Rapport Rsit
marou99
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
voici rapport info.txt :
info.txt logfile of random's system information tool 1.06 2009-08-16 17:49:30
======Uninstall list======
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
Dofus 1.28.0-->C:\Program Files\Dofus\uninstall.exe
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HouseCall 6.6-->"C:\Documents and Settings\hilcomputer\Application Data\HouseCall 6.6\uninstaller.exe"
Intel(R) 82845G Graphics Driver Software-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Lexmark Z600 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x40c
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Total Video Converter 3.11 070908-->"C:\Program Files\Total Video Converter\unins000.exe"
USB PC Camera Plus-->C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x040c -removeonly
VDownloader 0.83-->"C:\Program Files\VDOWNLOADER\unins000.exe"
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
WinRAR Archiveur-->C:\Program Files\WinRAR\uninstall.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: UNICORNI-F18506
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.
Record Number: 8575
Source Name: Service Control Manager
Time Written: 20090725202539.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: UNICORNI-F18506
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 8574
Source Name: Service Control Manager
Time Written: 20090725202531.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.
Record Number: 8573
Source Name: Service Control Manager
Time Written: 20090725202524.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.
Record Number: 8572
Source Name: Service Control Manager
Time Written: 20090725202524.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: UNICORNI-F18506
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 8571
Source Name: Service Control Manager
Time Written: 20090725202507.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: UNICORNI-F18506
Event Code: 4096
Message: The AntiVir service has been started successfully!
Record Number: 3867
Source Name: Avira AntiVir
Time Written: 20090711143753.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: UNICORNI-F18506
Event Code: 101
Message: msnmsgr (1708) Le moteur de base de données est arrêté.
Record Number: 3866
Source Name: ESENT
Time Written: 20090711125622.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 103
Message: msnmsgr (1708) \\.\C:\Documents and Settings\hilcomputer\Local Settings\Application Data\Microsoft\Messenger\tonissia@hotmail.fr\SharingMetadata\Working\database_30EC_71C8_EC71_88BC\dfsr.db: Le moteur de base de données a arrêté une instance (0).
Record Number: 3865
Source Name: ESENT
Time Written: 20090711125622.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 102
Message: msnmsgr (1708) \\.\C:\Documents and Settings\hilcomputer\Local Settings\Application Data\Microsoft\Messenger\tonissia@hotmail.fr\SharingMetadata\Working\database_30EC_71C8_EC71_88BC\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 3864
Source Name: ESENT
Time Written: 20090711125546.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 100
Message: msnmsgr (1708) Le moteur de base de données 5.01.2600.2180 est démarré.
Record Number: 3863
Source Name: ESENT
Time Written: 20090711125546.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
et le rapport log.txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by hilcomputer at 2009-08-16 17:47:31
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 14 GB (68%) free of 20 GB
Total RAM: 375 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:17, on 16/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\hilcomputer\Bureau\RSIT.exe
C:\Program Files\trend micro\hilcomputer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.menara.ma/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Search - ?p=ZRxdm762YYMA
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Abonnés - {0175EB4B-E83F-4C38-B234-E85AB0D88067} - http://abonne.menara.ma (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.menara.ma/
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8BDDA29-D689-41FA-B12D-9607F3D9E993}: NameServer = 62.251.229.237 62.251.229.223
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: (no name) - http://marketing.vistaprint.com/fr/imgs/email/GoldBurstBlu/GBP_Tshirt_foto01.gif
O24 - Desktop Component 1: (no name) - http://www.vistaprint.fr/sf/_langid-8/_/vp/ns/livepreview.aspx?Log=0&doc_id=754359372&page=1&width=350&renderMode=3
O24 - Desktop Component 2: (no name) - http://www.bing.com/fd/hpk2/Bruges_FR-FR1082058327.jpg
voici rapport info.txt :
info.txt logfile of random's system information tool 1.06 2009-08-16 17:49:30
======Uninstall list======
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
Dofus 1.28.0-->C:\Program Files\Dofus\uninstall.exe
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HouseCall 6.6-->"C:\Documents and Settings\hilcomputer\Application Data\HouseCall 6.6\uninstaller.exe"
Intel(R) 82845G Graphics Driver Software-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Lexmark Z600 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x40c
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Total Video Converter 3.11 070908-->"C:\Program Files\Total Video Converter\unins000.exe"
USB PC Camera Plus-->C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x040c -removeonly
VDownloader 0.83-->"C:\Program Files\VDOWNLOADER\unins000.exe"
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
WinRAR Archiveur-->C:\Program Files\WinRAR\uninstall.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: UNICORNI-F18506
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.
Record Number: 8575
Source Name: Service Control Manager
Time Written: 20090725202539.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: UNICORNI-F18506
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 8574
Source Name: Service Control Manager
Time Written: 20090725202531.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.
Record Number: 8573
Source Name: Service Control Manager
Time Written: 20090725202524.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.
Record Number: 8572
Source Name: Service Control Manager
Time Written: 20090725202524.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: UNICORNI-F18506
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 8571
Source Name: Service Control Manager
Time Written: 20090725202507.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: UNICORNI-F18506
Event Code: 4096
Message: The AntiVir service has been started successfully!
Record Number: 3867
Source Name: Avira AntiVir
Time Written: 20090711143753.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: UNICORNI-F18506
Event Code: 101
Message: msnmsgr (1708) Le moteur de base de données est arrêté.
Record Number: 3866
Source Name: ESENT
Time Written: 20090711125622.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 103
Message: msnmsgr (1708) \\.\C:\Documents and Settings\hilcomputer\Local Settings\Application Data\Microsoft\Messenger\tonissia@hotmail.fr\SharingMetadata\Working\database_30EC_71C8_EC71_88BC\dfsr.db: Le moteur de base de données a arrêté une instance (0).
Record Number: 3865
Source Name: ESENT
Time Written: 20090711125622.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 102
Message: msnmsgr (1708) \\.\C:\Documents and Settings\hilcomputer\Local Settings\Application Data\Microsoft\Messenger\tonissia@hotmail.fr\SharingMetadata\Working\database_30EC_71C8_EC71_88BC\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 3864
Source Name: ESENT
Time Written: 20090711125546.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 100
Message: msnmsgr (1708) Le moteur de base de données 5.01.2600.2180 est démarré.
Record Number: 3863
Source Name: ESENT
Time Written: 20090711125546.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
et le rapport log.txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by hilcomputer at 2009-08-16 17:47:31
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 14 GB (68%) free of 20 GB
Total RAM: 375 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:17, on 16/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\hilcomputer\Bureau\RSIT.exe
C:\Program Files\trend micro\hilcomputer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.menara.ma/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Search - ?p=ZRxdm762YYMA
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Abonnés - {0175EB4B-E83F-4C38-B234-E85AB0D88067} - http://abonne.menara.ma (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.menara.ma/
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8BDDA29-D689-41FA-B12D-9607F3D9E993}: NameServer = 62.251.229.237 62.251.229.223
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: (no name) - http://marketing.vistaprint.com/fr/imgs/email/GoldBurstBlu/GBP_Tshirt_foto01.gif
O24 - Desktop Component 1: (no name) - http://www.vistaprint.fr/sf/_langid-8/_/vp/ns/livepreview.aspx?Log=0&doc_id=754359372&page=1&width=350&renderMode=3
O24 - Desktop Component 2: (no name) - http://www.bing.com/fd/hpk2/Bruges_FR-FR1082058327.jpg
A voir également:
- Rapport Rsit
- Rsit - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Rapport de crash windows - Guide
- Impression rapport de stage ✓ - Forum Word
- Modifier rapport d'échelle pdf xchange viewer ✓ - Forum PDF
12 réponses
quand on explique pas cela traine longtemps
alors explique ....
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2. Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
___________________________
Télécharge et install UsbFix de C_XX & Chiquitine29
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
# Double clic sur le raccourci UsbFix présent sur ton bureau .
# Choisis l'option 1 ( Recherche )
# Laisse travailler l'outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
alors explique ....
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2. Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
___________________________
Télécharge et install UsbFix de C_XX & Chiquitine29
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
# Double clic sur le raccourci UsbFix présent sur ton bureau .
# Choisis l'option 1 ( Recherche )
# Laisse travailler l'outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Bonjour, désolé d'avoir mal expliqué voici le rapport:
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 1.80GHz )
BIOS : Version 1.00
USER : hilcomputer ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:19 Go (Free:13 Go)
D:\ (Local Disk) - FAT32 - Total:18 Go (Free:17 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 17/08/2009|13:55 )
C:\Program Files\MSN Messenger\riched20.dll
C:\DOCUME~1\HILCOM~1\LOCALS~1\Temp\nskC4.tmp
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\HILCOM~1\Cookies\hilcomputer@mywebsearch[2].txt
Supprime! - C:\Program Files\MSN Messenger\riched20.dll
Supprime! - C:\DOCUME~1\HILCOM~1\LOCALS~1\Temp\nskC4.tmp
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://hp.mywebsearch.com/mywebsearch/index.html"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.menara.ma/"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 17/08/2009|13:58 - Option : [2]
-----------\\ Fin du rapport a 13:58:04,79
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 1.80GHz )
BIOS : Version 1.00
USER : hilcomputer ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:19 Go (Free:13 Go)
D:\ (Local Disk) - FAT32 - Total:18 Go (Free:17 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 17/08/2009|13:55 )
C:\Program Files\MSN Messenger\riched20.dll
C:\DOCUME~1\HILCOM~1\LOCALS~1\Temp\nskC4.tmp
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\HILCOM~1\Cookies\hilcomputer@mywebsearch[2].txt
Supprime! - C:\Program Files\MSN Messenger\riched20.dll
Supprime! - C:\DOCUME~1\HILCOM~1\LOCALS~1\Temp\nskC4.tmp
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://hp.mywebsearch.com/mywebsearch/index.html"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.menara.ma/"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 17/08/2009|13:58 - Option : [2]
-----------\\ Fin du rapport a 13:58:04,79
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Voici le rapport:
ComboFix 09-08-10.06 - hilcomputer 17/08/2009 15:05.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.375.244 [GMT 2:00]
Running from: c:\documents and settings\hilcomputer\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.
2009-08-17 11:54 . 2009-08-17 11:58 -------- d-----w- C:\ToolBar SD
2009-08-17 00:07 . 2009-08-17 00:07 -------- d-----w- c:\documents and settings\hilcomputer\Application Data\Malwarebytes
2009-08-17 00:07 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-17 00:07 . 2009-08-17 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-17 00:07 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-17 00:07 . 2009-08-17 00:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-16 15:47 . 2009-08-16 15:49 -------- d-----w- c:\program files\trend micro
2009-08-16 15:47 . 2009-08-16 15:49 -------- d-----w- C:\rsit
2009-08-16 12:22 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-16 12:20 . 2009-08-16 12:20 -------- d-----w- c:\program files\Panda Security
2009-08-16 12:10 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\vsapi32.dll
2009-08-16 12:10 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\BPMNT.dll
2009-08-16 12:10 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-16 12:10 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\tmcomm.sys
2009-08-16 12:09 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\ssapi32.dll
2009-08-16 12:09 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\tsc.exe
2009-08-16 12:08 . 2009-08-16 12:08 116048 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\TmEngDrv.dll
2009-08-16 12:08 . 2009-08-16 12:08 626688 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\msvcr80.dll
2009-08-16 12:08 . 2009-08-16 12:08 548864 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\msvcp80.dll
2009-08-16 12:08 . 2009-08-16 12:08 98304 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\getMac.exe
2009-08-16 12:08 . 2009-08-16 12:08 69632 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\mfcm80.dll
2009-08-16 12:08 . 2009-08-16 12:08 57344 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\mfcm80u.dll
2009-08-16 12:08 . 2009-08-16 12:08 479232 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\msvcm80.dll
2009-08-16 12:08 . 2009-08-16 12:08 1093632 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\mfc80.dll
2009-08-16 12:08 . 2009-08-16 12:08 1079808 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\mfc80u.dll
2009-08-16 12:07 . 2009-08-16 12:07 218736 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\patch.exe
2009-08-16 12:07 . 2009-08-16 12:07 189968 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\ciussi32.dll
2009-08-16 12:07 . 2009-08-16 12:07 170512 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\PATCHW32.DLL
2009-08-16 12:07 . 2009-08-16 12:07 1267320 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\TmUpdate.dll
2009-08-16 12:06 . 2009-08-16 12:06 61440 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\Toolkit.dll
2009-08-16 12:06 . 2009-08-16 12:06 832776 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\lea.dll
2009-08-16 12:06 . 2009-08-16 12:06 439560 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\jlea.dll
2009-08-16 12:06 . 2009-08-16 12:06 42320 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\dsvout.dll
2009-08-16 12:05 . 2009-08-16 12:05 183356 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\Uninstaller.exe
2009-08-16 12:05 . 2009-08-16 12:16 -------- d-----w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6
2009-08-16 10:47 . 2009-08-16 10:47 -------- d-----w- c:\windows\Sun
2009-08-16 10:45 . 2009-08-16 10:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-16 10:45 . 2009-08-16 10:45 -------- d-----w- c:\program files\Java
2009-08-16 10:44 . 2009-08-16 10:44 152576 ----a-w- c:\documents and settings\hilcomputer\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-15 23:05 . 2009-08-16 00:08 -------- d-----w- c:\program files\Dofus
2009-08-15 18:36 . 2009-08-16 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-15 18:36 . 2009-08-15 18:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-15 18:06 . 2009-08-15 18:06 0 ----a-w- c:\windows\nsreg.dat
2009-08-15 18:06 . 2009-08-15 18:06 -------- d-----w- c:\documents and settings\hilcomputer\Local Settings\Application Data\Mozilla
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 11:56 . 2009-04-21 18:25 -------- d-----w- c:\program files\MSN Messenger
2009-08-15 22:21 . 2009-04-21 18:18 -------- d-----w- c:\program files\CCleaner
2009-08-05 19:55 . 2009-04-21 18:29 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-08 17:52 . 2009-06-25 18:10 -------- d-----w- c:\documents and settings\hilcomputer\Application Data\dvdcss
2009-07-08 12:12 . 2009-07-08 12:11 -------- d-----w- c:\documents and settings\hilcomputer\Application Data\vlc
2009-07-07 17:26 . 2009-07-07 17:21 -------- d-----w- c:\program files\VDOWNLOADER
2009-07-07 17:21 . 2009-07-07 17:21 -------- d-----w- c:\program files\Ask.com
2009-07-07 17:21 . 2009-07-07 17:21 -------- d-----w- c:\documents and settings\hilcomputer\Application Data\Desktopicon
2009-07-07 16:45 . 2009-07-06 21:53 -------- d-----w- c:\program files\Google
2009-07-03 11:25 . 2009-04-21 18:24 -------- d-----w- c:\program files\Total Video Converter
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-19 11:37 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-07 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-09-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-09-08 114688]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-04-21 270336]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-04-21 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-16 149280]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-4-21 962661]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16/08/2009 14:22 28544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21/04/2009 20:29 108289]
.
Contents of the 'Scheduled Tasks' folder
2009-08-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-05-19 11:37]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZRxdm762YYMA&ptb=VMo8XrtEFKK3qpegWFpQDA
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title =
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\hilcomputer\Application Data\Mozilla\Firefox\Profiles\0h2gooxp.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm762YYMA&fl=0&ptb=VMo8XrtEFKK3qpegWFpQDA&url=https://hp.mywebsearch.com/mywebsearch/index.html
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 15:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-08-17 15:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-17 13:21
Pre-Run: 14 327 279 616 octets libres
Post-Run: 14 375 317 504 octets libres
170
ComboFix 09-08-10.06 - hilcomputer 17/08/2009 15:05.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.375.244 [GMT 2:00]
Running from: c:\documents and settings\hilcomputer\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.
2009-08-17 11:54 . 2009-08-17 11:58 -------- d-----w- C:\ToolBar SD
2009-08-17 00:07 . 2009-08-17 00:07 -------- d-----w- c:\documents and settings\hilcomputer\Application Data\Malwarebytes
2009-08-17 00:07 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-17 00:07 . 2009-08-17 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-17 00:07 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-17 00:07 . 2009-08-17 00:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-16 15:47 . 2009-08-16 15:49 -------- d-----w- c:\program files\trend micro
2009-08-16 15:47 . 2009-08-16 15:49 -------- d-----w- C:\rsit
2009-08-16 12:22 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-16 12:20 . 2009-08-16 12:20 -------- d-----w- c:\program files\Panda Security
2009-08-16 12:10 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\vsapi32.dll
2009-08-16 12:10 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\BPMNT.dll
2009-08-16 12:10 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-16 12:10 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\tmcomm.sys
2009-08-16 12:09 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\ssapi32.dll
2009-08-16 12:09 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\tsc.exe
2009-08-16 12:08 . 2009-08-16 12:08 116048 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\TmEngDrv.dll
2009-08-16 12:08 . 2009-08-16 12:08 626688 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\msvcr80.dll
2009-08-16 12:08 . 2009-08-16 12:08 548864 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\msvcp80.dll
2009-08-16 12:08 . 2009-08-16 12:08 98304 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\getMac.exe
2009-08-16 12:08 . 2009-08-16 12:08 69632 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\mfcm80.dll
2009-08-16 12:08 . 2009-08-16 12:08 57344 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\mfcm80u.dll
2009-08-16 12:08 . 2009-08-16 12:08 479232 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\msvcm80.dll
2009-08-16 12:08 . 2009-08-16 12:08 1093632 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\mfc80.dll
2009-08-16 12:08 . 2009-08-16 12:08 1079808 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\mfc80u.dll
2009-08-16 12:07 . 2009-08-16 12:07 218736 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\patch.exe
2009-08-16 12:07 . 2009-08-16 12:07 189968 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\ciussi32.dll
2009-08-16 12:07 . 2009-08-16 12:07 170512 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\PATCHW32.DLL
2009-08-16 12:07 . 2009-08-16 12:07 1267320 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\TmUpdate.dll
2009-08-16 12:06 . 2009-08-16 12:06 61440 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\Toolkit.dll
2009-08-16 12:06 . 2009-08-16 12:06 832776 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\lea.dll
2009-08-16 12:06 . 2009-08-16 12:06 439560 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\jlea.dll
2009-08-16 12:06 . 2009-08-16 12:06 42320 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\dsvout.dll
2009-08-16 12:05 . 2009-08-16 12:05 183356 ----a-w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6\Uninstaller.exe
2009-08-16 12:05 . 2009-08-16 12:16 -------- d-----w- c:\documents and settings\hilcomputer\Application Data\HouseCall 6.6
2009-08-16 10:47 . 2009-08-16 10:47 -------- d-----w- c:\windows\Sun
2009-08-16 10:45 . 2009-08-16 10:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-16 10:45 . 2009-08-16 10:45 -------- d-----w- c:\program files\Java
2009-08-16 10:44 . 2009-08-16 10:44 152576 ----a-w- c:\documents and settings\hilcomputer\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-15 23:05 . 2009-08-16 00:08 -------- d-----w- c:\program files\Dofus
2009-08-15 18:36 . 2009-08-16 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-15 18:36 . 2009-08-15 18:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-15 18:06 . 2009-08-15 18:06 0 ----a-w- c:\windows\nsreg.dat
2009-08-15 18:06 . 2009-08-15 18:06 -------- d-----w- c:\documents and settings\hilcomputer\Local Settings\Application Data\Mozilla
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 11:56 . 2009-04-21 18:25 -------- d-----w- c:\program files\MSN Messenger
2009-08-15 22:21 . 2009-04-21 18:18 -------- d-----w- c:\program files\CCleaner
2009-08-05 19:55 . 2009-04-21 18:29 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-08 17:52 . 2009-06-25 18:10 -------- d-----w- c:\documents and settings\hilcomputer\Application Data\dvdcss
2009-07-08 12:12 . 2009-07-08 12:11 -------- d-----w- c:\documents and settings\hilcomputer\Application Data\vlc
2009-07-07 17:26 . 2009-07-07 17:21 -------- d-----w- c:\program files\VDOWNLOADER
2009-07-07 17:21 . 2009-07-07 17:21 -------- d-----w- c:\program files\Ask.com
2009-07-07 17:21 . 2009-07-07 17:21 -------- d-----w- c:\documents and settings\hilcomputer\Application Data\Desktopicon
2009-07-07 16:45 . 2009-07-06 21:53 -------- d-----w- c:\program files\Google
2009-07-03 11:25 . 2009-04-21 18:24 -------- d-----w- c:\program files\Total Video Converter
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-19 11:37 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-07 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-09-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-09-08 114688]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-04-21 270336]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-04-21 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-16 149280]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-4-21 962661]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16/08/2009 14:22 28544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21/04/2009 20:29 108289]
.
Contents of the 'Scheduled Tasks' folder
2009-08-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-05-19 11:37]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZRxdm762YYMA&ptb=VMo8XrtEFKK3qpegWFpQDA
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title =
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\hilcomputer\Application Data\Mozilla\Firefox\Profiles\0h2gooxp.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm762YYMA&fl=0&ptb=VMo8XrtEFKK3qpegWFpQDA&url=https://hp.mywebsearch.com/mywebsearch/index.html
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 15:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-08-17 15:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-17 13:21
Pre-Run: 14 327 279 616 octets libres
Post-Run: 14 375 317 504 octets libres
170
Voici le rapport Malware:
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2639
Windows 5.1.2600 Service Pack 2
17/08/2009 16:13:58
mbam-log-2009-08-17 (16-13-58).txt
Type de recherche: Examen rapide
Eléments examinés: 82477
Temps écoulé: 6 minute(s), 8 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
voici le rapport Rsit:
nfo.txt logfile of random's system information tool 1.06 2009-08-16 17:49:30
======Uninstall list======
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
Dofus 1.28.0-->C:\Program Files\Dofus\uninstall.exe
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HouseCall 6.6-->"C:\Documents and Settings\hilcomputer\Application Data\HouseCall 6.6\uninstaller.exe"
Intel(R) 82845G Graphics Driver Software-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Lexmark Z600 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x40c
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Total Video Converter 3.11 070908-->"C:\Program Files\Total Video Converter\unins000.exe"
USB PC Camera Plus-->C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x040c -removeonly
VDownloader 0.83-->"C:\Program Files\VDOWNLOADER\unins000.exe"
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
WinRAR Archiveur-->C:\Program Files\WinRAR\uninstall.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: UNICORNI-F18506
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.
Record Number: 8575
Source Name: Service Control Manager
Time Written: 20090725202539.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: UNICORNI-F18506
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 8574
Source Name: Service Control Manager
Time Written: 20090725202531.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.
Record Number: 8573
Source Name: Service Control Manager
Time Written: 20090725202524.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.
Record Number: 8572
Source Name: Service Control Manager
Time Written: 20090725202524.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: UNICORNI-F18506
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 8571
Source Name: Service Control Manager
Time Written: 20090725202507.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: UNICORNI-F18506
Event Code: 4096
Message: The AntiVir service has been started successfully!
Record Number: 3867
Source Name: Avira AntiVir
Time Written: 20090711143753.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: UNICORNI-F18506
Event Code: 101
Message: msnmsgr (1708) Le moteur de base de données est arrêté.
Record Number: 3866
Source Name: ESENT
Time Written: 20090711125622.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 103
Message: msnmsgr (1708) \\.\C:\Documents and Settings\hilcomputer\Local Settings\Application Data\Microsoft\Messenger\tonissia@hotmail.fr\SharingMetadata\Working\database_30EC_71C8_EC71_88BC\dfsr.db: Le moteur de base de données a arrêté une instance (0).
Record Number: 3865
Source Name: ESENT
Time Written: 20090711125622.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 102
Message: msnmsgr (1708) \\.\C:\Documents and Settings\hilcomputer\Local Settings\Application Data\Microsoft\Messenger\tonissia@hotmail.fr\SharingMetadata\Working\database_30EC_71C8_EC71_88BC\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 3864
Source Name: ESENT
Time Written: 20090711125546.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 100
Message: msnmsgr (1708) Le moteur de base de données 5.01.2600.2180 est démarré.
Record Number: 3863
Source Name: ESENT
Time Written: 20090711125546.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
et le rapport log.txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by hilcomputer at 2009-08-16 17:47:31
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 14 GB (68%) free of 20 GB
Total RAM: 375 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:17, on 16/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\hilcomputer\Bureau\RSIT.exe
C:\Program Files\trend micro\hilcomputer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.menara.ma/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Search - ?p=ZRxdm762YYMA
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Abonnés - {0175EB4B-E83F-4C38-B234-E85AB0D88067} - http://abonne.menara.ma (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.menara.ma/
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8BDDA29-D689-41FA-B12D-9607F3D9E993}: NameServer = 62.251.229.237 62.251.229.223
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: (no name) - http://marketing.vistaprint.com/fr/imgs/email/GoldBurstBlu/GBP_Tshirt_foto01.gif
O24 - Desktop Component 1: (no name) - https://www.vistaprint.fr/?rd=3&ncid=onnqrzifndj2gq0hwnozki4a
O24 - Desktop Component 2: (no name) - http://www.bing.com/fd/hpk2/Bruges_FR-FR1082058327.jpg
End of file - 7018 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-21 304736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-07 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-07-07 761840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-07 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-05-19 1144712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-16 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-16 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-05-19 1144712]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-07 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2002-09-09 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2002-09-09 114688]
"FixCamera"=C:\WINDOWS\FixCamera.exe [2007-02-10 20480]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2007-04-21 270336]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2007-05-10 835584]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-04-21 185872]
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-16 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-07 39408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2004-09-02 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-04-21 185872]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-09-09 315392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoViewContextMenu"=0
"EnforceShellExtensionSecurity"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Documents and Settings\hilcomputer\Local Settings\Temp\ImInstaller\HiYo_Installer.exe"="C:\Documents and Settings\hilcomputer\Local Settings\Temp\ImInstaller\HiYo_Installer.exe:*:Enabled:IncrediMail Installer"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d4013ac-89eb-11de-95bf-000b6a993e42}]
shell\AutoRun\command - F:\oiwj.exe
shell\open\command - F:\oiwj.exe
======List of files/folders created in the last 1 months======
2009-08-16 17:47:37 ----D---- C:\Program Files\trend micro
2009-08-16 17:47:31 ----D---- C:\rsit
2009-08-16 14:21:44 ----D---- C:\WINDOWS\LastGood
2009-08-16 14:20:05 ----D---- C:\Program Files\Panda Security
2009-08-16 14:05:18 ----D---- C:\Documents and Settings\hilcomputer\Application Data\HouseCall 6.6
2009-08-16 12:47:50 ----D---- C:\WINDOWS\Sun
2009-08-16 12:45:49 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-16 12:45:49 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-16 12:45:49 ----A---- C:\WINDOWS\system32\java.exe
2009-08-16 12:45:49 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-16 12:45:24 ----D---- C:\Program Files\Java
2009-08-16 12:40:12 ----D---- C:\Documents and Settings\hilcomputer\Application Data\Sun
2009-08-16 01:05:44 ----D---- C:\Program Files\Dofus
2009-08-15 20:36:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-15 20:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-15 20:06:40 ----D---- C:\Documents and Settings\hilcomputer\Application Data\Mozilla
======List of files/folders modified in the last 1 months======
2009-08-16 17:47:37 ----RD---- C:\Program Files
2009-08-16 17:47:33 ----D---- C:\WINDOWS\Prefetch
2009-08-16 15:01:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-16 14:30:34 ----D---- C:\WINDOWS\system32\drivers
2009-08-16 14:21:51 ----D---- C:\WINDOWS\Temp
2009-08-16 14:21:47 ----HD---- C:\WINDOWS\inf
2009-08-16 14:21:44 ----D---- C:\WINDOWS
2009-08-16 13:55:33 ----D---- C:\Program Files\Mozilla Firefox
2009-08-16 12:46:24 ----SHD---- C:\WINDOWS\Installer
2009-08-16 12:45:49 ----D---- C:\WINDOWS\system32
2009-08-16 11:48:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-16 00:23:10 ----D---- C:\WINDOWS\Minidump
2009-08-16 00:23:10 ----D---- C:\WINDOWS\Debug
2009-08-16 00:21:59 ----D---- C:\Program Files\CCleaner
2009-08-15 21:50:26 ----A---- C:\WINDOWS\Wininit.ini
2009-08-15 21:48:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-15 16:35:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-09 22:20:46 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-03 02:41:51 ----D---- C:\Program Files\MSN Messenger
2009-07-25 20:24:34 ----A---- C:\WINDOWS\cdplayer.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-09-16 91678]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-21 9856]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-09-16 71514]
R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-06-24 127497]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2004-08-31 26240]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-24 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2002-09-16 79323]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-24 12288]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-05-24 10343680]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-16 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-07 182768]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
-----------------EOF-----------------
Le problème que je me pose c'est que lorsque j'ai voulu au début verifier si mon pc était intacte avec Activescan en ligne, le résultat était que j'avais des vulnérabilités ainsi que des fichiers infectés.
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2639
Windows 5.1.2600 Service Pack 2
17/08/2009 16:13:58
mbam-log-2009-08-17 (16-13-58).txt
Type de recherche: Examen rapide
Eléments examinés: 82477
Temps écoulé: 6 minute(s), 8 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
voici le rapport Rsit:
nfo.txt logfile of random's system information tool 1.06 2009-08-16 17:49:30
======Uninstall list======
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
Dofus 1.28.0-->C:\Program Files\Dofus\uninstall.exe
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HouseCall 6.6-->"C:\Documents and Settings\hilcomputer\Application Data\HouseCall 6.6\uninstaller.exe"
Intel(R) 82845G Graphics Driver Software-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Lexmark Z600 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x40c
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Total Video Converter 3.11 070908-->"C:\Program Files\Total Video Converter\unins000.exe"
USB PC Camera Plus-->C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x040c -removeonly
VDownloader 0.83-->"C:\Program Files\VDOWNLOADER\unins000.exe"
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
WinRAR Archiveur-->C:\Program Files\WinRAR\uninstall.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: UNICORNI-F18506
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.
Record Number: 8575
Source Name: Service Control Manager
Time Written: 20090725202539.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: UNICORNI-F18506
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 8574
Source Name: Service Control Manager
Time Written: 20090725202531.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.
Record Number: 8573
Source Name: Service Control Manager
Time Written: 20090725202524.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.
Record Number: 8572
Source Name: Service Control Manager
Time Written: 20090725202524.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: UNICORNI-F18506
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 8571
Source Name: Service Control Manager
Time Written: 20090725202507.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: UNICORNI-F18506
Event Code: 4096
Message: The AntiVir service has been started successfully!
Record Number: 3867
Source Name: Avira AntiVir
Time Written: 20090711143753.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: UNICORNI-F18506
Event Code: 101
Message: msnmsgr (1708) Le moteur de base de données est arrêté.
Record Number: 3866
Source Name: ESENT
Time Written: 20090711125622.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 103
Message: msnmsgr (1708) \\.\C:\Documents and Settings\hilcomputer\Local Settings\Application Data\Microsoft\Messenger\tonissia@hotmail.fr\SharingMetadata\Working\database_30EC_71C8_EC71_88BC\dfsr.db: Le moteur de base de données a arrêté une instance (0).
Record Number: 3865
Source Name: ESENT
Time Written: 20090711125622.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 102
Message: msnmsgr (1708) \\.\C:\Documents and Settings\hilcomputer\Local Settings\Application Data\Microsoft\Messenger\tonissia@hotmail.fr\SharingMetadata\Working\database_30EC_71C8_EC71_88BC\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 3864
Source Name: ESENT
Time Written: 20090711125546.000000+120
Event Type: Informations
User:
Computer Name: UNICORNI-F18506
Event Code: 100
Message: msnmsgr (1708) Le moteur de base de données 5.01.2600.2180 est démarré.
Record Number: 3863
Source Name: ESENT
Time Written: 20090711125546.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
et le rapport log.txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by hilcomputer at 2009-08-16 17:47:31
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 14 GB (68%) free of 20 GB
Total RAM: 375 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:17, on 16/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\hilcomputer\Bureau\RSIT.exe
C:\Program Files\trend micro\hilcomputer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.menara.ma/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Search - ?p=ZRxdm762YYMA
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Abonnés - {0175EB4B-E83F-4C38-B234-E85AB0D88067} - http://abonne.menara.ma (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.menara.ma/
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8BDDA29-D689-41FA-B12D-9607F3D9E993}: NameServer = 62.251.229.237 62.251.229.223
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: (no name) - http://marketing.vistaprint.com/fr/imgs/email/GoldBurstBlu/GBP_Tshirt_foto01.gif
O24 - Desktop Component 1: (no name) - https://www.vistaprint.fr/?rd=3&ncid=onnqrzifndj2gq0hwnozki4a
O24 - Desktop Component 2: (no name) - http://www.bing.com/fd/hpk2/Bruges_FR-FR1082058327.jpg
End of file - 7018 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-21 304736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-07 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-07-07 761840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-07 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-05-19 1144712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-16 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-16 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-05-19 1144712]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-07 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2002-09-09 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2002-09-09 114688]
"FixCamera"=C:\WINDOWS\FixCamera.exe [2007-02-10 20480]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2007-04-21 270336]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2007-05-10 835584]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-04-21 185872]
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-16 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-07 39408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2004-09-02 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-04-21 185872]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-09-09 315392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoViewContextMenu"=0
"EnforceShellExtensionSecurity"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Documents and Settings\hilcomputer\Local Settings\Temp\ImInstaller\HiYo_Installer.exe"="C:\Documents and Settings\hilcomputer\Local Settings\Temp\ImInstaller\HiYo_Installer.exe:*:Enabled:IncrediMail Installer"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d4013ac-89eb-11de-95bf-000b6a993e42}]
shell\AutoRun\command - F:\oiwj.exe
shell\open\command - F:\oiwj.exe
======List of files/folders created in the last 1 months======
2009-08-16 17:47:37 ----D---- C:\Program Files\trend micro
2009-08-16 17:47:31 ----D---- C:\rsit
2009-08-16 14:21:44 ----D---- C:\WINDOWS\LastGood
2009-08-16 14:20:05 ----D---- C:\Program Files\Panda Security
2009-08-16 14:05:18 ----D---- C:\Documents and Settings\hilcomputer\Application Data\HouseCall 6.6
2009-08-16 12:47:50 ----D---- C:\WINDOWS\Sun
2009-08-16 12:45:49 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-16 12:45:49 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-16 12:45:49 ----A---- C:\WINDOWS\system32\java.exe
2009-08-16 12:45:49 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-16 12:45:24 ----D---- C:\Program Files\Java
2009-08-16 12:40:12 ----D---- C:\Documents and Settings\hilcomputer\Application Data\Sun
2009-08-16 01:05:44 ----D---- C:\Program Files\Dofus
2009-08-15 20:36:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-15 20:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-15 20:06:40 ----D---- C:\Documents and Settings\hilcomputer\Application Data\Mozilla
======List of files/folders modified in the last 1 months======
2009-08-16 17:47:37 ----RD---- C:\Program Files
2009-08-16 17:47:33 ----D---- C:\WINDOWS\Prefetch
2009-08-16 15:01:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-16 14:30:34 ----D---- C:\WINDOWS\system32\drivers
2009-08-16 14:21:51 ----D---- C:\WINDOWS\Temp
2009-08-16 14:21:47 ----HD---- C:\WINDOWS\inf
2009-08-16 14:21:44 ----D---- C:\WINDOWS
2009-08-16 13:55:33 ----D---- C:\Program Files\Mozilla Firefox
2009-08-16 12:46:24 ----SHD---- C:\WINDOWS\Installer
2009-08-16 12:45:49 ----D---- C:\WINDOWS\system32
2009-08-16 11:48:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-16 00:23:10 ----D---- C:\WINDOWS\Minidump
2009-08-16 00:23:10 ----D---- C:\WINDOWS\Debug
2009-08-16 00:21:59 ----D---- C:\Program Files\CCleaner
2009-08-15 21:50:26 ----A---- C:\WINDOWS\Wininit.ini
2009-08-15 21:48:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-15 16:35:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-09 22:20:46 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-03 02:41:51 ----D---- C:\Program Files\MSN Messenger
2009-07-25 20:24:34 ----A---- C:\WINDOWS\cdplayer.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-09-16 91678]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-21 9856]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-09-16 71514]
R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-06-24 127497]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2004-08-31 26240]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-24 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2002-09-16 79323]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-24 12288]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-05-24 10343680]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-16 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-07 182768]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
-----------------EOF-----------------
Le problème que je me pose c'est que lorsque j'ai voulu au début verifier si mon pc était intacte avec Activescan en ligne, le résultat était que j'avais des vulnérabilités ainsi que des fichiers infectés.
De plus quand je met control+alt+suppr pour accéder au gestionnaire des taches je ne vois pas le nom écrit en haut ainsi que la barre ou y a marqué processus etc je vois juste les applications en cours d'execution.
désactive le tea timer de spybot: mode puis mode avancé puis outil puis resident
_______________________
Pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
_______________
telecharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
_________________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\PROGRA~1\MYWEBS~1
C:\Program Files\Ask.com
C:\Program Files\Ask.com\GenericAskToolbar.dll
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
F:\oiwj.exe
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"My Web Search Bar"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d4013ac-89eb-11de-95bf-000b6a993e42}]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_________________________________
mettre a jour internet explorer
pour XP
https://www.microsoft.com/en-us/download
pour VISTA:
https://www.microsoft.com/en-us/download
_____________
mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html
ou passer a un lecteur alternatif ce qui évitera les virus circulant via les PDF comme foxit reader (ne pas mettre les barres foxit, ask, ebay..)
https://www.commentcamarche.net/telecharger/ 205 foxit reader
_____________
Mettre a jour java:
https://javara.fr.malavida.com/indows
Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.
si cela ne fonctionne pas
https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80
tu peux désinstaller les vieilles versions.
________________________
mets a jour windows avec le sp3 : DEMARRER puis TOUS LES PROGRAMMES puis WINDOWS UPDATE
_______________________
colle un rapport panda en ligne puisqu'il trouve des infections
_______________________
Pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
_______________
telecharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
_________________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\PROGRA~1\MYWEBS~1
C:\Program Files\Ask.com
C:\Program Files\Ask.com\GenericAskToolbar.dll
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
F:\oiwj.exe
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"My Web Search Bar"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d4013ac-89eb-11de-95bf-000b6a993e42}]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_________________________________
mettre a jour internet explorer
pour XP
https://www.microsoft.com/en-us/download
pour VISTA:
https://www.microsoft.com/en-us/download
_____________
mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html
ou passer a un lecteur alternatif ce qui évitera les virus circulant via les PDF comme foxit reader (ne pas mettre les barres foxit, ask, ebay..)
https://www.commentcamarche.net/telecharger/ 205 foxit reader
_____________
Mettre a jour java:
https://javara.fr.malavida.com/indows
Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.
si cela ne fonctionne pas
https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80
tu peux désinstaller les vieilles versions.
________________________
mets a jour windows avec le sp3 : DEMARRER puis TOUS LES PROGRAMMES puis WINDOWS UPDATE
_______________________
colle un rapport panda en ligne puisqu'il trouve des infections
