VIRUS SHEUR2.ATQX
Résolu
grom84
Messages postés
40
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
je suis sous XP SP3, et j'ai un virus qui m'est repéré par AVG8.5 free sous deux formes:
la première apparues est SHEUR2.ATQX et l'autre est HTML/Framer.
Je ne sais pas trop quelle procédure il faut suivre, donc je vous joins le log de combofix et celui de hijackthis.
Combofix dit:
ComboFix 09-07-29.04 - Utilisateur 30/07/2009 23:42.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.466 [GMT 2:00]
Running from: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090730-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NETSIK
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.
2009-07-30 20:56 . 2009-07-30 20:56 -------- d-----w- c:\windows\Sun
2009-07-30 17:28 . 2009-07-30 21:48 61696 ----a-w- c:\windows\system32\drivers\soqwx32.sys
2009-07-29 17:14 . 2009-07-29 17:15 -------- d-----w- c:\program files\Java
2009-07-29 17:13 . 2009-07-29 17:13 -------- d-----w- c:\program files\Fichiers communs\Java
2009-07-28 16:46 . 2009-07-28 16:46 -------- d-----w- c:\program files\CCleaner
2009-07-26 13:42 . 2009-07-26 17:04 342 --s-a-w- c:\windows\system32\1009464937.dat
2009-07-25 09:30 . 2009-07-29 13:14 -------- d-----w- c:\windows\ie8updates
2009-07-25 05:40 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-25 05:40 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-24 18:38 . 2009-07-24 18:38 -------- d-sh--w- c:\documents and settings\Utilisateur\IECompatCache
2009-07-24 18:37 . 2009-07-24 18:37 -------- d-sh--w- c:\documents and settings\Utilisateur\PrivacIE
2009-07-24 16:49 . 2009-07-24 16:49 -------- d-sh--w- c:\documents and settings\Utilisateur\IETldCache
2009-07-24 16:41 . 2009-07-24 16:42 -------- dc-h--w- c:\windows\ie8
2009-07-23 19:44 . 2009-07-23 19:45 -------- d-----w- C:\wamp
2009-07-23 08:39 . 2009-07-23 08:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-07-20 16:06 . 2009-07-20 16:07 -------- d-----w- c:\program files\QuickTime
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Apple
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\program files\Apple Software Update
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Apple Computer
2009-07-20 15:00 . 2009-07-26 12:51 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\gtk-2.0
2009-07-20 14:56 . 2009-07-20 14:56 -------- d-----w- c:\documents and settings\Utilisateur\.thumbnails
2009-07-20 14:16 . 2009-07-20 14:16 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2009-07-20 14:16 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-20 14:16 . 2009-07-20 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-20 14:16 . 2009-07-20 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-20 14:16 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-20 14:13 . 2009-07-28 16:46 -------- d-----w- c:\program files\trend micro
2009-07-20 14:13 . 2009-07-20 14:13 -------- d-----w- C:\rsit
2009-07-20 14:04 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-20 14:03 . 2009-07-20 14:03 -------- d-----w- c:\program files\Panda Security
2009-07-20 10:18 . 2009-07-28 18:34 -------- d-----w- c:\windows\BDOSCAN8
2009-07-20 09:06 . 2009-07-20 09:06 -------- d-----w- C:\bcf82c9e229cea2691fbab5839
2009-07-20 07:46 . 2009-07-30 20:36 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-20 07:40 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-20 07:40 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-20 07:40 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-20 07:40 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-20 07:40 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-20 07:40 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-20 07:40 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-20 07:40 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-20 07:40 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-20 07:40 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-07-20 07:40 . 2009-07-20 07:40 -------- d-----w- c:\program files\Alwil Software
2009-07-20 07:38 . 2009-07-20 07:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-20 07:38 . 2009-07-20 07:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-20 07:38 . 2009-07-20 07:38 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-20 07:38 . 2009-07-20 07:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-20 07:38 . 2009-07-30 21:33 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-20 07:38 . 2009-07-20 07:38 -------- d-----w- c:\program files\AVG
2009-07-20 07:38 . 2009-07-20 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-18 20:02 . 2009-07-18 20:02 -------- d--h--w- c:\windows\PIF
2009-07-17 19:58 . 2009-07-17 19:58 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-17 19:39 . 2009-07-26 12:55 -------- d-----w- c:\documents and settings\Utilisateur\.gimp-2.6
2009-07-17 19:39 . 2009-07-17 19:39 -------- d-----w- c:\documents and settings\Utilisateur\.gegl-0.0
2009-07-17 19:39 . 2009-07-17 19:39 -------- d-----w- c:\program files\GIMP-2.0
2009-07-17 19:10 . 2009-07-17 19:10 0 ----a-w- c:\windows\nsreg.dat
2009-07-17 16:04 . 2009-07-17 16:04 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Mozilla
2009-07-17 16:04 . 2009-07-30 21:18 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Notepad++
2009-07-17 16:04 . 2009-07-30 21:09 -------- d-----w- c:\program files\Notepad++
2009-07-17 15:39 . 2009-07-20 14:53 -------- d-----w- c:\program files\ma-config.com
2009-07-17 15:39 . 2009-07-20 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-07-17 14:53 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-17 14:53 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-17 14:53 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-17 14:53 . 2009-02-09 10:53 735744 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-17 14:53 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-17 14:53 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-17 14:53 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-17 14:53 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-17 14:53 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-17 14:51 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-07-17 14:50 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 21:17 . 2008-10-06 15:49 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\FileZilla
2009-07-26 13:59 . 2008-02-15 10:24 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-07-18 18:51 . 2008-01-10 16:58 64440 ----a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 19:25 . 2008-01-21 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-17 15:39 . 2004-08-05 12:00 85058 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-17 15:39 . 2004-08-05 12:00 511154 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-17 14:49 . 2008-01-21 07:30 -------- d-----w- c:\program files\Google
2009-07-03 16:57 . 2004-08-05 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:33 . 2004-08-05 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2008-05-16 15:34 . 2008-05-16 15:34 15397 ----a-w- c:\program files\settings.dat
2009-07-15 22:31 . 2009-07-17 16:04 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-21 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-07-27 1644784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-20 1948440]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
ikowin32.exe [2008-4-14 22528]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-20 07:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [20/07/2009 16:04 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/07/2009 09:40 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/07/2009 09:38 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/07/2009 09:38 108552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/07/2009 09:40 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/07/2009 09:38 298776]
S2 avg8wdAppMgmt;AVG Free8 WatchDog avg8wdAppMgmt;c:\windows\system32\1042j.exe srv --> c:\windows\system32\1042j.exe srv [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-21 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\zuyo9a0x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 23:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\soqwx32]
"ImagePath"="\??\c:\windows\system32\drivers\soqwx32.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2180)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Java\jre1.5.0_03\bin\jucheck.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\windows\Temp\wpv941248906516.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-07-30 23:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 21:50
Pre-Run: 211 753 279 488 octets libres
Post-Run: 211 703 480 320 octets libres
276 --- E O F --- 2009-07-29 13:14
et hijackthis dit:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54:16, on 30/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG Free8 WatchDog avg8wdAppMgmt (avg8wdAppMgmt) - Unknown owner - C:\WINDOWS\system32\1042j.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
je suis sous XP SP3, et j'ai un virus qui m'est repéré par AVG8.5 free sous deux formes:
la première apparues est SHEUR2.ATQX et l'autre est HTML/Framer.
Je ne sais pas trop quelle procédure il faut suivre, donc je vous joins le log de combofix et celui de hijackthis.
Combofix dit:
ComboFix 09-07-29.04 - Utilisateur 30/07/2009 23:42.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.466 [GMT 2:00]
Running from: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090730-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NETSIK
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.
2009-07-30 20:56 . 2009-07-30 20:56 -------- d-----w- c:\windows\Sun
2009-07-30 17:28 . 2009-07-30 21:48 61696 ----a-w- c:\windows\system32\drivers\soqwx32.sys
2009-07-29 17:14 . 2009-07-29 17:15 -------- d-----w- c:\program files\Java
2009-07-29 17:13 . 2009-07-29 17:13 -------- d-----w- c:\program files\Fichiers communs\Java
2009-07-28 16:46 . 2009-07-28 16:46 -------- d-----w- c:\program files\CCleaner
2009-07-26 13:42 . 2009-07-26 17:04 342 --s-a-w- c:\windows\system32\1009464937.dat
2009-07-25 09:30 . 2009-07-29 13:14 -------- d-----w- c:\windows\ie8updates
2009-07-25 05:40 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-25 05:40 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-24 18:38 . 2009-07-24 18:38 -------- d-sh--w- c:\documents and settings\Utilisateur\IECompatCache
2009-07-24 18:37 . 2009-07-24 18:37 -------- d-sh--w- c:\documents and settings\Utilisateur\PrivacIE
2009-07-24 16:49 . 2009-07-24 16:49 -------- d-sh--w- c:\documents and settings\Utilisateur\IETldCache
2009-07-24 16:41 . 2009-07-24 16:42 -------- dc-h--w- c:\windows\ie8
2009-07-23 19:44 . 2009-07-23 19:45 -------- d-----w- C:\wamp
2009-07-23 08:39 . 2009-07-23 08:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-07-20 16:06 . 2009-07-20 16:07 -------- d-----w- c:\program files\QuickTime
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Apple
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\program files\Apple Software Update
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Apple Computer
2009-07-20 15:00 . 2009-07-26 12:51 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\gtk-2.0
2009-07-20 14:56 . 2009-07-20 14:56 -------- d-----w- c:\documents and settings\Utilisateur\.thumbnails
2009-07-20 14:16 . 2009-07-20 14:16 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2009-07-20 14:16 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-20 14:16 . 2009-07-20 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-20 14:16 . 2009-07-20 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-20 14:16 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-20 14:13 . 2009-07-28 16:46 -------- d-----w- c:\program files\trend micro
2009-07-20 14:13 . 2009-07-20 14:13 -------- d-----w- C:\rsit
2009-07-20 14:04 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-20 14:03 . 2009-07-20 14:03 -------- d-----w- c:\program files\Panda Security
2009-07-20 10:18 . 2009-07-28 18:34 -------- d-----w- c:\windows\BDOSCAN8
2009-07-20 09:06 . 2009-07-20 09:06 -------- d-----w- C:\bcf82c9e229cea2691fbab5839
2009-07-20 07:46 . 2009-07-30 20:36 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-20 07:40 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-20 07:40 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-20 07:40 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-20 07:40 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-20 07:40 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-20 07:40 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-20 07:40 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-20 07:40 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-20 07:40 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-20 07:40 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-07-20 07:40 . 2009-07-20 07:40 -------- d-----w- c:\program files\Alwil Software
2009-07-20 07:38 . 2009-07-20 07:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-20 07:38 . 2009-07-20 07:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-20 07:38 . 2009-07-20 07:38 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-20 07:38 . 2009-07-20 07:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-20 07:38 . 2009-07-30 21:33 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-20 07:38 . 2009-07-20 07:38 -------- d-----w- c:\program files\AVG
2009-07-20 07:38 . 2009-07-20 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-18 20:02 . 2009-07-18 20:02 -------- d--h--w- c:\windows\PIF
2009-07-17 19:58 . 2009-07-17 19:58 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-17 19:39 . 2009-07-26 12:55 -------- d-----w- c:\documents and settings\Utilisateur\.gimp-2.6
2009-07-17 19:39 . 2009-07-17 19:39 -------- d-----w- c:\documents and settings\Utilisateur\.gegl-0.0
2009-07-17 19:39 . 2009-07-17 19:39 -------- d-----w- c:\program files\GIMP-2.0
2009-07-17 19:10 . 2009-07-17 19:10 0 ----a-w- c:\windows\nsreg.dat
2009-07-17 16:04 . 2009-07-17 16:04 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Mozilla
2009-07-17 16:04 . 2009-07-30 21:18 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Notepad++
2009-07-17 16:04 . 2009-07-30 21:09 -------- d-----w- c:\program files\Notepad++
2009-07-17 15:39 . 2009-07-20 14:53 -------- d-----w- c:\program files\ma-config.com
2009-07-17 15:39 . 2009-07-20 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-07-17 14:53 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-17 14:53 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-17 14:53 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-17 14:53 . 2009-02-09 10:53 735744 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-17 14:53 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-17 14:53 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-17 14:53 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-17 14:53 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-17 14:53 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-17 14:51 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-07-17 14:50 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 21:17 . 2008-10-06 15:49 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\FileZilla
2009-07-26 13:59 . 2008-02-15 10:24 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-07-18 18:51 . 2008-01-10 16:58 64440 ----a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 19:25 . 2008-01-21 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-17 15:39 . 2004-08-05 12:00 85058 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-17 15:39 . 2004-08-05 12:00 511154 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-17 14:49 . 2008-01-21 07:30 -------- d-----w- c:\program files\Google
2009-07-03 16:57 . 2004-08-05 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:33 . 2004-08-05 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2008-05-16 15:34 . 2008-05-16 15:34 15397 ----a-w- c:\program files\settings.dat
2009-07-15 22:31 . 2009-07-17 16:04 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-21 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-07-27 1644784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-20 1948440]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
ikowin32.exe [2008-4-14 22528]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-20 07:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [20/07/2009 16:04 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/07/2009 09:40 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/07/2009 09:38 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/07/2009 09:38 108552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/07/2009 09:40 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/07/2009 09:38 298776]
S2 avg8wdAppMgmt;AVG Free8 WatchDog avg8wdAppMgmt;c:\windows\system32\1042j.exe srv --> c:\windows\system32\1042j.exe srv [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-21 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\zuyo9a0x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 23:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\soqwx32]
"ImagePath"="\??\c:\windows\system32\drivers\soqwx32.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2180)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Java\jre1.5.0_03\bin\jucheck.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\windows\Temp\wpv941248906516.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-07-30 23:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 21:50
Pre-Run: 211 753 279 488 octets libres
Post-Run: 211 703 480 320 octets libres
276 --- E O F --- 2009-07-29 13:14
et hijackthis dit:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54:16, on 30/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG Free8 WatchDog avg8wdAppMgmt (avg8wdAppMgmt) - Unknown owner - C:\WINDOWS\system32\1042j.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
A voir également:
- VIRUS SHEUR2.ATQX
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Virus informatique - Guide
76 réponses
Gen,
mon disque dur qui est protégé en écriture du coup je n'ai pas accès à tous mes programmes.
G-rom
mon disque dur qui est protégé en écriture du coup je n'ai pas accès à tous mes programmes.
G-rom
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voyons voir si tu n'as pas des restes d'avast qui ne feraient pas conflit :
==> Télécharge OAD (de Laur3n7!)
- Enregistre le sur ton bureau
Double clique sur le OAD pour le lancer
- nom de fichier à rechercher ,tape : AVAST
- Type de recherche : sélectionne l'option 6 puis valide [entree]
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.
- Fais un copier / coller de ce rapport dans ton prochain post.
Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient
ensuite :
Fais de meme avec le mot ALWIL
==> Télécharge OAD (de Laur3n7!)
- Enregistre le sur ton bureau
Double clique sur le OAD pour le lancer
- nom de fichier à rechercher ,tape : AVAST
- Type de recherche : sélectionne l'option 6 puis valide [entree]
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.
- Fais un copier / coller de ce rapport dans ton prochain post.
Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient
ensuite :
Fais de meme avec le mot ALWIL
Gen,
Pour Avast:
02/08/2009 ---- 1:16:30,17
----------------------------------
§§§§§§ [AVAST] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
[HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software\Avast]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AAVMKER4\0000]
"DeviceDesc"="avast! Asynchronous Virus Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWMON2\0000]
"DeviceDesc"="avast! Standard Shield Support"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWSP\0000]
"DeviceDesc"="avast! Self Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWTDI\0000]
"DeviceDesc"="avast! Network Shield Support"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AAVMKER4\0000]
"DeviceDesc"="avast! Asynchronous Virus Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWMON2\0000]
"DeviceDesc"="avast! Standard Shield Support"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWSP\0000]
"DeviceDesc"="avast! Self Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWTDI\0000]
"DeviceDesc"="avast! Network Shield Support"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AAVMKER4\0000]
"DeviceDesc"="avast! Asynchronous Virus Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMON2\0000]
"DeviceDesc"="avast! Standard Shield Support"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWSP\0000]
"DeviceDesc"="avast! Self Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWTDI\0000]
"DeviceDesc"="avast! Network Shield Support"
[HKEY_USERS\S-1-5-21-1177238915-963894560-839522115-1004\Software\ALWIL Software\Avast]
[HKEY_USERS\S-1-5-21-1177238915-963894560-839522115-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\Utilisateur\\Bureau\\aswclear.exe"="avast! Antivirus Removal Tool"
*******************
[Fichier]
*******************
c:\WINDOWS\Prefetch\AVAST.SETUP-032170A8.pf
*********************
[Même date]
*********************
[20/07/2009 ] --- REP ---> C:\Program Files\Apple Software Update
[20/07/2009 ] --- REP ---> C:\Program Files\AVG
[20/07/2009 ] --- REP ---> C:\Program Files\Malwarebytes' Anti-Malware
[20/07/2009 ] --- REP ---> C:\Program Files\Panda Security
[20/07/2009 ] --- REP ---> C:\Program Files\QuickTime
[20/07/2009 ] --- REP ---> C:\Program Files\trend micro
[20/07/2009 ] ---> C:\WINDOWS\system32\avgrsstx.dll
[20/07/2009 ] ---> C:\WINDOWS\system32\drivers\avgldx86.sys
[20/07/2009 ] ---> C:\WINDOWS\system32\drivers\avgmfx86.sys
[20/07/2009 ] ---> C:\WINDOWS\system32\drivers\avgtdix.sys
[20/07/2009 ] ---> C:\WINDOWS\system32\drivers\mbam.sys
[20/07/2009 ] ---> C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[20/07/2009 ] ---> C:\WINDOWS\system32\drivers\pavboot.sys
[20/07/2009 ] ---> C:\WINDOWS\system32\MFC71.dll
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
et pour Alwil:
02/08/2009 ---- 1:17:36,56
----------------------------------
§§§§§§ [ALWIL] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
[HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software\Avast]
[HKEY_USERS\S-1-5-21-1177238915-963894560-839522115-1004\Software\ALWIL Software]
[HKEY_USERS\S-1-5-21-1177238915-963894560-839522115-1004\Software\ALWIL Software\Avast]
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
G-ROM
Pour Avast:
02/08/2009 ---- 1:16:30,17
----------------------------------
§§§§§§ [AVAST] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
[HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software\Avast]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AAVMKER4\0000]
"DeviceDesc"="avast! Asynchronous Virus Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWMON2\0000]
"DeviceDesc"="avast! Standard Shield Support"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWSP\0000]
"DeviceDesc"="avast! Self Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWTDI\0000]
"DeviceDesc"="avast! Network Shield Support"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AAVMKER4\0000]
"DeviceDesc"="avast! Asynchronous Virus Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWMON2\0000]
"DeviceDesc"="avast! Standard Shield Support"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWSP\0000]
"DeviceDesc"="avast! Self Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWTDI\0000]
"DeviceDesc"="avast! Network Shield Support"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AAVMKER4\0000]
"DeviceDesc"="avast! Asynchronous Virus Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMON2\0000]
"DeviceDesc"="avast! Standard Shield Support"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWSP\0000]
"DeviceDesc"="avast! Self Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWTDI\0000]
"DeviceDesc"="avast! Network Shield Support"
[HKEY_USERS\S-1-5-21-1177238915-963894560-839522115-1004\Software\ALWIL Software\Avast]
[HKEY_USERS\S-1-5-21-1177238915-963894560-839522115-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\Utilisateur\\Bureau\\aswclear.exe"="avast! Antivirus Removal Tool"
*******************
[Fichier]
*******************
c:\WINDOWS\Prefetch\AVAST.SETUP-032170A8.pf
*********************
[Même date]
*********************
[20/07/2009 ] --- REP ---> C:\Program Files\Apple Software Update
[20/07/2009 ] --- REP ---> C:\Program Files\AVG
[20/07/2009 ] --- REP ---> C:\Program Files\Malwarebytes' Anti-Malware
[20/07/2009 ] --- REP ---> C:\Program Files\Panda Security
[20/07/2009 ] --- REP ---> C:\Program Files\QuickTime
[20/07/2009 ] --- REP ---> C:\Program Files\trend micro
[20/07/2009 ] ---> C:\WINDOWS\system32\avgrsstx.dll
[20/07/2009 ] ---> C:\WINDOWS\system32\drivers\avgldx86.sys
[20/07/2009 ] ---> C:\WINDOWS\system32\drivers\avgmfx86.sys
[20/07/2009 ] ---> C:\WINDOWS\system32\drivers\avgtdix.sys
[20/07/2009 ] ---> C:\WINDOWS\system32\drivers\mbam.sys
[20/07/2009 ] ---> C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[20/07/2009 ] ---> C:\WINDOWS\system32\drivers\pavboot.sys
[20/07/2009 ] ---> C:\WINDOWS\system32\MFC71.dll
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
et pour Alwil:
02/08/2009 ---- 1:17:36,56
----------------------------------
§§§§§§ [ALWIL] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
[HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software\Avast]
[HKEY_USERS\S-1-5-21-1177238915-963894560-839522115-1004\Software\ALWIL Software]
[HKEY_USERS\S-1-5-21-1177238915-963894560-839522115-1004\Software\ALWIL Software\Avast]
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
G-ROM
et bien on peut dire que leur desinstalleur est efficace !!! il enleve meme pas les services :(
aussi efficace que l antivirus lol
Double clic sur OTL.exe pour le lancer.
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans la zone sous Customs Scans/Fixes
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
TeaTimer.exe
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software]
[-HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software\Avast]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AAVMKER4]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWMON2]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWSP]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWTDI]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AAVMKER4]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWMON2]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWSP]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWTDI]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AAVMKER4]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMON2]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWSP]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWTDI\0000]
[-HKEY_USERS\S-1-5-21-1177238915-963894560-839522115-1004\Software\ALWIL Software]
:files
c:\WINDOWS\Prefetch\AVAST.SETUP-032170A8.pf
:commands
[emptytemp]
[reboot]
Clique sur RunFix pour lancer la suppression.
Poste le rapport.
aussi efficace que l antivirus lol
Double clic sur OTL.exe pour le lancer.
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans la zone sous Customs Scans/Fixes
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
TeaTimer.exe
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software]
[-HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software\Avast]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AAVMKER4]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWMON2]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWSP]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWTDI]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AAVMKER4]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWMON2]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWSP]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWTDI]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AAVMKER4]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMON2]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWSP]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWTDI\0000]
[-HKEY_USERS\S-1-5-21-1177238915-963894560-839522115-1004\Software\ALWIL Software]
:files
c:\WINDOWS\Prefetch\AVAST.SETUP-032170A8.pf
:commands
[emptytemp]
[reboot]
Clique sur RunFix pour lancer la suppression.
Poste le rapport.
Gen,
Voilà le rapport:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named TeaTimer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software\Avast\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AAVMKER4\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWMON2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWSP\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWTDI\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AAVMKER4\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWMON2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWSP\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWTDI\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AAVMKER4\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMON2\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWSP\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWTDI\0000\ not found.
Registry key HKEY_USERS\S-1-5-21-1177238915-963894560-839522115-1004\Software\ALWIL Software\ deleted successfully.
========== FILES ==========
c:\WINDOWS\Prefetch\AVAST.SETUP-032170A8.pf moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: Utilisateur
->Temp folder emptied: 36393973 bytes
->Temporary Internet Files folder emptied: 823637 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13270027 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 48,21 mb
OTL by OldTimer - Version 3.0.10.3 log created on 08022009_090742
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
G-rom
Voilà le rapport:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named TeaTimer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software\Avast\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AAVMKER4\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWMON2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWSP\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWTDI\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AAVMKER4\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWMON2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWSP\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWTDI\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AAVMKER4\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMON2\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWSP\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWTDI\0000\ not found.
Registry key HKEY_USERS\S-1-5-21-1177238915-963894560-839522115-1004\Software\ALWIL Software\ deleted successfully.
========== FILES ==========
c:\WINDOWS\Prefetch\AVAST.SETUP-032170A8.pf moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: Utilisateur
->Temp folder emptied: 36393973 bytes
->Temporary Internet Files folder emptied: 823637 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13270027 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 48,21 mb
OTL by OldTimer - Version 3.0.10.3 log created on 08022009_090742
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
G-rom
Gen,
g pas de extras.txt seulement otl.xt:
http://www.cijoint.fr/cjlink.php?file=cj200908/cijbhE4tFR.txt
dis moi quoi faire pour retrouver mes programmes?
G-rom
PS: désolé pour le contretemps
g pas de extras.txt seulement otl.xt:
http://www.cijoint.fr/cjlink.php?file=cj200908/cijbhE4tFR.txt
dis moi quoi faire pour retrouver mes programmes?
G-rom
PS: désolé pour le contretemps
Gen,
bah en fai tous,
certains ne sont pas accessibles comme Coala(mais je m'en moque), Cyberlink DVD suite, filezilla, Gimp, Nero 7 Essentials, Word Excell, Powerpoint Access, Pdf, Soundmax, pdf. Ceux la ne sont pas accessibles.
Les autres fonctionnent partiellement par exemple mon AVG8.5 marche mais aucun composant ne lui semble installé ce qui fait que si je lance la mise à jour bah il se passe nada.
C'est ce que je disais au départ, j'ai Msn qui se lance en direct dans windows et puis j'ai Windows installer qui cherche à l'installer à l'ouverture mais n'arrive pas à créer le Fichier Dossier communs.
En gros la m----e. Je crois que DD est bloqué en ecriture bloque tous mes programmes.
mais lol je préfère en rire
G-rom
bah en fai tous,
certains ne sont pas accessibles comme Coala(mais je m'en moque), Cyberlink DVD suite, filezilla, Gimp, Nero 7 Essentials, Word Excell, Powerpoint Access, Pdf, Soundmax, pdf. Ceux la ne sont pas accessibles.
Les autres fonctionnent partiellement par exemple mon AVG8.5 marche mais aucun composant ne lui semble installé ce qui fait que si je lance la mise à jour bah il se passe nada.
C'est ce que je disais au départ, j'ai Msn qui se lance en direct dans windows et puis j'ai Windows installer qui cherche à l'installer à l'ouverture mais n'arrive pas à créer le Fichier Dossier communs.
En gros la m----e. Je crois que DD est bloqué en ecriture bloque tous mes programmes.
mais lol je préfère en rire
G-rom
