Probleme de dns http://urlseek20.vmn.ne

Résolu
mordred -  
 Utilisateur anonyme -
Bonjour,
lorsque que je veux accéder a certains sites une page http://urlseek20.vmn.ne s'ouvre
sans doute infecté par un virus non, merci de m'aider
A voir également:

44 réponses

Précédent
Réponse 21 / 44
Utilisateur anonyme
 
Salut InfernO.vir.

Désolé, pris ailleurs en même temps. Effectivement, les noms sont très doux et faciles à prononcer ! lol
On va tenter Combofix renommé et hébergé, afin de parer d'éventuels blocages.

C'est parti.

@ mordred :

/!\ A l'attention de ceux qui passent sur ce sujet : L'outil qui suit ne doit pas être utilisé sans avis /!\

/!\ Désactive tes protections résidentes (Antivirus, Antispywares, etc...) /!\

Télécharge ComboFix (de sUBs) sur ton Bureau. Il est ici renommé en mordred.exe.

http://sd-1.archive-host.com/membres/up/21362097671547645/mordred.exe

* Double-clique sur mordred.exe (le .exe n'est pas forcément visible) afin de le lancer.
* Il va te demander d'installer la console de récupération : ACCEPTE!.
* Ne touche pas au pc durant le scan.
* Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un Tutoriel sur l'utilisation de ComboFix (à lire avant de le lancer)

-->> https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

++
0
Réponse 22 / 44
Utilisateur anonyme
 
Je plussoie pour le choix de la manip :)


0
Réponse 23 / 44
mordred
 
slt
ComboFix 09-07-11.01 - philippe 12/07/2009 12:32.2.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.596 [GMT 2:00]
Lancé depuis: c:\documents and settings\philippe\Bureau\mordred.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\56360.exe
c:\windows\Installer\ccf04.msi
c:\windows\system32\Ijl11.dll
c:\windows\TEMP\logishrd\LVPrcInj02.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games
-------\Service_NPF
-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2009-06-12 au 2009-07-12 ))))))))))))))))))))))))))))))))))))
.

2009-07-11 17:48 . 2009-07-11 18:17 -------- d-----w- C:\SDFix
2009-07-11 14:50 . 2009-07-11 14:58 -------- d-----w- C:\ToolBar SD
2009-07-11 14:45 . 2009-07-11 14:45 -------- d-----w- C:\rsit
2009-07-10 09:53 . 1998-06-16 22:00 516173 ----a-w- c:\windows\system32\MSVCP60D.DLL
2009-07-10 09:53 . 2005-02-24 11:11 479232 ----a-w- c:\windows\system32\AudioVisu.dll
2009-07-10 09:53 . 2005-02-24 10:51 348160 ----a-w- c:\windows\system32\WMAFile.dll
2009-07-10 09:53 . 2005-03-11 16:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2009-07-10 09:53 . 2005-03-10 15:00 454656 ----a-w- c:\windows\system32\AudioRecord.dll
2009-07-10 09:53 . 2005-02-24 14:21 458752 ----a-w- c:\windows\system32\AudPlayer.dll
2009-07-10 09:53 . 2005-02-24 11:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll
2009-07-10 09:53 . 2005-02-24 11:10 417792 ----a-w- c:\windows\system32\AudDisplay.dll
2009-07-10 09:53 . 2005-02-24 11:10 2084864 ----a-w- c:\windows\system32\AudDesign.dll
2009-07-10 09:53 . 2008-09-24 19:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
2009-06-30 14:00 . 2009-06-30 14:00 -------- d-----w- c:\documents and settings\philippe\Local Settings\Application Data\ProgCtrl
2009-06-21 15:16 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-21 15:16 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-21 15:15 . 2009-06-21 15:15 -------- d-----w- c:\program files\iPod
2009-06-19 09:06 . 2009-06-19 09:06 -------- d-----w- c:\program files\Fichiers communs\Logitech
2009-06-18 13:14 . 2009-07-02 13:13 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-18 13:14 . 2009-07-09 13:48 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-18 13:14 . 2009-07-02 13:13 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-18 13:14 . 2009-07-02 13:13 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-18 13:14 . 2009-07-02 13:13 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-18 13:14 . 2009-07-09 13:48 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-18 13:14 . 2009-07-02 13:13 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-18 13:14 . 2009-07-02 13:13 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-18 13:14 . 2009-07-02 13:13 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-18 13:14 . 2009-07-02 13:13 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-18 13:14 . 2009-07-06 13:14 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-18 13:14 . 2009-07-02 13:13 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-18 13:13 . 2009-07-02 13:13 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-18 13:13 . 2009-07-02 13:13 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-17 14:51 . 2009-06-17 14:51 -------- d-----w- c:\documents and settings\philippe\Application Data\AVS4YOU
2009-06-17 14:51 . 2009-06-17 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-17 14:50 . 2009-06-17 14:50 -------- d-----w- c:\program files\AVS4YOU
2009-06-17 14:49 . 2009-06-17 14:50 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2009-06-17 13:03 . 2009-06-17 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-17 13:02 . 2009-06-17 13:02 -------- d-----w- c:\program files\Bonjour
2009-06-17 12:59 . 2009-06-17 12:59 -------- d-----w- c:\program files\Apple Software Update
2009-06-17 12:59 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-17 12:59 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-17 12:59 . 2009-06-21 15:15 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-06-16 12:33 . 2009-06-16 12:33 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2009-06-13 14:03 . 2009-06-13 14:03 -------- d-----w- c:\documents and settings\philippe\Application Data\Image Zone Express
2009-06-13 13:45 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-06-13 13:45 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-06-13 13:45 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-06-13 13:45 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-06-13 13:41 . 2009-06-18 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-06-13 13:41 . 2009-06-13 13:44 -------- d-----w- c:\program files\Fichiers communs\LogiShrd
2009-06-13 13:41 . 2009-06-13 13:41 -------- d-----w- c:\program files\Logitech
2009-06-13 13:41 . 2009-06-13 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-06-13 13:37 . 2008-04-14 02:33 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-06-13 13:37 . 2008-04-14 02:33 21504 ----a-w- c:\windows\system32\hidserv.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 17:12 . 2009-02-14 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-11 15:28 . 2009-03-28 20:06 -------- d-----w- c:\program files\hij
2009-07-11 15:14 . 2009-03-31 17:02 -------- d-----w- c:\program files\Navilog1
2009-07-02 13:13 . 2009-05-28 13:13 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-02 13:13 . 2009-05-28 13:13 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-02 13:13 . 2009-05-28 13:13 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-30 10:21 . 2007-04-12 11:23 -------- d-----w- c:\documents and settings\philippe\Application Data\Registry Booster
2009-06-25 09:25 . 2009-03-29 11:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 09:25 . 2009-04-09 08:23 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-23 09:09 . 2008-03-25 17:32 -------- d-----w- c:\documents and settings\philippe\Application Data\U3
2009-06-21 15:56 . 2004-08-05 12:00 85404 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-21 15:56 . 2004-08-05 12:00 513080 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-21 15:07 . 2008-11-09 17:35 -------- d-----w- c:\documents and settings\sandrine\Application Data\Apple Computer
2009-06-18 13:00 . 2008-04-06 10:56 -------- d-----w- c:\documents and settings\philippe\Application Data\Vso
2009-06-17 13:10 . 2007-07-07 16:49 -------- d-----w- c:\documents and settings\philippe\Application Data\Apple Computer
2009-06-17 09:27 . 2009-03-29 11:23 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-03-29 11:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-13 14:02 . 2007-04-23 18:28 -------- d-----w- c:\program files\Fichiers communs\HP
2009-06-13 14:02 . 2007-04-23 18:20 -------- d-----w- c:\program files\HP
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-28 13:13 . 2009-05-28 13:13 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-26 11:36 . 2007-04-11 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-20 14:15 . 2009-05-20 14:15 -------- d-----w- c:\program files\SFR
2009-05-17 18:06 . 2007-05-11 17:37 -------- d-----w- c:\program files\Google
2009-05-07 15:33 . 2004-08-05 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2004-08-05 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 13:13 . 2009-04-23 13:13 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-23 13:13 . 2009-03-26 14:13 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-19 19:50 . 2004-08-05 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:53 . 2004-08-05 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2007-05-13 18:21 . 2007-05-15 16:59 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-06-13 13:55 . 2008-08-27 17:38 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2004-12-08 13:06 . 2008-08-26 09:30 20752 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2004-12-08 13:06 . 2008-08-26 09:30 69904 ----a-w- c:\program files\mozilla firefox\plugins\cgpcore.dll
2004-12-08 13:06 . 2008-08-26 09:30 45328 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2004-12-08 13:06 . 2008-08-26 09:30 24848 ----a-w- c:\program files\mozilla firefox\plugins\pscript.dll
2004-12-08 13:06 . 2008-08-26 09:30 57616 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2004-12-08 13:06 . 2008-08-26 09:30 24848 ----a-w- c:\program files\mozilla firefox\plugins\tcppserv.dll
2008-04-07 10:00 . 2008-04-06 16:18 24 --sh--w- c:\windows\SB256CA65.tmp
2007-09-02 17:36 . 2007-09-02 17:36 56 --sha-r- c:\windows\system32\825B0D79B9.sys
2007-09-03 11:57 . 2007-09-02 17:36 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-02 520024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-03 185632]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"QuickTime Task"="l:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="l:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 17:46 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^avast! Antivirus.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\avast! Antivirus.lnk
backup=c:\windows\pss\avast! Antivirus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Raccourci vers don't see.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Raccourci vers don't see.exe.lnk
backup=c:\windows\pss\Raccourci vers don't see.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^philippe^Menu Démarrer^Programmes^Démarrage^NetAnalyse.lnk]
path=c:\documents and settings\philippe\Menu Démarrer\Programmes\Démarrage\NetAnalyse.lnk
backup=c:\windows\pss\NetAnalyse.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^philippe^Menu Démarrer^Programmes^Démarrage^Outil de détection de support de Cyber-shot Viewer.lnk]
path=c:\documents and settings\philippe\Menu Démarrer\Programmes\Démarrage\Outil de détection de support de Cyber-shot Viewer.lnk
backup=c:\windows\pss\Outil de détection de support de Cyber-shot Viewer.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^philippe^Menu Démarrer^Programmes^Démarrage^TELE2 ADSL.lnk]
path=c:\documents and settings\philippe\Menu Démarrer\Programmes\Démarrage\TELE2 ADSL.lnk
backup=c:\windows\pss\TELE2 ADSL.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMagicLogon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"CanalPlus.VOD"=2 (0x2)
"Boonty Games"=3 (0x3)
"a2free"=2 (0x2)
"iPod Service"=3 (0x3)
"CiSvc"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\BitComet2\\BitComet.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Zapu\\Zapu\\wDivi.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Documents and Settings\\sandrine\\Bureau\\CitrixSAClient.exe"=
"c:\\Documents and Settings\\sandrine\\Bureau\\CitrixSAClient(3).exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"l:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14142:TCP"= 14142:TCP:BitComet 14142 TCP
"14142:UDP"= 14142:UDP:BitComet 14142 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"15560:UDP"= 15560:UDP:udp emule
"19550:TCP"= 19550:TCP:emule tcp
"19560:UDP"= 19560:UDP:emule udp

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26/03/2009 16:13 64160]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [30/04/2009 11:09 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [03/08/2007 16:09 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [29/02/2008 01:56 46112]
R3 fhlppppoe;PPPOE/ADSL miniport;c:\windows\system32\drivers\fhlpppoe.sys [12/04/2007 01:06 49264]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [05/04/2009 20:42 46448]
S1 hidfltr;HID Filter Driver;c:\windows\system32\drivers\MWhid.sys [03/11/2004 12:20 13332]
S2 gupdate1c98eb174a94258;Service Google Update (gupdate1c98eb174a94258);c:\program files\Google\Update\GoogleUpdate.exe [14/02/2009 16:35 133104]
S3 ADSLAutoconnect;ADSLAutoconnect;c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe [20/05/2007 19:50 446464]
S3 PCANDIS5_RETWIFI;PCANDIS5_RETWIFI Protocol Driver;\??\l:\progra~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS --> l:\progra~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS [?]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;l:\program files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [03/06/2004 13:28 22131]
S3 RDID1076;BOSS GT-10;c:\windows\system32\drivers\Rdwm1076.sys [26/11/2008 17:04 173297]
S3 SetupNTGLM7X;SetupNTGLM7X; [x]
S4 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [03/06/2008 13:19 61440]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contenu du dossier 'Tâches planifiées'

2009-07-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:13]

2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-07-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 13:14]

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 14:34]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 14:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://home.neuf.fr/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
TCP: {706CF555-6964-4BD7-8919-1340F1AD6C07} = 192.168.1.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\philippe\Application Data\Mozilla\Firefox\Profiles\ypgemobr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\philippe\Application Data\Mozilla\Firefox\Profiles\ypgemobr.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\documents and settings\philippe\Application Data\Mozilla\Firefox\Profiles\ypgemobr.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Canal\Canal Widget\VOD\npCpVod.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npican.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyrMus.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: l:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: l:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: l:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: l:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: l:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: l:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: l:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: l:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 12:43
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1757981266-2000478354-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1216)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(6736)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Nero\Nero8\Nero BackItUp\NBShell.dll
c:\program files\Avira\AntiVir Desktop\shlext.dll
c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\MFC90FRA.DLL
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Lavasoft\Ad-Aware\ShellExt.dll
f:\mes documents\mes telechargements logiciels\WinRAR\rarext.dll
c:\progra~1\AIMPCL~1\System\AIMP_S~1.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\SFR\Media Center\httpd\httpd.exe
c:\program files\SFR\Media Center\httpd\httpd.exe
c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Heure de fin: 2009-07-12 12:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-07-12 10:52

Avant-CF: 13,641,015,296 octets libres
Après-CF: 13,631,393,792 octets libres

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
366 --- E O F --- 2009-06-24 10:19
0
Réponse 24 / 44
Utilisateur anonyme
 
Salut.

On va vérifier que tout soit ok :

/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour mordred, il n'est pas transposable sur un autre ordinateur !

• Télécharge ce dossier mordred.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre : CFScript.txt placé le sur le Bureau.

• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier mordred.exe (comme sur cette image)
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 44
mordred
 
re

ComboFix 09-07-12.03 - philippe 13/07/2009 15:06.3.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.443 [GMT 2:00]
Running from: c:\documents and settings\philippe\Bureau\mordred.exe
Command switches used :: c:\documents and settings\philippe\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-11 17:48 . 2009-07-11 18:17 -------- d-----w- C:\SDFix
2009-07-11 14:50 . 2009-07-11 14:58 -------- d-----w- C:\ToolBar SD
2009-07-11 14:45 . 2009-07-11 14:45 -------- d-----w- C:\rsit
2009-07-10 09:53 . 1998-06-16 22:00 516173 ----a-w- c:\windows\system32\MSVCP60D.DLL
2009-07-10 09:53 . 2005-02-24 11:11 479232 ----a-w- c:\windows\system32\AudioVisu.dll
2009-07-10 09:53 . 2005-02-24 10:51 348160 ----a-w- c:\windows\system32\WMAFile.dll
2009-07-10 09:53 . 2005-03-11 16:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2009-07-10 09:53 . 2005-03-10 15:00 454656 ----a-w- c:\windows\system32\AudioRecord.dll
2009-07-10 09:53 . 2005-02-24 14:21 458752 ----a-w- c:\windows\system32\AudPlayer.dll
2009-07-10 09:53 . 2005-02-24 11:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll
2009-07-10 09:53 . 2005-02-24 11:10 417792 ----a-w- c:\windows\system32\AudDisplay.dll
2009-07-10 09:53 . 2005-02-24 11:10 2084864 ----a-w- c:\windows\system32\AudDesign.dll
2009-07-10 09:53 . 2008-09-24 19:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
2009-06-30 14:00 . 2009-06-30 14:00 -------- d-----w- c:\documents and settings\philippe\Local Settings\Application Data\ProgCtrl
2009-06-21 15:16 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-21 15:16 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-21 15:15 . 2009-06-21 15:15 -------- d-----w- c:\program files\iPod
2009-06-19 09:06 . 2009-06-19 09:06 -------- d-----w- c:\program files\Fichiers communs\Logitech
2009-06-18 13:14 . 2009-07-02 13:13 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-18 13:14 . 2009-07-09 13:48 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-18 13:14 . 2009-07-02 13:13 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-18 13:14 . 2009-07-02 13:13 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-18 13:14 . 2009-07-02 13:13 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-18 13:14 . 2009-07-09 13:48 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-18 13:14 . 2009-07-02 13:13 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-18 13:14 . 2009-07-02 13:13 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-18 13:14 . 2009-07-02 13:13 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-18 13:14 . 2009-07-02 13:13 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-18 13:14 . 2009-07-06 13:14 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-18 13:14 . 2009-07-02 13:13 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-18 13:13 . 2009-07-02 13:13 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-18 13:13 . 2009-07-02 13:13 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-17 14:51 . 2009-06-17 14:51 -------- d-----w- c:\documents and settings\philippe\Application Data\AVS4YOU
2009-06-17 14:51 . 2009-06-17 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-17 14:50 . 2009-06-17 14:50 -------- d-----w- c:\program files\AVS4YOU
2009-06-17 14:49 . 2009-06-17 14:50 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2009-06-17 13:03 . 2009-06-17 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-17 13:02 . 2009-06-17 13:02 -------- d-----w- c:\program files\Bonjour
2009-06-17 12:59 . 2009-06-17 12:59 -------- d-----w- c:\program files\Apple Software Update
2009-06-17 12:59 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-17 12:59 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-17 12:59 . 2009-06-21 15:15 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-06-16 12:33 . 2009-06-16 12:33 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2009-06-13 14:03 . 2009-06-13 14:03 -------- d-----w- c:\documents and settings\philippe\Application Data\Image Zone Express
2009-06-13 13:45 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-06-13 13:45 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-06-13 13:45 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-06-13 13:45 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-06-13 13:41 . 2009-06-18 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-06-13 13:41 . 2009-06-13 13:44 -------- d-----w- c:\program files\Fichiers communs\LogiShrd
2009-06-13 13:41 . 2009-06-13 13:41 -------- d-----w- c:\program files\Logitech
2009-06-13 13:41 . 2009-06-13 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-06-13 13:37 . 2008-04-14 02:33 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-06-13 13:37 . 2008-04-14 02:33 21504 ----a-w- c:\windows\system32\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 22:42 . 2009-02-14 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-11 15:28 . 2009-03-28 20:06 -------- d-----w- c:\program files\hij
2009-07-11 15:14 . 2009-03-31 17:02 -------- d-----w- c:\program files\Navilog1
2009-07-02 13:13 . 2009-05-28 13:13 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-02 13:13 . 2009-05-28 13:13 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-02 13:13 . 2009-05-28 13:13 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-30 10:21 . 2007-04-12 11:23 -------- d-----w- c:\documents and settings\philippe\Application Data\Registry Booster
2009-06-25 09:25 . 2009-03-29 11:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 09:25 . 2009-04-09 08:23 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-23 09:09 . 2008-03-25 17:32 -------- d-----w- c:\documents and settings\philippe\Application Data\U3
2009-06-21 15:56 . 2004-08-05 12:00 85404 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-21 15:56 . 2004-08-05 12:00 513080 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-21 15:07 . 2008-11-09 17:35 -------- d-----w- c:\documents and settings\sandrine\Application Data\Apple Computer
2009-06-18 13:00 . 2008-04-06 10:56 -------- d-----w- c:\documents and settings\philippe\Application Data\Vso
2009-06-17 13:10 . 2007-07-07 16:49 -------- d-----w- c:\documents and settings\philippe\Application Data\Apple Computer
2009-06-17 09:27 . 2009-03-29 11:23 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-03-29 11:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-13 14:02 . 2007-04-23 18:28 -------- d-----w- c:\program files\Fichiers communs\HP
2009-06-13 14:02 . 2007-04-23 18:20 -------- d-----w- c:\program files\HP
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-28 13:13 . 2009-05-28 13:13 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-26 11:36 . 2007-04-11 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-20 14:15 . 2009-05-20 14:15 -------- d-----w- c:\program files\SFR
2009-05-17 18:06 . 2007-05-11 17:37 -------- d-----w- c:\program files\Google
2009-05-07 15:33 . 2004-08-05 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2004-08-05 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 13:13 . 2009-04-23 13:13 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-23 13:13 . 2009-03-26 14:13 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-19 19:50 . 2004-08-05 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:53 . 2004-08-05 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2007-05-13 18:21 . 2007-05-15 16:59 774144 ----a-w- c:\program files\RngInterstitial.dll
2004-12-08 13:06 . 2008-08-26 09:30 20752 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2004-12-08 13:06 . 2008-08-26 09:30 69904 ----a-w- c:\program files\mozilla firefox\plugins\cgpcore.dll
2004-12-08 13:06 . 2008-08-26 09:30 45328 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2004-12-08 13:06 . 2008-08-26 09:30 24848 ----a-w- c:\program files\mozilla firefox\plugins\pscript.dll
2004-12-08 13:06 . 2008-08-26 09:30 57616 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2004-12-08 13:06 . 2008-08-26 09:30 24848 ----a-w- c:\program files\mozilla firefox\plugins\tcppserv.dll
2008-04-07 10:00 . 2008-04-06 16:18 24 --sh--w- c:\windows\SB256CA65.tmp
2007-09-02 17:36 . 2007-09-02 17:36 56 --sha-r- c:\windows\system32\825B0D79B9.sys
2007-09-03 11:57 . 2007-09-02 17:36 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-02 520024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-03 185632]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"QuickTime Task"="l:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="l:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 17:46 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^avast! Antivirus.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\avast! Antivirus.lnk
backup=c:\windows\pss\avast! Antivirus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Raccourci vers don't see.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Raccourci vers don't see.exe.lnk
backup=c:\windows\pss\Raccourci vers don't see.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^philippe^Menu Démarrer^Programmes^Démarrage^NetAnalyse.lnk]
path=c:\documents and settings\philippe\Menu Démarrer\Programmes\Démarrage\NetAnalyse.lnk
backup=c:\windows\pss\NetAnalyse.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^philippe^Menu Démarrer^Programmes^Démarrage^Outil de détection de support de Cyber-shot Viewer.lnk]
path=c:\documents and settings\philippe\Menu Démarrer\Programmes\Démarrage\Outil de détection de support de Cyber-shot Viewer.lnk
backup=c:\windows\pss\Outil de détection de support de Cyber-shot Viewer.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^philippe^Menu Démarrer^Programmes^Démarrage^TELE2 ADSL.lnk]
path=c:\documents and settings\philippe\Menu Démarrer\Programmes\Démarrage\TELE2 ADSL.lnk
backup=c:\windows\pss\TELE2 ADSL.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"CanalPlus.VOD"=2 (0x2)
"Boonty Games"=3 (0x3)
"a2free"=2 (0x2)
"iPod Service"=3 (0x3)
"CiSvc"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\BitComet2\\BitComet.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Zapu\\Zapu\\wDivi.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Documents and Settings\\sandrine\\Bureau\\CitrixSAClient.exe"=
"c:\\Documents and Settings\\sandrine\\Bureau\\CitrixSAClient(3).exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"l:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14142:TCP"= 14142:TCP:BitComet 14142 TCP
"14142:UDP"= 14142:UDP:BitComet 14142 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"15560:UDP"= 15560:UDP:udp emule
"19550:TCP"= 19550:TCP:emule tcp
"19560:UDP"= 19560:UDP:emule udp

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26/03/2009 16:13 64160]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [30/04/2009 11:09 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [03/08/2007 16:09 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [29/02/2008 01:56 46112]
R3 fhlppppoe;PPPOE/ADSL miniport;c:\windows\system32\drivers\fhlpppoe.sys [12/04/2007 01:06 49264]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [05/04/2009 20:42 46448]
S1 hidfltr;HID Filter Driver;c:\windows\system32\drivers\MWhid.sys [03/11/2004 12:20 13332]
S2 gupdate1c98eb174a94258;Service Google Update (gupdate1c98eb174a94258);c:\program files\Google\Update\GoogleUpdate.exe [14/02/2009 16:35 133104]
S3 ADSLAutoconnect;ADSLAutoconnect;c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe [20/05/2007 19:50 446464]
S3 PCANDIS5_RETWIFI;PCANDIS5_RETWIFI Protocol Driver;\??\l:\progra~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS --> l:\progra~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS [?]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;l:\program files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [03/06/2004 13:28 22131]
S3 RDID1076;BOSS GT-10;c:\windows\system32\drivers\Rdwm1076.sys [26/11/2008 17:04 173297]
S3 SetupNTGLM7X;SetupNTGLM7X; [x]
S4 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [03/06/2008 13:19 61440]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-07-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:13]

2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-07-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 13:14]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 14:34]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 14:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.neuf.fr/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
TCP: {706CF555-6964-4BD7-8919-1340F1AD6C07} = 192.168.1.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\philippe\Application Data\Mozilla\Firefox\Profiles\ypgemobr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\philippe\Application Data\Mozilla\Firefox\Profiles\ypgemobr.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\documents and settings\philippe\Application Data\Mozilla\Firefox\Profiles\ypgemobr.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Canal\Canal Widget\VOD\npCpVod.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npican.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyrMus.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: l:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: l:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: l:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: l:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: l:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: l:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: l:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: l:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 15:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-2000478354-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1216)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(6584)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Nero\Nero8\Nero BackItUp\NBShell.dll
c:\program files\Avira\AntiVir Desktop\shlext.dll
c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\MFC90FRA.DLL
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Lavasoft\Ad-Aware\ShellExt.dll
f:\mes documents\mes telechargements logiciels\WinRAR\rarext.dll
c:\progra~1\AIMPCL~1\System\AIMP_S~1.DLL
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
l:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Fichiers communs\Nero\Lib\NeroDigitalExt.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\SFR\Media Center\httpd\httpd.exe
c:\program files\SFR\Media Center\httpd\httpd.exe
c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-07-13 15:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-13 13:33
ComboFix2.txt 2009-07-12 10:52

Pre-Run: 13,503,942,656 octets libres
Post-Run: 13,467,455,488 octets libres

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
354 --- E O F --- 2009-06-24 10:19
0
Réponse 26 / 44
mordred35 Messages postés 43 Statut Membre 1
 
re
Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2425
Windows 5.1.2600 Service Pack 3

14/07/2009 12:00:53
mbam-log-2009-07-14 (12-00-53).txt

Type de recherche: Examen rapide
Eléments examinés: 131835
Temps écoulé: 10 minute(s), 18 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 27 / 44
Utilisateur anonyme
 
Salut.

Rends-toi sur ce site : https://www.virustotal.com/gui/

Clique sur parcourir et fais analyser les fichiers en gras suivants :

C:\WINDOWS\system32\explori.exe
C:\WINDOWS\system32\msupdte.exe
C:\WINDOWS\services.exe

Tu seras peut-être mis sur liste d'attente, patiente.

Envoie les rapports dès qu'ils arrivent, les uns à la suite des autres en nommant le fichier examiné stp.

++
0
Réponse 28 / 44
mordred35 Messages postés 43 Statut Membre 1
 
slt rico

un pb les exe n'apparaissent pas sur le chemin que tu m'as fournis, seul services.exe existe mais dans c:\windows\system32
0
Réponse 29 / 44
Utilisateur anonyme
 
Salut.

OK ! Les fichiers n'existent plus. Les clés sont à supprimer.

Créé un nouveau document sur ton bureau. (Clic-droit >> Nouveau >> Document texte).

Double-clique dessus et colle la liste, en gras, ci-dessous:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\explorer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft WinUpdate]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\services.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\56360]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskmgra]

Clique sur Fichier >> Enregistrer sous... puis choisis le bureau.

Nom de fichier : www.reg
Type : Tous les fichiers

Enregistre-le puis double-clique dessus.

Accepte l'ajout au registre.

Redémarre ton pc et poste un nouveau rapport RSIT.

++
0
mordred35 Messages postés 43 Statut Membre 1
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by philippe at 2009-07-15 15:51:42
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 13 GB (33%) free of 38 GB
Total RAM: 1023 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51, on 15/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\philippe\Bureau\RSIT.exe
C:\Program Files\hij\philippe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - L:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "L:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "L:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - L:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - L:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://philcoach13ans.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{706CF555-6964-4BD7-8919-1340F1AD6C07}: NameServer = 192.168.1.1
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Google Update (gupdate1c98eb174a94258) (gupdate1c98eb174a94258) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
0
Réponse 30 / 44
Utilisateur anonyme
 
Re.

Je ne vois plus d'infection. Encore des soucis particuliers ?
0
Réponse 31 / 44
mordred35 Messages postés 43 Statut Membre 1
 
salut rico

plus de pb a priori

comment faire le ménage de tous les outils de maintenance?

dois je me protéger avec un outil anti roolkit ?
pour l'instant je n'ai que adware spyboot et antivir??
0
Réponse 32 / 44
mordred35 Messages postés 43 Statut Membre 1
 
apres plusieurs tentatives ...
[ Rapport ToolsCleaner version 2.3.7 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\TB.txt: trouvé !
C:\SDFIX: trouvé !
C:\Combofix: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\philippe\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\philippe\Bureau\Navilog1.exe: trouvé !
C:\Documents and Settings\philippe\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\philippe\Bureau\Rsit.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\hij\HijackThis.exe: trouvé !
C:\Program Files\hij\hijackthis.log: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\philippe\Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\philippe\Bureau\Navilog1.exe: supprimé !
C:\Documents and Settings\philippe\Bureau\ToolBarSD.exe: supprimé !
C:\Program Files\hij\HijackThis.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Combofix.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\lopR.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\philippe\Bureau\Rsit.exe: supprimé !
C:\Program Files\hij\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Combofix: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !
0
Réponse 33 / 44
Utilisateur anonyme
 
Laisse-le tourner....

Même si tu vois ce message.
0
Réponse 34 / 44
Utilisateur anonyme
 
Ok !! :DD
0
mordred35
 
re
tu dors quand ?, mdr

ccleaner me refuse une suppression ds le registre

clé HKEY_CLASSES_ROOT\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}
0
mordred35
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:06, on 16/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\philippe\Bureau\ToolsCleaner2.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
L:\Program Files\Audacity\audacity.exe
C:\WINDOWS\system32\NOTEPAD.EXE
L:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
L:\Program Files\Capturino V2\Capturino.exe
C:\WINDOWS\regedit.exe
L:\Program Files\Trend Micro\HijackThis\HI.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - L:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "L:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "L:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - L:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - L:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://philcoach13ans.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{706CF555-6964-4BD7-8919-1340F1AD6C07}: NameServer = 192.168.1.1
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Google Update (gupdate1c98eb174a94258) (gupdate1c98eb174a94258) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
0
Réponse 35 / 44
Utilisateur anonyme
 
Re.

Je dors quand je peux !! :))

Adobe n'est pas à jour. C'est une faille de sécurité. Il faut garder tes logiciels à jour afin de limiter les risques.

A voir: http://www.secuser.com/vulnerabilite/2009/090220-adobe-reader.htm

Via le panneau de configuration, désinstalle Adobe reader 8 (faille de sécurité)

Télécharge et installe la version actuelle: Adobe Reader 9.1

=========================

JavaRa :

▶ Télécharge JavaRa.zip

▶ Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)

▶ Double-clique sur le répertoire JavaRa obtenu.

▶ Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)

▶ Clique sur Search For Updates.

▶ Sélectionne Update Using jucheck.exe puis clique sur Search.

▶ Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.

▶ Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.

▶ Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.

▶ Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.

* Note : le rapport se trouve aussi là : ( C:\JavaRa.log )

================================================

Relance Hijackthis et choisis cette fois "Do a system scan only".

La liste créée, coche les lignes suivantes : 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "L:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "L:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://philcoach13ans.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab


Clique sur "Fix Checked".

Repasse un coup de CCleaner, registre compris. Redémarre le pc et vérifie que tout soit ok au démarrage, internet...etc...

Dis-moi si c'est ok, on pourra finaliser.

++
0
mordred35
 
apres ccleaner tjrs meme pb avec
HKEY_CLASSES_ROOT\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}
0
mordred35
 
après redémarrage tout m'a l'air ok
0
Réponse 36 / 44
mordred35
 
mise a jour par Update Using jucheck.exe rien ne se passe
0
Réponse 37 / 44
mordred35
 
re
sans mise a jour, supprimer anciennes versions
refait mise a jour , il me dit que j'ai la dernière version.
ferai le reste demain
@+

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Jul 16 03:09:35 2009

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Documents and Settings\philippe\Application Data\Sun\Java\jre1.6.0_03

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

------------------------------------

Finished reporting.
0
Réponse 38 / 44
Utilisateur anonyme
 
Salut.

Si tout va bien, tu peux supprimer Hijackthis, Javara, Toolscleaner et son rapport si ce n'est pas déjà fait. ;)

Puis termine ainsi :

!! Très Important !!

Supprimer les anciens points de restauration:

▶ Cliquer "démarrer", "panneau de configuration", performance et maintenance" puis système".
▶ Cliquer sur l'onglet "Restauration du système".
▶ Cocher la case "Désactiver la restauration...", puis "Appliquer" et valider par "OK".
▶ Redémarrer le pc.

▶ Cliquer "démarrer", "panneau de configuration", "performance et maintenance" puis "système".
▶ Cliquer sur l'onglet "Restauration du système".
▶ Redécocher la case "Désactiver la restauration...", puis "Appliquer" et valider par "OK".

Les points sont supprimés.

Création d'un nouveau point:

▶ Cliquer "démarrer", "panneau de configuration", "performance et maintenance" puis "restauration du système" (en haut à gauche).
▶ Dans la nouvelle fenêtre, cocher la case "Créer un point de restauration".
▶ Cliquer sur "Suivant".
▶ Entrer un nom pour le point de restauration : ce nom doit être assez évocateur (comme: "Après désinfection...")
▶ Cliquer sur "Créer" et le point de restauration se créé automatiquement.

=============

Pour une navigation plus sûre et plus rapide:

Addon à ajouter à firefox pour le sécuriser:

▶ Ici : WOT : https://addons.mozilla.org/en-US/firefox/addon/wot-safe-browsing-tool/
▶ Explications/Demo ici : http://www.mywot.com/fr/demo

+ ceux-ci: https://www.malekal.com/securiser-le-navigateur-web-firefox-2/

=============

Utile, à lire absolument, quelques minutes de prévention : https://www.malekal.com/fichiers/projetantimalwares/prevention-protection.pdf

=============

Si tu n'as plus de question et/ou problème, pour moi, c'est ok! (Si tu as encore des questions, n'hésite pas ! )

++
0
mordred35
 
salut rico

point de restauration ok

si j'ai d'autres pbs je restaurai ce point de restauration , mais j'imagine que ce n'est pas a coup sur que cela fonctionne
pour les extensions, un peu paumé lesquels dois je installer ?

pour moi autrement c'est ok
encore merci
0
Réponse 39 / 44
Utilisateur anonyme
 
Pour les extensions, je te conseille fortement les trois :

Wot que je mets en lien avec explications, + les deux citées par Malekal, soient : Ad-Block Plus, contre les publicités et No Script. Tu peux voir les explications de Malekal en suivant le lien.

Bonne journée, bon surf.

++
0
mordred35
 
ok
deja fait
je clos?
merci encore
ciao
0
Réponse 40 / 44
Utilisateur anonyme
 
Tu peux clore, oui. ;))

++
0

Discussions similaires

Site Easywifi.config inaccessible /
Charly -
Repeteurwifi -

8 réponses
Configuration répéteur Wifi
Squall -
Squall -

4 réponses
Impossible de se connecter a 192.168.1.1
papemane -
Quels -

5 réponses
DNS_PROBE_STARTED uniquement avec G chrome pas Firefox ?
patmoss -
patmoss -

3 réponses
192.168.49.1
4Pedro -
hopelan -

1 réponse