Virus souris
Fermé
tunisie22
Messages postés
36
Date d'inscription
dimanche 26 avril 2009
Statut
Membre
Dernière intervention
14 avril 2010
-
18 juin 2009 à 12:32
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 - 19 juin 2009 à 08:44
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 - 19 juin 2009 à 08:44
A voir également:
- Virus souris
- Pad souris bloqué - Guide
- Youtu.be virus - Accueil - Guide virus
- Autoclick souris - Télécharger - Divers Utilitaires
- Souris inversée - Guide
- Curseur souris disparu - Guide
7 réponses
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
18 juin 2009 à 13:45
18 juin 2009 à 13:45
on va commencer comme cela.
1)pour enlever les fichiers temporaires
a passer tout les 15 jours a peu pres.
• Télécharger CCLeaner et l'installer sur le bureau en refusant l'installation de la barre Yahoo.
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
• Fermer toutes les applications
• Lancer CCLeaner
S'il n'est pas en Français cliquer sur Options, Setting, Language
et sélectionner Français
• cocher dans le menu Nettoyeur - onglet Windows :
Internet Explorer: Fichiers Internet Temporaires, Cookies
• Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
• Avancé: Vieilles données du Prefetch
• Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
• Cocher dans le menu Nettoyeur - onglet Applications : Internet: Sun Java
• Cocher , si cela est possible, dans le menu Nettoyeur - onglet Applications :
Firefox/Mozilla: Cache Internet, Cookies
• Click sur Analyse
• Click sur le bouton Lancer le nettoyage dans le menu Nettoyeur.
• Click sur Registre
• Sélectionner tout
• Click sur Chercher des erreurs (En bas)
Une fois le scan terminé sélectionner tout
• Click sur Réparer les erreurs sélectionnées
2)passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
3)refais moi un rapport rsit
1)pour enlever les fichiers temporaires
a passer tout les 15 jours a peu pres.
• Télécharger CCLeaner et l'installer sur le bureau en refusant l'installation de la barre Yahoo.
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
• Fermer toutes les applications
• Lancer CCLeaner
S'il n'est pas en Français cliquer sur Options, Setting, Language
et sélectionner Français
• cocher dans le menu Nettoyeur - onglet Windows :
Internet Explorer: Fichiers Internet Temporaires, Cookies
• Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
• Avancé: Vieilles données du Prefetch
• Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
• Cocher dans le menu Nettoyeur - onglet Applications : Internet: Sun Java
• Cocher , si cela est possible, dans le menu Nettoyeur - onglet Applications :
Firefox/Mozilla: Cache Internet, Cookies
• Click sur Analyse
• Click sur le bouton Lancer le nettoyage dans le menu Nettoyeur.
• Click sur Registre
• Sélectionner tout
• Click sur Chercher des erreurs (En bas)
Une fois le scan terminé sélectionner tout
• Click sur Réparer les erreurs sélectionnées
2)passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
3)refais moi un rapport rsit
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
18 juin 2009 à 12:46
18 juin 2009 à 12:46
colle les rapports que tu as obtenu avec hijack et combo fix. merci.
tunisie22
Messages postés
36
Date d'inscription
dimanche 26 avril 2009
Statut
Membre
Dernière intervention
14 avril 2010
7
18 juin 2009 à 12:49
18 juin 2009 à 12:49
salut totobetourne,
voila le rapport ,de hijackthis:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\NET.exe
C:\WINDOWS\SYSTEM32\NET.exe
C:\WINDOWS\SYSTEM32\net1.exe
C:\WINDOWS\SYSTEM32\net1.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Google Update (gupdate1c9d4d71e538560) (gupdate1c9d4d71e538560) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
voila le rapport ,de hijackthis:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\NET.exe
C:\WINDOWS\SYSTEM32\NET.exe
C:\WINDOWS\SYSTEM32\net1.exe
C:\WINDOWS\SYSTEM32\net1.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Google Update (gupdate1c9d4d71e538560) (gupdate1c9d4d71e538560) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
18 juin 2009 à 12:54
18 juin 2009 à 12:54
pas d infection visible mais ton rapport est bien etrange, il en manque des lignes.
1)as tu execute hijack en mode normal ou en mode sans echec?
2)colle le rapport combofix si tu l as.
3)on va regarder plus en profondeur.
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
1)as tu execute hijack en mode normal ou en mode sans echec?
2)colle le rapport combofix si tu l as.
3)on va regarder plus en profondeur.
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
tunisie22
Messages postés
36
Date d'inscription
dimanche 26 avril 2009
Statut
Membre
Dernière intervention
14 avril 2010
7
18 juin 2009 à 13:10
18 juin 2009 à 13:10
1- j'execute hijackthis en mode normal
2- voila le rapport de combofix
ComboFix 09-06-13.09 - The Devil's MINA 14/06/2009 21:10.21 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.255.89 [GMT 2:00]
Lancé depuis: c:\documents and settings\The Devil's MINA\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090614-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\crss.exe
c:\windows\system32\plugin.dat
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVPsys
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-14 au 2009-06-14 ))))))))))))))))))))))))))))))))))))
.
2009-06-14 15:40 . 2009-06-14 15:40 -------- d-----w- c:\program files\Data Doctor Password Recovery MSN Explorer(Evaluation)
2009-06-14 15:19 . 2009-06-14 15:19 -------- d-----w- c:\program files\fLover msn klient
2009-06-14 11:09 . 2009-06-14 19:06 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\Skype
2009-06-14 11:07 . 2009-06-14 11:07 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-06-14 11:06 . 2009-06-14 11:08 -------- d-----r- c:\program files\Skype
2009-06-10 20:40 . 2009-06-14 08:40 264704 ----a-w- C:\Oute.exe
2009-06-10 14:24 . 2009-01-12 12:23 -------- d-----w- C:\La Faute De Voltaire by dramanouti for www.tunisia-sat.com
2009-06-09 16:15 . 2009-06-09 16:03 54544 ----a-w- c:\windows\system32\ieshwiz.exe
2009-06-08 09:36 . 2009-06-08 09:52 -------- d-----w- C:\Sexy and Beautiful Arab Girls,Models Hot Gallery
2009-06-08 08:51 . 2009-06-08 08:51 -------- d-----w- c:\program files\Microsoft Windows Security Update
2009-06-04 00:34 . 2009-06-08 10:55 -------- d-----w- c:\documents and settings\The Devil's MINA\dwhelper
2009-06-03 23:41 . 2009-06-03 23:41 -------- d-----w- c:\program files\Hotspot Shield
2009-05-31 21:42 . 2009-05-31 21:44 -------- d-----w- c:\program files\Yahoo!
2009-05-28 16:07 . 2009-05-28 16:07 26128 ----a-w- c:\windows\system32\exploreer.exe
2009-05-28 15:50 . 2009-05-28 15:53 -------- d-----w- C:\CamFrog Pro - with no key pro - Sans code pro
2009-05-28 15:45 . 2009-06-08 08:50 -------- d-----w- C:\Camfrog Video Chat 5.4 +serial
2009-05-28 15:39 . 2009-05-28 15:49 215765 ----a-w- C:\CamFrog Pro - with no key pro - Sans code pro.zip
2009-05-28 15:26 . 2009-05-28 15:50 12658176 ----a-w- C:\Camfrog Video Chat 5.3 Build 206 pro .exe
2009-05-25 15:55 . 2009-05-28 15:25 -------- d-----w- C:\Bob Marley - Discography
2009-05-24 22:08 . 2009-05-24 22:08 -------- d-----w- c:\program files\Fichiers communs\xing shared
2009-05-24 14:05 . 2009-05-24 14:05 -------- d-----w- c:\windows\system32\NtmsData
2009-05-23 20:09 . 2009-05-31 21:44 -------- d-----w- c:\program files\Visual Ping
2009-05-23 20:08 . 2009-05-23 20:08 -------- d-----w- C:\Setups
2009-05-23 19:17 . 2009-05-23 20:02 -------- d-----w- C:\Windows Admin Password Hack [HOT] [h33t] [MAMBO04]
2009-05-23 19:12 . 2009-05-23 20:08 -------- d-----w- C:\Skype Hacks - Tips & Tools For Cheap Calls From Your Computer (2005) - allbooksfree.tk
2009-05-16 15:45 . 2009-05-16 15:55 -------- d-----w- c:\documents and settings\All Users\Anyplace Control 4
2009-05-16 15:27 . 2008-05-06 08:43 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys
2009-05-16 15:27 . 2008-05-06 08:43 20992 ----a-w- c:\windows\system32\vncmirror.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 19:17 . 2006-12-25 16:55 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\uTorrent
2009-06-14 15:20 . 2008-12-27 16:13 -------- d-----w- c:\program files\Camfrog
2009-06-14 14:01 . 2008-12-25 21:15 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\skypePM
2009-06-14 11:06 . 2008-12-25 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-10 21:42 . 2009-01-22 12:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-09 14:57 . 2008-09-17 18:15 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-03 05:56 . 2001-08-28 10:00 72366 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-03 05:56 . 2001-08-28 10:00 461404 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-28 15:56 . 2008-12-27 16:22 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\Camfrog
2009-05-24 22:07 . 2001-03-24 17:16 -------- d-----w- c:\program files\Fichiers communs\Real
2009-05-24 21:53 . 2008-12-25 21:07 -------- d-----w- c:\program files\Google
2009-05-14 12:02 . 2009-05-14 12:02 -------- d-----w- c:\program files\Modules VST
2009-05-01 19:38 . 2009-05-01 19:38 -------- d-----w- c:\program files\Alwil Software
2009-05-01 10:19 . 2008-01-04 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-27 14:50 . 2009-04-18 20:17 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\Sony
2009-04-27 14:23 . 2008-01-04 17:43 -------- d-----w- c:\program files\VstPlugins
2009-04-27 14:23 . 2009-04-27 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-04-27 14:22 . 2009-04-27 14:22 -------- d-----w- c:\program files\Sony
2009-04-27 14:18 . 2008-01-04 15:02 -------- d-----w- c:\program files\DivX
2009-04-27 14:13 . 2009-04-18 18:34 -------- d-----w- c:\program files\Sony Setup
2009-04-25 19:52 . 2009-04-25 19:52 -------- d-----w- c:\program files\Fichiers communs\snp325
2009-04-24 20:35 . 2009-04-24 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-19 15:52 . 2007-04-14 23:33 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\NCH Swift Sound
2009-04-18 18:56 . 2009-04-18 18:56 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\Publish Providers
2009-04-18 18:56 . 2009-04-18 18:56 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\NetMedia Providers
2009-04-06 11:19 . 2009-04-06 11:19 23064 ----a-w- c:\windows\system32\drivers\ScreamingBAudio.sys
2009-03-26 22:01 . 2009-03-26 22:01 6377472 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\45493F11828C44489701861DAA3C28F2\WinampInfo.exe
2009-03-26 21:59 . 2009-03-26 21:59 5431032 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
2009-03-26 21:59 . 2009-03-26 21:59 53760 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\zlib.dll
2009-03-26 21:59 . 2009-03-26 21:59 441344 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\SystemMP3SoundPlugin.dll
2009-03-26 21:59 . 2009-03-26 21:59 1605120 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\VorbisOGGSoundPlugin.dll
2009-03-26 21:59 . 2009-03-26 21:59 1234432 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\lng.dll
2009-03-26 21:59 . 2009-03-26 21:59 1138688 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\libeay32.dll
2009-03-26 21:59 . 2009-03-26 21:59 532992 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\CrashRpt.dll
2009-03-26 21:59 . 2009-03-26 21:59 489984 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\dbghelp.dll
2009-03-23 21:30 . 2009-03-22 11:53 33256 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2006-11-02 00:17 . 2006-11-02 00:17 264704 --sha-r- c:\windows\rundm.exe
2005-08-10 11:59 . 2005-08-10 11:59 1010688 --sha-r- c:\windows\system32\rundl32.exe
.
------- Sigcheck -------
[-] 2004-08-23 01:35 1036288 998F3F568F6074A35AB08CD3395A9DC2 c:\windows\explorer.exe
[-] 2004-08-23 01:35 1884672 90E794C5D2D368686FE71B4A0354462C c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-01-28_23.12.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-14 18:43 . 2009-06-14 18:43 16384 c:\windows\temp\Perflib_Perfdata_820.dat
+ 2009-06-14 19:20 . 2009-06-14 19:20 16384 c:\windows\temp\Perflib_Perfdata_68c.dat
+ 2009-06-14 18:42 . 2009-06-14 18:42 16384 c:\windows\temp\Perflib_Perfdata_658.dat
+ 2009-06-14 19:20 . 2009-06-14 19:20 16384 c:\windows\temp\Perflib_Perfdata_630.dat
+ 2001-08-28 10:00 . 2009-06-03 05:56 59576 c:\windows\system32\perfc009.dat
- 2001-08-28 10:00 . 2009-05-16 12:04 59576 c:\windows\system32\perfc009.dat
+ 2005-04-05 00:40 . 2005-04-05 00:40 30690 c:\windows\system32\logs.dat
+ 2009-04-01 23:24 . 2007-06-08 06:52 27136 c:\windows\system32\drivers\tapvpn.sys
- 2009-04-01 23:24 . 2008-01-23 21:25 27136 c:\windows\system32\drivers\tapvpn.sys
+ 2003-09-06 19:05 . 2002-09-22 21:36 10752 c:\windows\system32\aamd532.dll
+ 2001-08-28 10:00 . 2009-06-03 05:56 395336 c:\windows\system32\perfh009.dat
- 2001-08-28 10:00 . 2009-05-16 12:04 395336 c:\windows\system32\perfh009.dat
+ 2009-06-14 19:08 . 2009-06-14 19:08 400896 c:\windows\system32\CF10517.exe
+ 2009-06-14 11:07 . 2009-06-14 11:07 364726 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2006-02-03 19:57 . 2005-08-10 11:59 1010688 c:\windows\system32\rundll 32.exe
- 2006-04-30 05:29 . 2006-04-30 05:29 1010688 c:\windows\system32\rundll 32.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-25 25477928]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"rundl32"="c:\windows\rundm.exe" [2006-11-02 264704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= cmd.exe
"2"= mmc.exe
"3"= rstrui.exe
"4"= regedit.exe
"5"= regedt32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [30/12/2004 15:49 11648]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/05/2009 21:39 114768]
R2 Asapi;Asapi;c:\windows\system32\drivers\ASAPI.SYS [11/03/2008 14:41 12361]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/05/2009 21:39 20560]
R3 EL59X;3Com Fast EtherLink 59x Adapter Driver;c:\windows\system32\drivers\el59x.sys [25/12/2006 18:01 39184]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [25/04/2009 21:52 10251904]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [16/04/2007 18:31 17792]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [15/04/2007 01:02 11776]
S3 EL556ND5;Pilote de carte Ethernet MiniPCI 10/100 3Com;c:\windows\system32\drivers\EL556ND5.sys [24/12/2008 22:57 55999]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [06/04/2009 13:19 23064]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{05I41M56-QW07-U20F-YX8T-VB4U6TP4UX63}]
"c:\windows\rundm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1DE23CB0-AA3D-D270-AFA8-53859B9D2559}]
c:\windows\system32\exploreer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BNP0XRLE-G67V-B370-5H6E-MO517HNNP72Y}]
c:\windows\system32\rundl32.exe Restart
.
Contenu du dossier 'Tâches planifiées'
2009-06-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 21:00]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1561552
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Search_URL = hxxp://www.topnet.tn
mWindow Title = Topnet :: Fournisseur de Services Internet
mSearch Bar = hxxp://www.topnet.tn
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 21:23
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1454471165-1677128483-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2525FB41-ED6D-AE7D-BDA0-106F219012BF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hapmmogjpdcjpahm"=hex:66,61,6c,61,62,6f,68,6d,63,68,65,67,00,00
"iaoljfdpncemmjjjmg"=hex:6a,61,62,62,6f,63,66,67,6c,6b,65,6c,68,68,6d,6f,70,6f,
62,6b,00,13
"hammdhhkflimbooo"=hex:6a,61,62,62,6f,63,66,67,6c,6b,65,6c,68,68,6d,6f,70,6f,
62,6b,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ProgID]
@DACL=(02 0000)
@="AcroIEHelper.AcroIEHlprObj.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\Programmable]
@DACL=(02 0000)
@=""
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\TypeLib]
@DACL=(02 0000)
@="{5F226421-415D-408D-9A09-0DCD94E25B48}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\VersionIndependentProgID]
@DACL=(02 0000)
@="AcroIEHelper.AcroIEHlprObj"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(812)
c:\progra~1\SPEEDB~1\sblsp.dll
- - - - - - - > 'explorer.exe'(1204)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\WinRAR\rarext.dll
c:\windows\system32\browselc.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\CF10517.exe
c:\windows\svcadmin.exe
c:\var\named\named.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2009-06-14 21:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-14 19:34
ComboFix2.txt 2009-01-02 16:56
ComboFix3.txt 2008-12-31 19:07
ComboFix4.txt 2008-12-30 15:58
ComboFix5.txt 2009-01-01 01:33
Avant-CF: 381 718 528 octets libres
Après-CF: 343 101 440 octets libres
Current=114 Default=114 Failed=113 LastKnownGood=115 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115
260 --- E O F --- 2009-03-29 16:34
3- le rapport de info.txt
info.txt logfile of random's system information tool 1.06 2009-06-18 13:03:37
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Digital Guitar Tuner 2.3-->"C:\Program Files\Digital Guitar Tuner 2.3\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.30\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hide Folders XP 2.2 for Windows 2000/XP-->C:\Program Files\HFXP2\hfxp.exe /u
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotspot Shield 0.941-->C:\Program Files\Hotspot Shield\Uninstall.exe
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Codec Pack 3.5.7 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour le Codeur Windows Media (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype web features-->MsiExec.exe /I{F1362843-0E0E-4F74-8662-724CF101ADCE}
Skype™ Beta 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sony ACID Music Studio 7.0-->MsiExec.exe /X{A74C1699-4BCE-433F-82D6-F11207A0581B}
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
Vegas Movie Studio Platinum 9.0-->MsiExec.exe /X{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
=====HijackThis Backups=====
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') [2009-06-15]
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') [2009-06-15]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank [2009-06-15]
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-15]
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') [2009-06-15]
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-06-15]
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-06-15]
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-06-15]
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') [2009-06-15]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-15]
O23 - Service: Service Google Update (gupdate1c9d4d71e538560) (gupdate1c9d4d71e538560) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-15]
O4 - HKCU\..\Policies\Explorer\Run: [rundl32] C:\WINDOWS\rundm.exe [2009-06-15]
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-06-15]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-06-15]
O23 - Service: Service Google Update (gupdate1c9d4d71e538560) (gupdate1c9d4d71e538560) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-15]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-15]
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-06-15]
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-06-15]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-06-15]
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-06-15]
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-15]
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-06-15]
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-06-15]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-15]
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-06-15]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-06-15]
O23 - Service: Service Google Update (gupdate1c9d4d71e538560) (gupdate1c9d4d71e538560) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-15]
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-06-15]
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-06-15]
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-15]
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [2009-06-18]
O23 - Service: Service Google Update (gupdate1c9d4d71e538560) (gupdate1c9d4d71e538560) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-18]
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-18]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-18]
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-06-18]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-06-18]
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-06-18]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-06-18]
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-06-18]
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-06-18]
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-06-18]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-06-18]
O23 - Service: Service Google Update (gupdate1c9d4d71e538560) (gupdate1c9d4d71e538560) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-18]
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-06-18]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-18]
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-06-18]
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-18]
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-06-18]
======Security center information======
AV: avast! antivirus 4.8.1335 [VPS 090617-0]
======System event log======
Computer Name: NASA-MRDXAJQJRK
Event Code: 1002
Message: Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse réseau est 00A0249D6135
a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK).
Record Number: 8858
Source Name: Dhcp
Time Written: 20090528125444.000000+120
Event Type: erreur
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 8857
Source Name: EventLog
Time Written: 20090528125442.000000+120
Event Type: Informations
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.
Record Number: 8856
Source Name: EventLog
Time Written: 20090528125442.000000+120
Event Type: Informations
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.
Record Number: 8855
Source Name: EventLog
Time Written: 20090528002511.000000+120
Event Type: Informations
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 7901
Message: La commande At1.job n'a pas pu démarrer du fait de l'erreur suivante :
%%2147942402
Record Number: 8854
Source Name: Schedule
Time Written: 20090528000900.000000+120
Event Type: erreur
User:
=====Application event log=====
Computer Name: NASA-MRDXAJQJRK
Event Code: 3
Message: sysquery: findns error (SERVFAIL) on rt?
Record Number: 38805
Source Name: DNS
Time Written: 20090423213444.000000+120
Event Type: Informations
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 2
Message: qserial_query(.in-addr.arpa): sysquery FAILED
Record Number: 38804
Source Name: DNS
Time Written: 20090423211944.000000+120
Event Type: Avertissement
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 3
Message: sysquery: findns error (SERVFAIL) on .in-addr.arpa?
Record Number: 38803
Source Name: DNS
Time Written: 20090423211944.000000+120
Event Type: Informations
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 2
Message: qserial_query(rt): sysquery FAILED
Record Number: 38802
Source Name: DNS
Time Written: 20090423211944.000000+120
Event Type: Avertissement
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 3
Message: sysquery: findns error (SERVFAIL) on rt?
Record Number: 38801
Source Name: DNS
Time Written: 20090423211944.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 3, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0803
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"windir"=%SystemRoot%
-----------------EOF-----------------
le rapport de log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by The Devil's MINA at 2009-06-18 13:03:07
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 518 MB (3%) free of 20 GB
Total RAM: 255 MB (18% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:27, on 18/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\NET.exe
C:\WINDOWS\SYSTEM32\NET.exe
C:\WINDOWS\SYSTEM32\net1.exe
C:\WINDOWS\SYSTEM32\net1.exe
D:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\The Devil's MINA.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Google Update (gupdate1c9d4d71e538560) (gupdate1c9d4d71e538560) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
2- voila le rapport de combofix
ComboFix 09-06-13.09 - The Devil's MINA 14/06/2009 21:10.21 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.255.89 [GMT 2:00]
Lancé depuis: c:\documents and settings\The Devil's MINA\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090614-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\crss.exe
c:\windows\system32\plugin.dat
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVPsys
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-14 au 2009-06-14 ))))))))))))))))))))))))))))))))))))
.
2009-06-14 15:40 . 2009-06-14 15:40 -------- d-----w- c:\program files\Data Doctor Password Recovery MSN Explorer(Evaluation)
2009-06-14 15:19 . 2009-06-14 15:19 -------- d-----w- c:\program files\fLover msn klient
2009-06-14 11:09 . 2009-06-14 19:06 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\Skype
2009-06-14 11:07 . 2009-06-14 11:07 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-06-14 11:06 . 2009-06-14 11:08 -------- d-----r- c:\program files\Skype
2009-06-10 20:40 . 2009-06-14 08:40 264704 ----a-w- C:\Oute.exe
2009-06-10 14:24 . 2009-01-12 12:23 -------- d-----w- C:\La Faute De Voltaire by dramanouti for www.tunisia-sat.com
2009-06-09 16:15 . 2009-06-09 16:03 54544 ----a-w- c:\windows\system32\ieshwiz.exe
2009-06-08 09:36 . 2009-06-08 09:52 -------- d-----w- C:\Sexy and Beautiful Arab Girls,Models Hot Gallery
2009-06-08 08:51 . 2009-06-08 08:51 -------- d-----w- c:\program files\Microsoft Windows Security Update
2009-06-04 00:34 . 2009-06-08 10:55 -------- d-----w- c:\documents and settings\The Devil's MINA\dwhelper
2009-06-03 23:41 . 2009-06-03 23:41 -------- d-----w- c:\program files\Hotspot Shield
2009-05-31 21:42 . 2009-05-31 21:44 -------- d-----w- c:\program files\Yahoo!
2009-05-28 16:07 . 2009-05-28 16:07 26128 ----a-w- c:\windows\system32\exploreer.exe
2009-05-28 15:50 . 2009-05-28 15:53 -------- d-----w- C:\CamFrog Pro - with no key pro - Sans code pro
2009-05-28 15:45 . 2009-06-08 08:50 -------- d-----w- C:\Camfrog Video Chat 5.4 +serial
2009-05-28 15:39 . 2009-05-28 15:49 215765 ----a-w- C:\CamFrog Pro - with no key pro - Sans code pro.zip
2009-05-28 15:26 . 2009-05-28 15:50 12658176 ----a-w- C:\Camfrog Video Chat 5.3 Build 206 pro .exe
2009-05-25 15:55 . 2009-05-28 15:25 -------- d-----w- C:\Bob Marley - Discography
2009-05-24 22:08 . 2009-05-24 22:08 -------- d-----w- c:\program files\Fichiers communs\xing shared
2009-05-24 14:05 . 2009-05-24 14:05 -------- d-----w- c:\windows\system32\NtmsData
2009-05-23 20:09 . 2009-05-31 21:44 -------- d-----w- c:\program files\Visual Ping
2009-05-23 20:08 . 2009-05-23 20:08 -------- d-----w- C:\Setups
2009-05-23 19:17 . 2009-05-23 20:02 -------- d-----w- C:\Windows Admin Password Hack [HOT] [h33t] [MAMBO04]
2009-05-23 19:12 . 2009-05-23 20:08 -------- d-----w- C:\Skype Hacks - Tips & Tools For Cheap Calls From Your Computer (2005) - allbooksfree.tk
2009-05-16 15:45 . 2009-05-16 15:55 -------- d-----w- c:\documents and settings\All Users\Anyplace Control 4
2009-05-16 15:27 . 2008-05-06 08:43 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys
2009-05-16 15:27 . 2008-05-06 08:43 20992 ----a-w- c:\windows\system32\vncmirror.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 19:17 . 2006-12-25 16:55 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\uTorrent
2009-06-14 15:20 . 2008-12-27 16:13 -------- d-----w- c:\program files\Camfrog
2009-06-14 14:01 . 2008-12-25 21:15 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\skypePM
2009-06-14 11:06 . 2008-12-25 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-10 21:42 . 2009-01-22 12:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-09 14:57 . 2008-09-17 18:15 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-03 05:56 . 2001-08-28 10:00 72366 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-03 05:56 . 2001-08-28 10:00 461404 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-28 15:56 . 2008-12-27 16:22 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\Camfrog
2009-05-24 22:07 . 2001-03-24 17:16 -------- d-----w- c:\program files\Fichiers communs\Real
2009-05-24 21:53 . 2008-12-25 21:07 -------- d-----w- c:\program files\Google
2009-05-14 12:02 . 2009-05-14 12:02 -------- d-----w- c:\program files\Modules VST
2009-05-01 19:38 . 2009-05-01 19:38 -------- d-----w- c:\program files\Alwil Software
2009-05-01 10:19 . 2008-01-04 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-27 14:50 . 2009-04-18 20:17 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\Sony
2009-04-27 14:23 . 2008-01-04 17:43 -------- d-----w- c:\program files\VstPlugins
2009-04-27 14:23 . 2009-04-27 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-04-27 14:22 . 2009-04-27 14:22 -------- d-----w- c:\program files\Sony
2009-04-27 14:18 . 2008-01-04 15:02 -------- d-----w- c:\program files\DivX
2009-04-27 14:13 . 2009-04-18 18:34 -------- d-----w- c:\program files\Sony Setup
2009-04-25 19:52 . 2009-04-25 19:52 -------- d-----w- c:\program files\Fichiers communs\snp325
2009-04-24 20:35 . 2009-04-24 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-19 15:52 . 2007-04-14 23:33 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\NCH Swift Sound
2009-04-18 18:56 . 2009-04-18 18:56 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\Publish Providers
2009-04-18 18:56 . 2009-04-18 18:56 -------- d-----w- c:\documents and settings\The Devil's MINA\Application Data\NetMedia Providers
2009-04-06 11:19 . 2009-04-06 11:19 23064 ----a-w- c:\windows\system32\drivers\ScreamingBAudio.sys
2009-03-26 22:01 . 2009-03-26 22:01 6377472 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\45493F11828C44489701861DAA3C28F2\WinampInfo.exe
2009-03-26 21:59 . 2009-03-26 21:59 5431032 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
2009-03-26 21:59 . 2009-03-26 21:59 53760 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\zlib.dll
2009-03-26 21:59 . 2009-03-26 21:59 441344 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\SystemMP3SoundPlugin.dll
2009-03-26 21:59 . 2009-03-26 21:59 1605120 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\VorbisOGGSoundPlugin.dll
2009-03-26 21:59 . 2009-03-26 21:59 1234432 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\lng.dll
2009-03-26 21:59 . 2009-03-26 21:59 1138688 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\libeay32.dll
2009-03-26 21:59 . 2009-03-26 21:59 532992 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\CrashRpt.dll
2009-03-26 21:59 . 2009-03-26 21:59 489984 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\dbghelp.dll
2009-03-23 21:30 . 2009-03-22 11:53 33256 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2006-11-02 00:17 . 2006-11-02 00:17 264704 --sha-r- c:\windows\rundm.exe
2005-08-10 11:59 . 2005-08-10 11:59 1010688 --sha-r- c:\windows\system32\rundl32.exe
.
------- Sigcheck -------
[-] 2004-08-23 01:35 1036288 998F3F568F6074A35AB08CD3395A9DC2 c:\windows\explorer.exe
[-] 2004-08-23 01:35 1884672 90E794C5D2D368686FE71B4A0354462C c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-01-28_23.12.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-14 18:43 . 2009-06-14 18:43 16384 c:\windows\temp\Perflib_Perfdata_820.dat
+ 2009-06-14 19:20 . 2009-06-14 19:20 16384 c:\windows\temp\Perflib_Perfdata_68c.dat
+ 2009-06-14 18:42 . 2009-06-14 18:42 16384 c:\windows\temp\Perflib_Perfdata_658.dat
+ 2009-06-14 19:20 . 2009-06-14 19:20 16384 c:\windows\temp\Perflib_Perfdata_630.dat
+ 2001-08-28 10:00 . 2009-06-03 05:56 59576 c:\windows\system32\perfc009.dat
- 2001-08-28 10:00 . 2009-05-16 12:04 59576 c:\windows\system32\perfc009.dat
+ 2005-04-05 00:40 . 2005-04-05 00:40 30690 c:\windows\system32\logs.dat
+ 2009-04-01 23:24 . 2007-06-08 06:52 27136 c:\windows\system32\drivers\tapvpn.sys
- 2009-04-01 23:24 . 2008-01-23 21:25 27136 c:\windows\system32\drivers\tapvpn.sys
+ 2003-09-06 19:05 . 2002-09-22 21:36 10752 c:\windows\system32\aamd532.dll
+ 2001-08-28 10:00 . 2009-06-03 05:56 395336 c:\windows\system32\perfh009.dat
- 2001-08-28 10:00 . 2009-05-16 12:04 395336 c:\windows\system32\perfh009.dat
+ 2009-06-14 19:08 . 2009-06-14 19:08 400896 c:\windows\system32\CF10517.exe
+ 2009-06-14 11:07 . 2009-06-14 11:07 364726 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2006-02-03 19:57 . 2005-08-10 11:59 1010688 c:\windows\system32\rundll 32.exe
- 2006-04-30 05:29 . 2006-04-30 05:29 1010688 c:\windows\system32\rundll 32.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-25 25477928]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"rundl32"="c:\windows\rundm.exe" [2006-11-02 264704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= cmd.exe
"2"= mmc.exe
"3"= rstrui.exe
"4"= regedit.exe
"5"= regedt32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [30/12/2004 15:49 11648]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/05/2009 21:39 114768]
R2 Asapi;Asapi;c:\windows\system32\drivers\ASAPI.SYS [11/03/2008 14:41 12361]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/05/2009 21:39 20560]
R3 EL59X;3Com Fast EtherLink 59x Adapter Driver;c:\windows\system32\drivers\el59x.sys [25/12/2006 18:01 39184]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [25/04/2009 21:52 10251904]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [16/04/2007 18:31 17792]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [15/04/2007 01:02 11776]
S3 EL556ND5;Pilote de carte Ethernet MiniPCI 10/100 3Com;c:\windows\system32\drivers\EL556ND5.sys [24/12/2008 22:57 55999]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [06/04/2009 13:19 23064]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{05I41M56-QW07-U20F-YX8T-VB4U6TP4UX63}]
"c:\windows\rundm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1DE23CB0-AA3D-D270-AFA8-53859B9D2559}]
c:\windows\system32\exploreer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BNP0XRLE-G67V-B370-5H6E-MO517HNNP72Y}]
c:\windows\system32\rundl32.exe Restart
.
Contenu du dossier 'Tâches planifiées'
2009-06-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 21:00]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1561552
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Search_URL = hxxp://www.topnet.tn
mWindow Title = Topnet :: Fournisseur de Services Internet
mSearch Bar = hxxp://www.topnet.tn
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 21:23
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1454471165-1677128483-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2525FB41-ED6D-AE7D-BDA0-106F219012BF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hapmmogjpdcjpahm"=hex:66,61,6c,61,62,6f,68,6d,63,68,65,67,00,00
"iaoljfdpncemmjjjmg"=hex:6a,61,62,62,6f,63,66,67,6c,6b,65,6c,68,68,6d,6f,70,6f,
62,6b,00,13
"hammdhhkflimbooo"=hex:6a,61,62,62,6f,63,66,67,6c,6b,65,6c,68,68,6d,6f,70,6f,
62,6b,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ProgID]
@DACL=(02 0000)
@="AcroIEHelper.AcroIEHlprObj.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\Programmable]
@DACL=(02 0000)
@=""
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\TypeLib]
@DACL=(02 0000)
@="{5F226421-415D-408D-9A09-0DCD94E25B48}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\VersionIndependentProgID]
@DACL=(02 0000)
@="AcroIEHelper.AcroIEHlprObj"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(812)
c:\progra~1\SPEEDB~1\sblsp.dll
- - - - - - - > 'explorer.exe'(1204)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\WinRAR\rarext.dll
c:\windows\system32\browselc.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\CF10517.exe
c:\windows\svcadmin.exe
c:\var\named\named.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2009-06-14 21:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-14 19:34
ComboFix2.txt 2009-01-02 16:56
ComboFix3.txt 2008-12-31 19:07
ComboFix4.txt 2008-12-30 15:58
ComboFix5.txt 2009-01-01 01:33
Avant-CF: 381 718 528 octets libres
Après-CF: 343 101 440 octets libres
Current=114 Default=114 Failed=113 LastKnownGood=115 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115
260 --- E O F --- 2009-03-29 16:34
3- le rapport de info.txt
info.txt logfile of random's system information tool 1.06 2009-06-18 13:03:37
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Digital Guitar Tuner 2.3-->"C:\Program Files\Digital Guitar Tuner 2.3\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.30\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hide Folders XP 2.2 for Windows 2000/XP-->C:\Program Files\HFXP2\hfxp.exe /u
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotspot Shield 0.941-->C:\Program Files\Hotspot Shield\Uninstall.exe
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Codec Pack 3.5.7 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour le Codeur Windows Media (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype web features-->MsiExec.exe /I{F1362843-0E0E-4F74-8662-724CF101ADCE}
Skype™ Beta 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sony ACID Music Studio 7.0-->MsiExec.exe /X{A74C1699-4BCE-433F-82D6-F11207A0581B}
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
Vegas Movie Studio Platinum 9.0-->MsiExec.exe /X{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
=====HijackThis Backups=====
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') [2009-06-15]
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') [2009-06-15]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank [2009-06-15]
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-15]
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') [2009-06-15]
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-06-15]
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-06-15]
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-06-15]
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') [2009-06-15]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-15]
O23 - Service: Service Google Update (gupdate1c9d4d71e538560) (gupdate1c9d4d71e538560) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-15]
O4 - HKCU\..\Policies\Explorer\Run: [rundl32] C:\WINDOWS\rundm.exe [2009-06-15]
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-06-15]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-06-15]
O23 - Service: Service Google Update (gupdate1c9d4d71e538560) (gupdate1c9d4d71e538560) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-15]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-15]
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-06-15]
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-06-15]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-06-15]
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-06-15]
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-15]
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-06-15]
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-06-15]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-15]
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-06-15]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-06-15]
O23 - Service: Service Google Update (gupdate1c9d4d71e538560) (gupdate1c9d4d71e538560) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-15]
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-06-15]
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-06-15]
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-15]
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [2009-06-18]
O23 - Service: Service Google Update (gupdate1c9d4d71e538560) (gupdate1c9d4d71e538560) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-18]
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-18]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-18]
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-06-18]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-06-18]
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-06-18]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-06-18]
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-06-18]
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-06-18]
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-06-18]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-06-18]
O23 - Service: Service Google Update (gupdate1c9d4d71e538560) (gupdate1c9d4d71e538560) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-18]
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-06-18]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-18]
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-06-18]
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-18]
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-06-18]
======Security center information======
AV: avast! antivirus 4.8.1335 [VPS 090617-0]
======System event log======
Computer Name: NASA-MRDXAJQJRK
Event Code: 1002
Message: Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse réseau est 00A0249D6135
a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK).
Record Number: 8858
Source Name: Dhcp
Time Written: 20090528125444.000000+120
Event Type: erreur
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 8857
Source Name: EventLog
Time Written: 20090528125442.000000+120
Event Type: Informations
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.
Record Number: 8856
Source Name: EventLog
Time Written: 20090528125442.000000+120
Event Type: Informations
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.
Record Number: 8855
Source Name: EventLog
Time Written: 20090528002511.000000+120
Event Type: Informations
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 7901
Message: La commande At1.job n'a pas pu démarrer du fait de l'erreur suivante :
%%2147942402
Record Number: 8854
Source Name: Schedule
Time Written: 20090528000900.000000+120
Event Type: erreur
User:
=====Application event log=====
Computer Name: NASA-MRDXAJQJRK
Event Code: 3
Message: sysquery: findns error (SERVFAIL) on rt?
Record Number: 38805
Source Name: DNS
Time Written: 20090423213444.000000+120
Event Type: Informations
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 2
Message: qserial_query(.in-addr.arpa): sysquery FAILED
Record Number: 38804
Source Name: DNS
Time Written: 20090423211944.000000+120
Event Type: Avertissement
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 3
Message: sysquery: findns error (SERVFAIL) on .in-addr.arpa?
Record Number: 38803
Source Name: DNS
Time Written: 20090423211944.000000+120
Event Type: Informations
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 2
Message: qserial_query(rt): sysquery FAILED
Record Number: 38802
Source Name: DNS
Time Written: 20090423211944.000000+120
Event Type: Avertissement
User:
Computer Name: NASA-MRDXAJQJRK
Event Code: 3
Message: sysquery: findns error (SERVFAIL) on rt?
Record Number: 38801
Source Name: DNS
Time Written: 20090423211944.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 3, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0803
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"windir"=%SystemRoot%
-----------------EOF-----------------
le rapport de log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by The Devil's MINA at 2009-06-18 13:03:07
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 518 MB (3%) free of 20 GB
Total RAM: 255 MB (18% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:27, on 18/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\NET.exe
C:\WINDOWS\SYSTEM32\NET.exe
C:\WINDOWS\SYSTEM32\net1.exe
C:\WINDOWS\SYSTEM32\net1.exe
D:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\The Devil's MINA.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Google Update (gupdate1c9d4d71e538560) (gupdate1c9d4d71e538560) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
tunisie22
Messages postés
36
Date d'inscription
dimanche 26 avril 2009
Statut
Membre
Dernière intervention
14 avril 2010
7
18 juin 2009 à 14:18
18 juin 2009 à 14:18
merci beaucoup totobetourne pour votre assistance, et voila le rapport:
Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2304
Windows 5.1.2600 Service Pack 2
18/06/2009 14:14:33
mbam-log-2009-06-18 (14-14-33).txt
Type de recherche: Examen rapide
Eléments examinés: 87237
Temps écoulé: 8 minute(s), 24 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{05i41m56-qw07-u20f-yx8t-vb4u6tp4ux63} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\exploreer.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2304
Windows 5.1.2600 Service Pack 2
18/06/2009 14:14:33
mbam-log-2009-06-18 (14-14-33).txt
Type de recherche: Examen rapide
Eléments examinés: 87237
Temps écoulé: 8 minute(s), 24 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{05i41m56-qw07-u20f-yx8t-vb4u6tp4ux63} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\exploreer.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
19 juin 2009 à 08:44
19 juin 2009 à 08:44
relance malwarebyte et fait un examen complet et pas un examen rapide.
apres refais moi un rapport rsit
apres refais moi un rapport rsit
