Sujet Précédent Sujet Suivant

Virus? Navigation sur internet tres lente!

Nekojita Messages postés 18 Statut Membre -  
Nekojita Messages postés 18 Statut Membre -
Bonjour,

Il y a de cela quelques jours, alors que je surfais comme tous les autres jours sur le net, mon acces internet est devenu tres lent. (quand je dis lent, c'est lent, ca peut aller justqe 5 minutes pour ouvrir une page internet..) Cependant, msn ou autres messenger sont toujours accessibles et pas de problemes particuliers a ce niveau.

Bref, j'ai passe l'antivirus (avira) et il n'a rien trouve. Donc ca me parait bizarre, d'autant plus que mon colocataire n'a AUCUN probleme du genre. (nous ne sommes pas en wifi mais relie par un cable LAN tous les 2)

Si vous avez une idee ne serait que minime du probleme...

Merci!
A voir également:

35 réponses

  • 1
  • 2
Réponse 1 / 35
nico987 Messages postés 783 Statut Membre 93
 
Télécharge genproc ici : http://www.genproc.com/GenProc.exe

Tu le lances tu attends tu réponds oui à la question et tu me postes le rappport dans ton prochain message.

note : accepte la license d'hijackthis si elle apparaît.
1
Réponse 2 / 35
Nekojita Messages postés 18 Statut Membre
 
Voila le resultat!
Pour info, flets c'est mon truc pour aller sur internet (je suis au Japon)

Rapport GenProc 2.627 [1] - 2009/09/15 ・23:12:41
@ Windows XP Service Pack 2 - Mode normal
@ Mozilla Firefox (3.5.3) [Navigateur par d馭aut]

GenProc n'a d騁ect・aucune infection caract駻istique et sugg鑽e de suivre la proc馘ure suivante :

Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases ・chaque fois, et lorsque c'est termin・ colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt

~~~~ INFORMATION COMPLEMENTAIRE ~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:55, on 2009/09/15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Siemens\Common\TangoCoreService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\servises.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\servises.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\NTTE\Flets\app\TangoManager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\conime.exe
C:\GenProc\outil\sapinsapin_GenProc.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: フレッツ接続ツール - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Run: [NTTE_OSA_AUS] "C:\Program Files\NTTE\OSA_SupportTool\aus\acs.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O9 - Extra button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files\NTTE\OSA_SupportTool\start.exe
O9 - Extra button: フレッツ接続ツール - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F449084-B6CE-4911-967B-6CFD860218CA}: NameServer = 220.220.248.1 220.220.248.9
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Tango Core Service (TangoCoreService) - Unknown owner - C:\Program Files\Siemens\Common\TangoCoreService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
0
Réponse 3 / 35
nico987 Messages postés 783 Statut Membre 93
 
t'as un gros virus.
Déjà --> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau. : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
--> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
--> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
--> Sélectionne Exécuter un examen complet.
--> Clique sur Rechercher. L'analyse démarre.
Poste le rapport qui s'ouvre.
0
Réponse 4 / 35
Nekojita Messages postés 18 Statut Membre
 
Euh... j'ai fait ce que tu m'as dit, il a fait une recherche pendant 1h30 pour trouver 24 fichiers corrompus (enfin jpense, c'etait en gras et en rouge marque 24 donc..) mais.. pas de rapport a la fin...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 35
nico987 Messages postés 783 Statut Membre 93
 
ok télécharge

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 (Eric 71 & Angeldark) sur ton Bureau.

Tu le lances et fais l'option 1, . poste le rapport

Après ceci tu refais genproc, et tu me repostes un rapport.
0
Réponse 6 / 35
Nekojita Messages postés 18 Statut Membre
 
Je viens de reessayer, et c'est toujours pareil, pas de log... Je clique sur OK, puis sur afficher les resultats, et... rien.
edit: je viens de voir le message que tu viens de poster, je telecharge et je te met le log
0
Réponse 7 / 35
nico987 Messages postés 783 Statut Membre 93
 
vire ce qui est en quarentaine de malwarebytes.
0
Réponse 8 / 35
Nekojita Messages postés 18 Statut Membre
 
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2300 @ 1.66GHz )
BIOS : Rev 1.0
USER : sapinsapin ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
Firewall : COMODO Firewall Pro 3.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:86 Go (Free:2 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:5 Go)
E:\ (CD or DVD)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 2009/09/16| 2:46 )

--------------------\\ Listing des dossiers dans APPLIC~1

[2006/08/09|12:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
[0|個のファイル] C:\DOCUME~1\ADMINI~1\APPLIC~1\バイト
[3|個のディレクトリ] C:\DOCUME~1\ADMINI~1\APPLIC~1\バイトの空き領域

[2009/02/02|04:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/07/14|00:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008/11/08|03:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008/11/08|03:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008/08/15|04:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[2008/04/13|01:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[2008/09/12|04:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\comodo
[2006/12/21|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[2007/04/02|16:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2006/11/05|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[2006/08/09|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[2006/11/05|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\KDDI
[2009/05/17|04:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[2008/08/15|01:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2008/09/10|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[2007/06/04|00:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2009/01/18|01:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008/02/01|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[2009/09/15|04:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NTTE
[2008/11/07|02:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
[2006/08/09|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prism Deploy
[2007/04/02|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[2009/06/08|20:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[2006/11/06|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[2009/04/15|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2008/08/14|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2007/11/03|04:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[2008/04/18|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU Networks
[2007/11/13|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2009/01/18|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2007/03/11|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[0|個のファイル] C:\DOCUME~1\ALLUSE~1\APPLIC~1\バイト
[33|個のディレクトリ] C:\DOCUME~1\ALLUSE~1\APPLIC~1\バイトの空き領域

[2005/03/03|13:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2006/08/09|12:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
[2006/08/09|12:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2006/08/09|12:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[0|個のファイル] C:\DOCUME~1\DEFAUL~1\APPLIC~1\バイト
[6|個のディレクトリ] C:\DOCUME~1\DEFAUL~1\APPLIC~1\バイトの空き領域

[2008/10/26|19:46] C:\DOCUME~1\LOCALS~1\APPLIC~1\Azureus
[2007/05/31|09:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[2007/11/15|22:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Media Player Classic
[2007/11/14|04:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|個のファイル] C:\DOCUME~1\LOCALS~1\APPLIC~1\バイト
[6|個のディレクトリ] C:\DOCUME~1\LOCALS~1\APPLIC~1\バイトの空き領域

[2005/03/03|13:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|個のファイル] C:\DOCUME~1\NETWOR~1\APPLIC~1\バイト
[3|個のディレクトリ] C:\DOCUME~1\NETWOR~1\APPLIC~1\バイトの空き領域

[2007/06/04|23:45] C:\DOCUME~1\SAPINS~1\APPLIC~1\.purple
[2009/09/02|23:21] C:\DOCUME~1\SAPINS~1\APPLIC~1\Adobe
[2006/12/23|00:19] C:\DOCUME~1\SAPINS~1\APPLIC~1\AdobeUM
[2008/11/08|03:26] C:\DOCUME~1\SAPINS~1\APPLIC~1\Apple Computer
[2007/09/07|20:35] C:\DOCUME~1\SAPINS~1\APPLIC~1\ArcSoft
[2009/01/29|10:02] C:\DOCUME~1\SAPINS~1\APPLIC~1\Azureus
[2009/01/07|08:06] C:\DOCUME~1\SAPINS~1\APPLIC~1\BSplayer
[2008/10/26|19:46] C:\DOCUME~1\SAPINS~1\APPLIC~1\BSplayer Pro
[2008/09/12|04:44] C:\DOCUME~1\SAPINS~1\APPLIC~1\Comodo
[2007/11/17|17:40] C:\DOCUME~1\SAPINS~1\APPLIC~1\CrystalApp
[2007/11/17|17:36] C:\DOCUME~1\SAPINS~1\APPLIC~1\CrystalSpace
[2007/02/17|00:33] C:\DOCUME~1\SAPINS~1\APPLIC~1\CyberLink
[2007/12/26|17:23] C:\DOCUME~1\SAPINS~1\APPLIC~1\DivX
[2007/06/24|01:29] C:\DOCUME~1\SAPINS~1\APPLIC~1\EoRezo
[2006/10/12|10:13] C:\DOCUME~1\SAPINS~1\APPLIC~1\FotoWire
[2007/01/06|17:39] C:\DOCUME~1\SAPINS~1\APPLIC~1\Google
[2006/10/16|21:20] C:\DOCUME~1\SAPINS~1\APPLIC~1\Help
[2005/03/03|13:05] C:\DOCUME~1\SAPINS~1\APPLIC~1\Identities
[2009/07/04|17:56] C:\DOCUME~1\SAPINS~1\APPLIC~1\ImTOO Software Studio
[2009/09/14|01:54] C:\DOCUME~1\SAPINS~1\APPLIC~1\InstallShield
[2006/08/09|12:44] C:\DOCUME~1\SAPINS~1\APPLIC~1\Intel
[2007/06/24|01:20] C:\DOCUME~1\SAPINS~1\APPLIC~1\ItsLabel
[2008/07/10|02:20] C:\DOCUME~1\SAPINS~1\APPLIC~1\LG Electronics
[2006/10/31|00:42] C:\DOCUME~1\SAPINS~1\APPLIC~1\LockTime
[2006/10/11|23:22] C:\DOCUME~1\SAPINS~1\APPLIC~1\Macromedia
[2008/08/15|01:48] C:\DOCUME~1\SAPINS~1\APPLIC~1\Malwarebytes
[2007/04/02|17:23] C:\DOCUME~1\SAPINS~1\APPLIC~1\Media Player Classic
[2009/01/15|02:44] C:\DOCUME~1\SAPINS~1\APPLIC~1\Microsoft
[2008/11/10|19:46] C:\DOCUME~1\SAPINS~1\APPLIC~1\Microsoft Web Folders
[2008/08/21|20:38] C:\DOCUME~1\SAPINS~1\APPLIC~1\Mozilla
[2008/01/29|21:02] C:\DOCUME~1\SAPINS~1\APPLIC~1\Nero
[2009/09/15|04:15] C:\DOCUME~1\SAPINS~1\APPLIC~1\NTTE
[2009/08/21|12:48] C:\DOCUME~1\SAPINS~1\APPLIC~1\OpenOffice.org2
[2007/11/13|08:28] C:\DOCUME~1\SAPINS~1\APPLIC~1\Real
[2006/08/09|12:33] C:\DOCUME~1\SAPINS~1\APPLIC~1\SampleView
[2007/06/04|00:29] C:\DOCUME~1\SAPINS~1\APPLIC~1\Screenshot Sender
[2008/12/19|02:46] C:\DOCUME~1\SAPINS~1\APPLIC~1\ScummVM
[2008/11/20|10:06] C:\DOCUME~1\SAPINS~1\APPLIC~1\SecondLife
[2008/05/05|21:47] C:\DOCUME~1\SAPINS~1\APPLIC~1\SecuROM
[2007/08/28|02:58] C:\DOCUME~1\SAPINS~1\APPLIC~1\Shareaza
[2008/12/21|22:41] C:\DOCUME~1\SAPINS~1\APPLIC~1\Sierra
[2009/09/15|23:24] C:\DOCUME~1\SAPINS~1\APPLIC~1\Skype
[2009/09/14|16:00] C:\DOCUME~1\SAPINS~1\APPLIC~1\skypePM
[2007/09/08|20:50] C:\DOCUME~1\SAPINS~1\APPLIC~1\Sony Corporation
[2006/10/20|19:19] C:\DOCUME~1\SAPINS~1\APPLIC~1\Sun
[2009/07/15|14:32] C:\DOCUME~1\SAPINS~1\APPLIC~1\Trillian
[2007/11/03|04:14] C:\DOCUME~1\SAPINS~1\APPLIC~1\TuneUp Software
[2008/04/18|11:02] C:\DOCUME~1\SAPINS~1\APPLIC~1\TVU Networks
[2009/09/10|00:25] C:\DOCUME~1\SAPINS~1\APPLIC~1\uTorrent
[2009/06/21|20:24] C:\DOCUME~1\SAPINS~1\APPLIC~1\vlc
[0|個のファイル] C:\DOCUME~1\SAPINS~1\APPLIC~1\バイト
[52|個のディレクトリ] C:\DOCUME~1\SAPINS~1\APPLIC~1\バイトの空き領域

--------------------\\ T稍hes planifi馥s dans C:\WINDOWS\tasks

[2009/09/02 20:38][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2004/08/06 04:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
[2009/09/15 23:36][--ah-----] C:\WINDOWS\tasks\SA.DAT

--------------------\\ Listing des dossiers dans C:\Program Files

[2008/12/20|21:49] C:\Program Files\3DO
[2009/09/02|02:20] C:\Program Files\Adobe
[2008/04/18|11:16] C:\Program Files\adslTV
[2008/05/12|03:43] C:\Program Files\Alcohol Soft
[2007/09/24|17:09] C:\Program Files\Alwil Software
[2008/11/08|03:18] C:\Program Files\Apple Software Update
[2008/02/01|17:42] C:\Program Files\ASIO4ALL v2
[2008/08/15|04:15] C:\Program Files\Avira
[2008/05/25|04:07] C:\Program Files\AviSynth 2.5
[2009/02/01|23:36] C:\Program Files\Azureus
[2007/11/25|19:26] C:\Program Files\BeClean
[2006/08/09|12:18] C:\Program Files\BigFix
[2008/10/26|19:46] C:\Program Files\BitComet
[2009/09/02|02:17] C:\Program Files\Bonjour
[2009/09/02|01:53] C:\Program Files\Common Files
[2008/09/12|04:44] C:\Program Files\COMODO
[2005/03/03|13:01] C:\Program Files\ComPlus Applications
[2007/06/25|17:46] C:\Program Files\Conquer 2.0
[2009/02/01|23:21] C:\Program Files\CoreCodec
[2008/09/29|17:59] C:\Program Files\Creative Labs
[2006/08/09|12:18] C:\Program Files\CyberLink
[2007/11/17|15:25] C:\Program Files\DAEMON Tools
[2008/04/15|03:03] C:\Program Files\DivX
[2007/11/17|21:36] C:\Program Files\EA GAMES
[2008/09/29|17:56] C:\Program Files\Eidos Interactive
[2007/11/25|19:26] C:\Program Files\eMule
[2008/08/15|01:10] C:\Program Files\Enigma Software Group
[2009/02/01|23:16] C:\Program Files\Gabest
[2008/09/12|04:52] C:\Program Files\Google
[2008/07/15|02:27] C:\Program Files\gPotato.eu
[2009/01/06|06:15] C:\Program Files\Gravity
[2009/04/20|10:38] C:\Program Files\GridinSoft Trojan Killer
[2009/02/01|21:36] C:\Program Files\Haali
[2007/07/18|03:46] C:\Program Files\HyCam2
[2008/10/26|19:46] C:\Program Files\icuii
[2008/04/27|17:22] C:\Program Files\illusion
[2008/04/08|23:52] C:\Program Files\Image-Line
[2009/09/15|04:21] C:\Program Files\InstallShield Installation Information
[2006/08/09|12:43] C:\Program Files\Intel
[2007/02/03|23:35] C:\Program Files\InterActual
[2009/08/08|16:14] C:\Program Files\Internet Explorer
[2008/02/07|22:43] C:\Program Files\IVCsoft
[2006/08/09|12:27] C:\Program Files\Java
[2006/11/05|15:16] C:\Program Files\KDDI
[2007/04/02|17:21] C:\Program Files\K-Lite Codec Pack
[2009/05/17|04:56] C:\Program Files\Lavasoft
[2008/12/19|03:08] C:\Program Files\Les Boucliers de Quetzalcoatl
[2008/07/09|17:17] C:\Program Files\LG Electronics
[2006/10/12|10:13] C:\Program Files\Logitech
[2009/09/15|23:36] C:\Program Files\Malwarebytes' Anti-Malware
[2008/08/14|03:23] C:\Program Files\Messenger
[2007/06/25|18:32] C:\Program Files\Messenger Plus! Live
[2009/01/18|01:59] C:\Program Files\Microsoft
[2009/01/19|03:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/11/10|19:45] C:\Program Files\microsoft frontpage
[2007/11/21|23:14] C:\Program Files\Microsoft Games
[2008/11/10|19:46] C:\Program Files\Microsoft Office
[2008/05/12|02:41] C:\Program Files\mIRC
[2006/08/09|12:33] C:\Program Files\Motorola
[2005/03/03|13:02] C:\Program Files\Movie Maker
[2009/09/15|23:39] C:\Program Files\Mozilla Firefox
[2005/03/03|13:00] C:\Program Files\MSN
[2005/03/03|13:00] C:\Program Files\MSN Gaming Zone
[2009/01/18|01:52] C:\Program Files\MSN Messenger
[2006/11/17|03:01] C:\Program Files\MSXML 4.0
[2005/03/03|13:02] C:\Program Files\NetMeeting
[2009/09/15|04:30] C:\Program Files\NTTE
[2005/03/03|13:02] C:\Program Files\Online Services
[2008/06/16|05:01] C:\Program Files\OpenOffice.org 2.4
[2009/08/14|13:16] C:\Program Files\Outlook Express
[2009/02/05|03:32] C:\Program Files\Pcsx2_0.9.4
[2007/11/22|19:08] C:\Program Files\PENDULO Studios
[2009/06/14|20:56] C:\Program Files\PENTAX
[2009/02/01|23:37] C:\Program Files\PokerStars
[2008/11/08|03:25] C:\Program Files\QuickTime
[2008/05/19|19:49] C:\Program Files\Rockstar Games
[2007/09/07|20:30] C:\Program Files\SanDisk
[2009/08/26|14:51] C:\Program Files\Save
[2008/12/20|07:58] C:\Program Files\ScummVM
[2009/09/15|04:21] C:\Program Files\Siemens
[2006/08/09|12:32] C:\Program Files\SigmaTel
[2009/06/08|20:38] C:\Program Files\Skype
[2007/09/07|20:35] C:\Program Files\Sony
[2009/04/15|11:29] C:\Program Files\Spybot - Search & Destroy
[2006/08/09|12:26] C:\Program Files\Synaptics
[2007/11/20|03:10] C:\Program Files\The Witcher
[2008/05/12|15:28] C:\Program Files\THQ
[2008/03/19|15:57] C:\Program Files\TimeAdjuster
[2009/09/07|01:34] C:\Program Files\Trillian
[2009/02/02|04:14] C:\Program Files\TuneUp Utilities 2009
[2007/11/23|20:33] C:\Program Files\Ubisoft
[2005/03/03|13:10] C:\Program Files\Uninstall Information
[2009/03/20|06:46] C:\Program Files\URUSoft
[2009/09/09|22:43] C:\Program Files\uTorrent
[2008/02/07|23:32] C:\Program Files\VideoLAN
[2008/04/08|23:48] C:\Program Files\VstPlugins
[2006/12/03|13:41] C:\Program Files\Webteh
[2008/05/12|14:44] C:\Program Files\WinAce
[2008/11/13|03:09] C:\Program Files\Winamp Remote
[2009/01/18|01:58] C:\Program Files\Windows Live
[2007/11/17|22:12] C:\Program Files\Windows Media Connect 2
[2008/08/21|20:43] C:\Program Files\Windows Media Player
[2005/03/03|13:00] C:\Program Files\Windows NT
[2005/03/03|13:02] C:\Program Files\WindowsUpdate
[2009/01/13|19:54] C:\Program Files\WinRAR
[2005/03/03|13:05] C:\Program Files\xerox
[2007/07/15|18:36] C:\Program Files\Yahoo!
[2008/05/02|16:52] C:\Program Files\Yahoo!J
[0|個のファイル] C:\Program Files\バイト
[110|個のディレクトリ] C:\Program Files\バイトの空き領域

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[2009/09/02|02:17] C:\Program Files\Common Files\Adobe
[2008/11/08|03:24] C:\Program Files\Common Files\Apple
[2007/09/07|20:30] C:\Program Files\Common Files\ArcSoft
[2008/11/10|19:47] C:\Program Files\Common Files\Designer
[2006/10/12|10:13] C:\Program Files\Common Files\FotoWire
[2007/06/04|01:08] C:\Program Files\Common Files\GTK
[2006/11/05|15:17] C:\Program Files\Common Files\InstallShield
[2006/08/09|12:26] C:\Program Files\Common Files\Java
[2006/10/12|10:11] C:\Program Files\Common Files\Logitech
[2009/09/02|01:53] C:\Program Files\Common Files\Macrovision Shared
[2009/02/22|09:11] C:\Program Files\Common Files\Microsoft Shared
[2005/03/03|13:02] C:\Program Files\Common Files\MSSoap
[2008/02/01|18:09] C:\Program Files\Common Files\Nero
[2006/08/09|12:14] C:\Program Files\Common Files\New Boundary
[2005/03/03|12:56] C:\Program Files\Common Files\ODBC
[2005/03/03|13:02] C:\Program Files\Common Files\Services
[2009/06/08|20:38] C:\Program Files\Common Files\Skype
[2006/11/06|21:29] C:\Program Files\Common Files\Sony Shared
[2005/03/03|12:56] C:\Program Files\Common Files\SpeechEngines
[2008/11/10|19:47] C:\Program Files\Common Files\System
[2009/01/18|01:53] C:\Program Files\Common Files\Windows Live
[2009/01/18|01:49] C:\Program Files\Common Files\WindowsLiveInstaller
[0|個のファイル] C:\Program Files\Common Files\バイト
[24|個のディレクトリ] C:\Program Files\Common Files\バイトの空き領域

--------------------\\ Process

( 48 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouv・!

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouv・!

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 02:48:04
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 282

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\SAPINS~1\My Documents\My Music\Eminem - Relapse (2009)\18 Eminem - Crack A Bottle [Feat. Dr. Dre And 50 Cent].mp3
C:\DOCUME~1\SAPINS~1\My Documents\torrent\NetLimiter 2 Pro\crack
C:\DOCUME~1\SAPINS~1\My Documents\torrent\NetLimiter 2 Pro\crack\arn.nfo
C:\DOCUME~1\SAPINS~1\My Documents\torrent\NetLimiter 2 Pro\crack\crack
C:\DOCUME~1\SAPINS~1\My Documents\torrent\NetLimiter 2 Pro\crack\crack\patch.exe

[F:1135][D:67]-> C:\DOCUME~1\SAPINS~1\LOCALS~1\Temp
[F:153][D:0]-> C:\DOCUME~1\SAPINS~1\Cookies
[F:931][D:17]-> C:\DOCUME~1\SAPINS~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2009/09/16| 2:51 - Option : [1]

--------------------\\ Fin du rapport a 2:51:40
0
Réponse 9 / 35
Nekojita Messages postés 18 Statut Membre
 
Rapport GenProc 2.627 [2] - 2009/09/16 ・2:54:19
@ Windows XP Service Pack 2 - Mode normal
@ Mozilla Firefox (3.5.3) [Navigateur par d馭aut]

GenProc n'a d騁ect・aucune infection caract駻istique et sugg鑽e de suivre la proc馘ure suivante :

Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases ・chaque fois, et lorsque c'est termin・ colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt

~~~~ INFORMATION COMPLEMENTAIRE ~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:55:38, on 2009/09/16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Siemens\Common\TangoCoreService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\servises.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\NTTE\Flets\app\TangoManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\sapinsapin_GenProc.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: フレッツ接続ツール - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Run: [NTTE_OSA_AUS] "C:\Program Files\NTTE\OSA_SupportTool\aus\acs.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O9 - Extra button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files\NTTE\OSA_SupportTool\start.exe
O9 - Extra button: フレッツ接続ツール - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F449084-B6CE-4911-967B-6CFD860218CA}: NameServer = 220.220.248.1 220.220.248.9
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Tango Core Service (TangoCoreService) - Unknown owner - C:\Program Files\Siemens\Common\TangoCoreService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
0
Réponse 10 / 35
nico987 Messages postés 783 Statut Membre 93
 
bon laisse tomber l'autre rapport t'es vraiment infecté.
maintenant on va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

* quand on va te demander d'enregistrerle fichier, renomme-le antitruc.exe (au lieu de combofix.exe) fais ceci
* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.
Arrête tous les programmes (imprime les instructions du lien).

Attention, laisse l'outil travailler, ,ne touche à rien, ni à sa fenêtre, aucun clic...
Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse
0
Réponse 11 / 35
Nekojita Messages postés 18 Statut Membre
 
hop:

ComboFix 09-09-14.02 - sapinsapin 2009/09/16 3:08.4.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1041.18.1014.511 [GMT 9:00]
Running from: c:\documents and settings\sapinsapin\デスクトップ\antitruc.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\sapinsapin\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
c:\documents and settings\sapinsapin\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
c:\documents and settings\sapinsapin\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
c:\documents and settings\sapinsapin\Local Settings\Temporary Internet Files\SKBGM.cfg
c:\documents and settings\sapinsapin\Local Settings\Temporary Internet Files\SKBGM0.che
c:\documents and settings\sapinsapin\Local Settings\Temporary Internet Files\SKBGM1.che
c:\documents and settings\sapinsapin\Local Settings\Temporary Internet Files\SKBGM2.che
c:\documents and settings\sapinsapin\Local Settings\Temporary Internet Files\SKBGM3.che
c:\documents and settings\sapinsapin\Local Settings\Temporary Internet Files\SKBGM4.che
c:\documents and settings\sapinsapin\Local Settings\Temporary Internet Files\SKBGM5.che
c:\documents and settings\sapinsapin\Local Settings\Temporary Internet Files\SKBGM6.che
c:\documents and settings\sapinsapin\Local Settings\Temporary Internet Files\SKBGM7.che
c:\documents and settings\sapinsapin\Local Settings\Temporary Internet Files\SKBGM8.che
c:\documents and settings\sapinsapin\Local Settings\Temporary Internet Files\SKBGM9.che
c:\windows\system32\_id.dat
c:\windows\system32\14225178.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\7643960.dll
c:\windows\system32\9830040.dll
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\servises.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.

2009-09-15 17:45 . 2009-09-15 17:51 -------- d-----w- C:\Lop SD
2009-09-15 14:12 . 2009-09-15 17:54 -------- d-----w- C:\GenProc
2009-09-14 19:21 . 2007-04-13 01:47 63136 ----a-w- c:\windows\system32\drivers\ENET2K.SYS
2009-09-14 19:21 . 2000-08-03 02:41 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2009-09-14 19:21 . 2009-09-14 19:21 -------- d-----w- c:\program files\Siemens
2009-09-14 19:21 . 1996-09-11 06:33 48640 ----a-w- c:\windows\system32\INETWH32.DLL
2009-09-14 19:15 . 2009-09-14 19:15 -------- d-----w- c:\documents and settings\sapinsapin\Application Data\NTTE
2009-09-14 19:15 . 2009-09-14 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NTTE
2009-09-13 16:54 . 2009-09-13 16:54 -------- d-----w- c:\documents and settings\sapinsapin\Application Data\InstallShield
2009-09-09 13:43 . 2009-09-09 13:43 -------- d-----w- c:\program files\uTorrent
2009-09-09 12:55 . 2009-06-21 22:05 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-01 17:17 . 2009-09-01 17:17 -------- d-----w- c:\program files\Bonjour
2009-09-01 16:53 . 2009-09-01 16:53 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 18:06 . 2009-06-08 11:38 -------- d-----w- c:\documents and settings\sapinsapin\Application Data\Skype
2009-09-15 14:36 . 2008-08-14 16:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 14:32 . 2009-09-15 14:32 693760 ----a-w- c:\windows\isRS-000.tmp
2009-09-14 19:30 . 2009-08-06 15:48 -------- d-----w- c:\program files\NTTE
2009-09-14 19:21 . 2006-08-09 03:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-14 07:00 . 2009-06-08 11:41 -------- d-----w- c:\documents and settings\sapinsapin\Application Data\skypePM
2009-09-10 05:54 . 2008-08-14 16:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 05:53 . 2008-08-14 16:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 15:25 . 2009-01-05 19:15 -------- d-----w- c:\documents and settings\sapinsapin\Application Data\uTorrent
2009-09-06 16:34 . 2009-07-15 05:31 -------- d-----w- c:\program files\Trillian
2009-09-01 17:24 . 2006-12-01 10:44 24616 ----a-w- c:\documents and settings\sapinsapin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-01 17:17 . 2006-08-09 03:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-26 05:51 . 2006-12-03 04:49 -------- d-----w- c:\program files\Save
2009-08-21 03:48 . 2008-06-15 20:08 -------- d-----w- c:\documents and settings\sapinsapin\Application Data\OpenOffice.org2
2009-08-05 09:05 . 2005-03-03 19:40 202752 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:48 . 2005-03-03 19:41 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:48 . 2005-03-03 19:40 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 18:55 . 2005-03-03 19:40 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:43 . 2005-03-03 19:41 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 15:56 . 2005-03-03 19:41 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:56 . 2005-03-03 19:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:56 . 2005-03-03 19:40 17408 ------w- c:\windows\system32\corpol.dll
2009-06-25 08:44 . 2005-03-03 19:41 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2005-03-03 19:40 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2005-03-03 19:40 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2005-03-03 19:40 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2005-03-03 19:40 709120 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2005-03-03 19:40 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:34 . 2005-03-03 19:40 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-21 14:12 . 2009-01-07 22:47 3532 ----a-w- C:\drmHeader.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-09-11 1655552]
"NTTE_OSA_AUS"="c:\program files\NTTE\OSA_SupportTool\aus\acs.exe" [2008-04-30 2315616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\All Users\スタート メニュー\プログラム\スタートアップ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SsAAD.exe"=c:\progra~1\Sony\SONICS~1\SsAAD.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" boot
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" /background
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Persistence"=c:\windows\system32\igfxpers.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\skcbgm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\sapinsapin\\My Documents\\Setup\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10069:TCP"= 10069:TCP:*:Disabled:BitComet 10069 TCP
"10069:UDP"= 10069:UDP:*:Disabled:BitComet 10069 UDP
"18123:TCP"= 18123:TCP:NortonAV
"13709:TCP"= 13709:TCP:NortonAV
"16843:TCP"= 16843:TCP:NortonAV
"15252:TCP"= 15252:TCP:NortonAV
"18385:TCP"= 18385:TCP:NortonAV
"16772:TCP"= 16772:TCP:NortonAV
"18307:TCP"= 18307:TCP:NortonAV
"18704:TCP"= 18704:TCP:NortonAV
"17134:TCP"= 17134:TCP:NortonAV
"18746:TCP"= 18746:TCP:NortonAV
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008/09/12 4:44 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008/09/12 4:44 24208]
R2 TangoCoreService;Tango Core Service;c:\program files\Siemens\Common\TangoCoreService.exe [2009/09/15 4:21 173600]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009/02/02 4:14 603904]
R3 ENETNT5;tango(R) Access PPPoE WAN Miniport;c:\windows\system32\drivers\ENET2K.SYS [2009/09/15 4:21 63136]
R3 LOGNT;LOGNT;c:\progra~1\NTTE\Flets\app\lognt.sys [2009/09/15 4:21 12576]
R3 NTSTPL1;NTSTPL1;c:\progra~1\NTTE\Flets\app\NTSTPL1.SYS [2009/09/15 4:21 24640]
R3 TAPBIND;TAPBIND;c:\progra~1\NTTE\Flets\app\TAPBIND1.SYS [2009/09/15 4:21 56640]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 aspnet_admin;ASP.NET Admin Service;c:\windows\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe [2004/07/07 23:02 11776]
S3 RAWESR;RAWESR;c:\progra~1\NTTE\Flets\app\RAWESR.SYS [2009/09/15 4:21 15776]
S3 w42smdm;Driver for w42smdm Device;c:\windows\system32\drivers\w42smdm.sys [2006/11/05 15:00 27904]
S3 w42sser;Driver for w42sser Device;c:\windows\system32\drivers\w42sser.sys [2006/11/05 15:00 27776]
S3 w42susb;Driver for w42susb Device;c:\windows\system32\drivers\w42susb.sys [2006/11/05 15:00 65664]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 03:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{6CB1FA39-5745-4733-859F-E9C82A68F848} - c:\program files\NTTE\OSA_SupportTool\start.exe
FF - ProfilePath - c:\documents and settings\sapinsapin\Application Data\Mozilla\Firefox\Profiles\wmwygff2.Matt\
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCMListControl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcyworld.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 03:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-3333611216-2818019727-3358243179-1006\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*ウ0・ン0・ヘ0・ネ0\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*ウ0・ン0・ヘ0・ネ0\CurVer]
@="BDATuner.コンポーネント.1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\「0・、0・ケ0ネ0・・n0ミ0テ0ッ0「0テ0ラ0 *、0・・ク0]
@="{67cf8cbd-e5c0-44f7-9de5-e1d599d626d8}"
"Description"="このバージョンの Windows をアンインストールして前のオペレーティング システムに戻る場合は、これらのファイルが必要です。"
"Display"="前のオペレーティング システムのバックアップ ファイル"
"IconPath"=expand:"%SystemRoot%\\system32\\osuninst.EXE,0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\guard32.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC

- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\guard32.dll
.
Completion time: 2009-09-15 3:16
ComboFix-quarantined-files.txt 2009-09-15 18:16
ComboFix2.txt 2008-09-09 21:42

Pre-Run: 5,057,515,520 バイトの空き領域
Post-Run: 5,446,656,000 バイトの空き領域

236 --- E O F --- 2009-09-10 01:07
0
Réponse 12 / 35
nico987 Messages postés 783 Statut Membre 93
 
télécharge hijackthis ici : https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

Tu l'installes le lances et tu fais do a scan with a logfile ( premier option) un rapport va s'ouvrir.
Tu le copies et le colles dans le prochain message.
0
Réponse 13 / 35
nico987 Messages postés 783 Statut Membre 93
 
après ceci : tu branches toutes tes clés usb, disque dur externe susbetiles d'être infecté.

Télécharge usbfix : http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

Tu le lances (brancher la clé, avant) et tu fais f puis enter. Puis 1 puis enter.

tuto ici : https://www.malekal.com/usbfix-supprimer-virus-usb/
0
Réponse 14 / 35
Nekojita Messages postés 18 Statut Membre
 
Merci pour tes reponses rapides!

Voici le log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:31:29, on 2009/09/16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Siemens\Common\TangoCoreService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\NTTE\Flets\app\TangoManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sapinsapin\デスクトップ\HiJackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: フレッツ接続ツール - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NTTE_OSA_AUS] "C:\Program Files\NTTE\OSA_SupportTool\aus\acs.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O9 - Extra button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files\NTTE\OSA_SupportTool\start.exe
O9 - Extra button: フレッツ接続ツール - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F449084-B6CE-4911-967B-6CFD860218CA}: NameServer = 220.220.248.1 220.220.248.9
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Tango Core Service (TangoCoreService) - Unknown owner - C:\Program Files\Siemens\Common\TangoCoreService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
0
Réponse 15 / 35
nico987 Messages postés 783 Statut Membre 93
 
fais ce que je t'ai dis avec usbfix (message au-dessus)
0
Réponse 16 / 35
Nekojita Messages postés 18 Statut Membre
 
Voila le rapport USBfix

############################## | UsbFix V6.033 |

User : sapinsapin (Administrators) # YOUR-BB3C0D3F93
Update on 14/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 3:41:04 | 2009/09/16
Website : http://pagesperso-orange.fr/NosTools/index.html

Genuine Intel(R) CPU T2300 @ 1.66GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : Avira AntiVir PersonalEdition 8.0.1.30 [ (!) Disabled | Updated ]
FW : COMODO Firewall Pro[ (!) Disabled ]3.0

C:\ -> ローカル固定ディスク # 86.31 Go (5.09 Go free) # NTFS
D:\ -> ローカル固定ディスク # 6.83 Go (5.8 Go free) # FAT32
E:\ -> CD-ROM ディスク
F:\ -> ローカル固定ディスク # 298.09 Go (11.8 Go free) [LaCie] # NTFS
G:\ -> CD-ROM ディスク

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Siemens\Common\TangoCoreService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\NTTE\Flets\app\TangoManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

D:\desktop.ini
F:\._autorun.inf
F:\adober.exe
F:\autorun.inf
F:\desktop.ini

################## | Registre # Cl駸 Run infectieuses |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{ed63f116-e28c-11dd-8386-001302d1fe85}
Shell\Auto\command =F:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

################## | ! Fin du rapport # UsbFix V6.033 ! |
0
Réponse 17 / 35
nico987 Messages postés 783 Statut Membre 93
 
ok fais pareil mais avec l'option 2, l'ordi va redémarrer c'est normal, ne touche à rien.
Le bureau va s'effacer mais va réappaître.
Poste le rapport.
Ne touche à rien pendant la phase de désinfection.
J'y vais, j'analyserai ton rapport demain mais poste le.
0
Réponse 18 / 35
Nekojita Messages postés 18 Statut Membre
 
Je te remercie! Je te poste le log.
En tout cas bonne soiree a toi!

############################## | UsbFix V6.033 |

User : sapinsapin (Administrators) # YOUR-BB3C0D3F93
Update on 14/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 4:00:13 | 2009/09/16
Website : http://pagesperso-orange.fr/NosTools/index.html

Genuine Intel(R) CPU T2300 @ 1.66GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
FW : COMODO Firewall Pro[ (!) Disabled ]3.0

C:\ -> ローカル固定ディスク # 86.31 Go (5.04 Go free) # NTFS
D:\ -> ローカル固定ディスク # 6.83 Go (5.8 Go free) # FAT32
E:\ -> CD-ROM ディスク
F:\ -> ローカル固定ディスク # 298.09 Go (11.8 Go free) [LaCie] # NTFS
G:\ -> CD-ROM ディスク

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Siemens\Common\TangoCoreService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## | Fichiers # Dossiers infectieux |

Supprim・! D:\desktop.ini
F:\autorun.inf -> fichier appel・: "F:\AdobeR.exe e" ( Absent ! )
Supprim・! F:\._autorun.inf
Supprim・! F:\adober.exe
Supprim・! F:\autorun.inf
Supprim・! F:\desktop.ini

################## | Registre # Cl駸 Run infectieuses |

Supprim・! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
Supprim・! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Registre # Mountpoints2 |

################## | Listing des fichiers pr駸ent |

[2009/05/17 04:53|--a------|2210] C:\aaw7boot.log
[2005/03/03 13:05|--a------|0] C:\AUTOEXEC.BAT
[2008/09/10 06:14|-rahs----|460] C:\boot.ini
[2004/08/06 04:00|-rahs----|132398] C:\bootfont.bin
[2004/08/03 23:00|--a------|263488] C:\cmldr
[2009/09/16 03:16|--a------|15587] C:\ComboFix.txt
[2005/03/03 13:05|--a------|0] C:\CONFIG.SYS
[2009/06/21 23:12|--a------|3532] C:\drmHeader.bin
[?|?|?] C:\hiberfil.sys
[2005/03/03 13:05|-rahs----|0] C:\IO.SYS
[2006/10/12 10:11|--a------|90] C:\LogiSetup.log
[2009/09/16 02:51|--a------|16721] C:\lopR.txt
[2005/03/03 13:05|-rahs----|0] C:\MSDOS.SYS
[2004/08/06 04:00|-rahs----|47564] C:\NTDETECT.COM
[2004/08/06 04:00|-rahs----|260272] C:\ntldr
[?|?|?] C:\pagefile.sys
[2006/08/09 12:30|--a------|186] C:\RaidApp.log
[2008/09/10 04:44|--a------|2531] C:\rapport.txt
[2007/06/23 19:38|--ah-----|268] C:\sqmdata00.sqm
[2007/06/23 19:38|--ah-----|232] C:\sqmdata01.sqm
[2007/06/23 19:38|--ah-----|268] C:\sqmdata02.sqm
[2007/06/24 16:31|--ah-----|268] C:\sqmdata03.sqm
[2007/06/25 17:49|--ah-----|268] C:\sqmdata04.sqm
[2007/09/11 23:53|--ah-----|268] C:\sqmdata05.sqm
[2008/06/01 02:29|--ah-----|268] C:\sqmdata06.sqm
[2008/08/21 21:18|--ah-----|268] C:\sqmdata07.sqm
[2006/11/24 18:19|--ah-----|292] C:\sqmdata08.sqm
[2006/12/14 19:35|--ah-----|268] C:\sqmdata09.sqm
[2006/12/29 15:52|--ah-----|268] C:\sqmdata10.sqm
[2006/12/29 23:06|--ah-----|268] C:\sqmdata11.sqm
[2007/01/02 04:11|--ah-----|232] C:\sqmdata12.sqm
[2007/01/30 02:10|--ah-----|268] C:\sqmdata13.sqm
[2007/02/02 20:32|--ah-----|268] C:\sqmdata14.sqm
[2007/05/07 08:29|--ah-----|268] C:\sqmdata15.sqm
[2007/05/26 20:01|--ah-----|268] C:\sqmdata16.sqm
[2007/06/06 00:17|--ah-----|136] C:\sqmdata17.sqm
[2007/06/13 08:23|--ah-----|268] C:\sqmdata18.sqm
[2007/06/23 19:37|--ah-----|268] C:\sqmdata19.sqm
[2007/06/23 19:37|--ah-----|244] C:\sqmnoopt00.sqm
[2007/06/23 19:38|--ah-----|244] C:\sqmnoopt01.sqm
[2007/06/23 19:38|--ah-----|244] C:\sqmnoopt02.sqm
[2007/06/23 19:38|--ah-----|244] C:\sqmnoopt03.sqm
[2007/06/24 16:31|--ah-----|244] C:\sqmnoopt04.sqm
[2007/06/25 17:41|--ah-----|244] C:\sqmnoopt05.sqm
[2007/06/25 17:49|--ah-----|244] C:\sqmnoopt06.sqm
[2007/09/11 23:53|--ah-----|244] C:\sqmnoopt07.sqm
[2008/06/01 02:29|--ah-----|244] C:\sqmnoopt08.sqm
[2008/08/21 21:18|--ah-----|244] C:\sqmnoopt09.sqm
[2006/12/29 15:52|--ah-----|244] C:\sqmnoopt10.sqm
[2006/12/29 23:06|--ah-----|244] C:\sqmnoopt11.sqm
[2007/01/02 04:11|--ah-----|244] C:\sqmnoopt12.sqm
[2007/01/30 02:10|--ah-----|244] C:\sqmnoopt13.sqm
[2007/02/02 20:32|--ah-----|244] C:\sqmnoopt14.sqm
[2007/05/07 08:29|--ah-----|244] C:\sqmnoopt15.sqm
[2007/05/26 20:01|--ah-----|244] C:\sqmnoopt16.sqm
[2007/06/06 00:17|--ah-----|244] C:\sqmnoopt17.sqm
[2007/06/06 00:17|--ah-----|244] C:\sqmnoopt18.sqm
[2007/06/13 08:23|--ah-----|244] C:\sqmnoopt19.sqm
[2009/05/21 21:42|--a------|0] C:\Tech_Vista.log
[2006/08/09 12:26|--a------|188] C:\touchpad.log
[2009/09/16 04:05|--a------|5767] C:\UsbFix.txt
[2008/09/12 04:49|--a------|150] C:\YServer.txt
[2002/08/29 15:00|---hs----|47580] D:\NTDETECT.COM
[2003/05/27 13:26|---hs----|245920] D:\NTLDR
[2003/05/27 13:27|---hs----|245920] D:\stldr
[2006/08/09 12:08|--ahs----|600] D:\master.log
[2001/06/17 23:31|---hs----|0] D:\graph
[2001/06/17 23:31|---hs----|0] D:\graph16
[2002/09/10 15:54|---hs----|40960] D:\Info.exe
[2004/01/13 11:14|---hs----|0] D:\move
[2004/01/13 11:14|---hs----|0] D:\ntfs
[2003/06/12 18:43|---hs----|96774] D:\warning.bmp
[2002/08/29 13:00|---hs----|10] D:\win51
[2001/01/22 03:00|---hs----|11] D:\win51.b2
[2001/07/25 04:00|---hs----|11] D:\win51.rc1
[2001/07/25 09:47|---hs----|11] D:\win51.rc2
[2001/08/23 11:00|---hs----|10] D:\win51ic
[2001/03/20 03:00|---hs----|11] D:\win51ic.b2
[2001/07/25 04:00|---hs----|11] D:\win51ic.rc1
[2001/07/25 04:00|---hs----|11] D:\win51ic.rc2
[2002/08/29 13:00|---hs----|10] D:\win51ip
[2001/01/22 03:00|---hs----|11] D:\win51ip.b2
[2001/07/25 09:47|---hs----|11] D:\win51ip.rc2
[2002/08/29 13:00|---hs----|2] D:\win51ip.sp1
[2001/09/13 20:29|---hs----|185] D:\winbom.ini
[2004/01/13 11:14|---hs----|0] D:\xga
[2004/05/04 10:46|---hs----|0] D:\menund
[2004/09/13 14:57|---hs----|15226] D:\Folder.htt
[2004/09/10 16:36|---hs----|362654] D:\protect.ed
[2006/08/09 12:08|--ahs----|588] D:\BATCH.LOG
[2006/08/09 12:08|---hs----|243830] D:\MassStorage.log
[2006/08/09 12:08|---hs----|0] D:\FULL
[2005/08/03 16:33|--ahs----|472] D:\USER
[2002/05/30 10:24|---hs----|284] D:\BATCH.OLD
[2009/01/28 19:59|---hs----|29018] F:\.VolumeIcon.icns
[2009/01/28 19:59|---hs----|25214] F:\.VolumeIcon.ico
[2009/08/20 16:07|--a------|732442624] F:\l.incident.de.shinjuku.2009.VOSTFR.DVDRIP.XVID-BN.DIV.avi
[2009/01/28 19:59|---h-----|390] F:\LaCie.ini
[2009/08/16 19:40|--a------|730652672] F:\Ma Prof Est Une BomBe.avi
[2009/07/02 18:49|---hs----|348160] F:\msvcr71.dll
[2009/08/21 12:49|--a------|734800488] F:\Qui Veut La Peau De Roger Rabbit.avi
[2009/03/24 05:02|--ahs----|5120] F:\Thumbs.db

################## | ! Fin du rapport # UsbFix V6.033 ! |
0
Réponse 19 / 35
nico987 Messages postés 783 Statut Membre 93
 
télécharge Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3 (Team IDN) sur ton Bureau.

Tu le lances, tu fais l'option 1 et poste moi le rapport.
0
Réponse 20 / 35
Nekojita Messages postés 18 Statut Membre
 
hop

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2300 @ 1.66GHz )
BIOS : Rev 1.0
USER : sapinsapin ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
Firewall : COMODO Firewall Pro 3.0 (Activated)
C:\ (Local Disk) - NTFS - Total:86 Go (Free:4 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:5 Go)
E:\ (CD or DVD)
G:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 2009/09/16|22:25 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\SAPINS~1\Cookies\sapinsapin@baidu[1].txt

-----------\\ Extensions

(sapinsapin) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(sapinsapin) - {89f8dde0-010a-11da-8cd6-0800200c9a66} => extuninstallapi
(sapinsapin) - {89f8dde0-010a-11da-8cd6-0800200c9a66} => ym_notifier
(sapinsapin) - {d176c86a-1eac-2cce-1757-bc0dbc6c526c} => xeconv
(sapinsapin) - {DDC359D1-844A-42a7-9AA1-88A850A938A8} => chrome

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
"Url"="http://www.microsoft.com/athome/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\SAPINS~1\My Documents\My Music\Eminem - Relapse (2009)\18 Eminem - Crack A Bottle [Feat. Dr. Dre And 50 Cent].mp3
C:\DOCUME~1\SAPINS~1\My Documents\torrent\NetLimiter 2 Pro\crack
C:\DOCUME~1\SAPINS~1\My Documents\torrent\NetLimiter 2 Pro\crack\arn.nfo
C:\DOCUME~1\SAPINS~1\My Documents\torrent\NetLimiter 2 Pro\crack\crack
C:\DOCUME~1\SAPINS~1\My Documents\torrent\NetLimiter 2 Pro\crack\crack\patch.exe

1 - "C:\ToolBar SD\TB_1.txt" - 2009/09/16|22:28 - Option : [1]

-----------\\ Fin du rapport a 22:28:20.50
0

Discussions similaires

FOTOSE (allemagne)
lix -
Yves -

13 réponses
Navigateur web sur Hisense 43A7100F
Zadeck -
Lineak -

7 réponses
Comment trouver l'adresse internet des pages d'un site ?
titin88 -
titin88 -

6 réponses
Acces a Internet depuis sa television
clemouharry -
Steffy -

53 réponses