Sujet Précédent Sujet Suivant

Virus

Résolu/Fermé
Parrain8275 Messages postés 13 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 22 mai 2009 - 21 mai 2009 à 21:59
 Laura45 - 16 juil. 2009 à 20:10
Bonjour,

Je poste ce message car j'ai un virus, un multivirus (?).

Je suis plutot hqbitué a avoir des virus, et les régler, mais celui là, je ne parviens pas.

Mon navigateur est détourné vers n'importe quoi, mais principalement une fenetre qui simule un scan de disque security.center.com, que je ferme, qui se réouvre plus tard, etc....

Lorsque je fais une recherche googje, les fentres qui s'ouvrent sont toutes ralenties, et présentent autre chose que ce que je vise. Dans leurs adresses, elles contiennent apres le http, le mot bitlook.

J'ai passé CCcleaner, Spybot, le scan McAfee. J'y trouve des Malware, des Trojan, qui sont corrigés, mais qui réapparaissent en quelques minutes. Le premeir étant cette fameuse fenetre qui simule un scan urgent des disques.

Les différents noms de virus que je trouve sont :

digiwet.dll
WORM.KOOBFACE


Merci beaucoup si vous pouvez m'aider>..................!!!!!!!!!!!!!!!!!!!!!!!!!

A coup de Jijack this ? Combofix ?


Merci beaucoup d'avance

PArrain
A voir également:

24 réponses

  • 1
  • 2
Réponse 1 / 24
Utilisateur anonyme
21 mai 2009 à 22:02
Salut Parrain ,

Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt
0
Réponse 2 / 24
Parrain8275 Messages postés 13 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 22 mai 2009
21 mai 2009 à 22:14
Merci beaoucoup Chiquitine pour ton aide

Voila les rapports :

L'info :

info.txt logfile of random's system information tool 1.06 2009-05-21 22:12:47

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access - Aide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\setup.exe" -l0x40c UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe LiveCycle Designer-->"C:\Program Files\SAP\SAPsetup\setup\NwSapsetup.exe" /product:"ALD" /uninstall /noRestart
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
Adobe Reader 8.1.1-->MsiExec.exe /X{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant UltraNav ThinkPad -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\setup.exe" -l0x40c UNINSTALL
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x40c
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoConnect by Identity Engines-->MsiExec.exe /I{C7990F6E-E816-4A33-BBC7-7DDF55161C76}
Babylon-Enterprise Client-->MsiExec.exe /X{D88866CA-78BB-4DA9-A933-2053AF8A1B91}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Catalyst Control Center - Branding-->MsiExec.exe /I{BBE9CD7B-E894-477F-B5A1-D642D672C713}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
FirePass Client-->MsiExec.exe /X{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}
FrameworkSecuritySettings-->MsiExec.exe /I{F280F9F0-1B94-4278-9424-34B7C82A0440}
Gestionnaire d'alimentation ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\setup.exe" -l0x40c -AddRemove
Gestionnaire de présentation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\setup.exe" -l0x40c -AddRemove
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
hp deskjet 5100-->msiexec /x{15C165F1-1DAE-4476-AFB6-8723729B41E7}
HP Enterprise Discovery Agent (x86) 2.51.000.7275-->MsiExec.exe /X{B7643B11-A60E-4A33-A465-263FEB32113A}
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD 7-->"C:\Program Files\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL
Interwise Participant-->MsiExec.exe /I{5F78A84D-766E-40BB-BFFC-C7B3B9B606B1}
iPassConnect SAPVPN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6FFA58-F491-11D3-8951-000000026933}\setup.exe"
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java 2 Runtime Environment, SE v1.4.2_16-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142160}
Lenovo System Interface Driver-->RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NTx86 130 C:\Program Files\Lenovo\SMIIF\lnvsmi.inf
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Anti-Spyware Enterprise Module-->C:\Program Files\Network Associates\VirusScan\csscan.exe /UninstallMAS
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
MetaFrame Presentation Server Client-->MsiExec.exe /I{D989BCC0-757C-4FB6-893C-512DF4382656}
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office Communicator 2005 1.0.559.226-->MsiExec.exe /X{BE5AD430-9E0C-4243-AB3F-593835869855}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English)-->MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft redistributable runtime DLLs VS2005 SP1(x86)-->MsiExec.exe /I{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}
Mindjet MindManager Viewer 6-->MsiExec.exe /X{DA0A5873-4B54-4179-9C0C-BA313C56EA37}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MSXML4.0 redistributable-->MsiExec.exe /I{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
OPSWAT AntiVirus and Firewall Integration Libraries-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\Progra~1\F5\OPSWAT_\AVSDK\AVDLLs\f5opswati.inf,DefaultUninstall
Parrot Audio Suite-->C:\Program Files\Parrot Audio Suite\Uninstall.exe
Parrot Software Update Tool-->C:\Program Files\Parrot Software Update Tool\Uninstall.exe
PDF-XChange 3 Pro-->"C:\Program Files\Tracker Software\PDF-XChange 3 Pro\unins000.exe"
Post-it® Software Notes Lite-->"C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Rar Labs WinRAR 3.80-->MsiExec.exe /X{96C331DA-80DD-4A16-9E31-B7E0DC067B1F}
RemotelyAnywhere Workstation-->MsiExec.exe /I{DADBE545-BB11-4AF7-8B75-4D649542624C}
Remove Hidden Data Tool-->MsiExec.exe /X{90F80409-6000-11D3-8CFE-0150048383C9}
Retain Client-Server-->C:\PROGRA~1\RETAIN~1\UNWISE.EXE C:\PROGRA~1\RETAIN~1\install.LOG
SAP Business Explorer-->"C:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe" /product="SAPBI" /uninstall
SAP CheckIn Wizard 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9EEBCE0-5208-11D2-ABBA-0000E81BE828}\setup.exe" -uninst
SAP GUI 7.10-->"C:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe" /uninstall /product="ECL710+GUI710TWEAK+BW350+KW710+GUI710ISHMED+SAPGUI710" /TitleComponent:"SAPGUI710" /IgnoreMissingProducts
SAP IT IT Helps - AppCheck 3.1.0.0-->MsiExec.exe /X{02D518A5-E2C3-4C32-A5A6-D5D22587B414}
SAP IT IT Helps - PCHC 1.2.1-->MsiExec.exe /X{55794035-FC44-4DEA-95BB-3E95BB282A10}
SAP IT IT Helps 1.2.1-->MsiExec.exe /X{5CE28B1C-C0CE-4557-AD03-40C67189E79E}
SAP IT SAP Frontend Killbits 1.0-->MsiExec.exe /X{1CC82480-F3D8-4BFD-BF8B-DA5F5B1C4ED2}
SAP Presentation Wizard-->MsiExec.exe /I{75F0774A-D922-4648-8DCB-C69542BF2892}
SAP Tutor-->MsiExec.exe /I{9F8161C3-D429-4A71-B03A-99873D324550}
SECUDE SECUDE for R3 2.2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SECUDE\SECUDE for R3\DeIsL1.isu"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Setup-->MsiExec.exe /I{77C263A6-7B15-40FD-86EA-737BD7173E8A}
SnagIt-->MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Program Files\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.INF
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
Utilitaire ThinkPad EasyEject-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\setup.exe" -l0x40c -AddRemove
WebEx Recorder and Player-->MsiExec.exe /I{1D243F00-1389-4C63-A7E9-B17E967D1901}
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Messenger 5.1-->MsiExec.exe /I{8419C98D-6818-443B-9362-156519FE4C6B}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

======Hosts File======

127.0.0.1 localhost loopback
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======System event log======

Computer Name: LVLN60168007A
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{2F7917AB-F986-4B26-A509-544B9292092F}.

Record Number: 2324
Source Name: Server
Time Written: 20090428122323.000000+120
Event Type: warning
User:

Computer Name: LVLN60168007A
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001B77416490. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2322
Source Name: Dhcp
Time Written: 20090428122228.000000+120
Event Type: warning
User:

Computer Name: LVLN60168007A
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Record Number: 2302
Source Name: W32Time
Time Written: 20090428103835.000000+120
Event Type: error
User:

Computer Name: LVLN60168007A
Event Code: 14
Message: The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 15 minutes.

Record Number: 2301
Source Name: W32Time
Time Written: 20090428103835.000000+120
Event Type: warning
User:

Computer Name: LVLN60168007A
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001B77416490. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2293
Source Name: Dhcp
Time Written: 20090428103337.000000+120
Event Type: warning
User:

=====Application event log=====

Computer Name: LVLN60168007A
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089


Record Number: 1287
Source Name: .NET Runtime Optimization Service
Time Written: 20090511091631.000000+120
Event Type:
User:

Computer Name: LVLN60168007A
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089


Record Number: 1285
Source Name: .NET Runtime Optimization Service
Time Written: 20090511091620.000000+120
Event Type:
User:

Computer Name: LVLN60168007A
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089


Record Number: 1283
Source Name: .NET Runtime Optimization Service
Time Written: 20090511091620.000000+120
Event Type:
User:

Computer Name: LVLN60168007A
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089


Record Number: 1281
Source Name: .NET Runtime Optimization Service
Time Written: 20090511091619.000000+120
Event Type:
User:

Computer Name: LVLN60168007A
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 1279
Source Name: .NET Runtime Optimization Service
Time Written: 20090511091600.000000+120
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Core"=0
"CREDDIR"=C:\SECUDE
"DIRCMD"=/OGN /P
"FP_NO_HOST_CHECK"=NO
"JAVA_HOME"=C:\Program Files\Java\j2re1.4.2_16\bin
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\PROGRA~1\SECUDE\SECUDE~1;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%JAVA_HOME%;C:\Program Files\SAP\FrontEnd\SAPgui;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f06
"SNC_LIB"=C:\Program Files\SECUDE\SECUDE for R3\secude.dll
"SSF_LIBRARY_PATH"=\\dwdf040\security\secude5.2\libssf.dll
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"homeloc"=LVL
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_16\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_16\lib\ext\QTJava.zip

-----------------EOF-----------------



Le log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by I045567 at 2009-05-21 22:12:09
Microsoft Windows XP Professional Service Pack 2
System drive C: has 56 GB (74%) free of 76 GB
Total RAM: 2046 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:44, on 21/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\iPass\iPassConnect SAPVPN\iPCAgent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\windows\ld08.exe
C:\WINDOWS\Temp\wpv291242765100.exe
C:\windows\pp10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPass\iPassConnect SAPVPN\downloader\ipccheck.exe
C:\Documents and Settings\I045567\Desktop\RSIT.exe
C:\Program Files\trend micro\I045567.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\Program Files\SAP\SAP Tutor\PlayerIE.dll
O2 - BHO: 870159 helper - {9E263D08-4127-4B99-9043-4FB044E6FCBC} - C:\WINDOWS\system32\870159\870159.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld08.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\wpv291242765100.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: NM_conf.vbs (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Client\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_16\bin\npjpi142_16.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_16\bin\npjpi142_16.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: catalog.emaro.com
O15 - Trusted Zone: http://jeu.questions-pour-un-champion.france3.fr
O15 - Trusted Zone: http://*.frmal02
O15 - Trusted Zone: http://*.frpar04vm03
O15 - Trusted Zone: www.isrsurveys.net
O15 - Trusted Zone: www2.isrsurveys.net
O15 - Trusted Zone: www3.isrsurveys.net
O15 - Trusted Zone: *.phl.sap.com
O15 - Trusted Zone: *.wdf.sap.com
O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} (F5 Networks Certificate Checker) - file://C:/Program Files/F5 VPN/F5_TMP/f5certchk.cab
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://connectwdf06.sap.com/vdesk/cachecleaner.cab#version=6030,2008,1031,2105
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://connectwdf06.sap.com/vdesk/terminal/urxvpn.cab#version=6030,2008,1031,2121
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://connectwdf06.sap.com/vdesk/terminal/f5tunsrv.cab#version=6030,2008,1126,1048
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - http://connectwdf06.sap.com/...
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - http://connectwdf06.sap.com/...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks Static Application Tunnel Control) - file://C:/Program Files/F5 VPN/F5_TMP/urTermProxy.cab
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - file://C:/Program Files/F5 VPN/F5_TMP/msrdp.cab
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - file://C:/Program Files/F5 VPN/F5_TMP/vdeskctrl.cab
O16 - DPF: {B8693DEF-98AC-43FC-AA00-E7D728334C80} (F5 Networks 5250 Terminal emulator) - file://C:/Program Files/F5 VPN/F5_TMP/ur5250x.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://connectwdf06.sap.com/vdesk/terminal/urxshost.cab#version=6030,2008,1031,2112
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://connectwdf06.sap.com/vdesk/terminal/urxhost.cab#version=6030,2008,1031,2108
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - http://connectwdf06.sap.com/...
O16 - DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} (URVNCX Class) - file://C:/Program Files/F5 VPN/F5_TMP/urvncx.cab
O16 - DPF: {EE5E646C-4D96-4DAD-A362-C210B507A0B2} (SAP KM DocService Control) - https://portal.wdf.sap.corp/irj/go/km/docs/etc/docservice/DocService.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = par.sap.corp,wdf.sap.corp,lys.sap.corp,tls.sap.corp,cas.sap.corp,ncs.sap.corp,ncel.sap.corp,sap.corp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = par.sap.corp,wdf.sap.corp,lys.sap.corp,tls.sap.corp,cas.sap.corp,ncs.sap.corp,ncel.sap.corp,sap.corp
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect SAPVPN\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect SAPVPN\iPCAgent.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: HP Enterprise Discovery Agent (prgnDiscAgent) - Unknown owner - C:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RescueAccount - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Telnet TlntSvrRemotelyAnywhere (TlntSvrRemotelyAnywhere) - Unknown owner - C:\WINDOWS\system32\ansiv.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
0
Réponse 3 / 24
Utilisateur anonyme
21 mai 2009 à 22:17
de rien Parrain ;)


effectivement , y a des bebettes dans ton pc ..


# Télécharge ceci: (merci a S!RI pour ce petit programme).

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Exécute le, Double click sur Smitfraudfix.exe choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.

Tuto:http://pagesperso-orange.fr/rginformatique/section%20virus/smitfraudfix.htm
0
Réponse 4 / 24
Parrain8275 Messages postés 13 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 22 mai 2009
21 mai 2009 à 22:30
Voila Chiquitine le rapport

( merci encore...bon je me repete, mais ej suis toujours agréablement surpis de la solidarité de al communauté informatique...:)

SmitFraudFix v2.416

Scan done at 22:24:30,34, 21/05/2009
Run from C:\Documents and Settings\I045567\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\iPass\iPassConnect SAPVPN\iPCAgent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\windows\ld08.exe
C:\WINDOWS\Temp\wpv291242765100.exe
C:\windows\pp10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPass\iPassConnect SAPVPN\downloader\ipccheck.exe
C:\WINDOWS\system32\CCM\SMSCliUI.exe
C:\Documents and Settings\I045567\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\ld08.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\I045567


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\I045567\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\I045567\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\I045567\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: 870159.dll
BHO: 870159 Class - {9E263D08-4127-4B99-9043-4FB044E6FCBC}
BHO CLSID TypeLib: {E63648F7-3933-440E-AAAA-A8584DD7B7EB}
Corrected TypeLib: {E63648F7-3933-440E-B4F6-A8584DD7B7EB}
Interface: {F7D09218-46D7-4D3D-9B7F-315204CD0836}


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240

Description: TeamViewer VPN Adapter - Packet Scheduler Miniport
DNS Server Search Order: 10.17.122.10

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2F7917AB-F986-4B26-A509-544B9292092F}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{70FC1D69-78FD-4EE9-BF16-91735E5833DE}: DhcpNameServer=10.17.122.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2F7917AB-F986-4B26-A509-544B9292092F}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{70FC1D69-78FD-4EE9-BF16-91735E5833DE}: DhcpNameServer=10.17.122.10
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2F7917AB-F986-4B26-A509-544B9292092F}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{70FC1D69-78FD-4EE9-BF16-91735E5833DE}: DhcpNameServer=10.17.122.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
Utilisateur anonyme
21 mai 2009 à 22:32
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
0
Réponse 6 / 24
Parrain8275 Messages postés 13 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 22 mai 2009
21 mai 2009 à 22:40
Voila le rapport

SmitFraudFix v2.416

Scan done at 22:33:32,21, 21/05/2009
Run from C:\Documents and Settings\I045567\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost loopback
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
...

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\ld08.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\system32\870159\870159.dll deleted.
C:\WINDOWS\system32\870159\ deleted.


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240

Description: TeamViewer VPN Adapter - Packet Scheduler Miniport
DNS Server Search Order: 10.17.122.10

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2F7917AB-F986-4B26-A509-544B9292092F}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{70FC1D69-78FD-4EE9-BF16-91735E5833DE}: DhcpNameServer=10.17.122.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2F7917AB-F986-4B26-A509-544B9292092F}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{70FC1D69-78FD-4EE9-BF16-91735E5833DE}: DhcpNameServer=10.17.122.10
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2F7917AB-F986-4B26-A509-544B9292092F}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{70FC1D69-78FD-4EE9-BF16-91735E5833DE}: DhcpNameServer=10.17.122.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 7 / 24
Utilisateur anonyme
21 mai 2009 à 22:41
• Télécharge et install UsbFix

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau .

• Choisis l'option 1 ( Recherche )

• Laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
0
Réponse 8 / 24
Parrain8275 Messages postés 13 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 22 mai 2009
21 mai 2009 à 22:49
############################## [ UsbFix V3.024 # Scan ]

# User : Ma # LVLN60168007A
# Update on 21/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 22:47:02 | 21/05/2009

# Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled

# C:\ # Local Fixed Disk # 74,53 Go (55,16 Go free) [Local ] # NTFS
# D:\ # CD-ROM Disc
# E:\ # Removable Disk # 982,29 Mo (824,12 Mo free) # FAT32
# F:\ # Local Fixed Disk # 465,76 Go (259,73 Go free) [Iomega HDD] # NTFS

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\iPass\iPassConnect SAPVPN\iPCAgent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\Temp\wpv291242765100.exe
C:\windows\pp10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPass\iPassConnect SAPVPN\downloader\ipccheck.exe
C:\WINDOWS\system32\CCM\SMSCliUI.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="www.google.fr/"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="I045567"
HKLM_logon: "AltDefaultUserName"="I045567"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: McAfeeUpdaterUI="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
HKLM_Run: ShStatEXE="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
HKLM_Run: SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
HKLM_Run: TPHOTKEY=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
HKLM_Run: EZEJMNAP=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
HKLM_Run: TpShocks=TpShocks.exe
HKLM_Run: SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM_Run: TPFNF7=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
HKLM_Run: PWRMGRTR=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM_Run: BLOG=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM_Run: KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
HKLM_Run: BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: HP Software Update="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
HKLM_Run: HP Component Manager="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HKLM_Run: HPDJ Taskbar Utility=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
HKLM_Run: sysldtray=C:\windows\ld08.exe
HKLM_Run: PromoReg=C:\WINDOWS\Temp\wpv291242765100.exe
HKLM_Run: pp=C:\windows\pp10.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: Communicator="C:\Program Files\Microsoft Office Communicator\Communicator.exe"
HKCU_Run: MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
HKCU_Run: SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINDOWS\system32\tmp.reg

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "pp"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "PromoReg"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "sysldtray"
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll
Found ! HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

################## [ Registre # Mountpoints2 ]


################## [ Informations ]


################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.024 ! ]
0
Réponse 9 / 24
Utilisateur anonyme
21 mai 2009 à 22:54
• Double clic sur le raccourci UsbFix présent sur ton bureau

• choisis l'option 2 ( Suppression )

• Ton bureau disparaitra et le pc redémarrera .

• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


#########################


Telecharge malwarebytes
https://www.malwarebytes.com/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log
0
Réponse 10 / 24
Parrain8275 Messages postés 13 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 22 mai 2009
21 mai 2009 à 23:08
Voila Chiquitine :

Rapport de ton programme :


############################## [ UsbFix V3.024 # Cleaning ]

# User : Ma () # LVLN60168007A
# Update on 21/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 22:57:50 | 21/05/2009

# Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled

# C:\ # Local Fixed Disk # 74,53 Go (55,21 Go free) [Local ] # NTFS
# D:\ # CD-ROM Disc
# E:\ # Removable Disk # 982,29 Mo (824,1 Mo free) # FAT32
# F:\ # Local Fixed Disk # 465,76 Go (259,73 Go free) [Iomega HDD] # NTFS

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\iPass\iPassConnect SAPVPN\iPCAgent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\msra32.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ansiv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\WINDOWS\system32\tmp.reg

################## [ Registre # Clés Run infectieuses ]

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "pp"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "PromoReg"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "sysldtray"
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll
# HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !

################## [ Registre # Mountpoints2 ]


################## [ Listing des fichiers présent ]

[20/03/2008 03:37|--a------|113] - C:\APPSRV.INI
[09/05/2007 22:06|--a------|0] - C:\AUTOEXEC.BAT
[23/03/2009 18:13|-rahs----|215] - C:\boot.ini
[21/05/2009 20:53|--a------|7583] - C:\Bug.txt
[09/10/2008 19:21|--a------|468] - C:\comply.ini
[09/05/2007 22:06|--a------|0] - C:\CONFIG.SYS
[06/05/2009 10:56|--a------|2538] - C:\hpfr5100.log
[09/05/2007 22:06|-rahs----|0] - C:\IO.SYS
[20/03/2008 16:18|--a------|1209] - C:\IPC.LOG
[21/05/2009 22:57|--a------|14998] - C:\Log.txt
[09/05/2007 22:06|-rahs----|0] - C:\MSDOS.SYS
[04/08/2004 14:00|-rahs----|47564] - C:\NTDETECT.COM
[04/08/2004 14:00|-rahs----|250032] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[21/05/2009 22:37|--a------|3292] - C:\rapport 2.txt
[21/05/2009 22:37|--a------|3292] - C:\rapport.txt
[21/05/2009 22:59|--a------|9077] - C:\UsbFix.txt
[24/04/2009 08:00|--ah-----|4096] - E:\._.Trashes
[25/04/2009 10:55|--ah-----|82] - E:\._DSC_0044arr.jpg
[25/04/2009 10:55|--ah-----|82] - E:\._DSC_0044arrexpo.jpg
[25/04/2009 10:55|--ah-----|82] - E:\._DSC_0044net.jpg
[25/04/2009 10:55|--ah-----|82] - E:\._DSC_0044sep.jpg
[25/04/2009 09:42|--ah-----|82] - E:\._MyPicture.7jpg.jpg
[25/04/2009 09:41|--ah-----|82] - E:\._MyPicture.jpg
[25/04/2009 09:41|--ah-----|82] - E:\._MyPicture2.jpg
[25/04/2009 09:42|--ah-----|82] - E:\._MyPicture3.jpg
[25/04/2009 09:42|--ah-----|82] - E:\._MyPicture4.jpg
[25/04/2009 09:42|--ah-----|82] - E:\._MyPicture5.jpg
[25/04/2009 09:42|--ah-----|82] - E:\._MyPicture6.jpg
[25/04/2009 09:42|--ah-----|82] - E:\._MyPicture8.jpg
[25/04/2009 13:17|--ah-----|82] - E:\._Recents.plist
[25/04/2009 13:20|--ah-----|24580] - E:\.DS_Store
[21/05/2009 21:33|--a------|812344] - E:\HJTInstall.exe
[21/05/2009 22:13|--a------|19199] - E:\info.txt
[21/05/2009 12:22|--a------|128719] - E:\install_www--2807-spybotsd.exe
[21/05/2009 22:13|--a------|39057] - E:\log.txt
[21/05/2009 21:19|--a------|2967800] - E:\mbam-setup.exe
[29/02/2004 17:44|--a------|52576] - E:\orange.bmp
[21/05/2009 22:37|--a------|3292] - E:\rapport 2.txt
[21/05/2009 22:28|--a------|7254] - E:\rapport.txt
[21/05/2009 22:05|--a------|781909] - E:\RSIT.exe
[21/05/2009 22:22|--a------|1883662] - E:\SmitfraudFix.exe
[21/05/2009 12:44|--a------|16409960] - E:\spybotsd162.exe
[21/05/2009 22:44|--a------|709706] - E:\UsbFix.exe
[21/05/2009 22:49|--a------|12481] - E:\UsbFix.txt

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# E:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# F:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## [ Informations ]


################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.024 ! ]



Rapport de malware

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2163
Windows 5.1.2600 Service Pack 2

21/05/2009 23:06:07
mbam-log-2009-05-21 (23-06-07).txt

Type de recherche: Examen rapide
Eléments examinés: 84995
Temps écoulé: 2 minute(s), 31 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 47
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digiwet.dll -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\digiwet.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\st_1242920586.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\st_1242925968.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\pp10.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
0
Réponse 11 / 24
Utilisateur anonyme
21 mai 2009 à 23:10
réouvre malewarebytes , va sur quarantaine et supprime tout .

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.
0
Réponse 12 / 24
Parrain8275 Messages postés 13 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 22 mai 2009
21 mai 2009 à 23:18
LA recherche de mises ajour n'entraine rien....

J'appuie sur le bouton, et rien en de fait.

Je suis boien connecté à INternet, et ais bien choisi la mise a jour via jucheck...
0
Réponse 13 / 24
Utilisateur anonyme
21 mai 2009 à 23:22
ok , verifie si java est a jour : https://www.java.com/fr/download/uninstalltool.jsp

ensuite refais un scan RSIT et post log.txt stp
0
Réponse 14 / 24
Parrain8275 Messages postés 13 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 22 mai 2009
21 mai 2009 à 23:30
il me dit que java n'est pas a jour....
que le plug 1.4.2_16 n'est pas installé correctement...

0
Réponse 15 / 24
Utilisateur anonyme
21 mai 2009 à 23:35
ok alors met java a jours stp ,

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.


* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

0
Réponse 16 / 24
Parrain8275 Messages postés 13 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 22 mai 2009
21 mai 2009 à 23:42
Java est a jour desormais....

Le rapport Toolbar est le suivant :


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz )
BIOS : Phoenix FirstBIOS(tm) Notebook Pro Version 2.0 for ThinkPad
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:74 Go (Free:55 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT32 - Total:982 Mo (Free:0 Go)
F:\ (Local Disk) - NTFS - Total:465 Go (Free:260 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 21/05/2009|23:41 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..



1 - "C:\ToolBar SD\TB_1.txt" - 21/05/2009|23:42 - Option : [1]

-----------\\ Fin du rapport a 23:42:04,79
0
Réponse 17 / 24
Utilisateur anonyme
21 mai 2009 à 23:56
double clic sur ce fichier : C:\Program Files\trend micro\I045567.exe (hijackthis)

choisis "do a system scan only"

coches ces lignes :

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: 870159 helper - {9E263D08-4127-4B99-9043-4FB044E6FCBC} - C:\WINDOWS\system32\870159\870159.dll (file missing)

O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: NM_conf.vbs (User 'Default user')

O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} (F5 Networks Certificate Checker) - file://C:/Program Files/F5 VPN/F5_TMP/f5certchk.cab
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://connectwdf06.sap.com/vdesk/cachecleaner.cab#version=6030,2008,1031,2105
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://connectwdf06.sap.com/vdesk/terminal/urxvpn.cab#version=6030,2008,1031,2121
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://connectwdf06.sap.com/vdesk/terminal/f5tunsrv.cab#version=6030,2008,1126,1048
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - http://connectwdf06.sap.com/
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - http://connectwdf06.sap.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks Static Application Tunnel Control) - file://C:/Program Files/F5 VPN/F5_TMP/urTermProxy.cab
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - file://C:/Program Files/F5 VPN/F5_TMP/msrdp.cab
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - file://C:/Program Files/F5 VPN/F5_TMP/vdeskctrl.cab
O16 - DPF: {B8693DEF-98AC-43FC-AA00-E7D728334C80} (F5 Networks 5250 Terminal emulator) - file://C:/Program Files/F5 VPN/F5_TMP/ur5250x.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://connectwdf06.sap.com/vdesk/terminal/urxshost.cab#version=6030,2008,1031,2112
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://connectwdf06.sap.com/vdesk/terminal/urxhost.cab#version=6030,2008,1031,2108
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - http://connectwdf06.sap.com/
O16 - DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} (URVNCX Class) - file://C:/Program Files/F5 VPN/F5_TMP/urvncx.cab
O16 - DPF: {EE5E646C-4D96-4DAD-A362-C210B507A0B2} (SAP KM DocService Control) - https://portal.wdf.sap.corp/irj/go/km/docs/etc/docservice/DocService.cab


et clic sur fix checked


##############


* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).



Purge de la restauration système
*Désactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
---> Redémarre ton PC ...

*Réactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarre ton PC ...

( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).



Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924


0
Réponse 18 / 24
Parrain8275 Messages postés 13 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 22 mai 2009
22 mai 2009 à 00:07
[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

0
Réponse 19 / 24
Parrain8275 Messages postés 13 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 22 mai 2009
22 mai 2009 à 00:08
[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

0
Réponse 20 / 24
Utilisateur anonyme
22 mai 2009 à 00:09
supprime combofix de ton bureau .


si tu n as pas d autres soucis change le statut du sujet en resolu stp

http://www.commentcamarche.net/faq/sujet 11365 marquer un fil de discussion comme etant resolu

0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Virus MSN Tinyurl
djkifkif -
matt56430 -

8 réponses