination ]

################## [ Cracks / Keygens / Serials ]

C:\Documents and Settings\oxmo\Bureau\Avast2009Prov4.8_Serial.rar
C:\Documents and Settings\oxmo\Bureau\Fichier RAR\pwdcrack.zip
C:\Documents and Settings\oxmo\Bureau\Fichier RAR\ROPatch.rar
C:\Documents and Settings\oxmo\Bureau\Fichier RAR\Avast2009Prov4.8_Serial\Avast2009Prov4.8+Serial\Avast_AntiVirus_2009_Pro__v4.8.1282_Plus_Serial + life time\Avas.exe
C:\Documents and Settings\oxmo\Bureau\Fichier RAR\Avast2009Prov4.8_Serial\Avast2009Prov4.8+Serial\Avast_AntiVirus_2009_Pro__v4.8.1282_Plus_Serial + life time\CW info.rar
C:\Documents and Settings\oxmo\Bureau\pwdcrack\pwdcrack.exe
C:\Documents and Settings\All Users\Documents\images\WinRAR\WinRAR v3.71\keygenpatch.exe

################## [ ! Fin du rapport # UsbFix V3.014 ! ]

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
Utilisateur anonyme
 
Re,

Vire tes cracks.

▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur ' continue ' à l'écran Disclaimer.

Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports séparément.
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 6 / 26
Marheck Messages postés 415 Statut Membre 175
 
Le log text

Logfile of random's system information tool 1.06 (written by random/random)
Run by oxmo at 2009-05-15 11:04:33
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 376 MB (4%) free of 10 GB
Total RAM: 223 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:57, on 15/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\Documents and Settings\tazebama.dl_
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\oxmo\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\oxmo.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPeer.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QUAD Windows service] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
O4 - HKCU\..\Run: [QUAD Scheduler] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D90242B-7826-4717-B47E-01907369F5BA}: NameServer = 213.139.92.2,213.136.96.37
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll c:\progra~1\bandoo\bndhook.dll
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
0
Réponse 7 / 26
Marheck Messages postés 415 Statut Membre 175
 
L'Info text

info.txt logfile of random's system information tool 1.06 2009-05-15 11:05:04

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
168-USB PC Camera-->C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x040c -removeonly
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
CyberCafePro Client Version 5 (Remove Only)-->"C:\Program Files\CCP Client\unins000.exe"
Fake Webcam 5.1.0-->"C:\Program Files\Fake Webcam\unins000.exe"
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
Glary Utilities Pro 2.12.0.658-->"C:\Program Files\Glary Utilities\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
myBabylon_English Toolbar-->C:\PROGRA~1\MYBABY~1\UNWISE.EXE /U C:\PROGRA~1\MYBABY~1\INSTALL.LOG
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
P2P_Energy Toolbar-->C:\PROGRA~1\P2P_EN~1\UNWISE.EXE C:\PROGRA~1\P2P_EN~1\INSTALL.LOG
Peer2Peer-FR Toolbar-->C:\PROGRA~1\PEER2P~1\UNWISE.EXE C:\PROGRA~1\PEER2P~1\INSTALL.LOG
QUAD Registry Cleaner v.1.5.69-->C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
Revo Uninstaller 1.80-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe"
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
Total Video Converter 3.11-->"C:\Program Files\Total Video Converter\unins000.exe"
UsbFix-->C:\UsbFix\Uninstal.exe
VirtualCamera-->C:\Program Files\VirtualCamera\uninst.exe
VLC media player 0.9.9-->D:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinHTTrack Website Copier 3.43-2-->"C:\Program Files\WinHTTrack\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======System event log======

Computer Name: CABINE3
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

Record Number: 7923
Source Name: Service Control Manager
Time Written: 20090428180606.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: CABINE3
Event Code: 7036
Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.

Record Number: 7922
Source Name: Service Control Manager
Time Written: 20090428180606.000000+060
Event Type: Informations
User:

Computer Name: CABINE3
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

Record Number: 7921
Source Name: Service Control Manager
Time Written: 20090428180604.000000+060
Event Type: Informations
User:

Computer Name: CABINE3
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

Record Number: 7920
Source Name: Service Control Manager
Time Written: 20090428180604.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: CABINE3
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 7919
Source Name: Service Control Manager
Time Written: 20090428180553.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: CABINE3
Event Code: 0
Message:
Record Number: 5
Source Name: Bandoo Coordinator
Time Written: 20090425101031.000000+060
Event Type: Informations
User:

Computer Name: CABINE3
Event Code: 0
Message:
Record Number: 4
Source Name: gusvc
Time Written: 20090425101030.000000+060
Event Type: Informations
User:

Computer Name: CABINE3
Event Code: 1004
Message:
Record Number: 3
Source Name: WgaSetup
Time Written: 20090425101024.000000+060
Event Type: Informations
User:

Computer Name: CABINE3
Event Code: 1002
Message:
Record Number: 2
Source Name: WgaSetup
Time Written: 20090425101023.000000+060
Event Type: Informations
User:

Computer Name: CABINE3
Event Code: 1006
Message:
Record Number: 1
Source Name: WgaSetup
Time Written: 20090425101023.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
0
Réponse 8 / 26
Utilisateur anonyme
 
Re,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:processes
explorer.exe

:files
c:\zpharaoh.exe

:commands
[purity]
[emptytemp]
[start explorer]


---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 9 / 26
Marheck Messages postés 415 Statut Membre 175
 
Voila

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\zPharaoh.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\oxmo\LOCALS~1\Temp\A9R90C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\oxmo\LOCALS~1\Temp\etilqs_QvjjqE6avPc6DU2I6IcI scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\oxmo\LOCALS~1\Temp\~DFDB67.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\oxmo\Local Settings\Temporary Internet Files\Content.Word\~WRS{67815AC9-35EF-4B19-AD10-5C2A2370F276}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\oxmo\Local Settings\Temporary Internet Files\Content.Word\~WRS{D0981ABD-D43A-4971-8D55-F745DE56B55B}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\oxmo\Local Settings\Temporary Internet Files\Content.Word\~WRS{F25B7610-2F39-4F84-8769-570038EDF4D8}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\oxmo\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_684.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05152009_111818

Files moved on Reboot...
File C:\DOCUME~1\oxmo\LOCALS~1\Temp\A9R90C.tmp not found!
File C:\DOCUME~1\oxmo\LOCALS~1\Temp\etilqs_QvjjqE6avPc6DU2I6IcI not found!
File C:\DOCUME~1\oxmo\LOCALS~1\Temp\~DFDB67.tmp not found!
File C:\Documents and Settings\oxmo\Local Settings\Temporary Internet Files\Content.Word\~WRS{67815AC9-35EF-4B19-AD10-5C2A2370F276}.tmp not found!
File C:\Documents and Settings\oxmo\Local Settings\Temporary Internet Files\Content.Word\~WRS{D0981ABD-D43A-4971-8D55-F745DE56B55B}.tmp not found!
File C:\Documents and Settings\oxmo\Local Settings\Temporary Internet Files\Content.Word\~WRS{F25B7610-2F39-4F84-8769-570038EDF4D8}.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_684.dat not found!
C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\oxmo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\XUL.mfl moved successfully.

0
Réponse 10 / 26
Utilisateur anonyme
 
Re,

Redémarre ton pc normalement et refait un rapport avec RSIT.
0
Réponse 11 / 26
Marheck Messages postés 415 Statut Membre 175
 
depuis que jai redemarre la machine, le clavier est devenu qwertym et pourtant cest bel et bien un azerty
comment le rendre normal?
0
Réponse 12 / 26
Utilisateur anonyme
 
Re,

regarde ici
0
Réponse 13 / 26
Marheck Messages postés 415 Statut Membre 175
 
Merci
Rapport RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by oxmo at 2009-05-15 11:55:19
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 611 MB (6%) free of 10 GB
Total RAM: 223 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:07, on 15/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Glary Utilities\Integrator.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\FixCamera.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\oxmo\Bureau\RSIT.exe
C:\Documents and Settings\tazebama.dl_
C:\Program Files\Trend Micro\HijackThis\oxmo.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPeer.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QUAD Windows service] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
O4 - HKCU\..\Run: [QUAD Scheduler] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D90242B-7826-4717-B47E-01907369F5BA}: NameServer = 213.139.92.2,213.136.96.37
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll c:\progra~1\bandoo\bndhook.dll
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
0
Réponse 14 / 26
Marheck Messages postés 415 Statut Membre 175
 
Alors???
0
Utilisateur anonyme
 
bonjour
pas de doublon, restes sur cette discussion
0
Réponse 15 / 26
Utilisateur anonyme
 
Re,

1) J'ai une vie privée , aussi

ALORS LA PATIENTE ET UNE VERTUE.

Télécharge ComboFix (de sUBs) sur ton Bureau.

/!\Désactive temporairement toute protection résidente /!\ (Antivirus, antispywares..)
Double clique sur ComboFix.exe.
Accepte la licence en cliquant sur Oui.
Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !
Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide :Comment utiliser ComboFix.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 16 / 26
Marheck Messages postés 415 Statut Membre 175
 
Il est là

############################## [ UsbFix V3.014 ]

# User : oxmo (Administrateurs) # CABINE3
# Update on 27/04/09 by C_XX & Chiquitine29
# Start at: 10:44:41 | 15/05/2009

# mobile AMD Athlon(tm) MP-M 1800+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 9,77 Go (378,82 Mo free) # NTFS
# D:\ # Disque fixe local # 28,51 Go (26,25 Go free) # NTFS
# E:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\Documents and Settings\tazebama.dl_
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Bandoo\BandooUI.exe
C:\WINDOWS\Explorer.EXE

################## [ Fichiers # Dossiers infectieux ]

Deleted ! "C:\Documents and Settings\oxmo\Application Data\tazebama"
Deleted ! "C:\Documents and Settings\hook.dl_"
(!) Not Deleted ! "C:\Documents and Settings\tazebama.dl_"
(!) Not Deleted ! "C:\Documents and Settings\tazebama.dll"
C:\autorun.inf # -> fichier appelé : "C:\zPharaoh.exe" ( présent ! )
Deleted ! -> C:\zPharaoh.exe
Deleted ! C:\autorun.inf
Deleted ! C:\zPharaoh.exe
D:\autorun.inf # -> fichier appelé : "D:\zPharaoh.exe" ( présent ! )
Deleted ! -> D:\zPharaoh.exe
Deleted ! D:\autorun.inf
Deleted ! D:\zPharaoh.exe

################## [ Registre # Clés Run infectieuses ]

# HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "FirewallOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "UacDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "FirewallOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "UacDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableTaskMgr"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{41977aee-3b25-11de-b92e-00115b870739}\Shell\open\Command

################## [ Listing des fichiers présent ]

[26/11/2008 17:24|--a------|0] - C:\AUTOEXEC.BAT
[15/05/2009 10:47|-r-hs----|126] - C:\autorun.inf
[20/03/2009 14:23|--a------|4243] - C:\backblue.gif
[16/02/2009 17:52|--a------|212] - C:\Boot.bak
[27/04/2009 15:44|-rahs----|282] - C:\boot.ini
[30/08/2002 13:00|-rahs----|4952] - C:\Bootfont.bin
[26/03/2009 21:49|--a------|5105] - C:\busts.exe
[03/08/2004 23:00|--a------|263488] - C:\cmldr
[27/04/2009 16:03|--a------|25004] - C:\ComboFix.txt
[26/11/2008 17:24|--a------|0] - C:\CONFIG.SYS
[20/03/2009 14:23|--a------|828] - C:\fade.gif
[20/03/2009 14:23|--a------|5075] - C:\index.html
[26/11/2008 17:24|-rahs----|0] - C:\IO.SYS
[09/01/2009 19:29|--a------|0] - C:\Mes Sites Web.whtt
[26/11/2008 17:24|-rahs----|0] - C:\MSDOS.SYS
[03/08/2004 21:38|-rahs----|47564] - C:\NTDETECT.COM
[03/08/2004 21:59|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[28/11/2008 14:21|--ah-----|268] - C:\sqmdata00.sqm
[12/12/2008 19:10|--ah-----|232] - C:\sqmdata01.sqm
[15/12/2008 13:56|--ah-----|268] - C:\sqmdata02.sqm
[28/01/2009 14:39|--ah-----|232] - C:\sqmdata03.sqm
[03/05/2009 15:03|--ah-----|232] - C:\sqmdata04.sqm
[03/05/2009 17:54|--ah-----|232] - C:\sqmdata05.sqm
[02/02/2002 10:58|--ah-----|232] - C:\sqmdata06.sqm
[02/02/2009 11:59|--ah-----|232] - C:\sqmdata07.sqm
[02/02/2009 12:01|--ah-----|232] - C:\sqmdata08.sqm
[02/02/2009 14:18|--ah-----|268] - C:\sqmdata09.sqm
[06/02/2002 15:10|--ah-----|232] - C:\sqmdata10.sqm
[05/03/2009 17:41|--ah-----|268] - C:\sqmdata11.sqm
[19/03/2009 22:32|--ah-----|268] - C:\sqmdata12.sqm
[20/03/2009 10:35|--ah-----|268] - C:\sqmdata13.sqm
[03/04/2009 11:11|--ah-----|232] - C:\sqmdata14.sqm
[03/04/2009 15:03|--ah-----|232] - C:\sqmdata15.sqm
[03/04/2009 18:08|--ah-----|268] - C:\sqmdata16.sqm
[04/04/2009 10:23|--ah-----|268] - C:\sqmdata17.sqm
[04/04/2009 10:23|--ah-----|172] - C:\sqmdata18.sqm
[03/05/2009 15:01|--ah-----|232] - C:\sqmdata19.sqm
[28/11/2008 14:21|--ah-----|244] - C:\sqmnoopt00.sqm
[12/12/2008 19:10|--ah-----|244] - C:\sqmnoopt01.sqm
[15/12/2008 13:56|--ah-----|244] - C:\sqmnoopt02.sqm
[28/01/2009 14:39|--ah-----|244] - C:\sqmnoopt03.sqm
[03/05/2009 15:03|--ah-----|244] - C:\sqmnoopt04.sqm
[03/05/2009 17:54|--ah-----|244] - C:\sqmnoopt05.sqm
[02/02/2002 10:58|--ah-----|244] - C:\sqmnoopt06.sqm
[02/02/2009 11:59|--ah-----|244] - C:\sqmnoopt07.sqm
[02/02/2009 12:01|--ah-----|244] - C:\sqmnoopt08.sqm
[02/02/2009 14:18|--ah-----|244] - C:\sqmnoopt09.sqm
[06/02/2002 15:10|--ah-----|244] - C:\sqmnoopt10.sqm
[05/03/2009 17:41|--ah-----|244] - C:\sqmnoopt11.sqm
[19/03/2009 22:32|--ah-----|244] - C:\sqmnoopt12.sqm
[20/03/2009 10:35|--ah-----|244] - C:\sqmnoopt13.sqm
[03/04/2009 11:11|--ah-----|244] - C:\sqmnoopt14.sqm
[03/04/2009 15:03|--ah-----|244] - C:\sqmnoopt15.sqm
[03/04/2009 18:08|--ah-----|244] - C:\sqmnoopt16.sqm
[04/04/2009 10:23|--ah-----|244] - C:\sqmnoopt17.sqm
[04/04/2009 10:23|--ah-----|244] - C:\sqmnoopt18.sqm
[03/05/2009 15:01|--ah-----|244] - C:\sqmnoopt19.sqm
[28/04/2009 18:17|--a------|4884] - C:\TB.txt
[15/05/2009 10:47|--a------|7331] - C:\UsbFix.txt
[15/05/2009 10:46|-r-hs----|155181] - C:\zPharaoh.exe
[28/04/2009 15:08|--a------|79610] - D:\90qfwh.jpg
[15/05/2009 10:47|-r-hs----|126] - D:\autorun.inf
[21/03/2009 14:59|--a------|1101429] - D:\DevCpp.pdf
[26/04/2009 16:21|--a------|303735] - D:\hfgnkq9b.jpg
[20/04/2009 16:49|--a------|50888] - D:\url.htm
[15/05/2009 10:46|-r-hs----|155581] - D:\zPharaoh.exe

################## [ Vaccination ]

################## [ Cracks / Keygens / Serials ]

C:\Documents and Settings\oxmo\Bureau\Avast2009Prov4.8_Serial.rar
C:\Documents and Settings\oxmo\Bureau\Fichier RAR\pwdcrack.zip
C:\Documents and Settings\oxmo\Bureau\Fichier RAR\ROPatch.rar
C:\Documents and Settings\oxmo\Bureau\Fichier RAR\Avast2009Prov4.8_Serial\Avast2009Prov4.8+Serial\Avast_AntiVirus_2009_Pro__v4.8.1282_Plus_Serial + life time\Avas.exe
C:\Documents and Settings\oxmo\Bureau\Fichier RAR\Avast2009Prov4.8_Serial\Avast2009Prov4.8+Serial\Avast_AntiVirus_2009_Pro__v4.8.1282_Plus_Serial + life time\CW info.rar
C:\Documents and Settings\oxmo\Bureau\pwdcrack\pwdcrack.exe
C:\Documents and Settings\All Users\Documents\images\WinRAR\WinRAR v3.71\keygenpatch.exe

################## [ ! Fin du rapport # UsbFix V3.014 ! ]

0
Réponse 17 / 26
Marheck Messages postés 415 Statut Membre 175
 
Désolé, je me suis trompé
0
Réponse 18 / 26
Utilisateur anonyme
 
Re,

Fait combofix.

Ensuite tu me poste le rapport et redémarre ton pc et me refait un rapport avec RSIT.

merci.

Surtout vire tes cracks .

Pour l'antivirus , je te conseillerais un gratos assez performant.

OK.

Sinon tu seras toujours emmerder avec tes virus , car la source sont tes cracks.
0
Réponse 19 / 26
Marheck Messages postés 415 Statut Membre 175
 
Voilà

ComboFix 09-04-22.02 - oxmo 27/04/2009 15:46.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.223.79 [GMT 1:00]
Lancé depuis: c:\documents and settings\oxmo\Bureau\jaCombo.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Administrateur\Application Data\tazebama
c:\documents and settings\Administrateur\Application Data\tazebama\zPharaoh.dat
c:\documents and settings\oxmo\Application Data\tazebama
c:\documents and settings\oxmo\Application Data\tazebama\tazebama.log
c:\documents and settings\oxmo\Application Data\tazebama\zPharaoh.dat
c:\windows\ssvichosst.exe
c:\windows\system32\autorun.ini
c:\windows\system32\dtirc.dll
c:\windows\system32\setting.ini
c:\windows\system32\ssvichosst.exe
c:\windows\system32\vcmgcd32.dl_
c:\windows\system32\vcmgcd32.dll
C:\zPharaoh.exe
D:\Autorun.inf
d:\recycler\Office2007 Serial.txt.exe
d:\recycler\RECYCLER .exe
D:\zPharaoh.exe

[COLOR=RED] c:\windows\explorer.exe . . . est infecté!![/COLOR]

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-27 au 2009-04-27 ))))))))))))))))))))))))))))))))))))
.

2009-04-27 14:54 . 2009-04-27 14:58 155181 --sh--r C:\zPharaoh.exe
2009-04-27 14:54 . 2009-04-27 14:58 -------- d-----w c:\documents and settings\oxmo\Application Data\tazebama
2009-04-27 14:48 . 2009-04-27 14:58 126 --sh--r C:\autorun.inf
2009-04-26 15:55 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-26 15:55 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-26 15:55 . 2009-04-26 15:56 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-25 18:47 . 2000-05-22 21:58 608448 ----a-w c:\windows\system32\comctl32.ocx
2009-04-25 18:47 . 2009-04-25 18:48 -------- d-----w c:\program files\Total Video Converter
2009-04-25 18:13 . 2009-04-27 11:45 -------- d-----w C:\Downloads
2009-04-25 18:11 . 2009-04-27 14:58 -------- d-----w c:\documents and settings\oxmo\Application Data\Free Download Manager
2009-04-25 18:10 . 2009-04-25 18:10 -------- d-----w c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-04-25 17:33 . 2009-04-27 14:25 -------- d-----w c:\documents and settings\oxmo\Application Data\Software Informer
2009-04-25 17:33 . 2009-04-25 17:33 -------- d-----w c:\program files\Software Informer
2009-04-25 17:04 . 2009-04-25 17:04 -------- d-----w C:\ToolBar SD
2009-04-25 17:00 . 2009-04-25 17:00 -------- d-----w c:\documents and settings\LocalService\Bureau
2009-04-25 16:38 . 2009-04-25 16:38 -------- d-----w C:\_OTMoveIt
2009-04-25 13:53 . 2009-04-25 13:53 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2009-04-25 13:41 . 2009-04-27 14:54 32768 ----a-w c:\documents and settings\tazebama.dll
2009-04-24 12:35 . 2009-04-24 12:35 230420 ----a-w c:\windows\system32\LastVcImage.vci
2009-04-23 09:33 . 2009-04-23 09:33 -------- d-----w c:\documents and settings\oxmo\Local Settings\Application Data\Identities
2009-04-22 21:22 . 2009-04-22 21:22 -------- d-----w c:\documents and settings\oxmo\Application Data\dvdcss
2009-04-22 20:29 . 2009-04-22 20:29 -------- d-----w c:\documents and settings\NetworkService\Bureau
2009-04-22 20:13 . 2009-04-22 20:13 -------- d-----w c:\documents and settings\SYSTEM
2009-04-22 13:30 . 2009-04-22 13:30 -------- d-----w c:\documents and settings\oxmo\Application Data\vlc
2009-04-22 10:55 . 2009-04-27 14:58 154751 ----a-w c:\documents and settings\hook.dl_
2009-04-22 10:55 . 2009-04-27 14:54 154751 ----a-w c:\documents and settings\tazebama.dl_
2009-04-21 17:05 . 2009-04-21 17:05 -------- d-----w c:\program files\MSECache
2009-04-21 16:53 . 2009-04-21 16:53 -------- d-----w c:\program files\Screamer Radio
2009-04-21 16:28 . 2009-04-21 16:28 -------- d-----w c:\program files\Trend Micro
2009-04-21 12:50 . 2009-04-21 12:50 -------- d-----w c:\documents and settings\oxmo\Application Data\Malwarebytes
2009-04-21 12:50 . 2009-04-21 12:50 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-21 12:36 . 2009-04-21 12:36 23 --sha-w c:\windows\system32\edacded0_x.dat
2009-04-21 12:36 . 2009-04-21 12:36 23 ----a-w c:\windows\system32\bcdadac7_x.xml
2009-04-21 12:31 . 2009-04-21 12:31 -------- d-----w c:\documents and settings\oxmo\Application Data\GlarySoft
2009-04-21 12:26 . 2009-04-25 13:00 -------- d-----w c:\program files\Glary Utilities
2009-04-21 12:11 . 2009-04-21 12:11 -------- d-----w c:\program files\VS Revo Group
2009-04-21 11:42 . 2007-07-11 15:09 40960 ----a-w c:\windows\FixCamera.exe
2009-04-21 11:42 . 2009-04-21 17:46 250735 ----a-w c:\windows\amcap.exe
2009-04-21 11:42 . 2009-04-22 15:17 992111 ----a-w c:\windows\vsnpstd3.exe
2009-04-21 11:42 . 2009-04-22 15:17 426863 ----a-w c:\windows\tsnpstd3.exe
2009-04-21 11:42 . 2004-02-27 16:36 15498 ----a-w c:\windows\snpstd3.ini
2009-04-21 11:42 . 2004-02-27 16:36 13023 ----a-w c:\windows\snpstd3.src
2009-04-21 11:41 . 2007-07-25 15:59 10372096 ----a-w c:\windows\system32\drivers\snpstd3.sys
2009-04-21 11:41 . 2007-07-23 17:04 155648 ----a-w c:\windows\system32\rsnpstd3.dll
2009-04-21 11:41 . 2007-07-23 16:52 57344 ----a-w c:\windows\system32\vsnpstd3.dll
2009-04-21 11:41 . 2005-11-23 12:55 53248 ----a-w c:\windows\system32\csnpstd3.dll
2009-04-21 11:41 . 2005-11-23 12:55 53248 ----a-w c:\windows\csnpstd3.dll
2009-04-21 11:41 . 2009-04-21 11:42 -------- d-----w c:\program files\Fichiers communs\snpstd3
2009-04-21 11:41 . 2009-04-21 11:41 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-21 11:41 . 2009-04-21 11:41 -------- d-----w c:\documents and settings\oxmo\Application Data\InstallShield
2009-04-20 15:01 . 2009-04-20 15:01 0 ----a-w c:\windows\VCamera.INI
2009-04-20 14:52 . 2004-08-03 21:58 5504 ----a-w c:\windows\system32\drivers\MSTEE.sys
2009-04-20 14:52 . 2004-08-03 22:10 10880 ----a-w c:\windows\system32\drivers\NdisIP.sys
2009-04-20 14:52 . 2004-08-19 15:10 16384 ----a-w c:\windows\system32\ipsink.ax
2009-04-20 14:52 . 2004-08-03 22:10 15360 ----a-w c:\windows\system32\drivers\StreamIP.sys
2009-04-20 14:52 . 2004-08-03 22:10 11136 ----a-w c:\windows\system32\drivers\SLIP.sys
2009-04-20 14:51 . 2004-08-03 22:10 19328 ----a-w c:\windows\system32\drivers\WSTCODEC.SYS
2009-04-20 14:51 . 2004-08-03 22:10 85376 ----a-w c:\windows\system32\drivers\NABTSFEC.sys
2009-04-20 14:51 . 2004-08-03 22:10 17024 ----a-w c:\windows\system32\drivers\CCDECODE.sys
2009-04-20 14:50 . 2004-08-19 15:10 91648 ----a-w c:\windows\system32\kswdmcap.ax
2009-04-20 14:50 . 2004-08-19 15:10 28672 ----a-w c:\windows\system32\vidcap.ax
2009-04-20 14:50 . 2004-08-19 15:10 61952 ----a-w c:\windows\system32\kstvtune.ax
2009-04-20 14:50 . 2004-08-19 15:09 54784 ----a-w c:\windows\system32\vfwwdm32.dll
2009-04-20 14:50 . 2004-08-19 15:10 43008 ----a-w c:\windows\system32\ksxbar.ax
2009-04-20 14:40 . 2009-04-20 14:51 -------- d-----w c:\program files\VirtualCamera
2009-04-20 08:25 . 2009-04-23 09:10 -------- d-----w c:\documents and settings\oxmo\Application Data\uTorrent
2009-04-17 09:29 . 2009-04-17 09:29 -------- d-----w C:\tmpDownload
2009-04-13 21:29 . 2009-04-23 13:35 610551 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-13 21:29 . 2009-04-23 13:35 1594607 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-13 21:29 . 2009-04-13 21:29 -------- d-----w c:\windows\system32\KB905474
2009-04-13 21:29 . 2009-02-09 17:51 15450 ----a-w c:\windows\system32\KB905474\wga_eula.txt
2009-04-04 09:23 . 2009-04-04 09:23 244 ---ha-w C:\sqmnoopt18.sqm
2009-04-04 09:23 . 2009-04-04 09:23 172 ---ha-w C:\sqmdata18.sqm
2009-04-04 09:23 . 2009-04-04 09:23 268 ---ha-w C:\sqmdata17.sqm
2009-04-04 09:23 . 2009-04-04 09:23 244 ---ha-w C:\sqmnoopt17.sqm
2009-04-03 17:08 . 2009-04-03 17:08 268 ---ha-w C:\sqmdata16.sqm
2009-04-03 17:08 . 2009-04-03 17:08 244 ---ha-w C:\sqmnoopt16.sqm
2009-04-03 14:03 . 2009-04-03 14:03 232 ---ha-w C:\sqmdata15.sqm
2009-04-03 14:03 . 2009-04-03 14:03 244 ---ha-w C:\sqmnoopt15.sqm
2009-04-03 13:10 . 2009-04-18 16:33 -------- d-----w C:\Ultra3GPFolder
2009-04-03 11:56 . 2009-04-06 19:44 130 ----a-w c:\windows\system32\temp0001.aok
2009-04-03 11:32 . 2009-04-06 19:44 131 ----a-w c:\windows\system32\test.aok
2009-04-03 10:11 . 2009-04-03 10:11 244 ---ha-w C:\sqmnoopt14.sqm
2009-04-03 10:11 . 2009-04-03 10:11 232 ---ha-w C:\sqmdata14.sqm
2009-04-01 08:33 . 2009-04-01 08:33 -------- d-----w c:\program files\Conduit
2009-03-31 08:09 . 2004-01-10 16:02 258048 ----a-w c:\windows\system32\GplMpgDec.ax
2009-03-31 08:09 . 2004-05-25 16:06 417792 ----a-w c:\windows\system32\ac3filter.ax
2009-03-31 08:09 . 2005-02-27 20:48 356352 ----a-w c:\windows\system32\RealMediaSplitter.ax

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 13:48 . 2008-11-28 07:15 70408 ----a-w c:\documents and settings\oxmo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 21:13 . 2008-11-28 11:04 -------- d-----w c:\program files\MSN Messenger
2009-04-25 18:11 . 2002-02-06 20:58 -------- d-----w c:\program files\Free Download Manager
2009-04-25 17:46 . 2008-11-28 11:05 -------- d-----w c:\program files\Windows Live Toolbar
2009-04-25 16:43 . 2004-08-19 14:09 1192815 ----a-w c:\windows\explorer.exe
2009-04-24 20:32 . 2008-12-02 18:57 -------- d-----w c:\documents and settings\oxmo\Application Data\Skype
2009-04-24 18:28 . 2004-08-19 14:10 444783 ----a-w c:\windows\winhlp32.exe
2009-04-24 18:28 . 2002-08-30 12:00 182127 ----a-w c:\windows\twunk_32.exe
2009-04-24 18:28 . 2004-08-19 14:10 309615 ----a-w c:\windows\regedit.exe
2009-04-24 18:28 . 2004-08-19 14:09 167279 ----a-w c:\windows\hh.exe
2009-04-23 13:29 . 2004-08-19 14:09 557423 ----a-w c:\windows\system32\cmd.exe
2009-04-23 13:24 . 2006-09-28 18:56 302959 ----a-w c:\windows\system32\WudfHost.exe
2009-04-23 13:24 . 2006-10-26 12:45 449903 ----a-w c:\windows\system32\WISPTIS.EXE
2009-04-23 13:24 . 2006-10-18 20:00 406383 ----a-w c:\windows\system32\drmupgds.exe
2009-04-23 13:24 . 2004-04-23 15:02 389999 ----a-w c:\windows\system32\cmirmdrv.exe
2009-04-23 11:40 . 2009-03-03 18:01 -------- d-----w c:\program files\RegCleaner
2009-04-21 13:58 . 2009-01-09 18:18 -------- d-----w c:\program files\WinHTTrack
2009-04-21 12:38 . 2009-02-28 12:43 -------- d-----w c:\program files\SuperCopier2
2009-04-20 21:14 . 2008-11-26 16:20 317295 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-04-20 21:14 . 2008-11-26 16:20 925039 ----a-w c:\windows\pchealth\helpctr\binaries\helpctr.exe
2009-04-20 09:43 . 2009-01-20 15:43 -------- d-----w c:\documents and settings\oxmo\Application Data\LimeWire
2009-04-18 17:08 . 2008-12-27 14:08 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-18 16:37 . 2002-08-30 12:00 49734 ----a-w c:\windows\system32\perfc00C.dat
2009-04-18 16:37 . 2002-08-30 12:00 370832 ----a-w c:\windows\system32\perfh00C.dat
2009-04-17 10:10 . 2008-11-28 09:28 -------- d-----w c:\program files\CCP Client
2009-04-03 18:52 . 2008-12-04 11:46 -------- d-----w c:\documents and settings\oxmo\Application Data\skypePM
2009-04-01 08:52 . 2009-03-21 13:01 -------- d-----w c:\documents and settings\oxmo\Application Data\Dev-Cpp
2009-04-01 08:33 . 2009-01-26 12:06 -------- d-----w c:\program files\Eazel-FR
2009-03-29 17:48 . 2009-03-27 10:17 -------- d-----w c:\documents and settings\oxmo\Application Data\eMule
2009-03-27 13:09 . 2009-03-27 10:30 -------- d-----w c:\program files\AskBarDis
2009-03-27 10:30 . 2009-03-27 10:30 -------- d-----w c:\program files\AskSearch
2009-03-26 20:49 . 2009-03-26 20:49 5105 ----a-w C:\busts.exe
2009-03-21 13:34 . 2009-03-21 13:34 233472 ----a-w c:\windows\system32\ILDA32.dll
2009-03-20 19:37 . 2009-03-20 19:37 -------- d-----w c:\documents and settings\oxmo\Application Data\URSE Games
2009-03-20 19:12 . 2009-03-14 11:49 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-20 13:23 . 2009-03-20 13:23 828 ----a-w C:\fade.gif
2009-03-20 13:23 . 2009-03-20 13:23 5075 ----a-w C:\index.html
2009-03-20 13:23 . 2009-03-20 13:23 4243 ----a-w C:\backblue.gif
2009-03-20 09:35 . 2009-03-20 09:35 268 ---ha-w C:\sqmdata13.sqm
2009-03-20 09:35 . 2009-03-20 09:35 244 ---ha-w C:\sqmnoopt13.sqm
2009-03-19 21:32 . 2009-03-19 21:32 268 ---ha-w C:\sqmdata12.sqm
2009-03-19 21:32 . 2009-03-19 21:32 244 ---ha-w C:\sqmnoopt12.sqm
2009-03-14 12:26 . 2009-03-14 11:49 -------- d-----w c:\documents and settings\oxmo\Application Data\URSoft
2009-03-07 16:32 . 2009-01-09 17:19 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-06 19:18 . 2009-03-06 19:17 -------- d-----w c:\program files\myBabylon_English
2009-03-06 14:46 . 2004-08-19 14:09 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-05 16:41 . 2009-03-05 16:41 268 ---ha-w C:\sqmdata11.sqm
2009-03-05 16:41 . 2009-03-05 16:41 244 ---ha-w C:\sqmnoopt11.sqm
2009-03-03 10:21 . 2008-11-28 09:16 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-20 08:31 . 2004-08-19 14:09 663552 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:31 . 2004-08-19 14:09 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:17 . 2004-08-19 14:00 1846400 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:50 . 2004-08-19 16:04 2059776 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:50 . 2004-08-19 14:04 2182528 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:20 . 2004-08-19 14:09 730112 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-19 14:09 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-08-19 14:09 685056 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-19 14:09 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:08 . 2004-08-19 14:10 111104 ------w c:\windows\system32\services.exe
2009-02-06 16:54 . 2002-08-30 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 20:10 . 2004-08-19 14:09 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-02 13:18 . 2009-02-02 13:18 268 ---ha-w C:\sqmdata09.sqm
2009-02-02 13:18 . 2009-02-02 13:18 244 ---ha-w C:\sqmnoopt09.sqm
2009-02-02 11:01 . 2009-02-02 11:01 244 ---ha-w C:\sqmnoopt08.sqm
2009-02-02 11:01 . 2009-02-02 11:01 232 ---ha-w C:\sqmdata08.sqm
2009-02-02 10:59 . 2009-02-02 10:59 244 ---ha-w C:\sqmnoopt07.sqm
2009-02-02 10:59 . 2009-02-02 10:59 232 ---ha-w C:\sqmdata07.sqm
2009-01-28 13:39 . 2009-01-28 13:39 244 ---ha-w C:\sqmnoopt03.sqm
2009-01-28 13:39 . 2009-01-28 13:39 232 ---ha-w C:\sqmdata03.sqm
.

------- Sigcheck -------

[-] 2009-04-25 16:43 1192815 69BA7066F632BB930FF707A2B15EBE3A c:\windows\explorer.exe
[-] 2009-04-22 15:40 1194351 EBC59AC3A0CF49582B24CFEF780EA8B0 c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\explorer.exe
[-] 2009-04-23 13:29 1192815 3E61A71BF1852E40C7B520688EB5FBAC c:\windows\system32\dllcache\explorer.exe

[-] 2009-04-22 15:39 171887 40B38E5A394FDF16EA45C9EE9167CD1C c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\ctfmon.exe
[-] 2004-08-19 14:09 35840 A93590C584C2274738C4D0058526AEC1 c:\windows\system32\ctfmon.exe
[-] 2009-04-23 13:29 171887 B29FD7962A45533E33F861D72A26A593 c:\windows\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-11-23 23:03 1784856 ----a-w c:\program files\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
2009-04-22 09:57 1883672 ----a-w c:\program files\Eazel-FR\tbEaz1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2008-11-23 23:03 1784856 ----a-w c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
2008-01-07 18:38 1530904 ----a-w c:\program files\Best_Security_Tips\tbBest.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR\tbPeer.dll" [2008-09-15 1784856]
"{da30eff8-ccc6-4162-a20d-67402a26a215}"= "c:\program files\Best_Security_Tips\tbBest.dll" [2008-01-07 1530904]
"{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}"= "c:\program files\Eazel-FR\tbEaz1.dll" [2009-04-22 1883672]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_CLASSES_ROOT\clsid\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= "c:\program files\Best_Security_Tips\tbBest.dll" [2008-01-07 1530904]
"{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE}"= "c:\program files\Eazel-FR\tbEaz1.dll" [2009-04-22 1883672]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2008-11-23 1784856]
"{B00F3D7D-ECAD-4A3B-BCF7-BA5FC1FD0F8D}"= "c:\program files\Peer2Peer-FR\tbPeer.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_CLASSES_ROOT\clsid\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1073152]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-04-26 1971124]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-04-25 3556254]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\bandoo\bndhook.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CCP Client\\CCPClient.exe"=
"c:\\PROGRA~1\\CCPCLI~1\\ccpclient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Jadelcorp\\Progs\\News\\atomicmail4\\AtomicMAil4.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\utorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R3 PsSdk31;PsSdk31;c:\windows\system32\Drivers\pssdk31.drv [2008-12-03 30272]
R3 PsSdkLBF;PsSdkLBF;c:\windows\system32\Drivers\pssdklbf.drv [2008-12-03 37440]
S2 Bandoo Coordinator;Bandoo Coordinator;c:\progra~1\Bandoo\Bandoo.exe [2009-02-18 1484736]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1615DBE6-CB07-A8A9-52FA-66BBF0AC000B}]
c:\windows\system32:dllhost.exe
.
Contenu du dossier 'Tâches planifiées'

2009-04-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-04-21 14:50]

2009-04-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 13:35]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = google.net-studio.org
mStart Page = hxxp://fr.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
IE: &Search
IE: E&xporter vers Microsoft Excel
IE: Envoyer l'Image comme MMS en utilisant MM
IE: Envoyer le Texte comme SMS en utilisant MM
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {6D90242B-7826-4717-B47E-01907369F5BA} = 213.139.92.2,213.136.96.37
FF - ProfilePath - c:\documents and settings\oxmo\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2054110&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: c:\documents and settings\oxmo\Application Data\Mozilla\Firefox\Profiles\y0em3nuf.default\extensions\{64711c62-1970-4231-aa8f-c109834921d5}\components\FFExternalAlert.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: d:\program files\VideoLAN\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 15:56
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\oxmo\LOCALS~1\Temp\mc26.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdkLBF]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1912)
c:\program files\SuperCopier2\SC2Hook.dll
c:\documents and settings\tazebama.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\documents and settings\tazebama.dl_
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2009-04-27 16:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-27 15:03

Avant-CF: 555 511 808 octets libres
Après-CF: 624 361 472 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

350 --- E O F --- 2009-04-21 16:44
0
Réponse 20 / 26
Utilisateur anonyme
 
Re,

Redémarre ton pc et refait un rapport avec RSIT.

merci
0

Discussions similaires

Erreur vidéo inconnue sur le Freebox Player
mouhaaV2.0 -
meocdl -

62 réponses
Message "erreur video inconnue"
Nico2201 -
Free_noreto -

1 réponse
mon televiseur affiche erreur video
fmart -
Andy31200 -

1 réponse
Free Box erreur vidéo
bettyboop2 -
Buck31 -

2 réponses
FreeBox Révolution - Les code erreurs
baissaoui -
baissaoui -

0 réponse