Sujet Précédent Sujet Suivant

Infection par win32 fasec

Résolu
bistouflette26 Messages postés 34 Statut Membre -  
plopus Messages postés 6113 Statut Contributeur sécurité -
Bonjour,

Depuis quelques jours mon ordinateur est infecté par le trojan win 32 fasec.
Je suis sous windows XP familial avec avast comme antivirus.

Quand fait un scan avec avast il me trouve 2 fichiers differents infectés par ce trojan, mais impossible de les supprimer ou de les mettre en quarantaine, un message d'erreur s'affiche en me disant que ces fichiers sont utiliser par d'autres processus (ou quelquechose dans ce genre).
Ce trojan a aussi la sale manie de me desinstaller HijackThis...
Sur internet (avec internet explorer), je me fais rediriger vers des sites de rencontre ou autres! Ceci arrive surtout quand le recherche des mots comme "win 32 fasec" ou "hijack"...
Il m'est aussi impossible de faire des restaurations systemes: toutes les dates anterieures ont été supprimées...

Aidez moi svp, je galere depuis deux jours sans parvenir a faire changer la moindre chose!
Merci d'avance pr votre aide!!!

37 réponses

  • 1
  • 2
Réponse 1 / 37
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
salut

sa prend 2 min

Télécharge Random's System Information Tool (RSIT) de Random/Random, et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp
1
Réponse 2 / 37
bistouflette26 Messages postés 34 Statut Membre
 
J'ai oublié de préciser que je me connecte sur ce forum avec un autre ordi, c'est trop la galere avec l'autre...
0
Réponse 3 / 37
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
Fait sa sur ton PC infecté
0
Réponse 4 / 37
bistouflette26 Messages postés 34 Statut Membre
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by doudou at 2009-08-29 10:15:52
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 19 GB (17%) free of 110 GB
Total RAM: 1023 MB (54% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1073564859.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E03C0FD-4C48-43A7-9A54-00240C70FF16}]
ECarteBleueBrowserHelper Class - C:\WINDOWS\system32\BhoECart.dll [2004-03-22 81920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-09-14 344064]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2006-01-11 180269]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-06 520024]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoLogoff"=0
"NoClose"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player"
"C:\WINDOWS\system32\actboost.exe"="C:\WINDOWS\system32\actboost.exe:*:Disabled:actboost"
"C:\WINDOWS\system32\Zini.exe"="C:\WINDOWS\system32\Zini.exe:*:Disabled:Zini"
"C:\Program Files\iMesh\Client\iMeshClient.exe"="C:\Program Files\iMesh\Client\iMeshClient.exe:*:Disabled:iMesh Premium"
"C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat"="C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:*:Disabled:La Bataille pour la Terre du Milieu(tm)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype"
"C:\Valve\Steam\Steam.exe"="C:\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Valve\Condition Zero\czero.exe"="C:\Valve\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\WINDOWS\system32\poker3.exe"="C:\WINDOWS\system32\poker3.exe:*:Disabled:poker3"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Disabled:Age of Empires II"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\Program Files\Ascaron Entertainment\Sacred\sacred.exe"="C:\Program Files\Ascaron Entertainment\Sacred\sacred.exe:*:Enabled:Sacred"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Media Connect 2\WMCCFG.exe"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe:*:Enabled:Windows Media Connect"
"C:\Program Files\Freeplayer\vlc\vlc.exe"="C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Disabled:ET"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Zapu\Zapu\wDivi.exe"="C:\Program Files\Zapu\Zapu\wDivi.exe:*:Disabled:Zapu Control"
"C:\Program Files\FlightGear\bin\win32\fgfs.exe"="C:\Program Files\FlightGear\bin\win32\fgfs.exe:*:Enabled:fgfs"
"C:\Valve\Steam\SteamApps\fucknorriss\counter-strike\hl.exe"="C:\Valve\Steam\SteamApps\fucknorriss\counter-strike\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\HomePlayer\HomePlayer.exe"="C:\Program Files\HomePlayer\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Tournament Indicator\Indicator.exe"="C:\Program Files\Tournament Indicator\Indicator.exe:*:Enabled:Tournament Indicator"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Documents and Settings\titou\Bureau\utorrent.exe"="C:\Documents and Settings\titou\Bureau\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Deer Hunter Tournament\DHT.exe"="C:\Program Files\Deer Hunter Tournament\DHT.exe:*:Enabled:Deer Hunter Tournament"
"C:\Program Files\Deer Hunter Tournament\Updater.exe"="C:\Program Files\Deer Hunter Tournament\Updater.exe:*:Enabled:Deer Hunter Tournament Current Updater"
"C:\Documents and Settings\titou\Local Settings\Temp\wz3376\freezer v1.4 fr\freezer.exe"="C:\Documents and Settings\titou\Local Settings\Temp\wz3376\freezer v1.4 fr\freezer.exe:*:Enabled:freezer"
"C:\Documents and Settings\titou\Local Settings\Temp\wz43b6\freezer v1.4 fr\freezer.exe"="C:\Documents and Settings\titou\Local Settings\Temp\wz43b6\freezer v1.4 fr\freezer.exe:*:Enabled:freezer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\babou\Bureau\utorrent.exe"="C:\Documents and Settings\babou\Bureau\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\lulu\Bureau\uTorrent.exe"="C:\Documents and Settings\lulu\Bureau\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29a5dd5e-469c-11d9-aa65-00038a000015}]
shell\AutoRun\command - G:\setupSNK.exe

======List of files/folders created in the last 1 months======

2009-08-29 10:15:55 ----D---- C:\Program Files\trend micro
2009-08-29 10:15:52 ----D---- C:\rsit
2009-08-29 09:42:47 ----D---- C:\Documents and Settings\doudou\Application Data\WinRAR
2009-08-29 09:42:20 ----D---- C:\Program Files\gmer
2009-08-28 19:19:06 ----HDC---- C:\WINDOWS\ie8
2009-08-28 15:34:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-28 15:02:07 ----D---- C:\Documents and Settings\doudou\Application Data\Yahoo!
2009-08-24 21:36:36 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-24 21:36:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-24 21:36:36 ----A---- C:\WINDOWS\system32\java.exe
2009-08-16 18:08:21 ----A---- C:\WINDOWS\Sysvxd.exe
2009-08-16 16:54:15 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of files/folders modified in the last 1 months======

2009-08-29 10:15:55 ----AD---- C:\Program Files
2009-08-29 09:50:08 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-29 09:46:34 ----D---- C:\WINDOWS\Temp
2009-08-29 09:46:34 ----D---- C:\WINDOWS\Debug
2009-08-29 09:46:34 ----D---- C:\WINDOWS
2009-08-29 09:46:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-29 09:46:01 ----D---- C:\WINDOWS\Prefetch
2009-08-29 09:26:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-29 09:24:30 ----D---- C:\WINDOWS\system32
2009-08-29 09:24:04 ----D---- C:\WINDOWS\system32\ias
2009-08-28 23:47:56 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-08-28 19:24:09 ----D---- C:\WINDOWS\system32\fr-fr
2009-08-28 19:24:08 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-08-28 19:24:08 ----HD---- C:\WINDOWS\inf
2009-08-28 19:24:08 ----D---- C:\WINDOWS\Media
2009-08-28 19:24:08 ----D---- C:\WINDOWS\Help
2009-08-28 19:24:08 ----D---- C:\Program Files\Internet Explorer
2009-08-28 19:20:06 ----HD---- C:\WINDOWS\msdownld.tmp
2009-08-28 19:18:57 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-28 19:15:46 ----SD---- C:\Documents and Settings\doudou\Application Data\Microsoft
2009-08-28 19:00:59 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy
2009-08-28 18:43:38 ----D---- C:\Program Files\Yahoo!
2009-08-28 18:19:57 ----AD---- C:\Program Files\Fichiers communs
2009-08-28 18:18:29 ----D---- C:\WINDOWS\system32\drivers
2009-08-28 15:18:51 ----D---- C:\TEMP
2009-08-28 15:03:04 ----D---- C:\WINDOWS\Minidump
2009-08-28 15:01:58 ----D---- C:\Program Files\CCleaner
2009-08-24 21:36:43 ----SHD---- C:\WINDOWS\Installer
2009-08-24 21:36:39 ----D---- C:\Config.Msi
2009-08-24 21:36:32 ----D---- C:\Program Files\Java
2009-08-17 18:10:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-08-16 16:54:59 ----D---- C:\Program Files\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-01-08 82380]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 11264]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 SSHDRV76;SSHDRV76; \??\C:\WINDOWS\system32\drivers\SSHDRV76.sys []
R1 vcsmpdrv;vcsmpdrv; C:\WINDOWS\System32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-30 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-30 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-30 55936]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-07 404608]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-05 460864]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2009-02-26 3565568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-08-04 33588]
S1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-08-23 29440]
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 aswRdr;aswRdr; \??\C:\WINDOWS\system32\drivers\aswRdr.sys []
S3 axiak9ee;axiak9ee; C:\WINDOWS\system32\drivers\axiak9ee.sys []
S3 Bridge;Pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 Camdrv30;Philips ToUcam XS; C:\WINDOWS\System32\Drivers\camdrv30.sys [2001-08-17 171264]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 gsplittm;gsplittm; \??\C:\DOCUME~1\babou\LOCALS~1\Temp\gsplittm.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2004-08-04 126686]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2004-08-04 1309184]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2004-08-04 180360]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2004-01-21 5915]
S3 PID_08A0;Labtec WebCam Pro(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2004-01-21 271360]
S3 RecAgent;recagent; \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-30 5888]
S3 Ser2pl;SIEMENS Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-05-07 41472]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2004-08-04 404990]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2004-08-04 95424]
S3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-08-26 68230]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 W8335XP;WL_54PCI 802.11b/g Wireless LAN Adapter; C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys [2005-02-22 265984]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-12-30 104576]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\A [2004-05-20 68]
R2 bonjour service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Iprip;Écouteur RIP; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-06 1029456]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SimpTcp;Services TCP/IP simplifiés; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-30 19456]
R2 SNMP;Service SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version); C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-04 65536]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ipod service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\a [2004-05-20 68]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
S2 avast!NtLmSsp;avast! Mail Scanner avast!NtLmSsp; C:\WINDOWS\system32\3ivxDSEncoderd.exe srv []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LPDSVC;Serveur d'impression TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-30 19456]
S3 p2pgasvc;Authentification de groupe réseau homologue; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Réseau homologue; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protocole de résolution de noms d'homologues; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2004-04-29 193760]
S3 SNMPTRAP;Service d'interruption SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2006-06-05 39936]
S4 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]
S4 PACSPTISVR;PACSPTISVR; C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-03-09 65795]

-----------------EOF-----------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 37
bistouflette26 Messages postés 34 Statut Membre
 
info.txt logfile of random's system information tool 1.06 2009-08-29 10:16:14

======Uninstall list======

-->C:\MAGIX\music_maker_SE\instslct.exe
-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{09B44E78-A988-4BC0-962F-63ECD3333708} /l1036
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec /X{7104189A-C592-4A56-AC9E-7C0CA135DA3C}
-->MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\Setup.exe"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C6D8763-EEB7-433E-A75E-2AB44892FCA2}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x40c UNINSTALL
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\SETUP.EXE" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Reader 7.0.9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AGEIA PhysX v6.10.25-->MsiExec.exe /X{7104189A-C592-4A56-AC9E-7C0CA135DA3C}
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x444e
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVIConverter 5.0.1-->C:\Program Files\AVIConverter\uninst.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Camgoo-->"C:\Program Files\Camgoo\unins000.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_170b2\uninstall.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
ConvertMovie 3.0-->C:\Program Files\ConvertMovie 3.0 Bluesquad\uninst.exe
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Cryptext (Remove Only)-->rundll32 setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\ShellExt\Cryptext.inf
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
Disque de souvenirs HP-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
e-Carte Bleue LCL-->"C:\Program Files\InstallShield Installation Information\{3D6B54EF-65E4-4624-8709-03A3BBE2C240}\setup.exe" -runfromtemp -l0x040c -removeonly
Free Internet Eraser 2.30-->"C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\unins000.exe"
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
HP Image Zone Express-->MsiExec.exe /X{B314F1F2-49DF-41DD-A1B4-DC4192EC1021}
hp psc 2100 series-->MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Codec Pack 2.32 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Labtec WebCam-->MsiExec.exe /I{58E653BE-BD68-4D68-BB2E-3AE1B925AAD0}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LeTraducteur-->C:\WINDOWS\ST4UNST.EXE -n "C:\programe\ST4UNST.LOG"
LimeWire 5.2.13-->"C:\Program Files\LimeWire\uninstall.exe"
Max Payne 2 Demo-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{012A835C-6937-44D0-8A04-6F40728538D4}\Setup.exe" -l0x9
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Small Business-->MsiExec.exe /I{0003040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Producer-->MsiExec.exe /X{7BC42D2B-A730-43B4-8057-9B9946DF1033}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
MSN Couleur-->MsiExec.exe /I{A238B282-3DDB-4A70-833F-FAD7086366A2}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
newObjects ActiveX Pack1 Family v.2.5.0-->C:\Program Files\newObjects\AXPack1\ALPInstall.exe /u AXPack1Uninst.cfg
OpenMG Limited Patch 4.4-06-13-19-01-->C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.4.00-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Packard Bell EverSafe-->"C:\Program Files\Packard Bell EverSafe\Uninstall.exe" C:\WINDOWS\ISUN040C.EXE -y -f"C:\Program Files\Packard Bell EverSafe\Uninst.isu"
Packard Bell Magic Picture-->C:\APPS\MagicPicture\Uninstall.exe
PB Service Provider-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC57D5FD-F19C-4C5C-8FD9-A98C833086FA}\setup.exe"
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 2100 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Labtec\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Ri4m v5.0.1d-->C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
Scooby-Doo-->C:\popo\UNWISE.EXE C:\
Screenshot Captor 2.18.04-->"C:\Program Files\ScreenshotCaptor\unins000.exe"
Secured Internet Explorer-->C:\PROGRA~1\SECURE~1\UNWISE.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
SteekR DriveDrive v1.6.0-->"C:\Program Files\Steek\SteekR DriveDrive\unins000.exe"
USB Storage Driver-->DelUIDrv.exe
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
YP-T6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{808EB4CB-E52F-4A93-9540-6184ABF77662}\setup.exe" -l0x40c

======Hosts File======

127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090519-0]

======System event log======

Computer Name: PRINCIPAL
Event Code: 7036
Message: Le service Gestion d'applications est entré dans l'état : arrêté.

Record Number: 2616
Source Name: Service Control Manager
Time Written: 20090712122323.000000+120
Event Type: Informations
User:

Computer Name: PRINCIPAL
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 2615
Source Name: Service Control Manager
Time Written: 20090712122323.000000+120
Event Type: Informations
User: PRINCIPAL\lulu

Computer Name: PRINCIPAL
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur :
Le module spécifié est introuvable.

Record Number: 2614
Source Name: Service Control Manager
Time Written: 20090712122323.000000+120
Event Type: erreur
User:

Computer Name: PRINCIPAL
Event Code: 7036
Message: Le service Gestion d'applications est entré dans l'état : arrêté.

Record Number: 2613
Source Name: Service Control Manager
Time Written: 20090712122323.000000+120
Event Type: Informations
User:

Computer Name: PRINCIPAL
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 2612
Source Name: Service Control Manager
Time Written: 20090712122323.000000+120
Event Type: Informations
User: PRINCIPAL\lulu

=====Application event log=====

Computer Name: PRINCIPAL
Event Code: 1015
Message: Le paramètre TraceLevel ne se trouve pas dans le Registre.
La niveau de suivi utilisé par défaut est 32.

Record Number: 5
Source Name: EvntAgnt
Time Written: 20090824211125.000000+120
Event Type: Avertissement
User:

Computer Name: PRINCIPAL
Event Code: 1003
Message: Le paramètre TraceFileName ne se trouve pas dans le Registre.
Le fichier de suivi utilisé par défaut est .

Record Number: 4
Source Name: EvntAgnt
Time Written: 20090824211125.000000+120
Event Type: Avertissement
User:

Computer Name: PRINCIPAL
Event Code: 2
Message: Mismatch in drives number found in regkey(1) and sytem(0)

Record Number: 3
Source Name: Virtual CD v4 Security service (SDK - Version)
Time Written: 20090824211118.000000+120
Event Type: erreur
User: AUTORITE NT\SYSTEM

Computer Name: PRINCIPAL
Event Code: 1
Message:
Record Number: 2
Source Name: Bonjour Service
Time Written: 20090824211111.000000+120
Event Type: Informations
User:

Computer Name: PRINCIPAL
Event Code: 105
Message: The service was started.

Record Number: 1
Source Name: ATI Smart
Time Written: 20090824211103.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ATI Technologies\ATI Control Panel;C:\PROGRA~1\FICHIE~1\TVNAVI~1;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;"C:\WINDOWS\System32\QTJava.zip";C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"FP_NO_HOST_CHECK"=NO
"QTJAVA"=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------
0
Réponse 6 / 37
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
re

clic ici http://www.cijoint.fr/cj200908/cijwVt99DD.zip

et telecharge le fichier .zip, tu dezippe le fichier dedans et execute l'installe de malwarebyte si tu peux.

une fois installé va directement renommé le fichier .exe dans C:/programefile/malwarebyte/MBAM.exe

tu clic droit sur le fichier MBAM et choisit renommé et renomme le en MM par exemple

puis execute ce fichier et fait un scan complet

* L'analyse peut durer un bon moment.....
* Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"
* Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"
* Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum

* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée
0
Réponse 7 / 37
bistouflette26 Messages postés 34 Statut Membre
 
Ca y est le scan est terminé (en effet ça a été un peu long et je ne sais pas pourquoi mais a un moment donné mon ordi a redemarré tout seul donc il a fallu que je relance le scan).

Voici le resultat:
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 5.1.2600 Service Pack 3

29/08/2009 13:15:05
mbam-log-2009-08-29 (13-15-05).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|I:\|J:\|)
Eléments examinés: 298526
Temps écoulé: 1 hour(s), 23 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 92
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
\\?\globalroot\systemroot\system32\UACjkyirvklrm.dll (Rogue.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASecurityCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\titou\Local Settings\Application Data\yeasqwc_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\titou\Local Settings\Application Data\yeasqwc_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\titou\Local Settings\Application Data\yeasqwc.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
\\?\globalroot\systemroot\system32\UACjkyirvklrm.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Secured IE\Setup1102.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\sto453117.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\sto453142.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\sto453250.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
0
Réponse 8 / 37
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
ok

tu as bien redemarré après malwarebyte comme demandé ?

sa a degager un peu le terrain mais il doit surement rester du rootkit

clic ici http://www.cijoint.fr/cj200908/cijFx5kLiR.zip et tu dezippe le fichier bobo.exe sur TON BUREAU ensuite tu debranche ton cable internet et desactive toutes tes defence y compris ton parefeu si autre que windows

puis execute bobo.exe , suit les indications et poste le rapport

ensuite telecharge hijackthis sur ton bureau https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

puis relance RSIT et poste moi le nouveau rapport
0
Réponse 9 / 37
bistouflette26 Messages postés 34 Statut Membre
 
Oui oui j'ai bien redemmaré mon ordi.
Par contre ou puis-je voir les defenses de mon ordi? Il suffit de fermer tous les antivirus et autres ...?
0
Réponse 10 / 37
bistouflette26 Messages postés 34 Statut Membre
 
En fait je n'arrive pas a arreter la protection d'avast, je sais que je devrais avoir l'icone dans le volet windows en bas a droite mais aucune icone d'avast n'est visible. Pourtant quand j'ai essayé de lancer Bobo, un message me signalant qu'avast était actif est apparu... :S
Je m'enerve moi meme de ma nulité en informatique...
0
Réponse 11 / 37
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
oui c'est le rootkit qui fait sa

tanpis lance le quand meme ou tu peux meme desinstallé AVAST si tu n'y tiens pas et a la place tu installera antivir après combofix

ici http://www.commentcamarche.net/telecharger/telecharger-55-antivir
0
Réponse 12 / 37
bistouflette26 Messages postés 34 Statut Membre
 
Voila le rapport de bobo (j'ai finalement réussi a enlevé la protection d'avast):
ComboFix 09-08-28.05 - lulu 29/08/2009 14:50.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.589 [GMT 2:00]
Running from: c:\documents and settings\lulu\Bureau\bobo.exe
AV: avast! antivirus 4.8.1351 [VPS 090828-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\babou\new.txt
c:\documents and settings\lulu\new.txt
c:\program files\dns
c:\program files\dns\affid.dat
c:\program files\dns\uid.dat
c:\program files\dns\version.txt
c:\program files\dns\x.bmp
c:\program files\Fichiers communs\system32.dll
c:\program files\maxifiles
c:\program files\maxifiles\affid.dat
c:\recycler\S-1-5-21-1935086090-143876970-3382944627-1003
c:\windows\anwhsx.exe
c:\windows\hqvqvet.exe
c:\windows\Installer\3568ba.msp
c:\windows\Installer\496cb50.msp
c:\windows\Installer\WMEncoder.msi
c:\windows\onizybop.exe
c:\windows\rqhslqt.exe
c:\windows\system32\676741057.dat
c:\windows\system32\a
c:\windows\system32\drivers\a00bae72.sys
c:\windows\system32\drivers\UACixdomybwuw.sys
c:\windows\system32\MabryObj.dll
c:\windows\system32\pic.jpg
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjkyirvklrm.dll
c:\windows\system32\UACltenklprvw.dat
c:\windows\system32\UACswwqjnhqod.dll
c:\windows\system32\WLINGAK.dll
c:\windows\tet.exe
c:\windows\twtmrsr.exe
c:\windows\ulspaj.exe
c:\windows\yhetef.exe
c:\windows\ylcx.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_uacd.sys
-------\Legacy_uacd.sys
-------\Legacy_IPRIP
-------\Legacy_NDISRD
-------\Service_Iprip
-------\Service_ndisrd
-------\Service_a00bae72

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-29 )))))))))))))))))))))))))))))))
.

2009-08-29 09:49 . 2009-08-29 09:49 -------- d-sh--w- c:\documents and settings\lulu\PrivacIE
2009-08-29 09:48 . 2009-08-29 09:48 -------- d-----w- c:\documents and settings\lulu\Application Data\Malwarebytes
2009-08-29 09:47 . 2009-08-29 09:47 -------- d-sh--w- c:\documents and settings\lulu\IETldCache
2009-08-29 08:37 . 2009-08-29 08:37 -------- d-----w- c:\documents and settings\doudou\Application Data\Malwarebytes
2009-08-29 08:36 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-29 08:36 . 2009-08-29 08:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-29 08:36 . 2009-08-29 08:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-29 08:36 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-29 08:15 . 2009-08-29 08:15 -------- d-----w- c:\program files\trend micro
2009-08-29 08:15 . 2009-08-29 08:16 -------- d-----w- C:\rsit
2009-08-29 07:42 . 2009-08-29 07:43 -------- d-----w- c:\program files\gmer
2009-08-28 17:26 . 2009-08-28 17:26 -------- d-sh--w- c:\documents and settings\doudou\PrivacIE
2009-08-28 17:25 . 2009-08-28 17:25 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-28 17:24 . 2009-08-28 17:24 -------- d-sh--w- c:\documents and settings\doudou\IETldCache
2009-08-28 17:19 . 2009-08-28 17:19 -------- dc-h--w- c:\windows\ie8
2009-08-28 17:15 . 2009-08-28 17:15 86576 ----a-w- c:\documents and settings\doudou\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-08-28 17:15 . 2009-08-28 17:15 392728 ----a-w- c:\documents and settings\doudou\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2009-08-28 17:15 . 2009-08-28 17:15 135680 ----a-w- c:\documents and settings\doudou\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-08-28 17:15 . 2009-08-28 17:15 132672 ----a-w- c:\documents and settings\doudou\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-08-28 16:14 . 2009-08-28 16:14 -------- d-s---w- c:\documents and settings\LocalService\Favoris
2009-08-28 13:34 . 2009-08-28 16:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-28 13:02 . 2009-08-28 13:02 -------- d-----w- c:\documents and settings\doudou\Application Data\Yahoo!
2009-08-24 19:35 . 2009-08-24 19:35 152576 ----a-w- c:\documents and settings\doudou\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-16 14:54 . 2009-07-25 03:23 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-29 09:46 . 2005-03-12 11:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-29 07:50 . 2005-03-12 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-28 17:00 . 2009-04-30 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-08-28 16:43 . 2005-04-28 16:01 -------- d-----w- c:\program files\Yahoo!
2009-08-28 13:01 . 2006-12-28 13:33 -------- d-----w- c:\program files\CCleaner
2009-08-24 19:36 . 2005-04-10 17:48 -------- d-----w- c:\program files\Java
2009-08-17 16:10 . 2004-11-13 11:22 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2004-05-18 21:28 93392 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2004-05-18 21:28 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-01 21:28 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-01 21:28 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2004-11-13 11:22 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2005-02-22 07:46 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2004-05-18 21:28 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2004-06-13 20:26 97480 -c--a-w- c:\windows\system32\AVASTSS.scr
2009-08-17 10:52 . 2009-07-05 13:59 -------- d-----w- c:\documents and settings\lulu\Application Data\uTorrent
2009-08-16 14:54 . 2006-07-03 19:11 -------- d-----w- c:\program files\LimeWire
2009-07-27 19:08 . 2004-09-30 18:30 62376 -c--a-w- c:\documents and settings\flo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 11:27 . 2009-07-17 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-17 05:54 . 2006-07-15 10:09 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-16 16:38 . 2009-07-07 09:02 -------- d-----w- c:\program files\Electronic Arts
2009-07-16 16:38 . 2003-10-28 12:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 10:23 . 2008-10-10 16:49 -------- d-----w- c:\program files\MP3 Player Utilities 3.68
2009-07-12 10:22 . 2005-09-11 09:12 -------- d-----w- c:\program files\Mobile Phone Manager
2009-07-12 10:18 . 2006-12-19 19:07 -------- d-----w- c:\program files\Google
2009-07-07 21:01 . 2009-06-22 21:05 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-07 21:01 . 2009-06-22 21:05 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-07 15:48 . 2009-07-07 06:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-07-07 06:30 . 2009-07-07 06:30 10134 ----a-r- c:\documents and settings\lulu\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-07 06:30 . 2009-07-07 06:30 -------- d-----w- c:\program files\Microsoft WSE
2009-07-06 21:01 . 2009-06-22 21:05 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-06 21:01 . 2009-06-22 21:05 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-06 17:37 . 2009-07-06 17:37 -------- d-----w- c:\documents and settings\lulu\Application Data\DAEMON Tools
2009-06-20 06:54 . 2009-06-20 06:54 75048 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-20 06:34 . 2004-04-13 16:52 62376 -c--a-w- c:\documents and settings\lulu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 09:42 . 2009-06-20 06:58 2060288 -c--a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2008-06-14 08:15 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-02 21:05 . 2009-06-02 21:05 15688 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-02 21:05 . 2009-05-20 03:32 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-01 11:01 . 2004-09-30 04:58 62376 -c--a-w- c:\documents and settings\doudou\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-12-01 21:00 . 2006-12-01 21:00 16277288 -c--a-w- c:\program files\Install_Messenger.exe
2006-12-01 20:36 . 2006-12-01 20:36 400536 -c--a-w- c:\program files\MSagent.exe
2006-11-21 17:22 . 2006-10-13 18:48 3534076 -c--a-w- c:\program files\eMule0.47c-Installer.exe
2006-11-18 08:49 . 2006-11-18 08:49 2167357 -c--a-w- c:\program files\dMC-r11.5.exe
2006-08-30 10:49 . 2006-08-30 10:49 12778162 -c--a-w- c:\program files\20041217111333062_yeppStudio.exe
2006-07-03 19:10 . 2006-07-03 19:10 359112 -c--a-w- c:\program files\LimeWireWin.exe
2006-06-05 19:40 . 2006-06-05 19:40 20941615 -c--a-w- c:\program files\PhotoStudio_5.5.exe
2006-06-05 19:11 . 2006-06-05 19:11 4264269 -c--a-w- c:\program files\setupEasyPhotoCorrector.exe
2006-05-31 20:16 . 2006-05-31 20:16 2048586 -c--a-w- c:\program files\ADSLAutoconnect206F7.exe
2006-04-26 09:05 . 2006-04-26 09:04 11092264 -c--a-w- c:\program files\setupfre.exe
2006-02-27 19:57 . 2006-02-28 07:32 366 -c--a-w- c:\program files\history.txt
2005-11-08 19:20 . 2006-04-11 18:54 1753088 -c--a-w- c:\program files\CoD2SP_s.exe
2005-09-14 19:37 . 2005-09-14 19:36 34235626 -c--a-w- c:\program files\Nero-6.6.0.16.exe
2005-09-14 19:28 . 2005-09-14 19:28 9964393 -c--a-w- c:\program files\Nero-6.6.0.16_fra.exe
2005-04-12 05:46 . 2005-04-12 05:46 1416944 -c--a-w- c:\program files\WM9Codecs.exe
2005-04-12 05:39 . 2005-04-12 05:37 9202918 ----a-w- c:\program files\www.tinium.tz4.com klcodec234f.zip
2005-04-09 18:31 . 2005-04-09 18:31 11787500 -c--a-w- c:\program files\DVDCopy.exe
2005-04-09 16:46 . 2005-04-09 16:46 5813599 ----a-w- c:\program files\ONES_Trial_Setup.zip
2005-02-05 18:01 . 2005-02-05 18:01 7321288 -c--a-w- c:\program files\INSTALL_MSN_MESSENGER_DL.EXE
2004-12-01 04:35 . 2006-02-28 07:32 1850441 -c----w- c:\program files\update_virtualdj_v2.06.exe
2004-10-22 02:25 . 2006-02-28 07:32 1184602 -c----w- c:\program files\update_virtualdj_v2.05.exe
2004-09-29 15:03 . 2004-09-29 15:03 9113831 -c--a-w- c:\program files\codec.exe
2004-09-29 13:04 . 2004-09-29 13:04 7680064 -c--a-w- c:\program files\DivX521XP2K.exe
2004-07-06 11:07 . 2004-07-06 11:06 286 -c-ha-w- c:\program files\hpothb07.dat
2004-03-13 08:40 . 2004-03-13 08:40 32 -csha-w- c:\windows\{3CF7791D-A700-48E1-973B-CD5D1EA6A70B}.dat
2004-03-13 08:39 . 2004-03-13 08:39 32 -csha-w- c:\windows\{B84FBFE4-312E-45C7-9FF0-0B3AE656E241}.dat
2005-12-14 13:43 . 2005-12-14 13:43 8 -csh--r- c:\windows\system32\707FA406DC.sys
2005-02-04 06:39 . 2005-02-04 06:39 56 -csh--r- c:\windows\system32\D2AA1C049A.sys
2006-02-27 16:43 . 2006-01-29 18:36 9104 -csh--r- c:\windows\system32\msivs10.dll
2004-03-13 08:40 . 2004-03-13 08:40 32 -csha-w- c:\windows\system32\{57DB8DB5-43DC-48AA-A720-8B1A4545096D}.dat
2004-03-13 08:39 . 2004-03-13 08:39 32 -csha-w- c:\windows\system32\{A0531CBF-931B-4FC8-A924-43F7CC1C5DB0}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="c:\program files\Messenger Plus! 3\MsgPlus.exe" [2006-04-20 190024]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 344064]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-11 180269]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-06 520024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EoWeather"=
"EoEngine"=
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"AdslTaskBar"=rundll32.exe stmctrl.dll,TaskBar

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Valve\\Steam\\Steam.exe"=
"c:\\Valve\\Condition Zero\\czero.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Connect 2\\WMCCFG.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Valve\\Steam\\SteamApps\\fucknorriss\\counter-strike\\hl.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\lulu\\Bureau\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)
"1:TCP"= 1:TCP:192.168.1.65/255.255.255.255:Enabled:Florence
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"443:TCP"= 443:TCP:443

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [19/05/2009 23:02 64160]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [28/10/2003 14:15 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/04/2008 23:28 114768]
R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [31/03/2006 17:41 53760]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [28/10/2003 14:17 49024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/04/2008 23:28 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 21:06 1029456]
R2 NwSapAgent;Agent SAP;c:\windows\System32\svchost.exe -k netsvcs [30/09/2002 13:49 14336]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\System\vcssecs.exe [28/10/2003 14:17 139264]
S2 avast!NtLmSsp;avast! Mail Scanner avast!NtLmSsp;c:\windows\system32\3ivxDSEncoderd.exe srv --> c:\windows\system32\3ivxDSEncoderd.exe srv [?]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [26/02/2006 12:23 171264]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [26/02/2007 19:41 21344]
S3 gsplittm;gsplittm;\??\c:\docume~1\babou\LOCALS~1\Temp\gsplittm.sys --> c:\docume~1\babou\LOCALS~1\Temp\gsplittm.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:02]

2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2009-08-29 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B8073564859.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{01E28DAF-0479-033A-9877-B65B757828DE} - (no file)
HKCU-Run-H/PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-29 15:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1381647452-790166838-1387321489-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8e9a-4d4e-9ee9-17a0e48d3bbb}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8e9a-4d4e-9ee9-17a0e48d3bbb}\elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8e9a-4d4e-9ee9-17a0e48d3bbb}\localserver32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8e9a-4d4e-9ee9-17a0e48d3bbb}\typelib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1d4c8a81-b7ac-460a-8c23-98713c41d6b3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1d4c8a81-b7ac-460a-8c23-98713c41d6b3}\proxystubclsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1d4c8a81-b7ac-460a-8c23-98713c41d6b3}\typelib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauserv\Parameters]
@DACL=(02 0000)
"ServiceDll"=expand:"C1\\WINDOWS\\system32\\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauserv\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4040)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\wanmpsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-29 15:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-29 13:26

Pre-Run: 24 202 448 896 octets libres
Post-Run: 24 374 816 768 octets libres

Current=3 Default=3 Failed=1 LastKnownGood=2 Sets=1,2,3,4
324 --- E O F --- 2009-05-20 17:37
0
Réponse 13 / 37
bistouflette26 Messages postés 34 Statut Membre
 
Et voila le nouveau rapport de RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by lulu at 2009-08-29 17:16:24
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 23 GB (21%) free of 110 GB
Total RAM: 1023 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:49, on 29/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\lulu\Bureau\RSIT.exe
C:\Documents and Settings\lulu\Bureau\lulu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [international] International
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: avast! Mail Scanner avast!NtLmSsp (avast!NtLmSsp) - Unknown owner - C:\WINDOWS\system32\3ivxDSEncoderd.exe (file missing)
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Bonjour (bonjour service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\
0
Réponse 14 / 37
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
Fait ceci :

Fais un scan en ligne Kaspersky :

• Désactive ton antivirus
• Fais un scan en ligne ici https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
• Clique sur "Kaspersky Online Scanner Cliquez-ici"
• Lis le texte d'information, puis clique sur « J'accepte »
• Si une fenêtre te demande t'exécuter un programme, accepte
• Une fois la mise à jour téléchargée, choisis "Poste de travail" pour le scan.
• A la fin de l'analyse, clique sur « Enregistrer rapport » et poste le dans ta prochaine réponse.

Tutoriel illustré : https://www.commentcamarche.net/faq/17751-scanner-en-ligne-avec-kaspersky

et poste bien le rapport
0
Réponse 15 / 37
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
tu feras aussi pour supprimer les restes de salete

au passage Eorezo c'est sypware ne retourne + sur leur site

* Télécharge et enregistre le fichier d installation sur ton bureau :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

* Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )

* Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.

* Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"

* Au menu principal choisi l'option "L" et tape sur [entrée] .

* Laisse travailler l'outil et ne touche à rien ...

* Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis
entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels
de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces
antivirus.

puis

# Télécharge sur le bureau Navilog1

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
# Si ton antivirus s'affole , le désactiver
# sous vista : Clic-droit sur le raccourci Navilog1 présent sur le bureau et choisis "Exécuter en tant qu'administrateur"
# sous XP : double-clic dessus pour l'installer et le lancer
# taper F
# Appuyer sur une touche jusqu' arriver aux options
# Choisir Recherche/Désinfection automatique ( = taper 1 )
# un rapport : fixnavi.txt dans ==> C :
# le copier et le coller dans la réponse

ensuite si tu n'as pas utilise CCleaner : https://www.malekal.com/tutoriel-ccleaner/
configure le comme ceci : option/avancé et decoche la premiere case et nettoie plusieurs fois dans les onglets nettoyeur et registre jusqu' a trouver 0erreur

ensuite fait une mise a jour avec malwarebyte et fait un scan RAPIDE cette fois supprime si il trouve des choses et poste le rapport

puis poste un nouveau RSIT
0
Réponse 16 / 37
bistouflette26 Messages postés 34 Statut Membre
 
Impossible de realiser un scan avec kaspersky, a la fin de la mise a jour un message d'erreur apparait
"Echec de la mise a jour Impossible de démarrer le programme. Fermez la fenetre de Kaspersky Online Scanner 7.0 et redemarrez le programme sur le site de Kaspersky Lab.
Pour mettre à jour Kaspersky Online Scanner 7.0 et analyser votre ordinateur correctement, une connexion Internet permanente est nécessaire. Vérifiez que votre connexion Internet fonctionne. [ERROR : La licence est périmée]"

J'ai fait ce qu'il m'ont dit plusieurs fois mais rien a faire....
0
Réponse 17 / 37
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
tu peux faire le poste 15 avant de faire le scan mais en tout cas n'oublie pas de l e faire

ok fait le scan ici et à la fin tu copie colle le rapport qui va etre generé sur la page internet (tu selectionne clic droit copier et ici clic droit coller)

http://www.bitdefender.fr/scan_fr/scan8/ie.html
0
Réponse 18 / 37
bistouflette26 Messages postés 34 Statut Membre
 
Voici le résultat du scan par Ad remover:

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_Q | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 26/08/2009 à 6:37 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 19:14:48, 29/08/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ v5.1.2600
Nom du PC: PRINCIPAL | Utilisateur actuel: lulu
.
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKLM\Software\Trymedia Systems
.
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\ConfMedia.cyp
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\EoWeather.cfg
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\EoWeatherVal_02EC282.cfg
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\host.cyp
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\towns.cfg
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\user.cyp
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\1.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\10.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\11.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\12.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\13.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\14.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\16.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\17.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\18.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\19.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\2.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\3.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\33.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\4.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\5.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\6.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\7.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\8.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\9.txt
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\cat.cyp
C:\DOCUME~1\lulu\APPLIC~1\EoRezo\db\cat.nfo
C:\DOCUME~1\lulu\APPLIC~1\EoRezo
C:\Program Files\EoRezo\cmhost.cyp
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoRezoImg_7.dll
C:\Program Files\EoRezo\EoRezoTools_7.dll
C:\Program Files\EoRezo\EoAdv\eoAdv.url
C:\Program Files\EoRezo\EoAdv\EoRezoBho.old
C:\Program Files\EoRezo
C:\Documents and Settings\doudou\Application Data\Eorezo\ConfMedia.cyp
C:\Documents and Settings\doudou\Application Data\Eorezo\db
C:\Documents and Settings\doudou\Application Data\Eorezo\EoWeather.cfg
C:\Documents and Settings\doudou\Application Data\Eorezo\EoWeatherVal_02EC282.cfg
C:\Documents and Settings\doudou\Application Data\Eorezo\host.cyp
C:\Documents and Settings\doudou\Application Data\Eorezo\towns.cfg
C:\Documents and Settings\doudou\Application Data\Eorezo\user.cyp
C:\Documents and Settings\doudou\Application Data\Eorezo\db\1.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\10.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\11.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\12.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\13.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\14.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\16.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\17.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\18.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\19.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\2.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\3.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\33.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\4.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\5.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\6.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\7.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\8.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\9.txt
C:\Documents and Settings\doudou\Application Data\Eorezo\db\cat.cyp
C:\Documents and Settings\doudou\Application Data\Eorezo\db\cat.nfo
C:\Documents and Settings\doudou\Application Data\Eorezo
C:\Documents and Settings\flo\Application Data\Eorezo\ConfMedia.cyp
C:\Documents and Settings\flo\Application Data\Eorezo\db
C:\Documents and Settings\flo\Application Data\Eorezo\EoWeather.cfg
C:\Documents and Settings\flo\Application Data\Eorezo\EoWeatherVal_02EC282.cfg
C:\Documents and Settings\flo\Application Data\Eorezo\host.cyp
C:\Documents and Settings\flo\Application Data\Eorezo\user.cyp
C:\Documents and Settings\flo\Application Data\Eorezo

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.0.11 *
.
Nom du profil: 4g3b0s06.default (lulu)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Bar_bak: hxxp://www.lwphapinkiy.info/hw/O4kOsQs2A9bMSkpb25eK0/oiAfKHNmtckQb7YtAih9iQIpiBmsKXaeFqbIwqW.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\All Users\Documents\Software\Microsoft Office Edition 2003 Professional [Fr] - Disc 1 - Word, Excel, Acces, Power Point, Outlook - Serial.rar
C:\Documents and Settings\lulu\Mes documents\Incomplete\T-398859479-microsoft office 2003.fr.1 cd.word.exel.outlok.access.power point.publisher.infopath.+patch.zip
.
.
===================================
.
6673 Octet(s) - C:\Ad-Report-CLEAN.log
.
1516 Fichier(s) - C:\DOCUME~1\lulu\LOCALS~1\Temp
3 Fichier(s) - C:\WINDOWS\Temp
.
18 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
64 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 19:56:33 | 29/08/2009
.
============== E.O.F ==============
.
0
Réponse 19 / 37
bistouflette26 Messages postés 34 Statut Membre
 
Voici le résultat du scan par Navilog1:

Fix Navipromo version 4.0.2 commencé le 29/08/2009 20:07:26,98

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 27.08.2009 à 11h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.60GHz )
BIOS : Award Medallion BIOS v6.00PG
USER : lulu ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1351 [VPS 090828-0] 4.8.1351 (Not Activated)

C:\ (Local Disk) - NTFS - Total:107 Go (Free:22 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB) - FAT - Total:983 Mo (Free:0 Go)
I:\ (USB)
J:\ (USB)

Recherche executée en mode normal

[b]Aucune Infection Navipromo/Egdaccess trouvée/b

*** Scan terminé 29/08/2009 20:21:53,56 ***
0
Réponse 20 / 37
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
oK

fait le scan en ligne + scan RAPIDE avec malwarebyte + CCleaner + aprés un nouveau RSIT
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
Pb Windows 7, .EXE n'est pas app win32 valide
Witeric -
Lio -

15 réponses