Imposssible d'isntaller un antivirus

moseus -  
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
Il m'est impossile d'installer un anti-virus, le gestionnaires des tâche est désactuvité. J'attend vos solutions s'il vous plaît.
Voici mon rapport:
Rapport de ZHPDiag v1.23.16 par Nicolas Coolman
Enregistré le 22/07/2009 21:19:54
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox (3.0.11)

---\\ Processus lancés
C:\Windows\stid1690.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\svchost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Windows\System32\bycool1\windo.exe
C:\Windows\System32\bycool\winacces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lyad Messenger\Lyad Messenger.exe
C:\Documents and Settings\cy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\RAID\vialogsv.exe

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: Shell=Explorer.exe scvshosts.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {710EB7A1-45ED-11D0-924A-0020AFC7AC4D} -

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [Waiting1690] C:\Windows\stid1690.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [(Default)] C:\Windows\svchost.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [DRIVESYS1] C:\Windows\System32\bycool1\windo.exe
O4 - HKLM\..\Run: [DRIVESYS] C:\Windows\System32\bycool\winacces.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Lyad Messenger] C:\Program Files\Lyad Messenger\Lyad Messenger.exe -autostart
O4 - HKCU\..\Run: [Google Update] C:\Documents and Settings\cy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll,201
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=https://www.msn.com/fr-fr

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvants/tvants1/win32/cab/tvants.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_1_2_1.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll
O18 - tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\System32\WgaLogon.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Apple Mobile Device (Apple Mobile Device) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SeaPort (SeaPort) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: VRAID Log Service (VRAID Log Service) - C:\Program Files\VIA\RAID\vialogsv.exe


End of the scan: 141 lines
A voir également:

28 réponses

Précédent
  • 1
  • 2
Réponse 21 / 28
moseus74 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\F:\New Folder.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\dpakqo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\omuxqs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\jiqbvi.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\ixbxb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winuwjlc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winpmjr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\ofsjs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winxwyx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\w30fd61.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\mpvsh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\onxx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winbsku.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\rnktxy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\wintpeg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\tipf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\pxrf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\kvak.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\uhyol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winofgoq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\pggb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\oawyro.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\qtee.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\wincsxm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\twexwn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\nqcdu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\kwyhb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winvwmtp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winailex.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winxfepat.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\yquk.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winduciw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\hykxs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\hyskry.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\vmnwwo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\wintphmu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\yyktfn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winhpfwmn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\mblly.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winelwes.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winbjcj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\wineojg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\windntoul.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\wincvsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winafwk.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winhjtvi.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winmbqxbn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winaapnse.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winlome.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winhjwv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\windsqamv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\w50314.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\ylax.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\ylujg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winceyure.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\sabcwf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winuxwu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\w54cef.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\rbfiq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\wytfet.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winqwoock.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winekhxd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\ilrvel.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\ulhmx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\windgxeab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\cswlop.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winlsqox.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\qwqlry.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\qcdgq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\qejyw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\qqhqdg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winrgqn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winfpefue.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\wingwwru.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\seqky.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\csvp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winxwrd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winavflb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\wininxldu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winnkonv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winmqiawt.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\winrbmc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\cy\LOCALS~1\Temp\kapliy.exe deleted successfully.
========== FILES ==========
C:\b4bf7 moved successfully.
D:\12edc3a moved successfully.
D:\b4fff moved successfully.
File/Folder F:\New Folder.exe not found.
F:\obehha.com moved successfully.
F:\iqsnj.exe moved successfully.
File/Folder G:\ipfq.exe not found.
C:\zPharaoh.exe moved successfully.
C:\autorun.inf moved successfully.
C:\WINDOWS\system32\bycool moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_16_06_2009_13_09_54 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_16_06_2009_09_43_51 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_15_06_2009_19_05_35 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_15_06_2009_18_53_34 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_15_06_2009_18_24_29 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_15_06_2009_17_41_25 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_15_06_2009_15_21_44 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_15_06_2009_13_17_24 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_15_06_2009_12_29_15 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_15_06_2009_09_33_50 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_14_06_2009_14_36_13 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_14_06_2009_09_40_33 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_13_06_2009_18_48_07 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_13_06_2009_09_28_35 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_12_06_2009_18_26_48 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_12_06_2009_11_51_00 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_12_06_2009_09_39_05 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_11_06_2009_17_23_52 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_11_06_2009_09_19_22 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_10_06_2009_18_17_58 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_10_06_2009_15_58_45 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_09_06_2009_09_41_26 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_08_06_2009_17_53_05 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_08_06_2009_13_14_37 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_08_06_2009_13_05_47 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_08_06_2009_10_03_05 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_08_06_2009_09_42_12 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_07_06_2009_10_22_44 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_06_06_2009_18_29_06 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_06_06_2009_11_49_24 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_06_06_2009_09_29_55 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_05_06_2009_14_01_10 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_05_06_2009_09_45_14 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_04_06_2009_18_24_20 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_04_06_2009_14_05_11 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_04_06_2009_11_43_28 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_04_06_2009_09_45_01 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_03_06_2009_18_30_23 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_03_06_2009_09_47_46 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h\cy_02_06_2009_20_17_58 moved successfully.
C:\WINDOWS\system32\f\d\e\d\h moved successfully.
C:\WINDOWS\system32\f\d\e\d moved successfully.
C:\WINDOWS\system32\f\d\e moved successfully.
C:\WINDOWS\system32\f\d moved successfully.
C:\WINDOWS\system32\f moved successfully.
C:\Documents and Settings\cy\Application Data\tazebama moved successfully.
C:\WINDOWS\scvshosts.exe moved successfully.
C:\WINDOWS\system32\scvshosts.exe moved successfully.
C:\Documents and Settings\tazebama.dl_ moved successfully.
File/Folder C:\DOCUME~1\cy\LOCALS~1\Temp\sefu.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: cy
->Temp folder emptied: 15427041 bytes
File delete failed. C:\Documents and Settings\cy\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 150365779 bytes
->Java cache emptied: 8548462 bytes
->FireFox cache emptied: 52994900 bytes
->Google Chrome cache emptied: 77576325 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 930127 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 2114013 bytes
%systemroot%\System32 .tmp files removed: 506590 bytes
Windows Temp folder emptied: 1512246 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 295,68 mb


OTM by OldTimer - Version 3.0.0.5 log created on 07302009_232344

Files moved on Reboot...

Registry entries deleted on Reboot...
0
Réponse 22 / 28
moseus74 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by cy at 2009-07-30 23:45:49
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 8 GB (38%) free of 20 GB
Total RAM: 447 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:46:04, on 30/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\Documents and Settings\tazebama.dl_
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\cy\LOCALS~1\Temp\winmpeopy.exe
C:\DOCUME~1\cy\LOCALS~1\Temp\cvcqx.exe
C:\DOCUME~1\cy\LOCALS~1\Temp\wb1595.exe
C:\Documents and Settings\cy\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\cy.exe
C:\WINDOWS\system32\msfeedssync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Waiting1690] C:\Windows\stid1690.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Lyad Messenger] C:\Program Files\Lyad Messenger\Lyad Messenger.exe -autostart
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\cy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://fr.msn.com/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvants/tvants1/win32/cab/tvants.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_1_2_1.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe
0
Réponse 23 / 28
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
Salut,

cette infection dont tu es victime est une nouvelle variante et évolue très rapidement ,

je te demanderais donc , pour faire avancer la lutte anti malaware , un petit service .
Celui-ci consiste à regrouper et envoyer certains fichiers ( encore présent sur ton PC ) qui on été créés par le virus, afin que des experts puissent les analyser ...

cela prendra un peu de ton temps , mais permettra à d'autres , dans un futur proche, d'en gagné et de lutter efficament contre ces virus qui polluent le net ...

Je te donne bien évidemment toute la démarche à suivre ... ^^


Dis moi si tu sais faire une archive zip ? ....


0
Réponse 24 / 28
moseus74 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
Oui je sais faire une archive Zip. Mais j'aimerais quels fichier dois je zipper pour les envoyer.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 28
moseus74 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
ComboFix 09-08-03.04 - cy 03/08/2009 22:53.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.447.243 [GMT 0:00]
Running from: c:\documents and settings\cy\Bureau\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\cy\Application Data\BIT141F.tmp
c:\documents and settings\cy\Application Data\BIT1426.tmp
c:\documents and settings\cy\Application Data\tazebama
c:\documents and settings\cy\Application Data\tazebama\tazebama.log
c:\documents and settings\cy\Application Data\tazebama\zPharaoh.dat
c:\documents and settings\cy\Mes documents\cabo\locigiel\Copie de cyber cafe pro 5\cyber cafe pro 5\_desktop.ini
c:\documents and settings\cy\Mes documents\cabo\locigiel\Copie de cyber cafe pro 5\cyber cafe pro 5\AutoPlay\_desktop.ini
c:\documents and settings\cy\Mes documents\cabo\locigiel\Copie de cyber cafe pro 5\cyber cafe pro 5\AutoPlay\Audio\_desktop.ini
c:\documents and settings\cy\Mes documents\cabo\locigiel\Copie de cyber cafe pro 5\cyber cafe pro 5\AutoPlay\Buttons\_desktop.ini
c:\documents and settings\cy\Mes documents\cabo\locigiel\Copie de cyber cafe pro 5\cyber cafe pro 5\AutoPlay\Docs\_desktop.ini
c:\documents and settings\cy\Mes documents\cabo\locigiel\Copie de cyber cafe pro 5\cyber cafe pro 5\AutoPlay\Docs\Crack\_desktop.ini
c:\documents and settings\cy\Mes documents\cabo\locigiel\Copie de cyber cafe pro 5\cyber cafe pro 5\AutoPlay\Images\_desktop.ini
c:\documents and settings\cy\Mes documents\cabo\locigiel\Copie de cyber cafe pro 5\cyber cafe pro 5\AutoPlay\Plugins\_desktop.ini
c:\windows\hinhem.scr
C:\zPharaoh.exe
d:\copie de cyber cafe pro 5\cyber cafe pro 5\_desktop.ini
d:\copie de cyber cafe pro 5\cyber cafe pro 5\AutoPlay\_desktop.ini
d:\copie de cyber cafe pro 5\cyber cafe pro 5\AutoPlay\Audio\_desktop.ini
d:\copie de cyber cafe pro 5\cyber cafe pro 5\AutoPlay\Buttons\_desktop.ini
d:\copie de cyber cafe pro 5\cyber cafe pro 5\AutoPlay\Docs\_desktop.ini
d:\copie de cyber cafe pro 5\cyber cafe pro 5\AutoPlay\Docs\Crack\_desktop.ini
d:\copie de cyber cafe pro 5\cyber cafe pro 5\AutoPlay\Images\_desktop.ini
d:\copie de cyber cafe pro 5\cyber cafe pro 5\AutoPlay\Plugins\_desktop.ini
D:\zPharaoh.exe

----- BITS: Possible infected sites -----

hxxp://videoporntrue.net
Infected copy of c:\windows\system32\mspaint.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\mspaint.exe

Infected copy of c:\windows\system32\notepad.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\notepad.exe

Infected copy of c:\windows\system32\winmine.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\winmine.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-01 18:48 . 2009-08-01 18:48 4078 ----a-w- C:\_OTM.zip
2009-07-30 23:23 . 2009-08-01 18:44 -------- d-----w- C:\_OTM
2009-07-29 11:37 . 2009-07-03 16:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 11:36 . 2009-07-03 16:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-27 23:13 . 2009-08-03 22:01 32768 ----a-w- c:\documents and settings\tazebama.dll
2009-07-27 22:15 . 2009-07-27 23:13 -------- d-----w- C:\UsbFix
2009-07-25 22:48 . 2009-07-25 22:49 -------- d-----w- C:\rsit
2009-07-25 18:51 . 2009-07-25 18:51 -------- d-----w- c:\program files\Trend Micro
2009-07-20 23:12 . 2009-07-20 23:12 -------- d--h--w- c:\documents and settings\cy\Voisinage réseau
2009-07-19 20:58 . 2009-07-19 20:59 -------- d-----w- c:\program files\MSN Messenger
2009-07-19 20:14 . 2009-07-19 20:14 3584 ----a-r- c:\documents and settings\cy\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-07-19 20:14 . 2009-07-19 20:14 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-19 15:50 . 2009-07-19 20:31 -------- d-----w- c:\program files\Windows Live
2009-07-19 15:49 . 2009-07-19 15:49 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-19 15:27 . 2009-07-21 10:27 102400 ----a-r- c:\documents and settings\cy\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
2009-07-16 18:46 . 2009-07-22 19:57 -------- d-----w- c:\documents and settings\cy\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 23:42 . 2009-02-03 13:44 276335 ----a-w- c:\windows\system32\winmine.exe.tmp
2009-08-03 23:39 . 2009-08-03 23:38 -------- d-----w- c:\documents and settings\cy\Application Data\tazebama
2009-08-03 23:38 . 2009-08-03 23:38 224703 --sh--r- C:\zPharaoh.exe
2009-08-03 22:02 . 2009-02-03 16:06 1124 ----a-w- C:\STAT.DAT
2009-08-02 10:16 . 2009-02-04 13:56 560198 ----a-w- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}\x86\DifXInstall32.exe
2009-08-01 09:38 . 2009-02-18 19:23 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 20:24 . 2009-06-22 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-31 20:23 . 2009-06-22 21:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-26 20:31 . 2009-03-05 13:33 -------- d-----w- c:\documents and settings\cy\Application Data\dvdcss
2009-07-24 23:32 . 2001-09-28 12:00 72126 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-24 23:32 . 2001-09-28 12:00 460986 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-19 20:13 . 2009-03-04 22:51 -------- d-----w- c:\program files\MSECache
2009-07-19 17:16 . 2009-06-22 22:41 -------- d-----w- c:\program files\Lavasoft
2009-07-19 16:33 . 2009-02-19 23:03 367023 ----a-w- c:\documents and settings\cy\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-07-19 16:33 . 2009-02-19 23:03 320927 ----a-w- c:\documents and settings\cy\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-07-19 15:27 . 2009-02-19 23:03 392728 ----a-w- c:\documents and settings\cy\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2009-07-14 20:24 . 2009-02-15 11:01 865135 ----a-w- c:\windows\Webshots.scr
2009-07-14 20:24 . 2009-02-15 11:01 865135 ----a-w- c:\windows\Webshots.scr
2009-07-14 20:24 . 2009-02-06 19:39 465127 ----a-w- c:\windows\WLXPGSS.SCR
2009-07-14 20:24 . 2007-03-23 15:34 1753967 ----a-w- c:\windows\stic1690.exe
2009-07-14 20:24 . 1997-01-16 01:00 228207 ----a-w- c:\windows\ST5UNST.EXE
2009-07-14 20:23 . 2009-02-10 18:41 546671 ----a-w- c:\windows\IsUn040c.exe
2009-07-14 20:23 . 2009-02-04 21:08 463215 ----a-w- c:\windows\IsUninst.exe
2009-07-14 20:23 . 2009-02-05 20:13 422767 ----a-w- c:\windows\CMIUninstall.exe
2009-07-14 20:01 . 2009-05-24 16:56 359314 ----a-w- c:\windows\ugnct511.exe
2009-07-06 23:03 . 2009-02-15 11:01 197487 ----a-w- c:\windows\WebshotsUninstall.exe
2009-07-06 23:03 . 2009-02-15 11:01 197487 ----a-w- c:\windows\WebshotsUninstall.exe
2009-07-06 22:10 . 2009-06-21 16:46 3728239 ----a-w- c:\documents and settings\cy\Application Data\U3\temp\Launchpad Removal.exe
2009-07-06 22:10 . 2009-06-21 17:00 336751 ----a-w- c:\documents and settings\cy\Application Data\U3\temp\cleanup.exe
2009-07-06 22:10 . 2007-10-23 10:17 4854639 ----a-w- c:\documents and settings\cy\Application Data\U3\0875701B0D80D245\LaunchPad.exe
2009-07-06 22:10 . 2009-04-02 19:41 7273951 ----a-w- c:\documents and settings\cy\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-fr-A.exe
2009-07-06 22:09 . 2009-06-13 22:50 2113335 ----a-w- c:\documents and settings\cy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-07-06 22:09 . 2009-02-03 15:54 2121527 ----a-w- c:\documents and settings\cy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-06 22:03 . 2009-02-23 18:58 35223751 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_fre_web.exe
2009-07-03 16:57 . 2004-08-19 16:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 09:31 . 2009-06-15 18:40 -------- d-----w- c:\program files\Eset
2009-07-02 18:19 . 2009-05-17 20:02 -------- d-----w- c:\program files\Xvid
2009-07-02 18:16 . 2009-04-27 16:38 -------- d-----w- c:\program files\iMesh Applications
2009-07-02 11:54 . 2009-07-02 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\1CEA
2009-07-02 10:35 . 2009-07-02 10:35 -------- d-----w- c:\documents and settings\cy\Application Data\MSNInstaller
2009-07-01 20:25 . 2009-02-03 15:36 46712 ----a-w- c:\documents and settings\cy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 12:57 . 2009-02-03 16:05 -------- d-----w- c:\program files\CCP Server 5
2009-06-22 22:41 . 2009-06-22 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-21 16:46 . 2009-06-21 16:45 -------- d-----w- c:\documents and settings\cy\Application Data\U3
2009-06-21 10:55 . 2009-06-19 20:18 -------- d-----w- c:\program files\Lyad Messenger
2009-06-19 23:09 . 2004-01-05 17:24 149504 ----a-w- c:\windows\HK2.dat
2009-06-16 14:54 . 2004-08-19 16:09 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:54 . 2001-09-28 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:27 . 2004-08-19 16:09 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 22:17 . 2009-02-23 18:58 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-07 15:43 . 2004-08-19 16:09 347136 ----a-w- c:\windows\system32\localspl.dll
2009-06-13 19:07 . 2009-02-06 21:23 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2009-07-24 5904607]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2009-07-09 1924463]
"Google Update"="c:\documents and settings\cy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-06 359263]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-07-14 639855]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-26 679063]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-09 218520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-07-25 207728]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-08-03 225280]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2006-08-30 352256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9633792]

c:\documents and settings\cy\Menu D‚marrer\Programmes\D‚marrage\
Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2009-2-15 435055]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 309519]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CCP Server 5\\ccpsrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Documents and Settings\\cy\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\MSN Messenger\\usnsvc.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\WINDOWS\\system32\\VTtrayp.exe"=
"c:\\WINDOWS\\system32\\VTTimer.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE"=
"c:\\Program Files\\Webshots\\WebshotsTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Documents and Settings\\tazebama.dl_"=
"c:\\WINDOWS\\WEBSHOTS.SCR"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\UsbFix\\Tools\\Kill.exe"=
"c:\\UsbFix\\Tools\\Kill_P.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\Documents and Settings\\cy\\Bureau\\Nouveau dossier\\RSIT.exe"=
"c:\\ComboFix\\NirCmdC.cfexe"=
"c:\\ComboFix\\NircmdB.exe"=

R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\ntfjlj.sys --> c:\windows\system32\drivers\ntfjlj.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [20/09/2007 17:03 177280]
S3 GNCT511;Genius VideoCAM NB;c:\windows\system32\drivers\gnct511.sys [24/05/2009 16:56 229376]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [21/04/2009 15:36 450583]
.
Contents of the 'Scheduled Tasks' folder

2009-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:14]

2009-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1993962763-725345543-1003Core.job
- c:\documents and settings\cy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-20 22:23]

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1993962763-725345543-1003UA.job
- c:\documents and settings\cy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-20 22:23]

2009-08-04 c:\windows\Tasks\User_Feed_Synchronization-{F7E94DA3-1F73-4BB3-AA2E-34E7D0D3D534}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]

2009-08-03 c:\windows\Tasks\{6DB6A56F-4A5A-4F50-ABE9-D7E8F56F5A17}_SERVEUR_cy.job
- c:\windows\system32\mobsync.exe [2004-08-19 16:09]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{53BCF99A-B7BE-4D6D-B65D-EA2FD115B83F} - (no file)
HKCU-Run-Lyad Messenger - c:\program files\Lyad Messenger\Lyad Messenger.exe
HKLM-Run-Waiting1690 - c:\windows\stid1690.exe
HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://download.tvants.com/pub/tvants/tvants1/win32/cab/tvants.cab
FF - ProfilePath - c:\documents and settings\cy\Application Data\Mozilla\Firefox\Profiles\e1ywi2jc.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIZWG0&q=
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\cy\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 23:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\cy\LOCALS~1\Temp\BIT6.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5924)
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\VIA\RAID\vialogsv.exe
c:\documents and settings\tazebama.dl_
.
**************************************************************************
.
Completion time: 2009-08-03 0:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-04 00:11

Pre-Run: 7 104 397 312 octets libres
Post-Run: 7 085 076 480 octets libres

269 --- E O F --- 2009-08-02 23:23
0
Réponse 26 / 28
moseus74 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by cy at 2009-08-04 00:11:58
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 7 GB (34%) free of 20 GB
Total RAM: 447 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:12:09, on 04/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Documents and Settings\tazebama.dl_
C:\WINDOWS\explorer.exe
C:\Documents and Settings\cy\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\cy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\cy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://fr.msn.com/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvants/tvants1/win32/cab/tvants.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_1_2_1.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe
0
Réponse 27 / 28
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
Re,


Combo laisse filer aussi ...


Peut tu faire un zip de ce dossier > C:\Qoobox

et me faire parvenir l'uplaod vai Cijoint comme l'autre fois ... ( fais moi passer le lien en MP bien sûr ) .... merci ...




Puis fait ceci :

1-Créer un doc texte sur ton bureau :
pointe ta souris sur ton bureau , clique droit : va dans "nouveau" et choisis "document texte" .

* Rends toi sur cette page > https://www.cjoint.com/?iecH5AVkap

* copie/colle tout le texte qui s'y trouve ( et rien d'autre!) dans le fichier texte que tu viens de créer :

* Pour sauvegarder, va dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valide ... ( sauvegarde le bien sur le bureau )


2-Nettoyage :

!! Déconnecte toi, ferme toutes tes applications et désactive TOUTES TES DEFENSES ( tu les réactiveras après ) !!

--->Sur ton bureau, fais glisser avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

(Regarde ici : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide.

Puis patiente le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

!! Ne touches à rien tant que le scan n'est pas terminé !!

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.


Une fois le scan achevé, un rapport va s'afficher : poste le accompagné d' un nouveau rapport RSIT pour analyse ...


( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )

0
Réponse 28 / 28
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
re,

lu le MP ...


est-ce que tu as bien nomé le fichier txt ainsi : CFScript.txt avant de le glisser / déposer sur l'icone de ComboFix ? ....

0

Discussions similaires

" Échec de l'analyse antivirus " la solution.
bazfile -
bazfile -

0 réponse
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
Échec de l'analyse anti virus.
alice1414 -
bazfile -

3 réponses