Infecté PAR :NAVISOFT@
ravenfire
Messages postés
11
Statut
Membre
-
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Bonjour,je suis infecté parNaviSoft@ j'ai besoin d'aide pour l'eradiquer svpppppp???????. voici mon log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-08-12 02:05:35
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 52 GB (74%) free of 70 GB
Total RAM: 1014 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:05:41, on 12/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Administrateur\Mes documents\raven\RSIT.exe
C:\Documents and Settings\Administrateur\Mes documents\raven\Administrateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = {{ NaviSoft@ }} is controlling your computer to destroy it, THANK !
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NaviSoft@] C:\WINDOWS\NaviSoft@.vbs
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{42495228-A7AC-4824-B3AD-D9D73C01703F}: NameServer = 213.136.96.2 213.136.96.37
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ocitnet.ci,intranet.orange.ci
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ocitnet.ci,intranet.orange.ci
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate1c98af82bdd58be) (gupdate1c98af82bdd58be) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 11177 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{DA19EBB1-BEA2-40D7-AE4D-0D6A8F10AB18}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-03-13 908528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-02-02 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-26 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-07-27 761840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-26 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2009-03-13 165616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-03-13 908528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-08-25 94208]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2005-09-27 139320]
"Network Associates Error Reporting Service"=C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-07-01 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-07-01 170520]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-07-01 141848]
"LayoutM"=C:\WINDOWS\KLayMgr.exe [2004-08-26 45056]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"NaviSoft@"=C:\WINDOWS\NaviSoft@.vbs [2009-08-12 6706]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-01-28 4363504]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-02-02 23975720]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-09 39408]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-27 212992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Administrateur\Mes documents\raven\desmume_sse2.exe"="C:\Documents and Settings\Administrateur\Mes documents\raven\desmume_sse2.exe:*:Disabled:desmume_sse2"
"C:\Documents and Settings\Administrateur\Mes documents\raven\desmume.exe"="C:\Documents and Settings\Administrateur\Mes documents\raven\desmume.exe:*:Disabled:desmume"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c750b16-edd6-11dd-ab99-002264271f4f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
shell\Ouvrir\command - F:\log.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2b92367-ed3c-11dd-ab8d-e3d2acfee452}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
shell\Ouvrir\command - G:\log.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b99fabb3-eeea-11dd-ab9d-4d6564696130}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
shell\Ouvrir\command - F:\log.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5a0376a-7ae1-11de-ac5f-4d6564696130}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe NaviSoft@.vbs
======List of files/folders created in the last 2 months======
2009-08-12 01:37:40 ----D---- C:\Program Files\Navilog1
2009-08-12 00:29:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-12 00:29:46 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-11 23:47:09 ----A---- C:\TB.txt
2009-08-11 23:46:01 ----D---- C:\ToolBar SD
2009-08-11 23:36:48 ----D---- C:\Program Files\trend micro
2009-08-11 23:36:47 ----D---- C:\rsit
2009-08-11 19:12:06 ----RASH---- C:\WINDOWS\NaviSoft@.vbs
2009-08-11 19:12:06 ----RASH---- C:\NaviSoft@.vbs
2009-08-11 14:43:48 ----A---- C:\Documents and Settings\Administrateur\Application Data\temp4741.txt
2009-08-10 10:47:15 ----D---- C:\WINDOWS\Logs
2009-08-10 10:47:13 ----D---- C:\Program Files\OpenAL
2009-08-10 10:47:13 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-08-10 10:47:13 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-08-10 10:44:43 ----D---- C:\Documents and Settings\Administrateur\Application Data\VBA-M
2009-08-10 10:44:43 ----D---- C:\Documents and Settings\Administrateur\Application Data\iDeaS
2009-08-06 19:00:40 ----A---- C:\WINDOWS\system32\d3dx9_41.dll
2009-08-04 22:03:09 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-04 22:03:09 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-04 22:03:09 ----A---- C:\WINDOWS\system32\java.exe
2009-08-02 20:08:57 ----D---- C:\WINDOWS\4DCA27399D164B55808CE72CD70A5BD3.TMP
2009-08-01 23:25:49 ----A---- C:\WINDOWS\HFVExplorer.INI
2009-07-31 07:49:53 ----D---- C:\WINDOWS\system32\appmgmt
2009-07-28 13:36:11 ----D---- C:\Program Files\WinDS PRO
2009-07-18 09:31:21 ----A---- C:\yahoo_firefox_3.5.1_setup_fr.exe
2009-07-15 22:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 22:43:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 22:41:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-04 12:50:20 ----D---- C:\Program Files\WinRAR
2009-07-04 11:47:14 ----D---- C:\WINDOWS\ie8updates
2009-07-04 11:44:00 ----HDC---- C:\WINDOWS\ie8
2009-06-29 08:46:30 ----D---- C:\unzipped
2009-06-27 21:04:06 ----D---- C:\Documents and Settings\Administrateur\Application Data\Help
2009-06-27 20:59:40 ----D---- C:\Documents and Settings\Administrateur\Application Data\DriverCure
2009-06-27 20:59:33 ----D---- C:\Program Files\Fichiers communs\ParetoLogic
2009-06-27 20:59:33 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-06-27 20:59:33 ----D---- C:\Documents and Settings\All Users\Application Data\DriverCure
2009-06-27 18:18:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-27 18:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-27 18:16:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-27 18:16:08 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-24 14:29:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\Ahead
2009-06-22 08:57:48 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2009-06-20 12:29:20 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc
======List of files/folders modified in the last 2 months======
2009-08-12 01:56:03 ----D---- C:\Program Files\Mozilla Firefox
2009-08-12 01:54:05 ----D---- C:\WINDOWS\Prefetch
2009-08-12 01:48:52 ----D---- C:\Documents and Settings\Administrateur\Application Data\Skype
2009-08-12 01:37:40 ----RD---- C:\Program Files
2009-08-11 23:51:20 ----D---- C:\WINDOWS\Temp
2009-08-11 23:30:36 ----SD---- C:\WINDOWS\Tasks
2009-08-11 23:27:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-11 23:24:58 ----SHD---- C:\WINDOWS\Installer
2009-08-11 23:12:20 ----D---- C:\Documents and Settings\Administrateur\Application Data\skypePM
2009-08-11 20:44:38 ----D---- C:\WINDOWS\network diagnostic
2009-08-11 20:42:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-11 19:12:06 ----D---- C:\WINDOWS
2009-08-11 14:46:51 ----A---- C:\WINDOWS\win.ini
2009-08-10 21:54:04 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-08-10 10:47:25 ----HD---- C:\WINDOWS\inf
2009-08-10 10:47:13 ----D---- C:\WINDOWS\system32
2009-08-10 10:47:09 ----D---- C:\WINDOWS\WinSxS
2009-08-08 18:53:17 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-05 07:39:18 ----SHD---- C:\WINDOWS\CSC
2009-08-04 22:02:40 ----D---- C:\Program Files\Java
2009-08-04 09:38:48 ----SHD---- C:\WINDOWS\system32\bycool1
2009-08-04 09:38:37 ----SHD---- C:\WINDOWS\system32\bycool
2009-08-02 18:40:11 ----D---- C:\WINDOWS\system32\drivers
2009-07-31 12:40:19 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-07-29 23:17:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-29 23:17:01 ----D---- C:\Program Files\Internet Explorer
2009-07-29 23:16:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-22 23:51:24 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-07-19 18:45:00 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 13:15:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-15 22:43:32 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-15 22:43:19 ----A---- C:\WINDOWS\imsins.BAK
2009-07-07 15:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-04 11:49:29 ----D---- C:\WINDOWS\system32\fr-fr
2009-07-04 11:49:29 ----D---- C:\WINDOWS\Media
2009-07-04 11:49:29 ----D---- C:\WINDOWS\Help
2009-07-03 16:57:51 ----A---- C:\WINDOWS\system32\wininet.dll
2009-07-03 16:57:51 ----A---- C:\WINDOWS\system32\occache.dll
2009-07-03 16:57:50 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-03 16:57:46 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-07-03 16:57:46 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-03 16:57:46 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-03 16:57:46 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-03 16:57:44 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-07-03 16:57:41 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 11:01:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-28 21:26:11 ----D---- C:\Program Files\Google
2009-06-27 21:04:06 ----D---- C:\Program Files\WinZip
2009-06-27 20:59:33 ----D---- C:\Program Files\Fichiers communs
2009-06-16 14:40:01 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 14:40:01 ----A---- C:\WINDOWS\system32\fontsub.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-08-25 58016]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 e4usbaw;USB ADSL2 WAN Adapter; C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-27 6023072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-07 4739072]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-08-25 108256]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys); C:\WINDOWS\System32\Drivers\e4ldr.sys [2007-01-04 69656]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 HPKBCCID;HP Keyboard Smart Card Driver; C:\WINDOWS\system32\DRIVERS\HPKBCCID.sys [2006-11-07 46976]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2009-08-02 4096]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 STC2DFU;STCII DFU Adapter; C:\WINDOWS\system32\DRIVERS\Stc2Dfu.SYS [2004-10-25 7796]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2004-08-04 1445912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2005-09-27 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-08-25 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-08-25 28672]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 gupdate1c98af82bdd58be;Google Update Service (gupdate1c98af82bdd58be); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-09 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-30 183280]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-08-12 02:05:35
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 52 GB (74%) free of 70 GB
Total RAM: 1014 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:05:41, on 12/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Administrateur\Mes documents\raven\RSIT.exe
C:\Documents and Settings\Administrateur\Mes documents\raven\Administrateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = {{ NaviSoft@ }} is controlling your computer to destroy it, THANK !
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NaviSoft@] C:\WINDOWS\NaviSoft@.vbs
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{42495228-A7AC-4824-B3AD-D9D73C01703F}: NameServer = 213.136.96.2 213.136.96.37
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ocitnet.ci,intranet.orange.ci
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ocitnet.ci,intranet.orange.ci
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate1c98af82bdd58be) (gupdate1c98af82bdd58be) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 11177 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{DA19EBB1-BEA2-40D7-AE4D-0D6A8F10AB18}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-03-13 908528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-02-02 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-26 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-07-27 761840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-26 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2009-03-13 165616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-03-13 908528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-08-25 94208]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2005-09-27 139320]
"Network Associates Error Reporting Service"=C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-07-01 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-07-01 170520]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-07-01 141848]
"LayoutM"=C:\WINDOWS\KLayMgr.exe [2004-08-26 45056]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"NaviSoft@"=C:\WINDOWS\NaviSoft@.vbs [2009-08-12 6706]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-01-28 4363504]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-02-02 23975720]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-09 39408]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-27 212992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Administrateur\Mes documents\raven\desmume_sse2.exe"="C:\Documents and Settings\Administrateur\Mes documents\raven\desmume_sse2.exe:*:Disabled:desmume_sse2"
"C:\Documents and Settings\Administrateur\Mes documents\raven\desmume.exe"="C:\Documents and Settings\Administrateur\Mes documents\raven\desmume.exe:*:Disabled:desmume"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c750b16-edd6-11dd-ab99-002264271f4f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
shell\Ouvrir\command - F:\log.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2b92367-ed3c-11dd-ab8d-e3d2acfee452}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
shell\Ouvrir\command - G:\log.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b99fabb3-eeea-11dd-ab9d-4d6564696130}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
shell\Ouvrir\command - F:\log.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5a0376a-7ae1-11de-ac5f-4d6564696130}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe NaviSoft@.vbs
======List of files/folders created in the last 2 months======
2009-08-12 01:37:40 ----D---- C:\Program Files\Navilog1
2009-08-12 00:29:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-12 00:29:46 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-11 23:47:09 ----A---- C:\TB.txt
2009-08-11 23:46:01 ----D---- C:\ToolBar SD
2009-08-11 23:36:48 ----D---- C:\Program Files\trend micro
2009-08-11 23:36:47 ----D---- C:\rsit
2009-08-11 19:12:06 ----RASH---- C:\WINDOWS\NaviSoft@.vbs
2009-08-11 19:12:06 ----RASH---- C:\NaviSoft@.vbs
2009-08-11 14:43:48 ----A---- C:\Documents and Settings\Administrateur\Application Data\temp4741.txt
2009-08-10 10:47:15 ----D---- C:\WINDOWS\Logs
2009-08-10 10:47:13 ----D---- C:\Program Files\OpenAL
2009-08-10 10:47:13 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-08-10 10:47:13 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-08-10 10:44:43 ----D---- C:\Documents and Settings\Administrateur\Application Data\VBA-M
2009-08-10 10:44:43 ----D---- C:\Documents and Settings\Administrateur\Application Data\iDeaS
2009-08-06 19:00:40 ----A---- C:\WINDOWS\system32\d3dx9_41.dll
2009-08-04 22:03:09 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-04 22:03:09 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-04 22:03:09 ----A---- C:\WINDOWS\system32\java.exe
2009-08-02 20:08:57 ----D---- C:\WINDOWS\4DCA27399D164B55808CE72CD70A5BD3.TMP
2009-08-01 23:25:49 ----A---- C:\WINDOWS\HFVExplorer.INI
2009-07-31 07:49:53 ----D---- C:\WINDOWS\system32\appmgmt
2009-07-28 13:36:11 ----D---- C:\Program Files\WinDS PRO
2009-07-18 09:31:21 ----A---- C:\yahoo_firefox_3.5.1_setup_fr.exe
2009-07-15 22:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 22:43:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 22:41:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-04 12:50:20 ----D---- C:\Program Files\WinRAR
2009-07-04 11:47:14 ----D---- C:\WINDOWS\ie8updates
2009-07-04 11:44:00 ----HDC---- C:\WINDOWS\ie8
2009-06-29 08:46:30 ----D---- C:\unzipped
2009-06-27 21:04:06 ----D---- C:\Documents and Settings\Administrateur\Application Data\Help
2009-06-27 20:59:40 ----D---- C:\Documents and Settings\Administrateur\Application Data\DriverCure
2009-06-27 20:59:33 ----D---- C:\Program Files\Fichiers communs\ParetoLogic
2009-06-27 20:59:33 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-06-27 20:59:33 ----D---- C:\Documents and Settings\All Users\Application Data\DriverCure
2009-06-27 18:18:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-27 18:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-27 18:16:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-27 18:16:08 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-24 14:29:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\Ahead
2009-06-22 08:57:48 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2009-06-20 12:29:20 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc
======List of files/folders modified in the last 2 months======
2009-08-12 01:56:03 ----D---- C:\Program Files\Mozilla Firefox
2009-08-12 01:54:05 ----D---- C:\WINDOWS\Prefetch
2009-08-12 01:48:52 ----D---- C:\Documents and Settings\Administrateur\Application Data\Skype
2009-08-12 01:37:40 ----RD---- C:\Program Files
2009-08-11 23:51:20 ----D---- C:\WINDOWS\Temp
2009-08-11 23:30:36 ----SD---- C:\WINDOWS\Tasks
2009-08-11 23:27:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-11 23:24:58 ----SHD---- C:\WINDOWS\Installer
2009-08-11 23:12:20 ----D---- C:\Documents and Settings\Administrateur\Application Data\skypePM
2009-08-11 20:44:38 ----D---- C:\WINDOWS\network diagnostic
2009-08-11 20:42:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-11 19:12:06 ----D---- C:\WINDOWS
2009-08-11 14:46:51 ----A---- C:\WINDOWS\win.ini
2009-08-10 21:54:04 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-08-10 10:47:25 ----HD---- C:\WINDOWS\inf
2009-08-10 10:47:13 ----D---- C:\WINDOWS\system32
2009-08-10 10:47:09 ----D---- C:\WINDOWS\WinSxS
2009-08-08 18:53:17 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-05 07:39:18 ----SHD---- C:\WINDOWS\CSC
2009-08-04 22:02:40 ----D---- C:\Program Files\Java
2009-08-04 09:38:48 ----SHD---- C:\WINDOWS\system32\bycool1
2009-08-04 09:38:37 ----SHD---- C:\WINDOWS\system32\bycool
2009-08-02 18:40:11 ----D---- C:\WINDOWS\system32\drivers
2009-07-31 12:40:19 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-07-29 23:17:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-29 23:17:01 ----D---- C:\Program Files\Internet Explorer
2009-07-29 23:16:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-22 23:51:24 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-07-19 18:45:00 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 13:15:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-15 22:43:32 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-15 22:43:19 ----A---- C:\WINDOWS\imsins.BAK
2009-07-07 15:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-04 11:49:29 ----D---- C:\WINDOWS\system32\fr-fr
2009-07-04 11:49:29 ----D---- C:\WINDOWS\Media
2009-07-04 11:49:29 ----D---- C:\WINDOWS\Help
2009-07-03 16:57:51 ----A---- C:\WINDOWS\system32\wininet.dll
2009-07-03 16:57:51 ----A---- C:\WINDOWS\system32\occache.dll
2009-07-03 16:57:50 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-03 16:57:46 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-07-03 16:57:46 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-03 16:57:46 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-03 16:57:46 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-03 16:57:44 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-07-03 16:57:41 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 11:01:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-28 21:26:11 ----D---- C:\Program Files\Google
2009-06-27 21:04:06 ----D---- C:\Program Files\WinZip
2009-06-27 20:59:33 ----D---- C:\Program Files\Fichiers communs
2009-06-16 14:40:01 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 14:40:01 ----A---- C:\WINDOWS\system32\fontsub.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-08-25 58016]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 e4usbaw;USB ADSL2 WAN Adapter; C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-27 6023072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-07 4739072]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-08-25 108256]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys); C:\WINDOWS\System32\Drivers\e4ldr.sys [2007-01-04 69656]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 HPKBCCID;HP Keyboard Smart Card Driver; C:\WINDOWS\system32\DRIVERS\HPKBCCID.sys [2006-11-07 46976]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2009-08-02 4096]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 STC2DFU;STCII DFU Adapter; C:\WINDOWS\system32\DRIVERS\Stc2Dfu.SYS [2004-10-25 7796]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2004-08-04 1445912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2005-09-27 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-08-25 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-08-25 28672]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 gupdate1c98af82bdd58be;Google Update Service (gupdate1c98af82bdd58be); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-09 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-30 183280]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Configuration: Windows XP Internet Explorer 7.0
A voir également:
- Infecté PAR :NAVISOFT@
- L'ordinateur de simon a été infecté par un virus répertorié récemment - Forum Jeux vidéo
- Alerte windows ordinateur infecté - Accueil - Arnaque
- L'ordinateur de samantha a ete infecte par un virus ✓ - Forum Virus
- Infecté ? ✓ - Forum Virus
- Infection par RDN/Generic.ha - Forum Virus
8 réponses
Bonjour,
1/
--> Démarre Spybot, clique sur Mode, coche Mode avancé.
--> A gauche, clique sur Outils, puis sur Résident.
--> Décoche la case devant Résident "TeaTimer" :
http://sd-1.archive-host.com/membres/up/3288717712384394/TeaTimer.jpg
--> Quitte Spybot.
2/
--> Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton Bureau.
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci UsbFix et choisir Exécuter en tant qu'administrateur)
--> Choisis l'option 1 (Recherche).
--> Laisse travailler l'outil.
--> Poste le rapport UsbFix.txt.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
1/
--> Démarre Spybot, clique sur Mode, coche Mode avancé.
--> A gauche, clique sur Outils, puis sur Résident.
--> Décoche la case devant Résident "TeaTimer" :
http://sd-1.archive-host.com/membres/up/3288717712384394/TeaTimer.jpg
--> Quitte Spybot.
2/
--> Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton Bureau.
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci UsbFix et choisir Exécuter en tant qu'administrateur)
--> Choisis l'option 1 (Recherche).
--> Laisse travailler l'outil.
--> Poste le rapport UsbFix.txt.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
salut :
▶ Désactive ton antivirus le temps de la manipulation car OTM est détecté comme une infection à tort.
▶ Télécharge OTM (OldTimer) sur ton Bureau :
▶ Double-clique sur OTM.exe afin de le lancer.
▶ Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
"NeroFilterCheck"=-
"NaviSoft@"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=-
"Skype"=-
"swg"=-
"Search Protection"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Administrateur\Mes documents\raven\desmume_sse2.exe"=-
"C:\Documents and Settings\Administrateur\Mes documents\raven\desmume.exe"=-
:files
C:\WINDOWS\NaviSoft@.vbs
C:\NaviSoft@.vbs
C:\WINDOWS\4DCA27399D164B55808CE72CD70A5BD3.TMP
:commands
[emptytemp]
[reboot]
Accepte en cliquant sur YES.
▶ Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
*Le nom du rapport correspond au moment de sa création : date_heure.log
ensuite :
▶ Télécharge et install UsbFix par Chiquitine29
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
▶ Désactive ton antivirus le temps de la manipulation car OTM est détecté comme une infection à tort.
▶ Télécharge OTM (OldTimer) sur ton Bureau :
▶ Double-clique sur OTM.exe afin de le lancer.
▶ Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
"NeroFilterCheck"=-
"NaviSoft@"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=-
"Skype"=-
"swg"=-
"Search Protection"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Administrateur\Mes documents\raven\desmume_sse2.exe"=-
"C:\Documents and Settings\Administrateur\Mes documents\raven\desmume.exe"=-
:files
C:\WINDOWS\NaviSoft@.vbs
C:\NaviSoft@.vbs
C:\WINDOWS\4DCA27399D164B55808CE72CD70A5BD3.TMP
:commands
[emptytemp]
[reboot]
Accepte en cliquant sur YES.
▶ Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
*Le nom du rapport correspond au moment de sa création : date_heure.log
ensuite :
▶ Télécharge et install UsbFix par Chiquitine29
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
