Sujet Précédent Sujet Suivant

SOS virus blocant tout mes antivirus...

Résolu/Fermé
damien - 25 mai 2009 à 14:16
fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 - 28 mai 2009 à 16:21
Bonjour,
j'ai un gros souci avec mon ordi. je me suis rendu compte que mon antivirus avast ( version enregistrée) ne fonctionne plus. mon icone avast a également disparu.
j'ai essayer de desinstaler puis reinstaler, mais aucun changement. mon centre de sécurité m'indique qu'il n'y a pas d'antivirus sur mon ordi.
j'ai donc essayé d'installer un autre antivirus ( antivir) mais celui ci reste inactif ( lorsque je double clic sur l'icone da l'antivirus, rien ne se passe).
j'ai essayé de resoudre mon probleme en me renseignement sur google mais rien n'y fait, je n'y arrive pas.
j'ai telecharger hijack, mais pareil, lorsque je double clic dessus, rien ne se passe...

aider moi s'il vous plait, car je n'aimerais pas devoir formater mon PC!!!!

merci beaucoup

j'utilise windows xp avec Service pack toujours mis à jour jusqu'à maintenant...
A voir également:

32 réponses

  • 1
  • 2
Réponse 1 / 32
fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
25 mai 2009 à 15:26
5 réponses et personne n'a aidé!

**********************************************************
********************* Option 1 (Recherche) *********************
**********************************************************

Télécharge FindyKill de Chiquitine29

▶ Lance l'installation avec les paramètres par défaut

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectés (!) sans les ouvrir (!)


▶ Double clic sur le raccourci FindyKill sur ton bureau

▶ Choisissez F pour Français puis pressez Entrée

▶ Au menu principal,choisis l'option 1 (Recherche)

▶ Poste le rapport FindyKill.txt

Note: le rapport FindyKill.txt est sauvegardé a la racine du disque

Tutoriel installation

Tutoriel recherche
1
Réponse 2 / 32
lolo28300 Messages postés 2927 Date d'inscription vendredi 23 novembre 2007 Statut Membre Dernière intervention 3 février 2010 441
25 mai 2009 à 14:17
Essaye de faire une analyse de ton antivirus ou en installant Spybot Search & Destroy (ne pas oublier de mettre à jour avant toute analyse) en mode sans échec (touche F8 au démarrage)
0
Réponse 3 / 32
damien
25 mai 2009 à 15:08
re

je viens de faire un spybot en mode sans echec, mais il ne m'a rien trouvé... et j'ai toujours mon problème
0
Réponse 4 / 32
lolo28300 Messages postés 2927 Date d'inscription vendredi 23 novembre 2007 Statut Membre Dernière intervention 3 février 2010 441
25 mai 2009 à 15:18
Pourrais-tu dire quel était ton problème et comment l'as-tu résolu !
Merci d'avance pour d'autres internautes qui auront ce problèmes et qui grâce à toi, si tu expliques la solution, l'auront résolu :)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 32
damien
25 mai 2009 à 15:23
non je n'ai pas résolu mon problème. impossible de faire fonctionner un antivirus. merci de m'aider
0
Réponse 6 / 32
lolo28300 Messages postés 2927 Date d'inscription vendredi 23 novembre 2007 Statut Membre Dernière intervention 3 février 2010 441
25 mai 2009 à 15:24
J'avais mal lu votre phrase, désolé !
0
Réponse 7 / 32
lolo28300 Messages postés 2927 Date d'inscription vendredi 23 novembre 2007 Statut Membre Dernière intervention 3 février 2010 441
25 mai 2009 à 15:25
J'avais mal lu votre phrase, désolé !
0
Réponse 8 / 32
damien
25 mai 2009 à 15:34
bonjour..

voici le rapport:


############################## [ FindyKill V4.730 ]

# User : Damien (Administrateurs) # DAMIEN-6O2Z7B2S
# Update on 25/05/09 by Chiquitine29
# Start at: 15:33:34 | 2009-05-25
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# Intel(R) Celeron(R) D CPU 3.33GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local # 29.29 Go (7.88 Go free) # NTFS
# D:\ # Disque fixe local # 203.58 Go (1.48 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\jntqn\jntqn.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers / Dossiers infectieux ]


################## [ Infected Temp Files ]


################## [ Registre / Clés infectieuses ]

Found ! HKEY_USERS\S-1-5-21-2025429265-1085031214-725345543-1004\Software\Local AppWizard-Generated Applications\uiytuhjy
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\uiytuhjy
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA


################## [ Recherche dans supports amovibles]


################## [ Registre / Mountpoints2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.730 ! ]
0
fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
25 mai 2009 à 15:39
**********************************************************
********************* Option 2 (Nettoyage) *********************
**********************************************************

▶ Supprime tes cracks et keygens (Surtout le fichier qui t'a infecté).

▶ Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, carte SD, etc...) sans les ouvrir.

▶ Double-clique sur le raccourci FindyKill situé sur ton Bureau (Sous Vista, il faut faire un clic droit sur le raccourci de FindyKill et choisir Exécuter en tant qu'administrateur).

▶ Choisis F pour Français puis presse Entrée.

▶ Au menu principal, choisis l'option 2 (Suppression)

▶ Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

▶ Tutoriel Nettoyage
0
Réponse 9 / 32
damien
25 mai 2009 à 16:00
ok je viens de le faire. voici le rapport:


############################## [ FindyKill V4.730 ]

# User : Damien (Administrateurs) # DAMIEN-6O2Z7B2S
# Update on 25/05/09 by Chiquitine29
# Start at: 15:44:27 | 2009-05-25
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# Intel(R) Celeron(R) D CPU 3.33GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local # 29.29 Go (7.89 Go free) # NTFS
# D:\ # Disque fixe local # 203.58 Go (1.48 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## [ Infected Files \ Folders ]

Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf

################## [ Infected Temp Files ]


################## [ Registry / Infected keys ]

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\uiytuhjy

################## [ Cleaning Removable drives ]


################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2

################## [ Searching Other Infections ]

# -> Nothing found.

################## [ Corrupted files # Re-Installation required ]

C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
C:\WINDOWS\$hf_mig$\KB924496\update\update.exe
C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
C:\WINDOWS\$hf_mig$\KB932168\update\update.exe
C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
C:\WINDOWS\BricoPacks\Crystal Clear\Update.exe
C:\WINDOWS\SoftwareDistribution\Download\011cdeb527c0ded3735dde8070aaf659\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\550530d3b934e720deb3ca1851e75ba0\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\d2a86e41f655ff4548759e4137a0944d\update\update.exe
C:\WINDOWS\system32\dllcache\register.exe

################################### [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! End of Report # FindyKill V4.730 ! ]
0
fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
25 mai 2009 à 16:02
Bien,

Télécharge MalwareBytes' Anti-Malware

▶ Tu l'installe; le programme va se mettre automatiquement a jour.

▶ Une fois a jour, le programme va se lancer; clic sur l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression"

▶ Clique maintenant sur l'onglet recherche et coche la case : "exécuter un examen rapide".

▶ Puis clic sur "rechercher".

▶ Laisse le scanner le PC...

▶ Si des éléments on été trouvés > clic sur supprimer la sélection.

▶ Si il t´es demandé de redémarrer > clic sur "YES".

▶ A la fin un rapport va s´ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport S.T.P.

Note: les rapport sont aussi rangé dans l'onglet Rapport/Log
0
Réponse 10 / 32
damien
25 mai 2009 à 16:17
ok c'est fait.
j'ai supprimé les elements et redemarrer mon pc.

voici le rapport:

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2176
Windows 5.1.2600 Service Pack 3

2009-05-25 16:10:54
mbam-log-2009-05-25 (16-10-54).txt

Type de recherche: Examen rapide
Eléments examinés: 103677
Temps écoulé: 3 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 88
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 11 / 32
fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
25 mai 2009 à 16:21
Télécharge Ad-remover ( de C_XX ) sur ton bureau :

! Déconnecte toi et ferme toutes applications en cours !

• Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

• Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

• Au menu principal choisis l'option "L" et tape sur [entrée] .

• Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin , sur le forum ...

Aides en images (Installation) : http://pagesperso-orange.fr/NosTools/tuto_ad_r1.html
Aides en images (Recherche) : http://pagesperso-orange.fr/NosTools/tuto_ad_r2.html

Notes:
Le rapport est sauvegardé aussi sous C:\Ad-report.log
"Process.exe", une composante de l'outil, est détecté par certains antivirus :
(AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

0
Réponse 12 / 32
Utilisateur anonyme
25 mai 2009 à 16:23
Merciiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii

pour avoir plus : http://internet1security.blogspot.com/
0
Réponse 13 / 32
damien
25 mai 2009 à 16:40
ok c'est fait: rapport ad remover:





------- RAPPORT D'AD-REMOVER 1.1.4.3 | UNIQUEMENT XP/VISTA -------

Mit à jour part C_XX le 24/05/2009 à 15:20
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

Lancé à: 16:24:55, 2009-05-25 | Mode Normal
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: DAMIEN-6O2Z7B2S
Utilisateur actuel: Damien - Administrator

.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}
HKCR\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
HKCR\SearchSettings.BHO
HKCR\SearchSettings.BHO.1
HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
HKCU\Software\pacificpoker
HKCU\Software\PartyGaming
HKCU\Software\Poker 770
HKCU\Software\pokerinstaller
HKCU\Software\Titan Poker
HKLM\Software\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
HKLM\Software\Poker 770
HKLM\Software\Search Settings
HKLM\Software\Titan Poker
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
.
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest.dev
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.bak
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome\ajtoolbar.jar
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.gif
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.src
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat.bak
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\contents.rdf
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\snipit.js
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\manifest.mf
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.rsa
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.sf
C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
C:\Documents and Settings\Damien\Application Data\Search Settings\kb126
C:\Documents and Settings\Damien\Application Data\Search Settings\kb126\res
C:\Documents and Settings\Damien\Application Data\Search Settings\kb126\temp
C:\Documents and Settings\Damien\Application Data\Search Settings\kb126\temp\ws-14387.log
C:\Documents and Settings\Damien\Application Data\Search Settings\kb126\temp\ws-14388.log
C:\Documents and Settings\Damien\Application Data\Search Settings\kb126\temp\ws-14389.log
C:\Documents and Settings\Damien\Application Data\Search Settings
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\PopSwatter
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\000317CF
C:\Program Files\AskBarDis\bar\Cache\001440C0.bin
C:\Program Files\AskBarDis\bar\Cache\0014440C.bin
C:\Program Files\AskBarDis\bar\Cache\0014462F.bin
C:\Program Files\AskBarDis\bar\Cache\00144871.bin
C:\Program Files\AskBarDis\bar\Cache\00144AA4.bin
C:\Program Files\AskBarDis\bar\Cache\00144CB7.bin
C:\Program Files\AskBarDis\bar\Cache\0060A228.bin
C:\Program Files\AskBarDis\bar\Cache\0060A3DE.bin
C:\Program Files\AskBarDis\bar\Cache\0060A545.bin
C:\Program Files\AskBarDis\bar\Cache\0060A6FB.bin
C:\Program Files\AskBarDis\bar\Cache\0060A862.bin
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\History\search
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
C:\Program Files\AskBarDis\PopSwatter\History
C:\Program Files\AskBarDis\PopSwatter\History\allowed
C:\Program Files\AskBarDis\PopSwatter\History\notallow
C:\Program Files\AskBarDis
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\chrome.manifest
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\install.rdf
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\SKIN
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\DStringsUtils.js
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\IFBHOSearch.idl
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\IFBHOSearch.xpt
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\IFBHOSearchHelperEngine.idl
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\IFBHOSearchHelperEngine.xpt
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\IFHelperPreferences.idl
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\IFHelperPreferences.xpt
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Program Files\Search Settings\kb126
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb126\res
C:\Program Files\Search Settings\kb126\SearchSettings.dll
C:\Program Files\Search Settings\kb126\temp
C:\Program Files\Search Settings
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
C:\WINDOWS\Installer\44c526.msi
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf

(!) -- Fichiers temporaires supprimés.

.
+-----------------| Scan additionnel:
.

---- Mozilla FireFox Version 3.0.10 ----

Nom du profil: lgs3llnl.default (Damien)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.10");
.
.

---- Internet Explorer Version 8.0.6001.18702 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

=========== Suspect (Cracks, Serials ... ) ==========

.
C:\Documents and Settings\Damien\.housecall6.6\patch.exe
[218736 Octet(s)|--a------|2009-05-24 17:01|HashMD5: b9a80ba0083fb8196f8ca0bef053ea4e |CRC32: 12c79c8b]

C:\Documents and Settings\Damien\Mes documents\Mes fichiers re‡us\Xara 3D v6.0 Full Keygen.rar
[23251741 Octet(s)|--a------|2005-07-12 20:47|HashMD5: bd6af6aaf1e1b0ba1ee8348344bc7b26 |CRC32: cd2b4486]


+---------------------------------------------------------------------------+

11506 Octet(s) - C:\Ad-Report-20.9-.5-25.log

17 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
24 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE

Fin à: 16:36:00 | 2009-05-25
.
+-----------------| E.O.F
.
0
Réponse 14 / 32
fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
25 mai 2009 à 16:46
Télécharge Random's System Information Tool (RSIT) par random et sauvegarde-le sur ton Bureau.

* Double-clique sur RSIT.exe afin de lancer RSIT.

* Clique sur Continue à l'écran Disclaimer.

* Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

C:\Documents and Settings\Damien\.housecall6.6\patch.exe
C:\Documents and Settings\Damien\Mes documents\Mes fichiers re‡us\Xara 3D v6.0 Full Keygen.rar

Supprime tes cracks car source de virus
0
Réponse 15 / 32
damien
25 mai 2009 à 16:59
ok. je n'ai qu'un seul rapport, le log.txt
pas de info.txt dans ma barre des taches...



Logfile of random's system information tool 1.06 (written by random/random)
Run by Damien at 2009-05-25 16:56:51
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 8 GB (27%) free of 30 GB
Total RAM: 2039 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57, on 2009-05-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\jntqn\jntqn.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Free Download Manager\fdm.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Downloads\Software\RSIT.exe
C:\Program Files\trend micro\Damien.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [jntqn] C:\Program Files\jntqn\jntqn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2025429265-1085031214-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (file missing) (HKCU)
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Agent de protection d'accès réseau napagent Defrag (napagent Defrag) - Unknown owner - C:\WINDOWS\system32\arpv.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O24 - Desktop Component 0: (no name) - https://www.leblogauto.com/wp-content/uploads/2007/02/plr/Lotus_Exige_police_1_big.jpg
O24 - Desktop Component 2: (no name) - https://www.google.fr/?gws_rd=ssl
0
Réponse 16 / 32
fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
25 mai 2009 à 17:06
Salut!

Télécharge Toolbar S&D ( de Eric_71/Team IDN )

Laisse le te guider pendant l'installation ..

!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !!

▶ choisis F puis valide.

▶ Tapes sur 2 (nettoyage) puis tape sur [Entrée].

*La recherche commence*

▶ Ne touche a rien pendant le scan

▶ Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse

NOTE:
Le rapport est sauvegardé ici -> C:\TB.txt

**************************************************************************

▶ Télécharge UsbFix de C_XX & Chiquitine29

▶ Tutoriel d'installation

▶ Tutoriel recherche

▶ Lance l'installation avec les paramètres par défaut

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectés (!) sans les ouvrir (!)

▶ Double clique sur le raccourci UsbFix sur ton bureau

▶ Choisis l'option 1 (recherche)

▶ Laisse travailler l'outil

Ensuite poste le rapport UsbFix.txt qui apparaîtra
0
Réponse 17 / 32
damien
25 mai 2009 à 17:16
c'est fait

le rapport


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) D CPU 3.33GHz )
BIOS : Default System BIOS
USER : Damien ( Not Administrator ! )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090524-0] 4.8.1335 (Activated)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:7 Go)
D:\ (Local Disk) - NTFS - Total:203 Go (Free:22 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 2009-05-25|17:12 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\INVIT~1\APPLIC~1\Search Settings\kb126
Supprime! - C:\DOCUME~1\INVIT~1\APPLIC~1\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Damien) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Damien) - {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} => wot
(Damien) - {e411bb40-b04c-11d8-92e7-00d09e0179f2} => igraal


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Window Title"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search bar"="http://www.bing.com/spresults.aspx"


--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]

--------------------\\ Suspect ..

C:\WINDOWS\system32\TDSSosvd.dat

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Damien\Application Data\Firaxis Games\Sid Meier's Civilization 4\Assets\Sounds\Units\CrackNeck-000.wav
C:\DOCUME~1\Damien\Application Data\Firaxis Games\Sid Meier's Civilization 4\Assets\Sounds\Units\CrackNeck-001.wav
C:\DOCUME~1\Damien\Application Data\Firaxis Games\Sid Meier's Civilization 4\Assets\Sounds\Units\CrackNeck-002.wav
C:\DOCUME~1\Damien\Application Data\Firaxis Games\Sid Meier's Civilization 4\Assets\Sounds\Units\CrackNeck-003.wav
C:\DOCUME~1\Damien\Application Data\Firaxis Games\Sid Meier's Civilization 4\Assets\Sounds\Units\CrackNeck-004.wav
C:\DOCUME~1\Damien\Mes documents\Downloads\Pokerbility.Online.Poker.Cheat.Tool.IV10IV.Crack.Free.100%.WORKING.zip
C:\DOCUME~1\Damien\Mes documents\Mes fichiers reçus\Xara Menu Maker + Xara3D V6 + XaraWebstyle + Cracks(1).RB0
C:\DOCUME~1\Damien\Mes documents\Mes fichiers reçus\Xara Menu Maker + Xara3D V6 + XaraWebstyle + Cracks(1).zip
C:\DOCUME~1\Damien\Mes documents\Mes fichiers reçus\Xara Menu Maker + Xara3D V6 + XaraWebstyle + Cracks.RB0
C:\DOCUME~1\Damien\Mes documents\Mes fichiers reçus\Xara Menu Maker + Xara3D V6 + XaraWebstyle + Cracks.zip



1 - "C:\ToolBar SD\TB_1.txt" - 2009-05-25|17:13 - Option : [2]

-----------\\ Fin du rapport a 17:13:40.54
0
fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
25 mai 2009 à 17:27
Arrrfffrffff

Télécharge ComboFix de sUBs sur ton bureau


/!\ Outil très puissant,sachez qu'une mauvaise utilisation du programme pourrait entraîner des problèmes dans le fonctionnement normal de votre ordinateur /!\


AVANT d'utiliser ComboFix :

/!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
(!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).


▶ Double clique sur Combofix.exe afin de le lancer (Sous Vista: Clique droit et choisir exécuter en tant qu'administrateur")

▶ Appuies sur la touche 1, pour que le programme commence à s'exécuter et suit les instructions à l'écran

▶ Si il te demande d'installer la console de récupération, Accepte.

/!\ Ne touche a rien pendant le scan /!\

▶ Si il te demande de redémarrer , accepte

▶ Après le redémarrage du PC, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle le dans ton a ta prochaine réponse


(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)

Un tutoriel si besoin

jE REVIENS DEMAIN MATIN.
@+
0
Réponse 18 / 32
damien
25 mai 2009 à 19:01
ok ca marche.
en tout cas merci de m'aider!!! c'est très sympa!!! bonne soirée et à demain


ci joint le rapport combofix


ComboFix 09-05-24.07 - Damien 2009-05-25 17:33.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2039.1471 [GMT 2:00]
Lancé depuis: c:\downloads\Software\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090524-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Damien\Application Data\Google\T-Scan
c:\documents and settings\Damien\Application Data\Google\T-Scan\n.gif
c:\documents and settings\Damien\Application Data\Google\T-Scan\t.gif
c:\documents and settings\Damien\Application Data\Google\T-Scan\y.gif
c:\windows\patch.exe
c:\windows\system32\_id.dat
c:\windows\system32\TDSSosvd.dat

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NAPAGENT_DEFRAG
-------\Legacy_TDSSSERV.SYS
-------\Service_napagent Defrag
-------\Service_TDSSserv.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-04-25 au 2009-05-25 ))))))))))))))))))))))))))))))))))))
.

2009-05-25 15:10 . 2009-05-25 15:13 -------- d-----w C:\ToolBar SD
2009-05-25 14:24 . 2009-05-25 14:36 -------- d-----w c:\program files\Ad-remover
2009-05-25 14:05 . 2009-05-25 14:05 -------- d-----w c:\documents and settings\Damien\Application Data\Malwarebytes
2009-05-25 14:05 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-25 14:05 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 14:05 . 2009-05-25 14:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-25 14:05 . 2009-05-25 14:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 13:32 . 2009-05-25 13:55 -------- d-----w C:\FindyKill
2009-05-25 13:24 . 2009-05-25 13:25 -------- d-----w C:\rsit
2009-05-24 18:08 . 2009-05-24 18:38 -------- d-----w c:\windows\BDOSCAN8
2009-05-24 18:01 . 2009-05-24 18:01 100240 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-24 17:57 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-24 17:57 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-24 17:57 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-24 17:57 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-24 17:57 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
2009-05-24 17:57 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-24 17:57 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-24 17:57 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-24 17:57 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-24 17:47 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-24 15:49 . 2009-05-25 14:56 -------- d-----w c:\program files\Trend Micro
2009-05-24 14:48 . 2009-05-24 14:48 -------- d-sh--w c:\documents and settings\Damien\PrivacIE
2009-05-24 14:47 . 2009-05-24 14:47 -------- d-sh--w c:\documents and settings\Damien\IETldCache
2009-05-24 14:46 . 2009-05-24 14:46 -------- d-----w c:\windows\ie8updates
2009-05-24 14:45 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-24 14:44 . 2009-05-24 14:45 -------- dc-h--w c:\windows\ie8
2009-05-22 07:14 . 2009-05-22 07:14 32 --s-a-w c:\windows\system32\3293728073.dat
2009-05-18 15:38 . 2009-05-18 15:38 -------- d-----w c:\documents and settings\Damien\Application Data\ImgBurn
2009-05-18 15:09 . 2009-05-18 15:09 -------- d-----w c:\program files\ImgBurn
2009-05-18 11:15 . 2009-05-18 11:24 -------- d-----w c:\program files\PC Wizard 2008
2009-05-17 19:04 . 2009-05-17 19:04 -------- d-----w c:\documents and settings\Damien\Local Settings\Application Data\MulletPower
2009-05-16 00:33 . 2009-05-16 00:33 57344 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-61b3398b-n\Decora-SSE.dll
2009-05-16 00:33 . 2009-05-16 00:33 24064 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7db2921d-n\Decora-D3D.dll
2009-05-16 00:33 . 2009-05-16 00:33 315392 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5dabaac3-n\jogl.dll
2009-05-16 00:33 . 2009-05-16 00:33 20480 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5dabaac3-n\jogl_awt.dll
2009-05-16 00:33 . 2009-05-16 00:33 114688 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5dabaac3-n\jogl_cg.dll
2009-05-16 00:33 . 2009-05-16 00:33 20480 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-76dba7b2-n\gluegen-rt.dll
2009-05-16 00:33 . 2009-05-16 00:33 499712 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-28610b75-n\msvcp71.dll
2009-05-16 00:33 . 2009-05-16 00:33 499712 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-28610b75-n\jmc.dll
2009-05-16 00:33 . 2009-05-16 00:33 348160 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-28610b75-n\msvcr71.dll
2009-05-14 17:53 . 2009-05-14 17:53 -------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-05-14 17:53 . 2009-05-14 21:08 -------- d-----w c:\documents and settings\Damien\Application Data\Azureus
2009-05-14 17:52 . 2009-05-18 15:05 -------- d-----w c:\program files\Vuze
2009-05-14 09:45 . 2009-05-14 09:55 -------- d-----w c:\program files\PokerStars
2009-05-08 08:22 . 2009-05-17 17:12 -------- d-----w C:\Poker
2009-05-06 14:15 . 2009-05-25 14:48 -------- d-----w c:\program files\bwin
2009-04-29 09:22 . 2009-04-29 09:21 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-29 09:21 . 2009-04-29 09:21 152576 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-28 08:52 . 2009-04-28 08:55 -------- d-----w c:\program files\RocketDock
2009-04-26 11:54 . 2009-05-13 15:18 -------- d-----w c:\program files\The Adventure Company

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 15:38 . 2008-11-24 17:54 -------- d-----w c:\program files\DNA
2009-05-25 15:38 . 2008-11-24 17:54 -------- d-----w c:\documents and settings\Damien\Application Data\DNA
2009-05-25 15:35 . 2009-03-22 22:11 -------- d-----w c:\documents and settings\Damien\Application Data\Free Download Manager
2009-05-25 15:31 . 2009-03-04 17:56 -------- d-----w c:\documents and settings\Damien\Application Data\BitTorrent
2009-05-25 15:14 . 2008-02-19 10:27 -------- d-----w c:\program files\Mozilla Thunderbird
2009-05-25 14:48 . 2009-03-25 19:26 -------- d-----w c:\program files\ScenicReflections
2009-05-25 14:47 . 2002-08-30 12:00 84526 ----a-w c:\windows\system32\perfc00C.dat
2009-05-25 14:47 . 2002-08-30 12:00 510324 ----a-w c:\windows\system32\perfh00C.dat
2009-05-25 12:05 . 2009-03-25 19:37 -------- d-----w c:\program files\jntqn
2009-05-24 15:12 . 2008-03-10 11:21 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-24 14:47 . 2008-02-15 17:30 100240 -c--a-w c:\documents and settings\Damien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-24 14:41 . 2008-02-15 18:12 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-24 14:40 . 2008-02-15 18:15 -------- d-----w c:\program files\Microsoft Works
2009-05-20 13:10 . 2009-02-04 10:12 -------- d-----w c:\program files\GRATIS
2009-04-29 09:21 . 2008-02-25 13:02 -------- d-----w c:\program files\Java
2009-04-28 08:51 . 2008-03-05 08:34 -------- d-----w c:\program files\eMule
2009-04-19 14:11 . 2009-04-19 14:11 -------- d-----w c:\program files\CCleaner
2009-04-02 16:35 . 2009-04-02 16:35 -------- d-----w c:\program files\MSN Reaper
2009-03-27 10:51 . 2008-03-10 11:21 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-26 17:07 . 2009-03-26 17:07 1607184 ----a-w c:\windows\system32\Aquarium Exotique.scr
2009-03-25 19:37 . 2009-03-25 19:37 118784 ----a-w c:\windows\Web\Wallpaper\Scenic- Beach Scenes Wallpaper dir\uninstall.exe
2009-03-08 02:34 . 2002-08-30 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2002-08-30 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2002-08-30 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2002-08-30 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2002-08-30 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2002-08-30 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2002-08-30 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2002-08-30 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2002-08-30 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2002-08-30 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2002-08-30 12:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-02-25 20:59 . 2009-02-25 20:59 1316096 ----a-w c:\windows\system32\ooscrsav.scr
2009-02-25 20:59 . 2009-02-25 20:59 730368 ----a-w c:\windows\system32\oodsvct.exe
2009-02-25 20:59 . 2009-02-25 20:59 1352960 ----a-w c:\windows\system32\oodag.exe
2009-02-25 20:58 . 2009-02-25 20:58 2553088 ----a-w c:\windows\system32\oodtray.exe
2009-02-25 20:57 . 2009-02-25 20:57 194816 ----a-w c:\windows\system32\oodbs.exe
2009-02-25 20:54 . 2009-02-25 20:54 955648 ----a-w c:\windows\system32\oodtrrs.dll
2009-02-25 20:54 . 2009-02-25 20:54 541952 ----a-w c:\windows\system32\oodssrs.dll
2009-02-25 20:54 . 2009-02-25 20:54 9984 ----a-w c:\windows\system32\oodbsrs.dll
2009-02-25 20:54 . 2009-02-25 20:54 8448 ----a-w c:\windows\system32\oodagrs.dll
2009-02-25 20:54 . 2009-02-25 20:54 17152 ----a-w c:\windows\system32\oodagmg.dll
2007-11-09 14:25 . 2008-09-15 13:56 57344 ----a-w c:\program files\mozilla firefox\components\MGSHelper.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-04 321344]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-01-24 160592]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-02-26 155648]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-02-26 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-06-06 185896]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"jntqn"="c:\program files\jntqn\jntqn.exe" [2007-07-27 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-29 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-05-06 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Damien\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-5-14 344064]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/u 1999-\[u]0/u<?<?<?û?\[u]0/uŸ<Ÿ\[u]0/uOODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Damien^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
path=c:\documents and settings\Damien\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=c:\windows\pss\Y'z Toolbar.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Damien\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mindscape\\Web Creator Pro 3\\FTPCopyDir.exe"=
"c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-05-24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-05-24 20560]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe
HKCU-Run-fsm - (no file)
HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
SafeBoot-procexp90.Sys
SafeBoot-sglfb.sys
SafeBoot-tga.sys


.
------- Examen supplémentaire -------
.
mWindow Title =
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger avec IDM
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Télécharger le contenu de video FLV avec IDM
IE: Télécharger tous les liens avec IDM
Trusted Zone: secuser.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\MGSHelper.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_19.dll
FF - plugin: c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\npfax@microgaming.com\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 17:37
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4a997c2c-8ea0-4de6-a558-142dce9ae901}]
@Denied: (Full) (Everyone)
"Model"=dword:00000050
"Therad"=dword:00000014

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):49,0e,b1,7f,37,bf,b2,f2,b0,86,f6,c4,e0,49,26,70,98,fc,c1,92,a3,
d1,6f,09,4f,23,3b,e7,a7,d8,2c,78,77,5e,32,87,bc,7e,1b,03,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="B289C2B999E5DA628CA99F45260919A466FC4701F7ADF28A7DE7536E27270E38B07035FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74C868638E43F6879BF6B79AB0E96661556EDA02D99EFEFA8C7DD8E84313ED1502FAA414577A42360CE52E09710C2C658AE9C85DF43E279333CA894AD2EE6FAFB04C72BF778133CB47C2996B32C1CA392525BE2AE12915F0358136F45990D448679C81F5F623BC7DABF2B10C0402FFC6B6A50E5ADE0832624974E26D5F454DC84788F9E19757E3E0793036615EBB9B15DA316628751F5BA77F704E2FE8196D7D8EEEFCCDAB5737C467753D51992AF89BA2DB9CCFA49586AB1FACBF47445E1AEBE51AFF1EBE7E5C17570303F4A5C39AC253D3D3FDA71D0665B24B74F7D0A78B943950D79AA9952334906A22939B6B029158B17F70B38B747D100C90A755DCE3AC9B5B6F384186D5AC7C2293A8C51286F56D532D808CB9786461AF7DD4B130ED306B0529400779B21CA3733407C20DF5509DB6B6760A3B282BC852F2A02C0958C038A7533348F785982F5272D58D9D1942062954D34797DFC8DD6CCF3B0BFF4519EC72E4D4E79D3387018DB147E7DA8C963B1F45ABB49A01D66A7A4DE832F72EF8AF47C808E952D55EB3920AFE4494477F01746FD4153766DC7977E39B9EF089D4B9FD31247883D2CA077B45A9641B602B46335CE219E93DC0746936F252AE2F0BBD91CE9E336ED9E0CF7CE18AFAF4933756A65884F73B8BBCBD91494AEC564E30BBBB0135ECC5E700161178CE01D77B94A85EB06D1DE60C114FBA3E05272A2D7B8DF633FC7B9E04AA7DFAA0070DDEFA41E12D2CBC232B60A2FDAD7AE1DA2E5109AE3F63F4330FA3879A29A5F370216EA31EE19FE51819B91C2273C7C320BAC335CEA238E8B2868AA455EEB3B236502E51881AEE73D29A43CC717CF6D4B2628CC791B94C66A5D96F5AE49174AB3A17FD1B9B2FCF6DEC299CE0B6506C832B3BE4C46A0EBA741CCA953AB2089657F970CD1526F5ABCA031F6F42CCCC578C6B3880566283D17053A76DD87232507316BDE6A702717EE00196E3C22926A8C7B6ED4AFD3E58E1B3D2F8896E014BDD10306DB83F850F46810636218B3F9413758EB2365DD10DDE085731EE1A93C9D0A4892216DA3E12A26753FED5E7E4C104FF6FA2AA6A5E01A378F19A989AAE57F986602FCD7FC59DF4AEB9A5B4973598BD089AE54D79F97A8929E71D1B77CE1170C558773D86337349A42ACACF6D5716059515D3C3E96F55F8A8B93717E0F038813231CBBE88A00398158EE95EA416A2CACA51FB68729448C5C42DB165025A16B04717C41667C3DF58C279D7F8A201E02B0F254C741C6CA6FE542E88308D499CE56F42723"
"OODEFRAG11.00.00.01WORKSTATION"="7D12FA4FDD2103344AB82AFDAB8A42B7FC12DF51B2DD4F39C190668182CA08606A037FB1F5E99BB2AD5829A41F06B2163CE5AD7CF9F2EE581B4E90107B72B4485AE739CB65AA4BE31041FE24702EC68EAD30F8184491C4601CE82843401078FC3035640696C78AFD68ACA5AC2EF74170FD08993B63DD005C467B823E881B1261632773AAC5A6C5DE4295CC523C595EB06E4A18657F81CAF9AFE1A786610BB3FB7E3A8AE90632DC85BE39568E50CE48E8D317B6F695293B0B843C5305AB5E0778A1B184573D59A316919C59BC75D8A1551A52FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CA2D97226D213B5554DD010032BC5CADB24ED2425DC526B017A92D0746D22031DA12BCB6C17FEA96B6088ABBA0934932BFB5189CACB41582F8A0C80D8052C9F7E99A87499FED10603222AA673075C64C5495222BD9B325F3D7A69759F6409C730C790367004FC481F23A2DE3331B9E9C55AA2F096A338E1A6F54875925107B12F5509BE8A7AA41E5EA8BF050507EB630A325DCB71328D52AB5CAA9C7F8518293B9E1D1005A916C4222E37A1F77DB827B8877DDEEC878D3DD0C2F4DBB42FD00ADB33397B82CBBE12125F1E8B9DFB051BB4456227ACD93BBD5DEE70758971EB4958D7B1AD288F316B979DF1728DDD5FBC2D0853F8D8D03A07DE5E4B81D36048693E06BBA19E99264D607F1157E2F4F49C0F24767A9D0A53DCA3BD976DF207E58860E9F2A7947F77C4DD4EBE11BA839C5E0D9FD8272A97F39841F2C8F6C5646CD35163D4E43B4CA3F74887A248B942CB3A9FB5EACBB07CACA78E953A32B068250C6C8844D249FE4E1D995D48F904DDA07C0153010E6B33B28CA9EE27089D7A7D88CC20863EF60CBDFD0E349E794675D907321C53E194A75EDA7180B3B2F8F40735D52748460359DC7CA9A5F86C2F1DDA4B73E57E146B3C2DBC0AFC63C3B2A4798C2B4F16E12E423B0A317F90CB70DDACD3CE3C03C235C4BF6FDA4D1F9D40CB2DA4B57B62583F948BADAFC3FDE6BF31F93C8CDC46DF378BDA44130B367899A0A021A34584C67F962504F32742DCD90B93343F3A0E3440CBE7A09E8659E03C4E753EE5F7B61EBBFA013C0E9341A5FCCB6D8037FB89581C38F37CB5441D35A87171C8311696A24570BF985527C08A6ACD9EF90C7BC63C2275AEE6CD7AFBA9621D00A37F5227EE749325F064B26D29EADB630C9947BC23289BEE002394524672D5AC448C17CE6D9F7815B099BBD5F3C6361DB77FA2C0A209B82BFD37B2626866172A37DA7FD760A7A69DD6967CEEAFCE124D109F0412A5264E82A9CDA8D03CCE4FCF18AFDB715C6A186B76BF618EF5D4161D3E2294CF6B624F355F6E7DA8483FDE959B13312CC9D1BBD2"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1568)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
c:\windows\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Heure de fin: 2009-05-25 18:57 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-25 16:57
ComboFix2.txt 2008-03-18 21:07
ComboFix3.txt 2008-03-18 20:50

Avant-CF: 8,479,944,704 octets libres
Après-CF: 8,605,241,344 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

287 --- E O F --- 2009-05-13 19:57
0
Réponse 19 / 32
fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
26 mai 2009 à 10:13
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_TDSSSERV.SYS]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]
File::
C:\WINDOWS\system32\drivers\tdssserv.sys
C:\windows\system32\3293728073.dat
Service::
TDSSserv.sys


- Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)

- Sauvegarde ce fichier sous le nom de CFScript.txt

- Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt

*******************************************************************************
Télécharge Gmer:

http://www.gmer.net#files

tutorial ici

Dezippes gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

Les lignes rouges indiquent la presence d'un rootkit

Ensuite, sur les lignes rouge:

Services:cliques droit delete service
Process:cliques droit kill process
Adl ,file:cliques droit delete files


Une fois que le scan est terminé,avant de supprimer les eventuelles ligne rouges,postes moi le rapport (tu cliques sur copy,puis tu vas dans demarrer de l'ordinateur,puis bloc note,puis edition ,puis collet.Le rapport va apparaitre)

@+
0
Réponse 20 / 32
damien
26 mai 2009 à 14:16
salut

voici le rapport de combofix

je joins le rapport de gmer dans un prochain post


ComboFix 09-05-25.07 - Damien 2009-05-26 12:49.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2039.1423 [GMT 2:00]
Lancé depuis: c:\documents and settings\Damien\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Damien\Mes documents\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090525-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\3293728073.dat"
"c:\windows\system32\drivers\tdssserv.sys"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\3293728073.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-26 au 2009-05-26 ))))))))))))))))))))))))))))))))))))
.

2009-05-25 15:10 . 2009-05-25 15:13 -------- d-----w C:\ToolBar SD
2009-05-25 14:24 . 2009-05-25 14:36 -------- d-----w c:\program files\Ad-remover
2009-05-25 14:05 . 2009-05-25 14:05 -------- d-----w c:\documents and settings\Damien\Application Data\Malwarebytes
2009-05-25 14:05 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-25 14:05 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 14:05 . 2009-05-25 14:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-25 14:05 . 2009-05-25 14:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 13:32 . 2009-05-25 13:55 -------- d-----w C:\FindyKill
2009-05-25 13:24 . 2009-05-25 13:25 -------- d-----w C:\rsit
2009-05-24 18:08 . 2009-05-24 18:38 -------- d-----w c:\windows\BDOSCAN8
2009-05-24 18:01 . 2009-05-24 18:01 100240 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-24 17:57 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-24 17:57 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-24 17:57 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-24 17:57 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-24 17:57 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
2009-05-24 17:57 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-24 17:57 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-24 17:57 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-24 17:57 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-24 17:47 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-24 15:49 . 2009-05-25 14:56 -------- d-----w c:\program files\Trend Micro
2009-05-24 14:48 . 2009-05-24 14:48 -------- d-sh--w c:\documents and settings\Damien\PrivacIE
2009-05-24 14:47 . 2009-05-24 14:47 -------- d-sh--w c:\documents and settings\Damien\IETldCache
2009-05-24 14:46 . 2009-05-24 14:46 -------- d-----w c:\windows\ie8updates
2009-05-24 14:45 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-24 14:44 . 2009-05-24 14:45 -------- dc-h--w c:\windows\ie8
2009-05-18 15:38 . 2009-05-18 15:38 -------- d-----w c:\documents and settings\Damien\Application Data\ImgBurn
2009-05-18 15:09 . 2009-05-18 15:09 -------- d-----w c:\program files\ImgBurn
2009-05-18 11:15 . 2009-05-18 11:24 -------- d-----w c:\program files\PC Wizard 2008
2009-05-17 19:04 . 2009-05-17 19:04 -------- d-----w c:\documents and settings\Damien\Local Settings\Application Data\MulletPower
2009-05-16 00:33 . 2009-05-16 00:33 57344 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-61b3398b-n\Decora-SSE.dll
2009-05-16 00:33 . 2009-05-16 00:33 24064 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7db2921d-n\Decora-D3D.dll
2009-05-16 00:33 . 2009-05-16 00:33 315392 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5dabaac3-n\jogl.dll
2009-05-16 00:33 . 2009-05-16 00:33 20480 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5dabaac3-n\jogl_awt.dll
2009-05-16 00:33 . 2009-05-16 00:33 114688 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5dabaac3-n\jogl_cg.dll
2009-05-16 00:33 . 2009-05-16 00:33 20480 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-76dba7b2-n\gluegen-rt.dll
2009-05-16 00:33 . 2009-05-16 00:33 499712 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-28610b75-n\msvcp71.dll
2009-05-16 00:33 . 2009-05-16 00:33 499712 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-28610b75-n\jmc.dll
2009-05-16 00:33 . 2009-05-16 00:33 348160 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-28610b75-n\msvcr71.dll
2009-05-14 17:53 . 2009-05-14 17:53 -------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-05-14 17:53 . 2009-05-14 21:08 -------- d-----w c:\documents and settings\Damien\Application Data\Azureus
2009-05-14 17:52 . 2009-05-18 15:05 -------- d-----w c:\program files\Vuze
2009-05-14 09:45 . 2009-05-14 09:55 -------- d-----w c:\program files\PokerStars
2009-05-08 08:22 . 2009-05-17 17:12 -------- d-----w C:\Poker
2009-05-06 14:15 . 2009-05-25 14:48 -------- d-----w c:\program files\bwin
2009-04-29 09:22 . 2009-04-29 09:21 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-29 09:21 . 2009-04-29 09:21 152576 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-28 08:52 . 2009-04-28 08:55 -------- d-----w c:\program files\RocketDock
2009-04-26 11:54 . 2009-05-13 15:18 -------- d-----w c:\program files\The Adventure Company

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 10:52 . 2009-03-22 22:11 -------- d-----w c:\documents and settings\Damien\Application Data\Free Download Manager
2009-05-26 10:47 . 2009-03-04 17:56 -------- d-----w c:\documents and settings\Damien\Application Data\BitTorrent
2009-05-26 10:42 . 2008-11-24 17:54 -------- d-----w c:\documents and settings\Damien\Application Data\DNA
2009-05-26 07:48 . 2008-02-19 10:27 -------- d-----w c:\program files\Mozilla Thunderbird
2009-05-26 07:02 . 2009-03-25 19:37 -------- d-----w c:\program files\jntqn
2009-05-26 07:02 . 2008-11-24 17:54 -------- d-----w c:\program files\DNA
2009-05-25 14:48 . 2009-03-25 19:26 -------- d-----w c:\program files\ScenicReflections
2009-05-25 14:47 . 2002-08-30 12:00 84526 ----a-w c:\windows\system32\perfc00C.dat
2009-05-25 14:47 . 2002-08-30 12:00 510324 ----a-w c:\windows\system32\perfh00C.dat
2009-05-24 15:12 . 2008-03-10 11:21 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-24 14:47 . 2008-02-15 17:30 100240 -c--a-w c:\documents and settings\Damien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-24 14:41 . 2008-02-15 18:12 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-24 14:40 . 2008-02-15 18:15 -------- d-----w c:\program files\Microsoft Works
2009-05-20 13:10 . 2009-02-04 10:12 -------- d-----w c:\program files\GRATIS
2009-04-29 09:21 . 2008-02-25 13:02 -------- d-----w c:\program files\Java
2009-04-28 08:51 . 2008-03-05 08:34 -------- d-----w c:\program files\eMule
2009-04-19 14:11 . 2009-04-19 14:11 -------- d-----w c:\program files\CCleaner
2009-04-02 16:35 . 2009-04-02 16:35 -------- d-----w c:\program files\MSN Reaper
2009-03-26 17:07 . 2009-03-26 17:07 1607184 ----a-w c:\windows\system32\Aquarium Exotique.scr
2009-03-25 19:37 . 2009-03-25 19:37 118784 ----a-w c:\windows\Web\Wallpaper\Scenic- Beach Scenes Wallpaper dir\uninstall.exe
2009-03-08 02:34 . 2002-08-30 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2002-08-30 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2002-08-30 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2002-08-30 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2002-08-30 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2002-08-30 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2002-08-30 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2002-08-30 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2002-08-30 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2002-08-30 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2002-08-30 12:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-02-25 20:59 . 2009-02-25 20:59 1316096 ----a-w c:\windows\system32\ooscrsav.scr
2009-02-25 20:59 . 2009-02-25 20:59 730368 ----a-w c:\windows\system32\oodsvct.exe
2009-02-25 20:59 . 2009-02-25 20:59 1352960 ----a-w c:\windows\system32\oodag.exe
2009-02-25 20:58 . 2009-02-25 20:58 2553088 ----a-w c:\windows\system32\oodtray.exe
2009-02-25 20:57 . 2009-02-25 20:57 194816 ----a-w c:\windows\system32\oodbs.exe
2009-02-25 20:54 . 2009-02-25 20:54 955648 ----a-w c:\windows\system32\oodtrrs.dll
2009-02-25 20:54 . 2009-02-25 20:54 541952 ----a-w c:\windows\system32\oodssrs.dll
2009-02-25 20:54 . 2009-02-25 20:54 9984 ----a-w c:\windows\system32\oodbsrs.dll
2009-02-25 20:54 . 2009-02-25 20:54 8448 ----a-w c:\windows\system32\oodagrs.dll
2009-02-25 20:54 . 2009-02-25 20:54 17152 ----a-w c:\windows\system32\oodagmg.dll
2007-11-09 14:25 . 2008-09-15 13:56 57344 ----a-w c:\program files\mozilla firefox\components\MGSHelper.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-25_15.38.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-26 07:00 . 2009-05-26 07:00 16384 c:\windows\TEMP\Perflib_Perfdata_598.dat
+ 2009-05-26 07:00 . 2009-05-26 07:00 16384 c:\windows\TEMP\Perflib_Perfdata_42c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-04 321344]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-01-24 160592]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-02-26 155648]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-02-26 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-06-06 185896]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"jntqn"="c:\program files\jntqn\jntqn.exe" [2007-07-27 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-29 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-05-06 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Damien\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-5-14 344064]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/u 1999-\[u]0/u<?<?<?û?\[u]0/uŸ<Ÿ\[u]0/uOODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Damien^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
path=c:\documents and settings\Damien\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=c:\windows\pss\Y'z Toolbar.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Damien\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mindscape\\Web Creator Pro 3\\FTPCopyDir.exe"=
"c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-05-24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-05-24 20560]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger avec IDM
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Télécharger le contenu de video FLV avec IDM
IE: Télécharger tous les liens avec IDM
Trusted Zone: secuser.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\MGSHelper.dll
FF - plugin: c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\npfax@microgaming.com\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 12:51
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4a997c2c-8ea0-4de6-a558-142dce9ae901}]
@Denied: (Full) (Everyone)
"Model"=dword:00000050
"Therad"=dword:00000014

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):49,0e,b1,7f,37,bf,b2,f2,b0,86,f6,c4,e0,49,26,70,98,fc,c1,92,a3,
d1,6f,09,4f,23,3b,e7,a7,d8,2c,78,77,5e,32,87,bc,7e,1b,03,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="B289C2B999E5DA628CA99F45260919A466FC4701F7ADF28A7DE7536E27270E38B07035FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74C868638E43F6879BF6B79AB0E96661556EDA02D99EFEFA8C7DD8E84313ED1502FAA414577A42360CE52E09710C2C658AE9C85DF43E279333CA894AD2EE6FAFB04C72BF778133CB47C2996B32C1CA392525BE2AE12915F0358136F45990D448679C81F5F623BC7DABF2B10C0402FFC6B6A50E5ADE0832624974E26D5F454DC84788F9E19757E3E0793036615EBB9B15DA316628751F5BA77F704E2FE8196D7D8EEEFCCDAB5737C467753D51992AF89BA2DB9CCFA49586AB1FACBF47445E1AEBE51AFF1EBE7E5C17570303F4A5C39AC253D3D3FDA71D0665B24B74F7D0A78B943950D79AA9952334906A22939B6B029158B17F70B38B747D100C90A755DCE3AC9B5B6F384186D5AC7C2293A8C51286F56D532D808CB9786461AF7DD4B130ED306B0529400779B21CA3733407C20DF5509DB6B6760A3B282BC852F2A02C0958C038A7533348F785982F5272D58D9D1942062954D34797DFC8DD6CCF3B0BFF4519EC72E4D4E79D3387018DB147E7DA8C963B1F45ABB49A01D66A7A4DE832F72EF8AF47C808E952D55EB3920AFE4494477F01746FD4153766DC7977E39B9EF089D4B9FD31247883D2CA077B45A9641B602B46335CE219E93DC0746936F252AE2F0BBD91CE9E336ED9E0CF7CE18AFAF4933756A65884F73B8BBCBD91494AEC564E30BBBB0135ECC5E700161178CE01D77B94A85EB06D1DE60C114FBA3E05272A2D7B8DF633FC7B9E04AA7DFAA0070DDEFA41E12D2CBC232B60A2FDAD7AE1DA2E5109AE3F63F4330FA3879A29A5F370216EA31EE19FE51819B91C2273C7C320BAC335CEA238E8B2868AA455EEB3B236502E51881AEE73D29A43CC717CF6D4B2628CC791B94C66A5D96F5AE49174AB3A17FD1B9B2FCF6DEC299CE0B6506C832B3BE4C46A0EBA741CCA953AB2089657F970CD1526F5ABCA031F6F42CCCC578C6B3880566283D17053A76DD87232507316BDE6A702717EE00196E3C22926A8C7B6ED4AFD3E58E1B3D2F8896E014BDD10306DB83F850F46810636218B3F9413758EB2365DD10DDE085731EE1A93C9D0A4892216DA3E12A26753FED5E7E4C104FF6FA2AA6A5E01A378F19A989AAE57F986602FCD7FC59DF4AEB9A5B4973598BD089AE54D79F97A8929E71D1B77CE1170C558773D86337349A42ACACF6D5716059515D3C3E96F55F8A8B93717E0F038813231CBBE88A00398158EE95EA416A2CACA51FB68729448C5C42DB165025A16B04717C41667C3DF58C279D7F8A201E02B0F254C741C6CA6FE542E88308D499CE56F42723"
"OODEFRAG11.00.00.01WORKSTATION"="7D12FA4FDD2103344AB82AFDAB8A42B7FC12DF51B2DD4F39C190668182CA08606A037FB1F5E99BB2AD5829A41F06B2163CE5AD7CF9F2EE581B4E90107B72B4485AE739CB65AA4BE31041FE24702EC68EAD30F8184491C4601CE82843401078FC3035640696C78AFD68ACA5AC2EF74170FD08993B63DD005C467B823E881B1261632773AAC5A6C5DE4295CC523C595EB06E4A18657F81CAF9AFE1A786610BB3FB7E3A8AE90632DC85BE39568E50CE48E8D317B6F695293B0B843C5305AB5E0778A1B184573D59A316919C59BC75D8A1551A52FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CA2D97226D213B5554DD010032BC5CADB24ED2425DC526B017A92D0746D22031DA12BCB6C17FEA96B6088ABBA0934932BFB5189CACB41582F8A0C80D8052C9F7E99A87499FED10603222AA673075C64C5495222BD9B325F3D7A69759F6409C730C790367004FC481F23A2DE3331B9E9C55AA2F096A338E1A6F54875925107B12F5509BE8A7AA41E5EA8BF050507EB630A325DCB71328D52AB5CAA9C7F8518293B9E1D1005A916C4222E37A1F77DB827B8877DDEEC878D3DD0C2F4DBB42FD00ADB33397B82CBBE12125F1E8B9DFB051BB4456227ACD93BBD5DEE70758971EB4958D7B1AD288F316B979DF1728DDD5FBC2D0853F8D8D03A07DE5E4B81D36048693E06BBA19E99264D607F1157E2F4F49C0F24767A9D0A53DCA3BD976DF207E58860E9F2A7947F77C4DD4EBE11BA839C5E0D9FD8272A97F39841F2C8F6C5646CD35163D4E43B4CA3F74887A248B942CB3A9FB5EACBB07CACA78E953A32B068250C6C8844D249FE4E1D995D48F904DDA07C0153010E6B33B28CA9EE27089D7A7D88CC20863EF60CBDFD0E349E794675D907321C53E194A75EDA7180B3B2F8F40735D52748460359DC7CA9A5F86C2F1DDA4B73E57E146B3C2DBC0AFC63C3B2A4798C2B4F16E12E423B0A317F90CB70DDACD3CE3C03C235C4BF6FDA4D1F9D40CB2DA4B57B62583F948BADAFC3FDE6BF31F93C8CDC46DF378BDA44130B367899A0A021A34584C67F962504F32742DCD90B93343F3A0E3440CBE7A09E8659E03C4E753EE5F7B61EBBFA013C0E9341A5FCCB6D8037FB89581C38F37CB5441D35A87171C8311696A24570BF985527C08A6ACD9EF90C7BC63C2275AEE6CD7AFBA9621D00A37F5227EE749325F064B26D29EADB630C9947BC23289BEE002394524672D5AC448C17CE6D9F7815B099BBD5F3C6361DB77FA2C0A209B82BFD37B2626866172A37DA7FD760A7A69DD6967CEEAFCE124D109F0412A5264E82A9CDA8D03CCE4FCF18AFDB715C6A186B76BF618EF5D4161D3E2294CF6B624F355F6E7DA8483FDE959B13312CC9D1BBD2"
.
Heure de fin: 2009-05-26 14:03
ComboFix-quarantined-files.txt 2009-05-26 12:03
ComboFix2.txt 2009-05-25 16:57
ComboFix3.txt 2008-03-18 21:07
ComboFix4.txt 2008-03-18 20:50

Avant-CF: 8,617,926,656 octets libres
Après-CF: 8,606,597,120 octets libres

236 --- E O F --- 2009-05-13 19:57
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
Coco71 -

15 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses