Dos optimizer
Résolu/Fermé
A voir également:
- Dos optimizer
- Tcp optimizer - Télécharger - Optimisation
- Optimizer - Télécharger - Optimisation
- Wise memory optimizer - Télécharger - Optimisation
- Jpeg optimizer - Télécharger - Photo & Graphisme
- Commande dos windows 10 - Guide
28 réponses
Utilisateur anonyme
3 sept. 2009 à 18:50
3 sept. 2009 à 18:50
Salut ,
▶ Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.
• Double-clique sur RSIT.exe afin de lancer RSIT.
• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
• Poste le contenu de log.txt .
• Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
▶ Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.
• Double-clique sur RSIT.exe afin de lancer RSIT.
• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
• Poste le contenu de log.txt .
• Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
merci pour la réponse, mais il y'a un seul fichier ki s'ouvre :
Logfile of random's system information tool 1.06 (written by random/random)
Run by ESS at 2009-09-03 17:53:03
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 5 GB (12%) free of 38 GB
Total RAM: 1015 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:31, on 03/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Games\Pool Sharks\Starter.exe
C:\Documents and Settings\ESS\Bureau\RSIT.exe
C:\Program Files\trend micro\ESS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.69.254.242:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
R3 - URLSearchHook: LiveTV_ Toolbar - {59385f95-c52f-4a84-b674-4a4206b17218} - C:\Program Files\LiveTV_\tbLive.dll
R3 - URLSearchHook: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: LiveTV_ Toolbar - {59385f95-c52f-4a84-b674-4a4206b17218} - C:\Program Files\LiveTV_\tbLive.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: LiveTV_ Toolbar - {59385f95-c52f-4a84-b674-4a4206b17218} - C:\Program Files\LiveTV_\tbLive.dll
O3 - Toolbar: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: prxernsp.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{D64A6D53-4B27-4AF5-AA10-4B69889C9792}: NameServer = 213.150.176.196,196.203.251.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
Logfile of random's system information tool 1.06 (written by random/random)
Run by ESS at 2009-09-03 17:53:03
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 5 GB (12%) free of 38 GB
Total RAM: 1015 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:31, on 03/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Games\Pool Sharks\Starter.exe
C:\Documents and Settings\ESS\Bureau\RSIT.exe
C:\Program Files\trend micro\ESS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.69.254.242:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
R3 - URLSearchHook: LiveTV_ Toolbar - {59385f95-c52f-4a84-b674-4a4206b17218} - C:\Program Files\LiveTV_\tbLive.dll
R3 - URLSearchHook: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: LiveTV_ Toolbar - {59385f95-c52f-4a84-b674-4a4206b17218} - C:\Program Files\LiveTV_\tbLive.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: LiveTV_ Toolbar - {59385f95-c52f-4a84-b674-4a4206b17218} - C:\Program Files\LiveTV_\tbLive.dll
O3 - Toolbar: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: prxernsp.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{D64A6D53-4B27-4AF5-AA10-4B69889C9792}: NameServer = 213.150.176.196,196.203.251.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
Utilisateur anonyme
3 sept. 2009 à 19:02
3 sept. 2009 à 19:02
• Télécharge et install UsbFix
->> http://pagesperso-orange.fr/NosTools/cariboost_files/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l'option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
->> http://pagesperso-orange.fr/NosTools/cariboost_files/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l'option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
############################## | UsbFix V6.024 |
User : ESS (Administrateurs) # AYMEN
Update on 01/09/09 by Chiquitine29, C_XX & Chimay8
Start at: 18:03:25 | 03/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 37,26 Go (4,47 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible # 1,86 Go (726,03 Mo free) [2 GO] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Games\Pool Sharks\Starter.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
Présent ! C:\WINDOWS\inf\smss.exe
Présent ! C:\WINDOWS\system32\Sexy Girls.scr
Présent ! C:\DOCUME~1\ESS\APPLIC~1\smss.exe
Présent ! C:\autorun.inf
Présent ! E:\autorun.inf
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
################## | Registre # Clés Run infectieuses |
Présent ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKU\S-1-5-21-448539723-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKLM\software\microsoft\security center "AntiVirusDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "FirewallDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "UpdatesDisableNotify" ( 0x1 )
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{a7bdb175-97d4-11de-834b-0019700fc30d}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wlan.exe
Shell\default\command =E:\wlan.exe
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # UsbFix V6.024 ! |
User : ESS (Administrateurs) # AYMEN
Update on 01/09/09 by Chiquitine29, C_XX & Chimay8
Start at: 18:03:25 | 03/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 37,26 Go (4,47 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible # 1,86 Go (726,03 Mo free) [2 GO] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Games\Pool Sharks\Starter.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
Présent ! C:\WINDOWS\inf\smss.exe
Présent ! C:\WINDOWS\system32\Sexy Girls.scr
Présent ! C:\DOCUME~1\ESS\APPLIC~1\smss.exe
Présent ! C:\autorun.inf
Présent ! E:\autorun.inf
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
################## | Registre # Clés Run infectieuses |
Présent ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKU\S-1-5-21-448539723-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKLM\software\microsoft\security center "AntiVirusDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "FirewallDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "UpdatesDisableNotify" ( 0x1 )
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{a7bdb175-97d4-11de-834b-0019700fc30d}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wlan.exe
Shell\default\command =E:\wlan.exe
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # UsbFix V6.024 ! |
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
############################## | UsbFix V6.024 |
User : ESS (Administrateurs) # AYMEN
Update on 01/09/09 by Chiquitine29, C_XX & Chimay8
Start at: 18:03:25 | 03/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 37,26 Go (4,47 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible # 1,86 Go (726,03 Mo free) [2 GO] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Games\Pool Sharks\Starter.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
Présent ! C:\WINDOWS\inf\smss.exe
Présent ! C:\WINDOWS\system32\Sexy Girls.scr
Présent ! C:\DOCUME~1\ESS\APPLIC~1\smss.exe
Présent ! C:\autorun.inf
Présent ! E:\autorun.inf
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
################## | Registre # Clés Run infectieuses |
Présent ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKU\S-1-5-21-448539723-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKLM\software\microsoft\security center "AntiVirusDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "FirewallDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "UpdatesDisableNotify" ( 0x1 )
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{a7bdb175-97d4-11de-834b-0019700fc30d}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wlan.exe
Shell\default\command =E:\wlan.exe
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # UsbFix V6.024 ! |
User : ESS (Administrateurs) # AYMEN
Update on 01/09/09 by Chiquitine29, C_XX & Chimay8
Start at: 18:03:25 | 03/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 37,26 Go (4,47 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible # 1,86 Go (726,03 Mo free) [2 GO] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Games\Pool Sharks\Starter.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
Présent ! C:\WINDOWS\inf\smss.exe
Présent ! C:\WINDOWS\system32\Sexy Girls.scr
Présent ! C:\DOCUME~1\ESS\APPLIC~1\smss.exe
Présent ! C:\autorun.inf
Présent ! E:\autorun.inf
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
################## | Registre # Clés Run infectieuses |
Présent ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKU\S-1-5-21-448539723-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKLM\software\microsoft\security center "AntiVirusDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "FirewallDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "UpdatesDisableNotify" ( 0x1 )
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{a7bdb175-97d4-11de-834b-0019700fc30d}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wlan.exe
Shell\default\command =E:\wlan.exe
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # UsbFix V6.024 ! |
Utilisateur anonyme
3 sept. 2009 à 19:14
3 sept. 2009 à 19:14
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau
• choisis l'option 2 ( Suppression )
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Double clic sur le raccourci UsbFix présent sur ton bureau
• choisis l'option 2 ( Suppression )
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
############################## | UsbFix V6.024 |
User : ESS (Administrateurs) # AYMEN
Update on 01/09/09 by Chiquitine29, C_XX & Chimay8
Start at: 18:19:03 | 03/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 37,26 Go (4,42 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible # 1,86 Go (726,03 Mo free) [2 GO] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\WINDOWS\inf\smss.exe
Supprimé ! C:\WINDOWS\system32\Sexy Girls.scr
Supprimé ! C:\DOCUME~1\ESS\APPLIC~1\smss.exe
Supprimé ! C:\autorun.inf
Supprimé ! E:\autorun.inf
################## | Autres |
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
################## | Registre # Clés Run infectieuses |
Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Supprimé ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
# HKLM\software\microsoft\security center "AntiVirusDisableNotify" # -> Reset sucessfully !
# HKLM\software\microsoft\security center "FirewallDisableNotify" # -> Reset sucessfully !
# HKLM\software\microsoft\security center "UpdatesDisableNotify" # -> Reset sucessfully !
################## | Registre # Mountpoints2 |
################## | Listing des fichiers présent |
[10/10/2008 01:29|--a------|1024] -> C:\.rnd
[12/07/2009 16:23|---hs----|212] -> C:\boot.ini
[15/10/2001 00:41|-rahs----|4952] -> C:\Bootfont.bin
[25/08/2008 15:43|--a------|0] -> C:\CONFIG.SYS
[16/03/2009 23:41|--a------|120] -> C:\drmHeader.bin
[22/08/2009 07:39|--a------|184] -> C:\drwtsn32.log
[23/09/2008 02:56|--a------|117] -> C:\finfos.txt
[27/03/2001 00:00|--a------|53248] -> C:\gendel32.exe
[18/11/2008 04:44|--a------|164] -> C:\install.dat
[25/08/2008 15:43|-rahs----|0] -> C:\IO.SYS
[04/04/2009 02:58|--a------|125] -> C:\ioSpecial.ini
[09/11/2008 18:28|--a------|1453] -> C:\MDL 2.0 Debug.txt
[23/09/2008 02:56|--a------|447] -> C:\mpeg.txt
[25/08/2008 15:43|-rahs----|0] -> C:\MSDOS.SYS
[04/08/2004 04:38|-rahs----|47564] -> C:\NTDETECT.COM
[04/08/2004 04:59|-rahs----|251712] -> C:\ntldr
[?|?|?] -> C:\pagefile.sys
[12/11/2008 03:09|--ah-----|1073741824] -> C:\pfsvoddata.bbv
[25/08/2008 16:56|--a------|573] -> C:\RHDSetup.log
[12/07/2009 16:15|--a------|167] -> C:\Setup.log
[07/10/2008 13:39|--ah-----|268] -> C:\sqmdata00.sqm
[22/10/2008 03:43|--ah-----|268] -> C:\sqmdata01.sqm
[23/10/2008 00:26|--ah-----|268] -> C:\sqmdata02.sqm
[06/11/2008 17:15|--ah-----|268] -> C:\sqmdata03.sqm
[18/02/2009 18:52|--ah-----|268] -> C:\sqmdata04.sqm
[07/10/2008 13:39|--ah-----|244] -> C:\sqmnoopt00.sqm
[22/10/2008 03:43|--ah-----|244] -> C:\sqmnoopt01.sqm
[23/10/2008 00:26|--ah-----|244] -> C:\sqmnoopt02.sqm
[06/11/2008 17:15|--ah-----|244] -> C:\sqmnoopt03.sqm
[18/02/2009 18:52|--ah-----|172] -> C:\sqmnoopt04.sqm
[12/11/2008 04:24|--a------|57] -> C:\StvTimeCode.txt
[17/07/2009 21:50|--a------|2307] -> C:\TB.txt
[03/09/2009 18:25|--a------|4110] -> C:\UsbFix.txt
[12/11/2008 04:24|--a------|734003136] -> C:\VideoBuffer.tmp
[12/07/2009 16:12|--a------|175] -> C:\WiFiSetup.log
[24/08/2009 08:59|-r-hs----|6115169] -> E:\wlan.exe
[17/02/2008 12:43|--a------|377344] -> E:\ESS_Fichiers.exe
################## | Cracks / Keygens / Serials |
################## | Upload |
Veuillez envoyer le fichier : C:\DOCUME~1\ESS\Bureau\UsbFix_Upload_Me_AYMEN.zip : https://www.androidworld.fr/
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.024 ! |
User : ESS (Administrateurs) # AYMEN
Update on 01/09/09 by Chiquitine29, C_XX & Chimay8
Start at: 18:19:03 | 03/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 37,26 Go (4,42 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible # 1,86 Go (726,03 Mo free) [2 GO] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\WINDOWS\inf\smss.exe
Supprimé ! C:\WINDOWS\system32\Sexy Girls.scr
Supprimé ! C:\DOCUME~1\ESS\APPLIC~1\smss.exe
Supprimé ! C:\autorun.inf
Supprimé ! E:\autorun.inf
################## | Autres |
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
################## | Registre # Clés Run infectieuses |
Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Supprimé ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
# HKLM\software\microsoft\security center "AntiVirusDisableNotify" # -> Reset sucessfully !
# HKLM\software\microsoft\security center "FirewallDisableNotify" # -> Reset sucessfully !
# HKLM\software\microsoft\security center "UpdatesDisableNotify" # -> Reset sucessfully !
################## | Registre # Mountpoints2 |
################## | Listing des fichiers présent |
[10/10/2008 01:29|--a------|1024] -> C:\.rnd
[12/07/2009 16:23|---hs----|212] -> C:\boot.ini
[15/10/2001 00:41|-rahs----|4952] -> C:\Bootfont.bin
[25/08/2008 15:43|--a------|0] -> C:\CONFIG.SYS
[16/03/2009 23:41|--a------|120] -> C:\drmHeader.bin
[22/08/2009 07:39|--a------|184] -> C:\drwtsn32.log
[23/09/2008 02:56|--a------|117] -> C:\finfos.txt
[27/03/2001 00:00|--a------|53248] -> C:\gendel32.exe
[18/11/2008 04:44|--a------|164] -> C:\install.dat
[25/08/2008 15:43|-rahs----|0] -> C:\IO.SYS
[04/04/2009 02:58|--a------|125] -> C:\ioSpecial.ini
[09/11/2008 18:28|--a------|1453] -> C:\MDL 2.0 Debug.txt
[23/09/2008 02:56|--a------|447] -> C:\mpeg.txt
[25/08/2008 15:43|-rahs----|0] -> C:\MSDOS.SYS
[04/08/2004 04:38|-rahs----|47564] -> C:\NTDETECT.COM
[04/08/2004 04:59|-rahs----|251712] -> C:\ntldr
[?|?|?] -> C:\pagefile.sys
[12/11/2008 03:09|--ah-----|1073741824] -> C:\pfsvoddata.bbv
[25/08/2008 16:56|--a------|573] -> C:\RHDSetup.log
[12/07/2009 16:15|--a------|167] -> C:\Setup.log
[07/10/2008 13:39|--ah-----|268] -> C:\sqmdata00.sqm
[22/10/2008 03:43|--ah-----|268] -> C:\sqmdata01.sqm
[23/10/2008 00:26|--ah-----|268] -> C:\sqmdata02.sqm
[06/11/2008 17:15|--ah-----|268] -> C:\sqmdata03.sqm
[18/02/2009 18:52|--ah-----|268] -> C:\sqmdata04.sqm
[07/10/2008 13:39|--ah-----|244] -> C:\sqmnoopt00.sqm
[22/10/2008 03:43|--ah-----|244] -> C:\sqmnoopt01.sqm
[23/10/2008 00:26|--ah-----|244] -> C:\sqmnoopt02.sqm
[06/11/2008 17:15|--ah-----|244] -> C:\sqmnoopt03.sqm
[18/02/2009 18:52|--ah-----|172] -> C:\sqmnoopt04.sqm
[12/11/2008 04:24|--a------|57] -> C:\StvTimeCode.txt
[17/07/2009 21:50|--a------|2307] -> C:\TB.txt
[03/09/2009 18:25|--a------|4110] -> C:\UsbFix.txt
[12/11/2008 04:24|--a------|734003136] -> C:\VideoBuffer.tmp
[12/07/2009 16:12|--a------|175] -> C:\WiFiSetup.log
[24/08/2009 08:59|-r-hs----|6115169] -> E:\wlan.exe
[17/02/2008 12:43|--a------|377344] -> E:\ESS_Fichiers.exe
################## | Cracks / Keygens / Serials |
################## | Upload |
Veuillez envoyer le fichier : C:\DOCUME~1\ESS\Bureau\UsbFix_Upload_Me_AYMEN.zip : https://www.androidworld.fr/
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.024 ! |
Utilisateur anonyme
3 sept. 2009 à 19:39
3 sept. 2009 à 19:39
▶ Télécharge OTM de OldTimer sur ton Bureau.
• Double-clique sur OTM.exe afin de le lancer.
• Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
Dos Optimizer.pif
:services
ASKUpgrade
:files
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\Ask & Record Toolbar
C:\Program Files\AskBarDis
C:\Program Files\AVG
C:\Program Files\LiveTV
:reg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Ask and Record FLV Service"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59385f95-c52f-4a84-b674-4a4206b17218}]
:commands
[emptytemp]
[reboot]
• Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
• Clique maintenant sur le bouton MoveIt! puis ferme OTM.
▶ Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
▶ Accepte en cliquant sur YES.
• Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
#################
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
• Double-clique maintenant sur ToolBarSD.exe
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis maintenant l'option 2 (RSuppression). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)
Tuto : https://sites.google.com/site/toolbarsd/aideenimages
Tuto : https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/
info : https://forum.malekal.com/viewtopic.php?f=45&t=6173
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
• Double-clique sur OTM.exe afin de le lancer.
• Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
Dos Optimizer.pif
:services
ASKUpgrade
:files
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\Ask & Record Toolbar
C:\Program Files\AskBarDis
C:\Program Files\AVG
C:\Program Files\LiveTV
:reg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Ask and Record FLV Service"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59385f95-c52f-4a84-b674-4a4206b17218}]
:commands
[emptytemp]
[reboot]
• Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
• Clique maintenant sur le bouton MoveIt! puis ferme OTM.
▶ Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
▶ Accepte en cliquant sur YES.
• Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
#################
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
• Double-clique maintenant sur ToolBarSD.exe
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis maintenant l'option 2 (RSuppression). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)
Tuto : https://sites.google.com/site/toolbarsd/aideenimages
Tuto : https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/
info : https://forum.malekal.com/viewtopic.php?f=45&t=6173
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
No active process named Dos Optimizer.pif was found!
========== SERVICES/DRIVERS ==========
Service\Driver ASKUpgrade deleted successfully.
========== FILES ==========
File/Folder C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif not found.
C:\Program Files\Ask & Record Toolbar\Uninstall moved successfully.
C:\Program Files\Ask & Record Toolbar moved successfully.
C:\Program Files\AskBardis\bar\Settings moved successfully.
C:\Program Files\AskBardis\bar\History moved successfully.
C:\Program Files\AskBardis\bar\Cache moved successfully.
C:\Program Files\AskBardis\bar\bin moved successfully.
C:\Program Files\AskBardis\bar moved successfully.
C:\Program Files\AskBardis moved successfully.
File/Folder C:\Program Files\AVG not found.
File/Folder C:\Program Files\LiveTV not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ask and Record FLV Service deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59385f95-c52f-4a84-b674-4a4206b17218}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59385f95-c52f-4a84-b674-4a4206b17218}\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: ESS
->Temp folder emptied: 36278112 bytes
->Temporary Internet Files folder emptied: 338924801 bytes
->Java cache emptied: 30912836 bytes
->FireFox cache emptied: 36248576 bytes
->Google Chrome cache emptied: 7184193 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 7516749 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 734003136 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 2114937 bytes
%systemroot%\System32 .tmp files removed: 8882688 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1146,44 mb
OTM by OldTimer - Version 3.0.0.6 log created on 09032009_185624
Files moved on Reboot...
Registry entries deleted on Reboot...
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : ESS ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:6 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT32 - Total:1908 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 03/09/2009|19:11 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(ESS) - {7762a897-2a75-4e3f-a3a7-55bd098b9879} => toolbartv
(ESS) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} => hotspot_shield
(ESS) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 17/07/2009|21:50 - Option : [2]
2 - "C:\ToolBar SD\TB_2.txt" - 03/09/2009|19:14 - Option : [2]
-----------\\ Fin du rapport a 19:14:28,89
========== PROCESSES ==========
Process explorer.exe killed successfully!
No active process named Dos Optimizer.pif was found!
========== SERVICES/DRIVERS ==========
Service\Driver ASKUpgrade deleted successfully.
========== FILES ==========
File/Folder C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif not found.
C:\Program Files\Ask & Record Toolbar\Uninstall moved successfully.
C:\Program Files\Ask & Record Toolbar moved successfully.
C:\Program Files\AskBardis\bar\Settings moved successfully.
C:\Program Files\AskBardis\bar\History moved successfully.
C:\Program Files\AskBardis\bar\Cache moved successfully.
C:\Program Files\AskBardis\bar\bin moved successfully.
C:\Program Files\AskBardis\bar moved successfully.
C:\Program Files\AskBardis moved successfully.
File/Folder C:\Program Files\AVG not found.
File/Folder C:\Program Files\LiveTV not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ask and Record FLV Service deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59385f95-c52f-4a84-b674-4a4206b17218}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59385f95-c52f-4a84-b674-4a4206b17218}\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: ESS
->Temp folder emptied: 36278112 bytes
->Temporary Internet Files folder emptied: 338924801 bytes
->Java cache emptied: 30912836 bytes
->FireFox cache emptied: 36248576 bytes
->Google Chrome cache emptied: 7184193 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 7516749 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 734003136 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 2114937 bytes
%systemroot%\System32 .tmp files removed: 8882688 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1146,44 mb
OTM by OldTimer - Version 3.0.0.6 log created on 09032009_185624
Files moved on Reboot...
Registry entries deleted on Reboot...
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : ESS ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:6 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT32 - Total:1908 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 03/09/2009|19:11 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(ESS) - {7762a897-2a75-4e3f-a3a7-55bd098b9879} => toolbartv
(ESS) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} => hotspot_shield
(ESS) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 17/07/2009|21:50 - Option : [2]
2 - "C:\ToolBar SD\TB_2.txt" - 03/09/2009|19:14 - Option : [2]
-----------\\ Fin du rapport a 19:14:28,89
Utilisateur anonyme
3 sept. 2009 à 20:20
3 sept. 2009 à 20:20
• Telecharge malwarebytes
• Tu l´instale, le programme va se mettre automatiquement a jour.
• Une fois a jour, le programme va se lancer.
• Click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
• Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
• Puis click sur "rechercher".
• Laisse le scanner le pc...
• Si des elements on ete trouvés > click sur supprimer la selection.
• Si il t´es demandé de redemarrer > click sur "yes".
• A la fin un rapport va s´ouvrir, sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
• Copie et colle le rapport stp.
• Tu l´instale, le programme va se mettre automatiquement a jour.
• Une fois a jour, le programme va se lancer.
• Click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
• Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
• Puis click sur "rechercher".
• Laisse le scanner le pc...
• Si des elements on ete trouvés > click sur supprimer la selection.
• Si il t´es demandé de redemarrer > click sur "yes".
• A la fin un rapport va s´ouvrir, sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
• Copie et colle le rapport stp.
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 5.1.2600 Service Pack 2
03/09/2009 19:29:59
mbam-log-2009-09-03 (19-29-59).txt
Type de recherche: Examen rapide
Eléments examinés: 89603
Temps écoulé: 8 minute(s), 56 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FrameWorkService (Trojan.Delf) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FrameWorkService (Trojan.Delf) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\ESS\Application Data\lsass.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Sexy Girls.scr (Trojan.Delf) -> Quarantined and deleted successfully.
Version de la base de données: 2551
Windows 5.1.2600 Service Pack 2
03/09/2009 19:29:59
mbam-log-2009-09-03 (19-29-59).txt
Type de recherche: Examen rapide
Eléments examinés: 89603
Temps écoulé: 8 minute(s), 56 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FrameWorkService (Trojan.Delf) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FrameWorkService (Trojan.Delf) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\ESS\Application Data\lsass.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Sexy Girls.scr (Trojan.Delf) -> Quarantined and deleted successfully.
Utilisateur anonyme
5 sept. 2009 à 02:38
5 sept. 2009 à 02:38
Salut ,
Désolé du retard , réuvre malewarebytes vas sur quarantaine et supprime tout
refais un scan RSIT et post log.txt
Désolé du retard , réuvre malewarebytes vas sur quarantaine et supprime tout
refais un scan RSIT et post log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by ESS at 2009-09-05 02:37:05
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 6 GB (17%) free of 38 GB
Total RAM: 1015 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:37:15, on 05/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\ESS\Bureau\disque\logicielle\désinfection -virus provenant de flach disque-\RSIT.exe
C:\Program Files\trend micro\ESS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.69.254.242:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
R3 - URLSearchHook: (no name) - {59385f95-c52f-4a84-b674-4a4206b17218} - (no file)
R3 - URLSearchHook: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O3 - Toolbar: (no name) - {59385f95-c52f-4a84-b674-4a4206b17218} - (no file)
O3 - Toolbar: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: prxernsp.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{D64A6D53-4B27-4AF5-AA10-4B69889C9792}: NameServer = 213.150.176.196,196.203.251.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
Run by ESS at 2009-09-05 02:37:05
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 6 GB (17%) free of 38 GB
Total RAM: 1015 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:37:15, on 05/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\ESS\Bureau\disque\logicielle\désinfection -virus provenant de flach disque-\RSIT.exe
C:\Program Files\trend micro\ESS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.69.254.242:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
R3 - URLSearchHook: (no name) - {59385f95-c52f-4a84-b674-4a4206b17218} - (no file)
R3 - URLSearchHook: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O3 - Toolbar: (no name) - {59385f95-c52f-4a84-b674-4a4206b17218} - (no file)
O3 - Toolbar: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: prxernsp.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{D64A6D53-4B27-4AF5-AA10-4B69889C9792}: NameServer = 213.150.176.196,196.203.251.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
Utilisateur anonyme
5 sept. 2009 à 03:48
5 sept. 2009 à 03:48
RE,
désinstal ta version de UsbFix et utilise la nouvelle mises a jours :
• Télécharge et install UsbFix
->> http://pagesperso-orange.fr/NosTools/cariboost_files/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l'option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
désinstal ta version de UsbFix et utilise la nouvelle mises a jours :
• Télécharge et install UsbFix
->> http://pagesperso-orange.fr/NosTools/cariboost_files/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l'option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
############################## | UsbFix V6.025 |
User : ESS (Administrateurs) # AYMEN
Update on 04/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 02:50:36 | 05/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 37,26 Go (6,31 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible # 1,86 Go (726,04 Mo free) [2 GO] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
Présent ! C:\WINDOWS\inf\smss.exe
Présent ! C:\WINDOWS\system32\Sexy Girls.scr
Présent ! C:\DOCUME~1\ESS\APPLIC~1\smss.exe
Présent ! C:\DOCUME~1\ESS\APPLIC~1\svchost.exe
Présent ! E:\wlan.exe
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
################## | Registre # Clés Run infectieuses |
Présent ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKU\S-1-5-21-448539723-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
################## | Registre # Mountpoints2 |
################## | ! Fin du rapport # UsbFix V6.025 ! |
User : ESS (Administrateurs) # AYMEN
Update on 04/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 02:50:36 | 05/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 37,26 Go (6,31 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible # 1,86 Go (726,04 Mo free) [2 GO] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
Présent ! C:\WINDOWS\inf\smss.exe
Présent ! C:\WINDOWS\system32\Sexy Girls.scr
Présent ! C:\DOCUME~1\ESS\APPLIC~1\smss.exe
Présent ! C:\DOCUME~1\ESS\APPLIC~1\svchost.exe
Présent ! E:\wlan.exe
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
################## | Registre # Clés Run infectieuses |
Présent ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Présent ! HKU\S-1-5-21-448539723-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
################## | Registre # Mountpoints2 |
################## | ! Fin du rapport # UsbFix V6.025 ! |
Utilisateur anonyme
5 sept. 2009 à 03:57
5 sept. 2009 à 03:57
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau
• choisis l'option 2 ( Suppression )
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
###########
ensuite :
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
• Double clic sur le raccourci UsbFix présent sur ton bureau
• choisis l'option 2 ( Suppression )
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
###########
ensuite :
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
############################## | UsbFix V6.025 |
User : ESS (Administrateurs) # AYMEN
Update on 04/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 03:02:25 | 05/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 37,26 Go (6,27 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible # 1,86 Go (726,04 Mo free) [2 GO] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\WINDOWS\inf\smss.exe
Supprimé ! C:\WINDOWS\system32\Sexy Girls.scr
Supprimé ! C:\DOCUME~1\ESS\APPLIC~1\smss.exe
Supprimé ! C:\DOCUME~1\ESS\APPLIC~1\svchost.exe
Supprimé ! E:\wlan.exe
################## | Autres |
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
################## | Registre # Clés Run infectieuses |
Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Supprimé ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
################## | Registre # Mountpoints2 |
################## | Listing des fichiers présent |
[10/10/2008 01:29|--a------|1024] C:\.rnd
[12/07/2009 16:23|---hs----|212] C:\boot.ini
[15/10/2001 00:41|-rahs----|4952] C:\Bootfont.bin
[25/08/2008 15:43|--a------|0] C:\CONFIG.SYS
[16/03/2009 23:41|--a------|120] C:\drmHeader.bin
[22/08/2009 07:39|--a------|184] C:\drwtsn32.log
[23/09/2008 02:56|--a------|117] C:\finfos.txt
[27/03/2001 00:00|--a------|53248] C:\gendel32.exe
[18/11/2008 04:44|--a------|164] C:\install.dat
[25/08/2008 15:43|-rahs----|0] C:\IO.SYS
[04/04/2009 02:58|--a------|125] C:\ioSpecial.ini
[09/11/2008 18:28|--a------|1453] C:\MDL 2.0 Debug.txt
[23/09/2008 02:56|--a------|447] C:\mpeg.txt
[25/08/2008 15:43|-rahs----|0] C:\MSDOS.SYS
[04/08/2004 04:38|-rahs----|47564] C:\NTDETECT.COM
[04/08/2004 04:59|-rahs----|251712] C:\ntldr
[?|?|?] C:\pagefile.sys
[12/11/2008 03:09|--ah-----|1073741824] C:\pfsvoddata.bbv
[25/08/2008 16:56|--a------|573] C:\RHDSetup.log
[12/07/2009 16:15|--a------|167] C:\Setup.log
[07/10/2008 13:39|--ah-----|268] C:\sqmdata00.sqm
[22/10/2008 03:43|--ah-----|268] C:\sqmdata01.sqm
[23/10/2008 00:26|--ah-----|268] C:\sqmdata02.sqm
[06/11/2008 17:15|--ah-----|268] C:\sqmdata03.sqm
[18/02/2009 18:52|--ah-----|268] C:\sqmdata04.sqm
[07/10/2008 13:39|--ah-----|244] C:\sqmnoopt00.sqm
[22/10/2008 03:43|--ah-----|244] C:\sqmnoopt01.sqm
[23/10/2008 00:26|--ah-----|244] C:\sqmnoopt02.sqm
[06/11/2008 17:15|--ah-----|244] C:\sqmnoopt03.sqm
[18/02/2009 18:52|--ah-----|172] C:\sqmnoopt04.sqm
[12/11/2008 04:24|--a------|57] C:\StvTimeCode.txt
[03/09/2009 19:14|--a------|1852] C:\TB.txt
[05/09/2009 03:07|--a------|3753] C:\UsbFix.txt
[12/07/2009 16:12|--a------|175] C:\WiFiSetup.log
[17/02/2008 12:43|--a------|377344] E:\ESS_Fichiers.exe
################## | Upload |
Veuillez envoyer le fichier : C:\DOCUME~1\ESS\Bureau\UsbFix_Upload_Me_AYMEN.zip : https://www.androidworld.fr/
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.025 ! |
User : ESS (Administrateurs) # AYMEN
Update on 04/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 03:02:25 | 05/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 37,26 Go (6,27 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible # 1,86 Go (726,04 Mo free) [2 GO] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\WINDOWS\inf\smss.exe
Supprimé ! C:\WINDOWS\system32\Sexy Girls.scr
Supprimé ! C:\DOCUME~1\ESS\APPLIC~1\smss.exe
Supprimé ! C:\DOCUME~1\ESS\APPLIC~1\svchost.exe
Supprimé ! E:\wlan.exe
################## | Autres |
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
################## | Registre # Clés Run infectieuses |
Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Supprimé ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
################## | Registre # Mountpoints2 |
################## | Listing des fichiers présent |
[10/10/2008 01:29|--a------|1024] C:\.rnd
[12/07/2009 16:23|---hs----|212] C:\boot.ini
[15/10/2001 00:41|-rahs----|4952] C:\Bootfont.bin
[25/08/2008 15:43|--a------|0] C:\CONFIG.SYS
[16/03/2009 23:41|--a------|120] C:\drmHeader.bin
[22/08/2009 07:39|--a------|184] C:\drwtsn32.log
[23/09/2008 02:56|--a------|117] C:\finfos.txt
[27/03/2001 00:00|--a------|53248] C:\gendel32.exe
[18/11/2008 04:44|--a------|164] C:\install.dat
[25/08/2008 15:43|-rahs----|0] C:\IO.SYS
[04/04/2009 02:58|--a------|125] C:\ioSpecial.ini
[09/11/2008 18:28|--a------|1453] C:\MDL 2.0 Debug.txt
[23/09/2008 02:56|--a------|447] C:\mpeg.txt
[25/08/2008 15:43|-rahs----|0] C:\MSDOS.SYS
[04/08/2004 04:38|-rahs----|47564] C:\NTDETECT.COM
[04/08/2004 04:59|-rahs----|251712] C:\ntldr
[?|?|?] C:\pagefile.sys
[12/11/2008 03:09|--ah-----|1073741824] C:\pfsvoddata.bbv
[25/08/2008 16:56|--a------|573] C:\RHDSetup.log
[12/07/2009 16:15|--a------|167] C:\Setup.log
[07/10/2008 13:39|--ah-----|268] C:\sqmdata00.sqm
[22/10/2008 03:43|--ah-----|268] C:\sqmdata01.sqm
[23/10/2008 00:26|--ah-----|268] C:\sqmdata02.sqm
[06/11/2008 17:15|--ah-----|268] C:\sqmdata03.sqm
[18/02/2009 18:52|--ah-----|268] C:\sqmdata04.sqm
[07/10/2008 13:39|--ah-----|244] C:\sqmnoopt00.sqm
[22/10/2008 03:43|--ah-----|244] C:\sqmnoopt01.sqm
[23/10/2008 00:26|--ah-----|244] C:\sqmnoopt02.sqm
[06/11/2008 17:15|--ah-----|244] C:\sqmnoopt03.sqm
[18/02/2009 18:52|--ah-----|172] C:\sqmnoopt04.sqm
[12/11/2008 04:24|--a------|57] C:\StvTimeCode.txt
[03/09/2009 19:14|--a------|1852] C:\TB.txt
[05/09/2009 03:07|--a------|3753] C:\UsbFix.txt
[12/07/2009 16:12|--a------|175] C:\WiFiSetup.log
[17/02/2008 12:43|--a------|377344] E:\ESS_Fichiers.exe
################## | Upload |
Veuillez envoyer le fichier : C:\DOCUME~1\ESS\Bureau\UsbFix_Upload_Me_AYMEN.zip : https://www.androidworld.fr/
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.025 ! |
ComboFix 09-09-03.02 - ESS 05/09/2009 3:19.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1015.660 [GMT 2:00]
Running from: c:\documents and settings\ESS\Bureau\disque\logicielle\désinfection -virus provenant de flach disque-\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ESS\Favoris\Free MP3 Search.url
c:\documents and settings\ESS\Favoris\Free Porn.url
c:\windows\Installer\22e3ae.msi
c:\windows\UA000082.DLL
c:\windows\UA000106.DLL
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_SYSDRV32
-------\Service_Boonty Games
((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.
2009-09-05 01:30 . 2008-02-17 10:43 377344 ----a-w- c:\windows\system32\Sexy Girls.scr
2009-09-03 16:56 . 2009-09-03 16:56 -------- d-----w- C:\_OTM
2009-09-02 04:21 . 2009-09-02 04:21 -------- d-sh--w- c:\documents and settings\ESS\IECompatCache
2009-09-02 04:17 . 2009-09-02 04:17 -------- d-sh--w- c:\documents and settings\ESS\PrivacIE
2009-09-02 04:16 . 2009-09-02 04:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-02 04:13 . 2009-09-02 04:13 -------- d-sh--w- c:\documents and settings\ESS\IETldCache
2009-09-02 04:08 . 2009-09-02 22:28 -------- d-----w- c:\windows\ie8updates
2009-09-02 04:00 . 2007-08-13 17:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-09-02 03:59 . 2007-08-13 17:45 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-08-31 16:41 . 2009-08-31 16:41 -------- d-----w- c:\documents and settings\ESS\Application Data\Todae
2009-08-31 13:58 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-31 13:56 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-31 13:56 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-26 17:28 . 2009-09-02 04:01 -------- d-----w- c:\documents and settings\All Users\Bureau
2009-08-24 02:28 . 2009-08-24 02:28 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Visicron
2009-08-24 01:27 . 2009-08-24 01:28 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-08-24 00:53 . 2009-08-24 00:53 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\TVU Networks
2009-08-24 00:53 . 2009-08-24 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-08-24 00:52 . 2009-08-24 00:52 -------- d-----w- c:\documents and settings\ESS\LocalLow
2009-08-24 00:52 . 2009-08-25 16:09 -------- d-----w- c:\program files\SopCast
2009-08-24 00:07 . 2009-08-24 00:07 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\toolbartv
2009-08-24 00:07 . 2009-08-24 00:34 -------- d-----w- c:\program files\toolbartv
2009-08-22 22:57 . 2009-08-22 22:57 -------- d-----w- C:\Hotspot Shield
2009-08-22 05:23 . 2009-08-22 05:23 -------- d-----w- c:\program files\RadioXpi
2009-08-22 04:07 . 2009-08-22 04:07 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\LiveTV_
2009-08-22 04:06 . 2009-08-22 04:07 -------- d-----w- c:\program files\LiveTV_
2009-08-19 22:24 . 2009-08-19 22:44 -------- d-----w- c:\program files\Patch MsnCreative
2009-08-16 14:54 . 2009-08-16 14:54 -------- d-----w- c:\program files\MediaSPace
2009-08-16 14:53 . 2009-08-16 14:53 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Downloaded Installations
2009-08-14 22:46 . 2009-08-14 22:46 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Identities
2009-08-12 03:17 . 2009-08-12 03:17 -------- d-----w- c:\program files\LimeWire
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 00:47 . 2008-12-17 23:59 -------- d-----w- c:\documents and settings\ESS\Application Data\Skype
2009-09-05 00:46 . 2008-08-28 23:31 -------- d--h--w- c:\documents and settings\ESS\Application Data\skypePM
2009-09-05 00:37 . 2009-07-17 11:01 -------- d-----w- c:\program files\trend micro
2009-09-03 17:45 . 2001-10-14 22:44 76384 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-03 17:45 . 2001-10-14 22:44 471246 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-03 10:18 . 2008-10-03 23:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 22:34 . 2008-08-26 00:30 -------- d-----w- c:\program files\Yahoo!
2009-08-25 16:09 . 2008-11-13 00:57 -------- d-----w- c:\documents and settings\ESS\Application Data\Paltalk
2009-08-25 16:07 . 2008-08-25 15:17 -------- d-----w- c:\program files\Creative
2009-08-24 01:32 . 2008-08-25 15:25 -------- d-----w- c:\program files\DivX
2009-08-22 23:00 . 2009-06-17 23:47 -------- d-----w- c:\program files\Hotspot Shield
2009-08-16 02:16 . 2009-06-23 00:11 -------- d-----w- c:\program files\Proxifier
2009-08-16 01:49 . 2008-08-28 11:57 -------- d-----w- c:\program files\Google
2009-08-12 04:36 . 2009-04-26 23:35 -------- d-----w- c:\documents and settings\ESS\Application Data\LimeWire
2009-08-10 17:00 . 2009-06-02 19:32 -------- d-----w- c:\program files\SpacialAudio
2009-08-06 22:59 . 2009-07-17 21:40 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-03 11:36 . 2008-10-03 23:02 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-10-03 23:02 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 22:24 . 2009-06-17 23:48 -------- d-----w- c:\program files\Hotspot_Shield
2009-07-23 01:27 . 2009-05-25 14:18 -------- d-----w- c:\documents and settings\ESS\Application Data\Winamp
2009-07-22 21:07 . 2009-05-25 14:18 -------- d-----w- c:\program files\Winamp
2009-07-22 19:13 . 2009-07-21 23:22 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-22 10:38 . 2009-07-22 10:38 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-17 21:40 . 2009-07-17 21:40 -------- d-----w- c:\program files\Avira
2009-07-17 21:40 . 2009-07-17 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-12 14:33 . 2009-07-12 14:33 -------- d-----w- c:\program files\SAGEM WiFi manager
2009-07-12 14:25 . 2008-08-25 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 14:15 . 2009-04-29 21:53 -------- d-----w- c:\program files\SAGEM
2009-07-12 14:15 . 2009-07-12 14:15 -------- d-----w- c:\documents and settings\ESS\Application Data\InstallShield
2009-07-04 14:40 . 2009-07-04 14:40 0 -c--a-w- c:\windows\system32\cd.dat
2009-07-02 02:34 . 2009-06-01 18:13 33840 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-06-27 23:20 . 2009-06-27 23:20 165069 ----a-w- c:\windows\IceOp Uninstaller.exe
2009-06-20 18:28 . 2009-06-20 18:28 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-14 15:21 . 2009-06-14 15:21 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-06-14 15:21 . 2009-06-14 15:21 256512 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-06-14 15:21 . 2009-06-14 15:21 237056 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[-] 2008-11-12 00:19 359040 EBEAB4C47642CD68D7FD23187EECA1B0 c:\windows\system32\backup\tcpip.sys
[7] 2004-08-04 03:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 03:14 359040 3BB4B08619C111C7BE8BDA07AA0DE6A2 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-08-02 2215960]
"{7762a897-2a75-4e3f-a3a7-55bd098b9879}"= "c:\program files\toolbartv\tbtoo0.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CLASSES_ROOT\clsid\{7762a897-2a75-4e3f-a3a7-55bd098b9879}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7762a897-2a75-4e3f-a3a7-55bd098b9879}]
2009-07-15 08:09 2224152 ----a-w- c:\program files\toolbartv\tbtoo0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2009-08-02 22:25 2215960 ----a-w- c:\program files\Hotspot_Shield\tbHot1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-22 22:56 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-08-02 2215960]
"{7762a897-2a75-4e3f-a3a7-55bd098b9879}"= "c:\program files\toolbartv\tbtoo0.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CLASSES_ROOT\clsid\{7762a897-2a75-4e3f-a3a7-55bd098b9879}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-08-02 2215960]
"{7762A897-2A75-4E3F-A3A7-55BD098B9879}"= "c:\program files\toolbartv\tbtoo0.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CLASSES_ROOT\clsid\{7762a897-2a75-4e3f-a3a7-55bd098b9879}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-06 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-26 185872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-12 413696]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-16 122368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\ESS\Menu D‚marrer\Programmes\D‚marrage\
DosÿOptimizer.pif [2008-2-17 377344]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"2"= mmc.exe
"5"= regedt32.exe
"1"= cmd.exe
"3"= rstrui.exe
"4"= regedit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-02 17:45 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PalTalk.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^MaxTV.lnk]
path=c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\MaxTV.lnk
backup=c:\windows\pss\MaxTV.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"Keenfinder Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IDriverT"=3 (0x3)
"HssTrayService"=3 (0x3)
"HssSrv"=2 (0x2)
"HotspotShieldService"=2 (0x2)
"gusvc"=3 (0x3)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"Capture Device Service"=2 (0x2)
"Boonty Games"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [25/08/2008 16:48 13696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17/07/2009 23:40 108289]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [06/08/2009 20:58 331824]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10/10/2008 01:29 47640]
R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [12/07/2009 16:02 20736]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [01/06/2009 20:13 33840]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 12:06 21632]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [22/07/2009 01:22 28592]
R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [11/05/2009 21:36 173632]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [11/08/2009 01:19 57640]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [11/12/2008 00:19 323584]
S3 ntkvpn;Loki VPN Driver Service;c:\windows\system32\DRIVERS\ntkvpn.sys --> c:\windows\system32\DRIVERS\ntkvpn.sys [?]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [12/07/2009 16:33 402432]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [19/10/2007 10:50 24320]
S4 Keenfinder Service;Keenfinder Service;"c:\program files\Keenfinder\keenfinder.exe" "c:\program files\Keenfinder\keenfinder.dll" Service --> c:\program files\Keenfinder\keenfinder.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder
2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1F8414C6-A53E-45C0-B260-CAD037F0532C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{59385f95-c52f-4a84-b674-4a4206b17218} - (no file)
Toolbar-{59385f95-c52f-4a84-b674-4a4206b17218} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{59385F95-C52F-4A84-B674-4A4206B17218} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-FrameWorkService - (no file)
HKLM-Run-FrameWorkService - (no file)
SafeBoot-SVCWINSPOOL
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 67.69.254.242:80
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Ghost Navigator\Ghost
LSP: PrxerDrv.dll
TCP: {D64A6D53-4B27-4AF5-AA10-4B69889C9792} = 213.150.176.196,196.203.251.8
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\extensions\{7762a897-2a75-4e3f-a3a7-55bd098b9879}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 03:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\Sexy Girls.scr 377344 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-448539723-573735546-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{219C3740-370D-5039-65CB-DBB14A0E7DC1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajokdkadiachhbhbh"=hex:69,61,6d,65,68,6d,67,6d,6a,6b,70,61,63,65,6e,6e,61,6b,
00,00
"hahoafcmmhigabmp"=hex:6a,61,63,66,64,68,62,61,64,6f,69,65,70,6a,6a,64,6b,67,
6d,6f,00,fe
"ianochijpclkfnkgol"=hex:63,61,6e,65,67,6a,00,7c
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1336)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(2360)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\Google\Quick Search Box\bin\1.2.1137.3514\qsb.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
.
**************************************************************************
.
Completion time: 2009-09-05 3:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-05 01:40
Pre-Run: 7 073 599 488 octets libres
Post-Run: 7 004 258 304 octets libres
324
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1015.660 [GMT 2:00]
Running from: c:\documents and settings\ESS\Bureau\disque\logicielle\désinfection -virus provenant de flach disque-\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ESS\Favoris\Free MP3 Search.url
c:\documents and settings\ESS\Favoris\Free Porn.url
c:\windows\Installer\22e3ae.msi
c:\windows\UA000082.DLL
c:\windows\UA000106.DLL
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_SYSDRV32
-------\Service_Boonty Games
((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.
2009-09-05 01:30 . 2008-02-17 10:43 377344 ----a-w- c:\windows\system32\Sexy Girls.scr
2009-09-03 16:56 . 2009-09-03 16:56 -------- d-----w- C:\_OTM
2009-09-02 04:21 . 2009-09-02 04:21 -------- d-sh--w- c:\documents and settings\ESS\IECompatCache
2009-09-02 04:17 . 2009-09-02 04:17 -------- d-sh--w- c:\documents and settings\ESS\PrivacIE
2009-09-02 04:16 . 2009-09-02 04:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-02 04:13 . 2009-09-02 04:13 -------- d-sh--w- c:\documents and settings\ESS\IETldCache
2009-09-02 04:08 . 2009-09-02 22:28 -------- d-----w- c:\windows\ie8updates
2009-09-02 04:00 . 2007-08-13 17:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-09-02 03:59 . 2007-08-13 17:45 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-08-31 16:41 . 2009-08-31 16:41 -------- d-----w- c:\documents and settings\ESS\Application Data\Todae
2009-08-31 13:58 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-31 13:56 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-31 13:56 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-26 17:28 . 2009-09-02 04:01 -------- d-----w- c:\documents and settings\All Users\Bureau
2009-08-24 02:28 . 2009-08-24 02:28 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Visicron
2009-08-24 01:27 . 2009-08-24 01:28 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-08-24 00:53 . 2009-08-24 00:53 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\TVU Networks
2009-08-24 00:53 . 2009-08-24 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-08-24 00:52 . 2009-08-24 00:52 -------- d-----w- c:\documents and settings\ESS\LocalLow
2009-08-24 00:52 . 2009-08-25 16:09 -------- d-----w- c:\program files\SopCast
2009-08-24 00:07 . 2009-08-24 00:07 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\toolbartv
2009-08-24 00:07 . 2009-08-24 00:34 -------- d-----w- c:\program files\toolbartv
2009-08-22 22:57 . 2009-08-22 22:57 -------- d-----w- C:\Hotspot Shield
2009-08-22 05:23 . 2009-08-22 05:23 -------- d-----w- c:\program files\RadioXpi
2009-08-22 04:07 . 2009-08-22 04:07 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\LiveTV_
2009-08-22 04:06 . 2009-08-22 04:07 -------- d-----w- c:\program files\LiveTV_
2009-08-19 22:24 . 2009-08-19 22:44 -------- d-----w- c:\program files\Patch MsnCreative
2009-08-16 14:54 . 2009-08-16 14:54 -------- d-----w- c:\program files\MediaSPace
2009-08-16 14:53 . 2009-08-16 14:53 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Downloaded Installations
2009-08-14 22:46 . 2009-08-14 22:46 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Identities
2009-08-12 03:17 . 2009-08-12 03:17 -------- d-----w- c:\program files\LimeWire
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 00:47 . 2008-12-17 23:59 -------- d-----w- c:\documents and settings\ESS\Application Data\Skype
2009-09-05 00:46 . 2008-08-28 23:31 -------- d--h--w- c:\documents and settings\ESS\Application Data\skypePM
2009-09-05 00:37 . 2009-07-17 11:01 -------- d-----w- c:\program files\trend micro
2009-09-03 17:45 . 2001-10-14 22:44 76384 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-03 17:45 . 2001-10-14 22:44 471246 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-03 10:18 . 2008-10-03 23:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 22:34 . 2008-08-26 00:30 -------- d-----w- c:\program files\Yahoo!
2009-08-25 16:09 . 2008-11-13 00:57 -------- d-----w- c:\documents and settings\ESS\Application Data\Paltalk
2009-08-25 16:07 . 2008-08-25 15:17 -------- d-----w- c:\program files\Creative
2009-08-24 01:32 . 2008-08-25 15:25 -------- d-----w- c:\program files\DivX
2009-08-22 23:00 . 2009-06-17 23:47 -------- d-----w- c:\program files\Hotspot Shield
2009-08-16 02:16 . 2009-06-23 00:11 -------- d-----w- c:\program files\Proxifier
2009-08-16 01:49 . 2008-08-28 11:57 -------- d-----w- c:\program files\Google
2009-08-12 04:36 . 2009-04-26 23:35 -------- d-----w- c:\documents and settings\ESS\Application Data\LimeWire
2009-08-10 17:00 . 2009-06-02 19:32 -------- d-----w- c:\program files\SpacialAudio
2009-08-06 22:59 . 2009-07-17 21:40 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-03 11:36 . 2008-10-03 23:02 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-10-03 23:02 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 22:24 . 2009-06-17 23:48 -------- d-----w- c:\program files\Hotspot_Shield
2009-07-23 01:27 . 2009-05-25 14:18 -------- d-----w- c:\documents and settings\ESS\Application Data\Winamp
2009-07-22 21:07 . 2009-05-25 14:18 -------- d-----w- c:\program files\Winamp
2009-07-22 19:13 . 2009-07-21 23:22 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-22 10:38 . 2009-07-22 10:38 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-17 21:40 . 2009-07-17 21:40 -------- d-----w- c:\program files\Avira
2009-07-17 21:40 . 2009-07-17 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-12 14:33 . 2009-07-12 14:33 -------- d-----w- c:\program files\SAGEM WiFi manager
2009-07-12 14:25 . 2008-08-25 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 14:15 . 2009-04-29 21:53 -------- d-----w- c:\program files\SAGEM
2009-07-12 14:15 . 2009-07-12 14:15 -------- d-----w- c:\documents and settings\ESS\Application Data\InstallShield
2009-07-04 14:40 . 2009-07-04 14:40 0 -c--a-w- c:\windows\system32\cd.dat
2009-07-02 02:34 . 2009-06-01 18:13 33840 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-06-27 23:20 . 2009-06-27 23:20 165069 ----a-w- c:\windows\IceOp Uninstaller.exe
2009-06-20 18:28 . 2009-06-20 18:28 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-14 15:21 . 2009-06-14 15:21 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-06-14 15:21 . 2009-06-14 15:21 256512 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-06-14 15:21 . 2009-06-14 15:21 237056 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[-] 2008-11-12 00:19 359040 EBEAB4C47642CD68D7FD23187EECA1B0 c:\windows\system32\backup\tcpip.sys
[7] 2004-08-04 03:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 03:14 359040 3BB4B08619C111C7BE8BDA07AA0DE6A2 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-08-02 2215960]
"{7762a897-2a75-4e3f-a3a7-55bd098b9879}"= "c:\program files\toolbartv\tbtoo0.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CLASSES_ROOT\clsid\{7762a897-2a75-4e3f-a3a7-55bd098b9879}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7762a897-2a75-4e3f-a3a7-55bd098b9879}]
2009-07-15 08:09 2224152 ----a-w- c:\program files\toolbartv\tbtoo0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2009-08-02 22:25 2215960 ----a-w- c:\program files\Hotspot_Shield\tbHot1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-22 22:56 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-08-02 2215960]
"{7762a897-2a75-4e3f-a3a7-55bd098b9879}"= "c:\program files\toolbartv\tbtoo0.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CLASSES_ROOT\clsid\{7762a897-2a75-4e3f-a3a7-55bd098b9879}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-08-02 2215960]
"{7762A897-2A75-4E3F-A3A7-55BD098B9879}"= "c:\program files\toolbartv\tbtoo0.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CLASSES_ROOT\clsid\{7762a897-2a75-4e3f-a3a7-55bd098b9879}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-06 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-26 185872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-12 413696]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-16 122368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\ESS\Menu D‚marrer\Programmes\D‚marrage\
DosÿOptimizer.pif [2008-2-17 377344]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"2"= mmc.exe
"5"= regedt32.exe
"1"= cmd.exe
"3"= rstrui.exe
"4"= regedit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-02 17:45 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PalTalk.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^MaxTV.lnk]
path=c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\MaxTV.lnk
backup=c:\windows\pss\MaxTV.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"Keenfinder Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IDriverT"=3 (0x3)
"HssTrayService"=3 (0x3)
"HssSrv"=2 (0x2)
"HotspotShieldService"=2 (0x2)
"gusvc"=3 (0x3)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"Capture Device Service"=2 (0x2)
"Boonty Games"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [25/08/2008 16:48 13696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17/07/2009 23:40 108289]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [06/08/2009 20:58 331824]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10/10/2008 01:29 47640]
R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [12/07/2009 16:02 20736]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [01/06/2009 20:13 33840]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 12:06 21632]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [22/07/2009 01:22 28592]
R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [11/05/2009 21:36 173632]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [11/08/2009 01:19 57640]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [11/12/2008 00:19 323584]
S3 ntkvpn;Loki VPN Driver Service;c:\windows\system32\DRIVERS\ntkvpn.sys --> c:\windows\system32\DRIVERS\ntkvpn.sys [?]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [12/07/2009 16:33 402432]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [19/10/2007 10:50 24320]
S4 Keenfinder Service;Keenfinder Service;"c:\program files\Keenfinder\keenfinder.exe" "c:\program files\Keenfinder\keenfinder.dll" Service --> c:\program files\Keenfinder\keenfinder.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder
2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1F8414C6-A53E-45C0-B260-CAD037F0532C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{59385f95-c52f-4a84-b674-4a4206b17218} - (no file)
Toolbar-{59385f95-c52f-4a84-b674-4a4206b17218} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{59385F95-C52F-4A84-B674-4A4206B17218} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-FrameWorkService - (no file)
HKLM-Run-FrameWorkService - (no file)
SafeBoot-SVCWINSPOOL
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 67.69.254.242:80
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Ghost Navigator\Ghost
LSP: PrxerDrv.dll
TCP: {D64A6D53-4B27-4AF5-AA10-4B69889C9792} = 213.150.176.196,196.203.251.8
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\extensions\{7762a897-2a75-4e3f-a3a7-55bd098b9879}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 03:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\Sexy Girls.scr 377344 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-448539723-573735546-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{219C3740-370D-5039-65CB-DBB14A0E7DC1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajokdkadiachhbhbh"=hex:69,61,6d,65,68,6d,67,6d,6a,6b,70,61,63,65,6e,6e,61,6b,
00,00
"hahoafcmmhigabmp"=hex:6a,61,63,66,64,68,62,61,64,6f,69,65,70,6a,6a,64,6b,67,
6d,6f,00,fe
"ianochijpclkfnkgol"=hex:63,61,6e,65,67,6a,00,7c
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1336)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(2360)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\Google\Quick Search Box\bin\1.2.1137.3514\qsb.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
.
**************************************************************************
.
Completion time: 2009-09-05 3:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-05 01:40
Pre-Run: 7 073 599 488 octets libres
Post-Run: 7 004 258 304 octets libres
324
Utilisateur anonyme
5 sept. 2009 à 05:01
5 sept. 2009 à 05:01
télécharge ce fichier sur le bureau :
>> http://sd-1.archive-host.com/membres/up/127028005715545653/CFScript.zip
Dézippe le
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
>> http://sd-1.archive-host.com/membres/up/127028005715545653/CFScript.zip
Dézippe le
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
ComboFix 09-09-03.02 - ESS 05/09/2009 4:10.2.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1015.635 [GMT 2:00]
Running from: c:\documents and settings\ESS\Bureau\disque\logicielle\désinfection -virus provenant de flach disque-\ComboFix.exe
Command switches used :: c:\documents and settings\ESS\Bureau\disque\logicielle\désinfection -virus provenant de flach disque-\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif"
"c:\windows\system32\Sexy Girls.scr"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\_OTM
c:\_otm\MovedFiles\09032009_185624.log
c:\_otm\MovedFiles\09032009_185624.res
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\AARAudio.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\AARConv.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\AARSettings.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\AARVideos.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\AskInstallChecker.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\askSBarSetup.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\audgopher.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\audhook.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\ffmpeg.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\FLVPlayer.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\FLVSrvc.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\lame_enc.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\register.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\sdl.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\Uninstall\IRIMG1.JPG
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\Uninstall\IRIMG2.JPG
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\Uninstall\uninstall.dat
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\Uninstall\uninstall.xml
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\VistaAudioLib.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\askBar.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\askPopStp.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\AskSplash.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\AskTBApp.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\ASKUpgrade.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\psvince.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000EBBD9
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000EC03E.bin
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000EC2BF.bin
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000EC753.bin
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000EC937.bin
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000ECC25.bin
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000ECEA6.bin
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000ED3D6.bin
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\files.ini
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\History\search
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Settings\AskLogo.ico
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Settings\config.dat
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Settings\config.dat.bak
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Settings\prevcfg.htm
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Settings\prevCfg2.htm
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\unins00.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\unins000.dat
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\unins000.exe
c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}\{B3F4072D-1B2C-4B5E-B016-E93C4BEA5AEB}.msi
c:\documents and settings\ESS\Application Data\smss.exe
c:\windows\Inf\smss.exe
c:\windows\system32\Sexy Girls.scr
.
((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.
2009-09-02 04:21 . 2009-09-02 04:21 -------- d-sh--w- c:\documents and settings\ESS\IECompatCache
2009-09-02 04:17 . 2009-09-02 04:17 -------- d-sh--w- c:\documents and settings\ESS\PrivacIE
2009-09-02 04:16 . 2009-09-02 04:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-02 04:13 . 2009-09-02 04:13 -------- d-sh--w- c:\documents and settings\ESS\IETldCache
2009-09-02 04:08 . 2009-09-02 22:28 -------- d-----w- c:\windows\ie8updates
2009-09-02 04:00 . 2007-08-13 17:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-09-02 03:59 . 2007-08-13 17:45 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-08-31 16:41 . 2009-08-31 16:41 -------- d-----w- c:\documents and settings\ESS\Application Data\Todae
2009-08-31 13:58 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-31 13:56 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-31 13:56 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-26 17:28 . 2009-09-02 04:01 -------- d-----w- c:\documents and settings\All Users\Bureau
2009-08-24 02:28 . 2009-08-24 02:28 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Visicron
2009-08-24 01:27 . 2009-08-24 01:28 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-08-24 00:53 . 2009-08-24 00:53 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\TVU Networks
2009-08-24 00:53 . 2009-08-24 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-08-24 00:52 . 2009-08-24 00:52 -------- d-----w- c:\documents and settings\ESS\LocalLow
2009-08-24 00:52 . 2009-08-25 16:09 -------- d-----w- c:\program files\SopCast
2009-08-24 00:07 . 2009-08-24 00:07 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\toolbartv
2009-08-24 00:07 . 2009-08-24 00:34 -------- d-----w- c:\program files\toolbartv
2009-08-22 22:57 . 2009-08-22 22:57 -------- d-----w- C:\Hotspot Shield
2009-08-22 05:23 . 2009-08-22 05:23 -------- d-----w- c:\program files\RadioXpi
2009-08-22 04:07 . 2009-08-22 04:07 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\LiveTV_
2009-08-22 04:06 . 2009-08-22 04:07 -------- d-----w- c:\program files\LiveTV_
2009-08-19 22:24 . 2009-08-19 22:44 -------- d-----w- c:\program files\Patch MsnCreative
2009-08-16 14:54 . 2009-08-16 14:54 -------- d-----w- c:\program files\MediaSPace
2009-08-16 14:53 . 2009-08-16 14:53 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Downloaded Installations
2009-08-14 22:46 . 2009-08-14 22:46 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Identities
2009-08-12 03:17 . 2009-08-12 03:17 -------- d-----w- c:\program files\LimeWire
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 02:07 . 2008-12-17 23:59 -------- d-----w- c:\documents and settings\ESS\Application Data\Skype
2009-09-05 02:05 . 2008-10-10 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-09-05 00:46 . 2008-08-28 23:31 -------- d--h--w- c:\documents and settings\ESS\Application Data\skypePM
2009-09-05 00:37 . 2009-07-17 11:01 -------- d-----w- c:\program files\trend micro
2009-09-03 17:45 . 2001-10-14 22:44 76384 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-03 17:45 . 2001-10-14 22:44 471246 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-03 10:18 . 2008-10-03 23:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 22:34 . 2008-08-26 00:30 -------- d-----w- c:\program files\Yahoo!
2009-08-25 16:09 . 2008-11-13 00:57 -------- d-----w- c:\documents and settings\ESS\Application Data\Paltalk
2009-08-25 16:07 . 2008-08-25 15:17 -------- d-----w- c:\program files\Creative
2009-08-24 01:32 . 2008-08-25 15:25 -------- d-----w- c:\program files\DivX
2009-08-22 23:00 . 2009-06-17 23:47 -------- d-----w- c:\program files\Hotspot Shield
2009-08-16 02:16 . 2009-06-23 00:11 -------- d-----w- c:\program files\Proxifier
2009-08-16 01:49 . 2008-08-28 11:57 -------- d-----w- c:\program files\Google
2009-08-12 04:36 . 2009-04-26 23:35 -------- d-----w- c:\documents and settings\ESS\Application Data\LimeWire
2009-08-10 17:00 . 2009-06-02 19:32 -------- d-----w- c:\program files\SpacialAudio
2009-08-06 22:59 . 2009-07-17 21:40 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-03 11:36 . 2008-10-03 23:02 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-10-03 23:02 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 22:24 . 2009-06-17 23:48 -------- d-----w- c:\program files\Hotspot_Shield
2009-07-23 01:27 . 2009-05-25 14:18 -------- d-----w- c:\documents and settings\ESS\Application Data\Winamp
2009-07-22 21:07 . 2009-05-25 14:18 -------- d-----w- c:\program files\Winamp
2009-07-22 19:13 . 2009-07-21 23:22 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-17 21:40 . 2009-07-17 21:40 -------- d-----w- c:\program files\Avira
2009-07-17 21:40 . 2009-07-17 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-12 14:33 . 2009-07-12 14:33 -------- d-----w- c:\program files\SAGEM WiFi manager
2009-07-12 14:25 . 2008-08-25 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 14:15 . 2009-04-29 21:53 -------- d-----w- c:\program files\SAGEM
2009-07-12 14:15 . 2009-07-12 14:15 -------- d-----w- c:\documents and settings\ESS\Application Data\InstallShield
2009-07-04 14:40 . 2009-07-04 14:40 0 -c--a-w- c:\windows\system32\cd.dat
2009-07-02 02:34 . 2009-06-01 18:13 33840 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-06-27 23:20 . 2009-06-27 23:20 165069 ----a-w- c:\windows\IceOp Uninstaller.exe
2009-06-20 18:28 . 2009-06-20 18:28 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-14 15:21 . 2009-06-14 15:21 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-06-14 15:21 . 2009-06-14 15:21 256512 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-06-14 15:21 . 2009-06-14 15:21 237056 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[-] 2008-11-12 00:19 359040 EBEAB4C47642CD68D7FD23187EECA1B0 c:\windows\system32\backup\tcpip.sys
[7] 2004-08-04 03:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 03:14 359040 3BB4B08619C111C7BE8BDA07AA0DE6A2 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-05_01.29.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-05 02:05 . 2009-09-05 02:05 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6617.exe
- 2009-06-23 23:05 . 2009-06-23 23:05 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6617.exe
+ 2009-09-05 02:05 . 2009-09-05 02:05 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F66110.exe
- 2009-06-23 23:05 . 2009-06-23 23:05 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F66110.exe
+ 2009-09-05 02:05 . 2009-09-05 02:05 1461248 c:\windows\Installer\225d0a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-22 22:56 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-06 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-26 185872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-12 413696]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-16 122368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\ESS\Menu D‚marrer\Programmes\D‚marrage\
DosÿOptimizer.pif [2008-2-17 377344]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"2"= mmc.exe
"5"= regedt32.exe
"1"= cmd.exe
"3"= rstrui.exe
"4"= regedit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-02 17:45 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PalTalk.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^MaxTV.lnk]
path=c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\MaxTV.lnk
backup=c:\windows\pss\MaxTV.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"Keenfinder Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IDriverT"=3 (0x3)
"HssTrayService"=3 (0x3)
"HssSrv"=2 (0x2)
"HotspotShieldService"=2 (0x2)
"gusvc"=3 (0x3)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"Capture Device Service"=2 (0x2)
"Boonty Games"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [25/08/2008 16:48 13696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17/07/2009 23:40 108289]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [06/08/2009 20:58 331824]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10/10/2008 01:29 47640]
R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [12/07/2009 16:02 20736]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [01/06/2009 20:13 33840]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 12:06 21632]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [12/07/2009 16:33 402432]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [22/07/2009 01:22 28592]
R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [11/05/2009 21:36 173632]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [11/08/2009 01:19 57640]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [11/12/2008 00:19 323584]
S3 ntkvpn;Loki VPN Driver Service;c:\windows\system32\DRIVERS\ntkvpn.sys --> c:\windows\system32\DRIVERS\ntkvpn.sys [?]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [19/10/2007 10:50 24320]
S4 Keenfinder Service;Keenfinder Service;"c:\program files\Keenfinder\keenfinder.exe" "c:\program files\Keenfinder\keenfinder.dll" Service --> c:\program files\Keenfinder\keenfinder.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder
2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1F8414C6-A53E-45C0-B260-CAD037F0532C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
URLSearchHooks-{7762a897-2a75-4e3f-a3a7-55bd098b9879} - (no file)
BHO-{7762a897-2a75-4e3f-a3a7-55bd098b9879} - (no file)
BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
Toolbar-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
Toolbar-{7762a897-2a75-4e3f-a3a7-55bd098b9879} - (no file)
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
WebBrowser-{7762A897-2A75-4E3F-A3A7-55BD098B9879} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 67.69.254.242:80
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Ghost Navigator\Ghost
LSP: PrxerDrv.dll
TCP: {D64A6D53-4B27-4AF5-AA10-4B69889C9792} = 213.150.176.196,196.203.251.8
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\extensions\{7762a897-2a75-4e3f-a3a7-55bd098b9879}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 04:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-448539723-573735546-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{219C3740-370D-5039-65CB-DBB14A0E7DC1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajokdkadiachhbhbh"=hex:69,61,6d,65,68,6d,67,6d,6a,6b,70,61,63,65,6e,6e,61,6b,
00,00
"hahoafcmmhigabmp"=hex:6a,61,63,66,64,68,62,61,64,6f,69,65,70,6a,6a,64,6b,67,
6d,6f,00,fe
"ianochijpclkfnkgol"=hex:63,61,6e,65,67,6a,00,7c
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1336)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-09-05 4:24
ComboFix-quarantined-files.txt 2009-09-05 02:24
ComboFix2.txt 2009-09-05 01:40
Pre-Run: 6 890 070 016 octets libres
Post-Run: 6 849 998 848 octets libres
337
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1015.635 [GMT 2:00]
Running from: c:\documents and settings\ESS\Bureau\disque\logicielle\désinfection -virus provenant de flach disque-\ComboFix.exe
Command switches used :: c:\documents and settings\ESS\Bureau\disque\logicielle\désinfection -virus provenant de flach disque-\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif"
"c:\windows\system32\Sexy Girls.scr"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\_OTM
c:\_otm\MovedFiles\09032009_185624.log
c:\_otm\MovedFiles\09032009_185624.res
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\AARAudio.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\AARConv.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\AARSettings.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\AARVideos.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\AskInstallChecker.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\askSBarSetup.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\audgopher.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\audhook.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\ffmpeg.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\FLVPlayer.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\FLVSrvc.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\lame_enc.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\register.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\sdl.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\Uninstall\IRIMG1.JPG
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\Uninstall\IRIMG2.JPG
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\Uninstall\uninstall.dat
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\Uninstall\uninstall.xml
c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\VistaAudioLib.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\askBar.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\askPopStp.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\AskSplash.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\AskTBApp.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\ASKUpgrade.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\psvince.dll
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000EBBD9
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000EC03E.bin
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000EC2BF.bin
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000EC753.bin
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000EC937.bin
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000ECC25.bin
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000ECEA6.bin
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000ED3D6.bin
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\files.ini
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\History\search
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Settings\AskLogo.ico
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Settings\config.dat
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Settings\config.dat.bak
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Settings\prevcfg.htm
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Settings\prevCfg2.htm
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\unins00.exe
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\unins000.dat
c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\unins000.exe
c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}\{B3F4072D-1B2C-4B5E-B016-E93C4BEA5AEB}.msi
c:\documents and settings\ESS\Application Data\smss.exe
c:\windows\Inf\smss.exe
c:\windows\system32\Sexy Girls.scr
.
((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.
2009-09-02 04:21 . 2009-09-02 04:21 -------- d-sh--w- c:\documents and settings\ESS\IECompatCache
2009-09-02 04:17 . 2009-09-02 04:17 -------- d-sh--w- c:\documents and settings\ESS\PrivacIE
2009-09-02 04:16 . 2009-09-02 04:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-02 04:13 . 2009-09-02 04:13 -------- d-sh--w- c:\documents and settings\ESS\IETldCache
2009-09-02 04:08 . 2009-09-02 22:28 -------- d-----w- c:\windows\ie8updates
2009-09-02 04:00 . 2007-08-13 17:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-09-02 03:59 . 2007-08-13 17:45 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-08-31 16:41 . 2009-08-31 16:41 -------- d-----w- c:\documents and settings\ESS\Application Data\Todae
2009-08-31 13:58 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-31 13:56 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-31 13:56 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-26 17:28 . 2009-09-02 04:01 -------- d-----w- c:\documents and settings\All Users\Bureau
2009-08-24 02:28 . 2009-08-24 02:28 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Visicron
2009-08-24 01:27 . 2009-08-24 01:28 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-08-24 00:53 . 2009-08-24 00:53 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\TVU Networks
2009-08-24 00:53 . 2009-08-24 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-08-24 00:52 . 2009-08-24 00:52 -------- d-----w- c:\documents and settings\ESS\LocalLow
2009-08-24 00:52 . 2009-08-25 16:09 -------- d-----w- c:\program files\SopCast
2009-08-24 00:07 . 2009-08-24 00:07 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\toolbartv
2009-08-24 00:07 . 2009-08-24 00:34 -------- d-----w- c:\program files\toolbartv
2009-08-22 22:57 . 2009-08-22 22:57 -------- d-----w- C:\Hotspot Shield
2009-08-22 05:23 . 2009-08-22 05:23 -------- d-----w- c:\program files\RadioXpi
2009-08-22 04:07 . 2009-08-22 04:07 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\LiveTV_
2009-08-22 04:06 . 2009-08-22 04:07 -------- d-----w- c:\program files\LiveTV_
2009-08-19 22:24 . 2009-08-19 22:44 -------- d-----w- c:\program files\Patch MsnCreative
2009-08-16 14:54 . 2009-08-16 14:54 -------- d-----w- c:\program files\MediaSPace
2009-08-16 14:53 . 2009-08-16 14:53 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Downloaded Installations
2009-08-14 22:46 . 2009-08-14 22:46 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Identities
2009-08-12 03:17 . 2009-08-12 03:17 -------- d-----w- c:\program files\LimeWire
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 02:07 . 2008-12-17 23:59 -------- d-----w- c:\documents and settings\ESS\Application Data\Skype
2009-09-05 02:05 . 2008-10-10 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-09-05 00:46 . 2008-08-28 23:31 -------- d--h--w- c:\documents and settings\ESS\Application Data\skypePM
2009-09-05 00:37 . 2009-07-17 11:01 -------- d-----w- c:\program files\trend micro
2009-09-03 17:45 . 2001-10-14 22:44 76384 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-03 17:45 . 2001-10-14 22:44 471246 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-03 10:18 . 2008-10-03 23:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 22:34 . 2008-08-26 00:30 -------- d-----w- c:\program files\Yahoo!
2009-08-25 16:09 . 2008-11-13 00:57 -------- d-----w- c:\documents and settings\ESS\Application Data\Paltalk
2009-08-25 16:07 . 2008-08-25 15:17 -------- d-----w- c:\program files\Creative
2009-08-24 01:32 . 2008-08-25 15:25 -------- d-----w- c:\program files\DivX
2009-08-22 23:00 . 2009-06-17 23:47 -------- d-----w- c:\program files\Hotspot Shield
2009-08-16 02:16 . 2009-06-23 00:11 -------- d-----w- c:\program files\Proxifier
2009-08-16 01:49 . 2008-08-28 11:57 -------- d-----w- c:\program files\Google
2009-08-12 04:36 . 2009-04-26 23:35 -------- d-----w- c:\documents and settings\ESS\Application Data\LimeWire
2009-08-10 17:00 . 2009-06-02 19:32 -------- d-----w- c:\program files\SpacialAudio
2009-08-06 22:59 . 2009-07-17 21:40 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-03 11:36 . 2008-10-03 23:02 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-10-03 23:02 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 22:24 . 2009-06-17 23:48 -------- d-----w- c:\program files\Hotspot_Shield
2009-07-23 01:27 . 2009-05-25 14:18 -------- d-----w- c:\documents and settings\ESS\Application Data\Winamp
2009-07-22 21:07 . 2009-05-25 14:18 -------- d-----w- c:\program files\Winamp
2009-07-22 19:13 . 2009-07-21 23:22 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-17 21:40 . 2009-07-17 21:40 -------- d-----w- c:\program files\Avira
2009-07-17 21:40 . 2009-07-17 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-12 14:33 . 2009-07-12 14:33 -------- d-----w- c:\program files\SAGEM WiFi manager
2009-07-12 14:25 . 2008-08-25 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 14:15 . 2009-04-29 21:53 -------- d-----w- c:\program files\SAGEM
2009-07-12 14:15 . 2009-07-12 14:15 -------- d-----w- c:\documents and settings\ESS\Application Data\InstallShield
2009-07-04 14:40 . 2009-07-04 14:40 0 -c--a-w- c:\windows\system32\cd.dat
2009-07-02 02:34 . 2009-06-01 18:13 33840 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-06-27 23:20 . 2009-06-27 23:20 165069 ----a-w- c:\windows\IceOp Uninstaller.exe
2009-06-20 18:28 . 2009-06-20 18:28 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-14 15:21 . 2009-06-14 15:21 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-06-14 15:21 . 2009-06-14 15:21 256512 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-06-14 15:21 . 2009-06-14 15:21 237056 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[-] 2008-11-12 00:19 359040 EBEAB4C47642CD68D7FD23187EECA1B0 c:\windows\system32\backup\tcpip.sys
[7] 2004-08-04 03:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 03:14 359040 3BB4B08619C111C7BE8BDA07AA0DE6A2 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-05_01.29.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-05 02:05 . 2009-09-05 02:05 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6617.exe
- 2009-06-23 23:05 . 2009-06-23 23:05 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6617.exe
+ 2009-09-05 02:05 . 2009-09-05 02:05 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F66110.exe
- 2009-06-23 23:05 . 2009-06-23 23:05 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F66110.exe
+ 2009-09-05 02:05 . 2009-09-05 02:05 1461248 c:\windows\Installer\225d0a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-22 22:56 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-06 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-26 185872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-12 413696]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-16 122368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\ESS\Menu D‚marrer\Programmes\D‚marrage\
DosÿOptimizer.pif [2008-2-17 377344]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"2"= mmc.exe
"5"= regedt32.exe
"1"= cmd.exe
"3"= rstrui.exe
"4"= regedit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-02 17:45 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PalTalk.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^MaxTV.lnk]
path=c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\MaxTV.lnk
backup=c:\windows\pss\MaxTV.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"Keenfinder Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IDriverT"=3 (0x3)
"HssTrayService"=3 (0x3)
"HssSrv"=2 (0x2)
"HotspotShieldService"=2 (0x2)
"gusvc"=3 (0x3)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"Capture Device Service"=2 (0x2)
"Boonty Games"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [25/08/2008 16:48 13696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17/07/2009 23:40 108289]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [06/08/2009 20:58 331824]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10/10/2008 01:29 47640]
R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [12/07/2009 16:02 20736]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [01/06/2009 20:13 33840]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 12:06 21632]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [12/07/2009 16:33 402432]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [22/07/2009 01:22 28592]
R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [11/05/2009 21:36 173632]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [11/08/2009 01:19 57640]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [11/12/2008 00:19 323584]
S3 ntkvpn;Loki VPN Driver Service;c:\windows\system32\DRIVERS\ntkvpn.sys --> c:\windows\system32\DRIVERS\ntkvpn.sys [?]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [19/10/2007 10:50 24320]
S4 Keenfinder Service;Keenfinder Service;"c:\program files\Keenfinder\keenfinder.exe" "c:\program files\Keenfinder\keenfinder.dll" Service --> c:\program files\Keenfinder\keenfinder.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder
2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1F8414C6-A53E-45C0-B260-CAD037F0532C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
URLSearchHooks-{7762a897-2a75-4e3f-a3a7-55bd098b9879} - (no file)
BHO-{7762a897-2a75-4e3f-a3a7-55bd098b9879} - (no file)
BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
Toolbar-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
Toolbar-{7762a897-2a75-4e3f-a3a7-55bd098b9879} - (no file)
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
WebBrowser-{7762A897-2A75-4E3F-A3A7-55BD098B9879} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 67.69.254.242:80
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Ghost Navigator\Ghost
LSP: PrxerDrv.dll
TCP: {D64A6D53-4B27-4AF5-AA10-4B69889C9792} = 213.150.176.196,196.203.251.8
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\extensions\{7762a897-2a75-4e3f-a3a7-55bd098b9879}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 04:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-448539723-573735546-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{219C3740-370D-5039-65CB-DBB14A0E7DC1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajokdkadiachhbhbh"=hex:69,61,6d,65,68,6d,67,6d,6a,6b,70,61,63,65,6e,6e,61,6b,
00,00
"hahoafcmmhigabmp"=hex:6a,61,63,66,64,68,62,61,64,6f,69,65,70,6a,6a,64,6b,67,
6d,6f,00,fe
"ianochijpclkfnkgol"=hex:63,61,6e,65,67,6a,00,7c
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1336)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-09-05 4:24
ComboFix-quarantined-files.txt 2009-09-05 02:24
ComboFix2.txt 2009-09-05 01:40
Pre-Run: 6 890 070 016 octets libres
Post-Run: 6 849 998 848 octets libres
337
