Sujet Précédent Sujet Suivant

Pc infecté

zoom_10 Messages postés 49 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

voila j fait un analyse de hijackthis et voici le rapport :
Logfile of random's system information tool 1.06 (written by random/random)
Run by barca at 2009-10-10 21:40:32
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 12 GB (16%) free of 76 GB
Total RAM: 511 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:59, on 10/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\barca\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\barca.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.conduit.com/Default.aspx?ctid=CT1940427
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/Default.aspx?ctid=CT1940427
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SonicProxy] C:\Program Files\smscut.com\SonicProxy\sonicproxy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{686EF212-62D1-497B-B2B2-27D3C1AD5B9F}: NameServer = 208.67.222.222 193.95.93.55
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8854 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-06 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]
smscut Toolbar - C:\Program Files\smscut\tbsmsc.dll [2009-04-01 2086936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{95daa571-4def-4a6d-97d8-98a346672a24} - SYSTRAN Toolbar - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]
{88f8c352-20c7-4051-aaa1-5466cd5e5f63} - smscut Toolbar - C:\Program Files\smscut\tbsmsc.dll [2009-04-01 2086936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"srmclean"=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-12-06 185872]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2002-12-17 49152]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [2003-03-11 172032]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 40960]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SonicProxy"=C:\Program Files\smscut.com\SonicProxy\sonicproxy.exe [2009-09-22 925696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\48712915087986023227330811513021]
C:\Program Files\Antivirus 2009\av2009.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\barca\Bureau\utorrent.exe"="C:\Documents and Settings\barca\Bureau\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe:*:Disabled:Kaspersky Anti-Virus"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\SYSTRAN\6\SystranDictionaryManager.exe"="C:\Program Files\SYSTRAN\6\SystranDictionaryManager.exe:*:Enabled:SYSTRAN Dictionary Manager"
"C:\Program Files\SYSTRAN\6\SystranTranslationProjectManager.exe"="C:\Program Files\SYSTRAN\6\SystranTranslationProjectManager.exe:*:Enabled:SystranTranslationProjectManager"
"C:\Program Files\SYSTRAN\6\Dicts\SystranTranslationEngine.exe"="C:\Program Files\SYSTRAN\6\Dicts\SystranTranslationEngine.exe:*:Enabled:Systran Translation Engine "
"C:\Program Files\SYSTRAN\6\Dicts\SystranCodingEngine.exe"="C:\Program Files\SYSTRAN\6\Dicts\SystranCodingEngine.exe:*:Enabled:Systran Coding Engine "
"C:\Program Files\SYSTRAN\6\SystranToolbar.exe"="C:\Program Files\SYSTRAN\6\SystranToolbar.exe:*:Enabled:SYSTRAN Translation Toolbar"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\smscut.com\SonicProxy\sonicpv3.exe"="C:\Program Files\smscut.com\SonicProxy\sonicpv3.exe:*:Enabled:sonicpv3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31232f48-eb11-11dd-b4fd-0002e33340a9}]
shell\AutoRun\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe
shell\open\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46fcf948-3966-11de-b5d1-0002e33340a9}]
shell\AutoRun\command - fbak.exe
shell\open\command - fbak.exe

======List of files/folders created in the last 1 months======

2009-10-10 21:40:32 ----D---- C:\rsit
2009-10-08 23:01:31 ----A---- C:\TCleaner.txt
2009-10-08 22:48:28 ----D---- C:\WINDOWS\system32\updfiles
2009-10-08 21:50:24 ----D---- C:\Program Files\Avira
2009-10-08 21:50:24 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-10-02 22:08:44 ----D---- C:\Program Files\smscut
2009-10-02 22:08:42 ----D---- C:\tmp
2009-10-02 22:08:40 ----D---- C:\Documents and Settings\barca\Application Data\WinRAR
2009-10-02 22:08:19 ----D---- C:\Program Files\smscut.com
2009-10-02 18:00:23 ----D---- C:\Documents and Settings\barca\Application Data\ESET
2009-10-02 17:56:44 ----D---- C:\Program Files\ESET
2009-10-02 17:56:44 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-10-02 17:32:33 ----D---- C:\WINDOWS\ie8updates
2009-10-02 17:29:05 ----HDC---- C:\WINDOWS\ie8
2009-10-02 12:46:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-10-02 03:06:47 ----D---- C:\90f3d8fe1a5199721d
2009-10-01 20:24:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-01 20:23:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-01 20:23:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-01 20:23:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-01 20:23:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-01 20:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-10-01 20:22:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-10-01 20:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-01 20:22:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-01 20:22:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-01 20:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-01 20:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-01 20:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-10-01 20:21:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-01 20:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-01 20:20:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-01 20:16:38 ----D---- C:\Documents and Settings\barca\Application Data\Apple Computer
2009-10-01 20:16:15 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-10-01 20:15:21 ----D---- C:\Program Files\iPod
2009-10-01 20:15:11 ----D---- C:\Program Files\iTunes
2009-10-01 20:15:11 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-01 20:14:22 ----D---- C:\Program Files\Bonjour
2009-10-01 20:13:39 ----D---- C:\Program Files\QuickTime
2009-10-01 20:13:38 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-10-01 20:13:01 ----D---- C:\Program Files\Apple Software Update
2009-10-01 20:12:32 ----D---- C:\Program Files\Fichiers communs\Apple
2009-10-01 20:12:31 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-09-21 22:55:17 ----A---- C:\~GLHTTP1.TMP

======List of files/folders modified in the last 1 months======

2009-10-10 21:40:59 ----D---- C:\Program Files\trend micro
2009-10-10 21:40:31 ----D---- C:\WINDOWS\Prefetch
2009-10-10 21:38:20 ----D---- C:\Program Files\Mozilla Firefox
2009-10-10 19:01:47 ----D---- C:\WINDOWS\Temp
2009-10-10 18:53:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-10 18:51:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-08 22:48:28 ----D---- C:\WINDOWS\system32
2009-10-08 22:44:01 ----D---- C:\WINDOWS
2009-10-08 22:43:23 ----D---- C:\Program Files\Hotspot_Shield
2009-10-08 22:29:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-08 22:29:37 ----D---- C:\WINDOWS\system32\drivers
2009-10-08 22:23:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-08 21:50:50 ----HD---- C:\WINDOWS\inf
2009-10-08 21:50:24 ----RD---- C:\Program Files
2009-10-08 21:46:02 ----SHD---- C:\WINDOWS\Installer
2009-10-08 21:45:54 ----D---- C:\WINDOWS\WinSxS
2009-10-06 23:40:54 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-04 22:35:42 ----D---- C:\Program Files\Fichiers communs
2009-10-04 17:26:47 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-04 11:26:35 ----D---- C:\Documents and Settings\barca\Application Data\uTorrent
2009-10-03 12:32:05 ----D---- C:\WINDOWS\Debug
2009-10-02 19:33:25 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-10-02 18:06:57 ----D---- C:\WINDOWS\system32\fr-fr
2009-10-02 18:06:56 ----D---- C:\WINDOWS\Media
2009-10-02 18:06:56 ----D---- C:\Program Files\Internet Explorer
2009-10-02 18:06:55 ----D---- C:\WINDOWS\Help
2009-10-02 12:47:23 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-02 03:36:44 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-02 03:36:39 ----RSD---- C:\WINDOWS\assembly
2009-10-02 03:15:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-02 03:07:49 ----D---- C:\WINDOWS\system32\XPSViewer
2009-10-02 03:07:45 ----D---- C:\WINDOWS\system32\en-us
2009-10-02 03:07:37 ----RSD---- C:\WINDOWS\Fonts
2009-10-02 00:22:24 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-01 20:21:56 ----D---- C:\Program Files\Outlook Express
2009-10-01 20:16:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-01 20:13:06 ----SD---- C:\WINDOWS\Tasks
2009-10-01 12:44:13 ----D---- C:\Documents and Settings\barca\Application Data\Real
2009-09-21 22:56:46 ----SD---- C:\Documents and Settings\barca\Application Data\Microsoft
2009-09-21 21:46:36 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-02-06 56280]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2002-09-09 41728]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-20 607452]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46848]
S3 ac97intc;Service d'installation du pilote audio Intel(r) 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-23 117760]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 adpu320;adpu320; C:\WINDOWS\System32\DRIVERS\adpu320.sys [2002-05-09 105472]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 Symmpi;Symmpi; C:\WINDOWS\System32\DRIVERS\symmpi.sys [2002-04-04 28416]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EHttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Configuration: Windows XP
Firefox 3.5.3
A voir également:

62 réponses

  • 1
  • 2
  • 3
  • 4
Réponse 1 / 62
nico987 Messages postés 783 Statut Membre 93
 
Télécharge genproc ici : http://www.genproc.com/GenProc.exe

Tu le lances (double clic) et tu le laisses faire, après tu réponds oui à la question et tu me postes le rapport.
0
Réponse 2 / 62
Utilisateur anonyme
 
Hello !

Tu as un Rogue dans ta machine il s'agit de : Antivirus 2009

► Installe sur ton bureaux Smitfraudix

Clique ici pour installer Smitfraudix

● Fais un clic droit puis Extraire tout sur le fichier SmitfraudFix.zip

● Ouvre le dossier SmitfraudFix double clic surSmitfraudFix.cmd

● Choisis l'option 1 (Recherche) et appuie sur Entrée

● Réponds (Oui) aux deux questions suivantes si elles sont posées

Un rapport sera généré copie/colle le contenu du rapport ici

# Tuto
0
Réponse 3 / 62
zoom_10 Messages postés 49 Statut Membre
 
voici le rapport nico987
Rapport GenProc 2.637 [1] - 12/10/2009 à 17:43:29
@ Windows XP Service Pack 3 - Mode normal
@ Mozilla Firefox (3.5.3) [Navigateur par défaut]

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Poste un rapport NanoScan https://www.micro-astuce.com/securite/NanoScan-Panda.php

~~~~ INFORMATION COMPLEMENTAIRE ~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:13, on 12/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\barca_GenProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.conduit.com/Default.aspx?ctid=CT1940427
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/Default.aspx?ctid=CT1940427
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SonicProxy] C:\Program Files\smscut.com\SonicProxy\sonicproxy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{686EF212-62D1-497B-B2B2-27D3C1AD5B9F}: NameServer = 193.95.67.20 193.95.93.77
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0
Réponse 4 / 62
nico987 Messages postés 783 Statut Membre 93
 
oui y'a un rogue mais malwarebytes devrait faire l'affaire ?
Fais ce que de dis helpeur mask
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 62
Utilisateur anonyme
 
Re'!

mais malwarebytes devrait faire l'affaire ?

> Smitfraudix d'abord
> Malwarebyte's ensuite

https://forums.commentcamarche.net/forum/affich-14730456-pc-infecte#2
0
Réponse 6 / 62
nico987 Messages postés 783 Statut Membre 93
 
ok, tu prends la suite ?
Je te la laisse A+
0
Réponse 7 / 62
zoom_10 Messages postés 49 Statut Membre
 
SmitFraudFix v2.424

Rapport fait à 17:50:16,32, 12/10/2009
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\barca

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\barca\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\barca\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\barca\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order:

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order:
DNS Server Search Order:

HKLM\SYSTEM\CCS\Services\Tcpip\..\{17EE0774-F3D4-499F-8218-D278ADB5640D}: DhcpNameServer=xxxx
HKLM\SYSTEM\CCS\Services\Tcpip\..\{686EF212-62D1-497B-B2B2-27D3C1AD5B9F}: NameServer=xx=x
HKLM\SYSTEM\CS1\Services\Tcpip\..\{686EF212-62D1-497B-B2B2-27D3C1AD5B9F}: NameServer=xx
HKLM\SYSTEM\CS3\Services\Tcpip\..\{17EE0774-F3D4-499F-8218-D278ADB5640D}: DhcpNameServer=x
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=xxxxxxxxxxx
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=xxxxxxx
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=xxxxxx

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 8 / 62
Utilisateur anonyme
 
Il a rien trouvé :/

(!) Ne pas ouvrir d'application pendant le scan (!)

(!) Faire une mise à jour du logiciel avant manipulation (!)

Installe Malwarbytes sur ton bureaux

°•..•°¯°•..•°¯°•..-> Malwarebyte's <-..•°¯°•..•°¯°•..•°

• Sélectionne "Exécuter un examen complet" puis clique sur le bouton Rechercher
• Clique sur le bouton "Lancer l'examen" pour démarrer le scan.
• Clique sur le bouton "Supprimer la sélection" en bas à gauche.
• Un rapport de scan s'ouvre, sélectionne tout copie le et colle le dans ta prochaine réponse.

¯¥¯ Tuto ¯¥¯
0
Réponse 9 / 62
zoom_10 Messages postés 49 Statut Membre
 
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2947
Windows 5.1.2600 Service Pack 3

12/10/2009 19:21:39
mbam-log-2009-10-12 (19-21-39).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 155260
Temps écoulé: 1 hour(s), 4 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 10 / 62
Utilisateur anonyme
 
Fait ceci :

► Installe Combofix ( de sUBs ) sur ton bureaux

* Pour installer Combofix clique ici

(!) Avant de l'utiliser deconnécte toute tes connexion à Internet et tout les programmes en cours d'execution (!)

# Désactive Pare-feu, Antivirus, Antispyware #

● Double clic sur l'icône de ComboFix située sur le Bureau

Une fenêtre bleu va s'ouvrir ... [!] Ne pas ouvrir de programmes [!]

Un message va apparaitre tu clique sur "Oui"

Un rapport s'ouvrira à la fin de l'analyse envoie son contenue dans ta prochaine reponse et n'oublie pas de réactiver la protection en temp réel de ton antivirus .

Si tu trouve des difficultés pendant l'installation suit ce lien :

Tuto Combofix
0
Réponse 11 / 62
zoom_10 Messages postés 49 Statut Membre
 
ComboFix 09-10-11.03 - barca 12/10/2009 19:56.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.186 [GMT 2:00]
Lancé depuis: c:\documents and settings\barca\Mes documents\Téléchargements\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\~GLHTTP1.TMP
c:\recycler\S-1-5-21-4111091497-1573172060-436452843-1003
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-12 au 2009-10-12 ))))))))))))))))))))))))))))))))))))
.

2009-10-12 16:51 . 2009-10-12 16:51 -------- d-----w- c:\windows\LastGood
2009-10-12 15:43 . 2009-10-12 15:43 -------- d-----w- C:\GenProc
2009-10-10 19:40 . 2009-10-10 19:41 -------- d-----w- C:\rsit
2009-10-08 20:48 . 2009-10-12 17:20 -------- d-----w- c:\windows\system32\updfiles
2009-10-08 20:22 . 2009-10-08 20:25 26973 ----a-w- c:\windows\system32\epfwdata.bin
2009-10-08 20:07 . 2009-10-08 20:07 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-10-08 19:50 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-08 19:50 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-08 19:50 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-08 19:50 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-08 19:50 . 2009-10-08 19:50 -------- d-----w- c:\program files\Avira
2009-10-08 19:50 . 2009-10-08 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-04 20:10 . 2009-10-04 20:10 -------- d-sh--w- c:\documents and settings\barca\PrivacIE
2009-10-03 12:59 . 2009-10-03 12:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\smscut
2009-10-03 12:59 . 2009-10-03 12:59 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-03 12:59 . 2009-10-03 12:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-03 10:31 . 2009-10-03 10:31 -------- d-sh--w- c:\documents and settings\barca\IECompatCache
2009-10-02 20:23 . 2009-10-02 20:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-02 20:08 . 2009-10-04 20:11 -------- d-----w- c:\documents and settings\barca\Local Settings\Application Data\smscut
2009-10-02 20:08 . 2009-10-02 20:08 -------- d-----w- c:\program files\smscut
2009-10-02 20:08 . 2009-10-12 00:11 -------- d-----w- C:\tmp
2009-10-02 20:08 . 2009-10-02 20:08 -------- d-----w- c:\program files\smscut.com
2009-10-02 16:07 . 2009-10-02 16:07 -------- d-sh--w- c:\documents and settings\barca\IETldCache
2009-10-02 16:00 . 2009-10-02 16:00 -------- d-----w- c:\documents and settings\barca\Application Data\ESET
2009-10-02 15:56 . 2009-10-02 15:56 -------- d-----w- c:\program files\ESET
2009-10-02 15:56 . 2009-10-02 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-10-02 15:32 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-02 15:32 . 2009-10-02 15:33 -------- d-----w- c:\windows\ie8updates
2009-10-02 15:31 . 2009-07-03 16:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-02 15:31 . 2009-07-03 16:57 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-02 15:29 . 2009-10-02 15:31 -------- dc-h--w- c:\windows\ie8
2009-10-02 01:06 . 2009-10-02 01:07 -------- d-----w- C:\90f3d8fe1a5199721d
2009-10-01 18:16 . 2009-10-02 15:14 -------- d-----w- c:\documents and settings\barca\Application Data\Apple Computer
2009-10-01 18:16 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-01 18:16 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-01 18:15 . 2009-10-01 18:15 -------- d-----w- c:\program files\iPod
2009-10-01 18:15 . 2009-10-01 18:16 -------- d-----w- c:\program files\iTunes
2009-10-01 18:15 . 2009-10-01 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-01 18:14 . 2009-10-01 18:14 -------- d-----w- c:\program files\Bonjour
2009-10-01 18:13 . 2009-10-01 18:14 -------- d-----w- c:\program files\QuickTime
2009-10-01 18:13 . 2009-10-01 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-01 18:13 . 2009-10-01 18:13 -------- d-----w- c:\documents and settings\barca\Local Settings\Application Data\Apple
2009-10-01 18:13 . 2009-10-01 18:13 -------- d-----w- c:\program files\Apple Software Update
2009-10-01 18:12 . 2009-10-01 18:15 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-10-01 18:12 . 2009-10-01 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-01 18:12 . 2009-10-02 15:14 -------- d-----w- c:\documents and settings\barca\Local Settings\Application Data\Apple Computer
2009-10-01 11:03 . 2009-06-21 21:47 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-01 10:59 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 16:14 . 2009-01-07 19:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 19:40 . 2009-01-07 11:25 -------- d-----w- c:\program files\trend micro
2009-10-08 20:43 . 2009-04-19 14:43 -------- d-----w- c:\program files\Hotspot_Shield
2009-10-08 20:23 . 2009-03-13 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-04 09:26 . 2008-11-17 14:55 -------- d-----w- c:\documents and settings\barca\Application Data\uTorrent
2009-10-02 15:12 . 2008-11-25 09:18 40344 ----a-w- c:\documents and settings\barca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-02 01:15 . 2002-10-28 18:06 85544 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-02 01:15 . 2002-10-28 18:06 510622 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-01 22:22 . 2009-02-05 18:29 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 12:54 . 2009-01-07 19:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-01-07 19:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-06 17:24 . 2008-11-17 10:58 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2008-11-17 10:58 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2008-11-17 10:58 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2007-07-30 18:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2002-08-29 18:45 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2002-08-29 18:44 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2008-11-17 10:58 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2008-11-25 21:20 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2008-11-25 21:20 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 17:23 . 2002-08-29 18:45 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:00 . 2008-11-11 20:35 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:35 . 2001-08-24 00:47 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:35 . 2001-08-24 00:47 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:03 . 2002-08-29 18:44 58880 ----a-w- c:\windows\system32\atl.dll
2009-03-04 15:34 . 2009-02-11 17:25 56 --sh--r- c:\windows\system32\F712D6C8D4.sys
2009-03-04 15:34 . 2009-02-11 16:34 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88f8c352-20c7-4051-aaa1-5466cd5e5f63}"= "c:\program files\smscut\tbsmsc.dll" [2009-04-01 2086936]

[HKEY_CLASSES_ROOT\clsid\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]
2009-04-01 12:27 2086936 ----a-w- c:\program files\smscut\tbsmsc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88f8c352-20c7-4051-aaa1-5466cd5e5f63}"= "c:\program files\smscut\tbsmsc.dll" [2009-04-01 2086936]

[HKEY_CLASSES_ROOT\clsid\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88F8C352-20C7-4051-AAA1-5466CD5E5F63}"= "c:\program files\smscut\tbsmsc.dll" [2009-04-01 2086936]

[HKEY_CLASSES_ROOT\clsid\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SonicProxy"="c:\program files\smscut.com\SonicProxy\sonicproxy.exe" [2009-09-22 925696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-12-06 185872]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SYSTRAN\\6\\SystranDictionaryManager.exe"=
"c:\\Program Files\\SYSTRAN\\6\\SystranTranslationProjectManager.exe"=
"c:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranTranslationEngine.exe"=
"c:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranCodingEngine.exe"=
"c:\\Program Files\\SYSTRAN\\6\\SystranToolbar.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\smscut.com\\SonicProxy\\sonicpv3.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [08/10/2009 21:50 108289]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [06/02/2009 14:23 727720]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [24/03/2009 16:18 55152]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com/Default.aspx?ctid=CT1940427
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: Consulter les dictionnaires (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/lookup.js
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Traduire (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/translate.js
TCP: {686EF212-62D1-497B-B2B2-27D3C1AD5B9F} = 193.95.67.20 193.95.93.77
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\barca\Application Data\Mozilla\Firefox\Profiles\eaj4o6z1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1940427&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - smscut Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1940427&SearchSource=2&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\barca\Application Data\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\barca\Application Data\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
FF - plugin: c:\program files\Microsoft Silverlight\3.0.40818.0\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.proxy.autoconfig_url - hxxp://www.smscut.com/proxy.pac
FF - user.js: network.proxy.backup.ftp -
FF - user.js: network.proxy.backup.ftp_port - 0
FF - user.js: network.proxy.backup.gopher -
FF - user.js: network.proxy.backup.gopher_port - 0
FF - user.js: network.proxy.backup.socks -
FF - user.js: network.proxy.backup.socks_port - 0
FF - user.js: network.proxy.backup.ssl -
FF - user.js: network.proxy.backup.ssl_port - 0
FF - user.js: network.proxy.ftp - 127.0.0.1
FF - user.js: network.proxy.ftp_port - 8080
FF - user.js: network.proxy.gopher - 127.0.0.1
FF - user.js: network.proxy.gopher_port - 8080
FF - user.js: network.proxy.http - 127.0.0.1
FF - user.js: network.proxy.http_port - 8080
FF - user.js: network.proxy.share_proxy_settings - true
FF - user.js: network.proxy.socks - 127.0.0.1
FF - user.js: network.proxy.socks_port - 8080
FF - user.js: network.proxy.ssl - 127.0.0.1
FF - user.js: network.proxy.ssl_port - 8080
FF - user.js: network.proxy.type - 2
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 20:00
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-10-12 20:02
ComboFix-quarantined-files.txt 2009-10-12 18:02

Avant-CF: 30 176 133 120 octets libres
Après-CF: 30 198 554 624 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

243 --- E O F --- 2009-10-11 00:15
0
Réponse 12 / 62
Utilisateur anonyme
 
/!\ Désactive temporairement ton antivirus /!\

~~~~~~~~~~Ad Remover~~~~~~~~

Installe AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

*Lance l'installation avec les paramètres par défaut.

*Double-clique sur le raccourci Ad-Remover sur ton Bureau.

*Choisit ta langue F pour française.

*Au menu principal, choisis l'option S.

{!} Laisse travailler l'outil {!}

Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

0
Réponse 13 / 62
zoom_10 Messages postés 49 Statut Membre
 
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_Y | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 11.10.2009 à 13:06
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 20:20:15, 12/10/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: AMINE | Utilisateur actuel: barca
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

HKCU\Software\AppDataLow\AskBarDis
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
.
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\searchplugins\ask.xml
C:\Program Files\Mozilla FireFox\Components\AskSearch.js
C:\DOCUME~1\barca\Cookies\barca@search.conduit[2].txt
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.3 [fr] *
.
Nom du profil: eaj4o6z1.default (barca)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Live Search");
(Prefs.js) user_pref("browser.search.selectedEngine", "smscut Customized Web Search");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1940427&SearchSource=3&q={searchTerms}");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:fr:official");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.3");
(Invalidprefs.js) user_pref("browser.startup.homepage","<BODY bgColor="#FFFFFF" leftMargin=0 topMargin=0 rightMargin=0>
(Invalidprefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.5");
.
(prefs.js) TROUVÉ: user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1");
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://search.conduit.com/Default.aspx?ctid=CT1940427
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\barca\Favoris\Systran 6 Premium Translator 2007 World Edition Fr\Patch d'Installation et guides\Lancer ce patch avant l'installation de systran.exe
C:\Documents and Settings\barca\Mes documents\T‚l‚chargements\Serial_No..rar
.
===================================
.
3135 Octet(s) - C:\Ad-Report-SCAN[1].log
.
1 Fichier(s) - C:\DOCUME~1\barca\LOCALS~1\Temp
0 Fichier(s) - C:\WINDOWS\Temp
.
0 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 20:26:50 | 12/10/2009 - SCAN[1]
.
============== E.O.F ==============
.
0
Réponse 14 / 62
Utilisateur anonyme
 
C'est pas bien du tout sa ^^

C:\Documents and Settings\barca\Favoris\Systran 6 Premium Translator 2007 World Edition Fr\Patch d'Installation et guides\Lancer ce patch avant l'installation de systran.exe
C:\Documents and Settings\barca\Mes documents\T‚l‚chargements\Serial_No..rar

C'est des cracks faut les supprimer =)

Relance Ad-Remover,

● Au menu principal choisi l'option "L" et tape sur [entrée] .

● Laisse travailler l'outil et ne touche à rien ...

● Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 15 / 62
zoom_10 Messages postés 49 Statut Membre
 
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_Y | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 11.10.2009 à 13:06
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 20:38:59, 12/10/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: AMINE | Utilisateur actuel: barca
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

HKCU\Software\AppDataLow\AskBarDis
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
.
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest.dev
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.bak
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome\ajtoolbar.jar
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.gif
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.src
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat.bak
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\snipit.js
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\manifest.mf
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.rsa
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.sf
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
C:\DOCUME~1\barca\APPLIC~1\Mozilla\Firefox\Profiles\eaj4o6z1.default\searchplugins\ask.xml
C:\Program Files\Mozilla FireFox\Components\AskSearch.js
C:\DOCUME~1\barca\Cookies\barca@search.conduit[2].txt

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.3 [fr] *
.
Nom du profil: eaj4o6z1.default (barca)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Live Search");
(Prefs.js) user_pref("browser.search.selectedEngine", "smscut Customized Web Search");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1940427&SearchSource=3&q={searchTerms}");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:fr:official");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.3");
(Invalidprefs.js) user_pref("browser.startup.homepage","<BODY bgColor="#FFFFFF" leftMargin=0 topMargin=0 rightMargin=0>
(Invalidprefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.5");
.
(prefs.js) EFFACÉ: user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1");
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\barca\Favoris\Systran 6 Premium Translator 2007 World Edition Fr\Patch d'Installation et guides\Lancer ce patch avant l'installation de systran.exe
C:\Documents and Settings\barca\Mes documents\T‚l‚chargements\Serial_No..rar
.
===================================
.
5774 Octet(s) - C:\Ad-Report-CLEAN[1].log
3459 Octet(s) - C:\Ad-Report-SCAN[1].log
.
1 Fichier(s) - C:\DOCUME~1\barca\LOCALS~1\Temp
0 Fichier(s) - C:\WINDOWS\Temp
.
20 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
11 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 20:45:08 | 12/10/2009 - CLEAN[1]
.
============== E.O.F ==============
.
0
Réponse 16 / 62
Utilisateur anonyme
 
Fait un rapport hijackthis ...
0
Réponse 17 / 62
zoom_10 Messages postés 49 Statut Membre
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by barca at 2009-10-12 21:07:44
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 29 GB (38%) free of 76 GB
Total RAM: 511 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:04, on 12/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\barca\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\barca.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SonicProxy] C:\Program Files\smscut.com\SonicProxy\sonicproxy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{686EF212-62D1-497B-B2B2-27D3C1AD5B9F}: NameServer = 208.67.222.222 193.95.93.55
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0
Réponse 18 / 62
Utilisateur anonyme
 
C:\Program Files\Antivirus 2009\av2009.exe []
2009-10-12 17:50:26 ----A---- C:\WINDOWS\system32\tmp.txt
S3 mbr;mbr; \??\C:\DOCUME~1\barca\LOCALS~1\Temp\mbr.sys []


Supprime sa manuellement :

C:\Program Files\Antivirus 2009\av2009.exe

0
Réponse 19 / 62
zoom_10 Messages postés 49 Statut Membre
 
le problème c'est que ce dossier n'existe pas????????????????
0
Réponse 20 / 62
Utilisateur anonyme
 
Bah si 0O

- Poste de travaille
- Disque local C:
- Programme files
- Antivirus 2009
0
  • 1
  • 2
  • 3
  • 4