Windows

Je ne sais pas de qui est le +1.

Merci de me soutenir dans ma démarche :)

bonjour trying2

étape 1 --> gratuit

étape 2 --> http://www.cijoint.fr/cjlink.php?file=cj200910/cijguOX5i1.txt

les autres à suivre

étape 3 -->


.
======= RAPPORT D'AD-REMOVER 1.1.4.6_A | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 18.10.2009 à 19:05
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 7:57:32, 25/10/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: BAROUNETTE | Utilisateur actuel: pat
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

HKCU\Software\iMesh
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKCU\Software\Search Settings
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Search Settings
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKLM\Software\Classes\CLSID\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
.
C:\DOCUME~1\pat\APPLIC~1\Search Settings
C:\Program Files\Dealio
C:\Program Files\iMesh Applications
C:\Program Files\Search Settings
C:\Windows\Installer\4721d3.msi
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.3 [fr] *
.
Nom du profil: gdzpy4hh.default (pat)
.
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.3");
.
.
* Internet Explorer Version 7.0.5730.11 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://mystart.incredimail.com/
Search Page: hxxp://www.google.com
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://fr.yahoo.com
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://fr.yahoo.com
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Bases\Patches\patch_ppro_5.0.388_390_to_5.0.391.exe
.
===================================
.
2746 Octet(s) - C:\Ad-Report-SCAN[1].log
.
1892 Fichier(s) - C:\DOCUME~1\pat\LOCALS~1\Temp
6980 Fichier(s) - C:\WINDOWS\Temp
.
0 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 8:05:20 | 25/10/2009 - SCAN[1]
.
============== E.O.F ==============
.

derniere étape 4

http://www.cijoint.fr/cjlink.php?file=cj200910/cijWikWwFT.txt



merci encore pour ton aide

a+

bonsoir trying2

après la journée de travail je reprend la suite ,

Bon alors , 1 réponse quand même a propos de sophos ,


je ne l'ai pas téléchargé ,
sur mon PC de boulot , j'ai sophos , il restait une licence lors de l'achat , je l'ai récupérer .
par contre je ne connait pas l'expiration


je lance la suite de l'analyse

bonjour ,


ci joint le rapport OTM


All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
c:\program files\fichiers communs\boonty shared\service\Boonty.exe moved successfully.
c:\gendel32.exe moved successfully.
C:\WINDOWS\system32\6334.exe moved successfully.
C:\WINDOWS\system32\18467.exe moved successfully.
C:\WINDOWS\system32\41.exe moved successfully.
File/Folder C:\windows\system32\yywfwqw.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 68102 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 8638203 bytes

User: margaux
->Temp folder emptied: 4208117 bytes
->Temporary Internet Files folder emptied: 112413490 bytes
->Java cache emptied: 734557 bytes
->FireFox cache emptied: 63307496 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 525178 bytes

User: nini

User: pat
->Temp folder emptied: 16390601 bytes
->Temporary Internet Files folder emptied: 3460057 bytes
->Java cache emptied: 45659874 bytes
->FireFox cache emptied: 37419040 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2676224 bytes
Windows Temp folder emptied: 43112 bytes
RecycleBin emptied: 3284396 bytes

Total Files Cleaned = 285,04 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10312009_072055

Files moved on Reboot...

Registry entries deleted on Reboot...

malwarebytes --> aucun élément infecté

je continue

rapport rist

merci encore , car je trouve que l'ordi se comporte tres bien ,

Logfile of random's system information tool 1.06 (written by random/random)
Run by pat at 2009-10-31 07:53:00
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 13 GB (9%) free of 141 GB
Total RAM: 1023 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:53:01, on 31/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\pat\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\pat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: (no name) - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://ssl-tb.sitadelle.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.1.0.56.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Unknown owner - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (file missing)
O23 - Service: Sophos Anti-Virus (SAVService) - Unknown owner - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (file missing)
O23 - Service: Sophos AutoUpdate Service - Unknown owner - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (file missing)

ok
merci

je joint le fichier --> ok

pour l'adresse URL il faut quoi ? rien je suppose

pour l'adresse mail il faut quoi ? rien je suppose

ensuite il faut cliquer sur créer le lien Cjoint ?

rien ne se passe

pardon , je débute

merci encore

merci pour ta réponse ,

je fait ça après en début apres midi

j'espere que c'est pas trop grave .

pourtant j'ai sophos
a+

ok suite analyse voici les résultats




Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3024
Windows 5.1.2600 Service Pack 2

24/10/2009 13:47:37
mbam-log-2009-10-24 (13-47-37).txt

Type de recherche: Examen rapide
Eléments examinés: 126225
Temps écoulé: 11 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 11
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 93

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\bdco1ins32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\70.tmp (Worm.P2P) -> Delete on reboot.
C:\Documents and Settings\pat\Local Settings\Temp\8.tmp (Trojan.Dropper) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0194300a-65de-4ac7-a93c-723c460df59f} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0194300a-65de-4ac7-a93c-723c460df59f} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bc249256684 (Trojan.Tracur) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0194300a-65de-4ac7-a93c-723c460df59f} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AVR (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jokoa (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\bdco1ins32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\bdco1ins32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\pat\Application Data\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Application Data\DriveCleaner 2006 Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedVirusRemover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\dsound3d32.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jokoa.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdco1ins32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\70.tmp (Worm.P2P) -> Delete on reboot.
C:\Documents and Settings\pat\Local Settings\Temp\8.tmp (Trojan.Dropper) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1511189617-1236991561-406543634-1006\Dc1.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4D.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cpuinf323232.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D7.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\c_iscii32.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\margaux\Local Settings\Temp\9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\7A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\9E.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\ptu3_tmp.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\ptuD7_tmp.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\ptuD8_tmp.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\ptuD9_tmp.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\1A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\1B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\1C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\1D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\2.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\26.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\27.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\3.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\33.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\38.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\3B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\6.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\69.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temp\7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Local Settings\Temporary Internet Files\Content.IE5\IGX7LYI9\dfghfghgfj[1].dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\pat\Application Data\DriveCleaner 2006 Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_coud.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_droit.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_vert.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\title-hepfile.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\3differentscan.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\contactus.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\found-objects.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\lexic.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\navigtabs.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\quarantine.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\register.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\321.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\321.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\322.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\322.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\323.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\323.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\324.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\324.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\325.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\325.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\326.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\326.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\327.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\327.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\328.music4.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\328.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anfeepke_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\djzgnet_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jokoa_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anfeepke_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\djzgnet_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jokoa_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d3dxof32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DBMSRPCN32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfrgsnap32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iassam32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.


LOG

Logfile of random's system information tool 1.06 (written by random/random)
Run by pat at 2009-10-24 13:50:22
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 12 GB (9%) free of 141 GB
Total RAM: 1023 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:38, on 24/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\pat\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\pat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo! France
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://ssl-tb.sitadelle.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.1.0.56.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL,C:\WINDOWS\System32\bdco1ins32.dll
O20 - Winlogon Notify: bc249256684 - C:\WINDOWS\System32\bdco1ins32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Client Firewall - Sophos Plc - C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
O23 - Service: Sophos Client Firewall Manager - Sophos Plc - C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe

############################## | UsbFix V6.042 |

User : pat (Administrateurs) # BAROUNETTE
Update on 15/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 08:14:36 | 25/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

AMD Athlon(tm) 64 Processor 3400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : Sophos Anti-Virus [ Enabled | Updated ]
FW : Sophos Client Firewall[ (!) Disabled ]

C:\ -> Disque fixe local # 137,53 Go (10,78 Go free) [ACER] # NTFS
D:\ -> Disque fixe local # 138,96 Go (125,75 Go free) [ACERDATA] # FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque fixe local # 149,01 Go (106,09 Go free) [My Passport] # FAT32
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
L:\ -> Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

C:\WINDOWS\system32\autorun.ini
G:\autorun.inf
G:\setup.exe

################## | Registre # Clés Run infectieuses |

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{24d0f48a-723e-11de-9683-00016ce49acd}
Shell\AutoRun\command =G:\InstallTomTomHOME.exe

HKCU\..\..\Explorer\MountPoints2\{a607c84e-6d31-11dc-8db6-00016ce49acd}
Shell\AutoRun\command =F:\start.exe
Shell\FramaKey\command =F:\start.exe

HKCU\..\..\Explorer\MountPoints2\{c81077a8-7bd9-11dd-954d-00016ce49acd}
Shell\AutoRun\command =G:\wdsync.exe

################## | ! Fin du rapport # UsbFix V6.042 ! |

etape 1




-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : pat ( Administrator )
BOOT : Normal boot
Antivirus : Sophos Anti-Virus (Activated)
Firewall : Sophos Client Firewall (Not Activated)
C:\ (Local Disk) - NTFS - Total:137 Go (Free:12 Go)
D:\ (Local Disk) - FAT32 - Total:138 Go (Free:125 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (Local Disk) - FAT32 - Total:149 Go (Free:106 Go)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 26/10/2009|18:55 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\margaux\APPLIC~1\Dealio
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\temp
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\blank.gif
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\DealioSearch.html
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\deals-endcap.gif
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\deals-leftcap.gif
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\deal_report.jpg
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\ebay_login.jpg
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\endcap22-bg.png
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\endcap22-left.png
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\endcap22-right-arrow.png
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\endcap22-right.png
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\err_mainwindow.html
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\err_toolbar.html
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\global_scripts.js
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\headerbgthin.jpg
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\logo.png
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\logo_over.png
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\man_toolbar.html
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\man_toolbar.js
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\pill_bg.gif
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\post-this-deal.gif
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\post-this-deal_over.gif
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\scripts.js
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\scroller.js
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\search-chevron.gif
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\search_bg_blink.gif
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\separator.gif
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\settings.gif
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\settings_over.gif
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\steals_bg.gif
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\toolbar_background.gif
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\res\yahoo_search.gif
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\index.76.35
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.10.76
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.109.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.110.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.12.52
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.13.58
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.130.58
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.135.50
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.153.44
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.155.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.156.49
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.16.60
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.161.52
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.178.66
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.184.55
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.188.52
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.189.45
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.196.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.198.56
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.199.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.200.53
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.201.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.202.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.203.71
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.205.62
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.213.71
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.214.49
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.215.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.216.67
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.217.67
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.218.52
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.219.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.220.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.221.57
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.222.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.223.68
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.226.68
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.227.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.228.62
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.229.76
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.23.63
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.239.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.24.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.240.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.241.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.242.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.243.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.244.63
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.245.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.247.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.248.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.249.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.250.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.251.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.252.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.253.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.254.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.255.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.256.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.257.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.279.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.28.58
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.282.75
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.283.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.284.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.289.67
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.290.62
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.291.61
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.296.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.297.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.304.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.307.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.308.75
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.31.47
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.310.46
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.311.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.315.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.316.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.317.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.318.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.319.49
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.32.48
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.334.44
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.335.60
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.336.44
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.337.44
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.338.75
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.339.47
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.34.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.340.47
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.341.47
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.349.50
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.35.48
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.350.50
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.351.51
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.352.54
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.353.51
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.354.51
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.357.62
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.358.52
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.359.52
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.360.53
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.361.54
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.362.68
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.363.58
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.364.54
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.365.53
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.367.56
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.368.58
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.369.55
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.370.56
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.371.56
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.372.57
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.373.55
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.375.56
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.376.57
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.377.55
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.378.65
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.384.58
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.386.71
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.387.59
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.388.59
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.389.59
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.390.60
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.391.60
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.392.60
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.393.60
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.394.60
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.396.61
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.397.61
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.398.60
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.399.60
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.403.61
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.404.63
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.405.61
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.406.61
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.407.76
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.408.63
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.409.61
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.412.62
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.413.62
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.414.62
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.415.62
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.416.62
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.417.62
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.418.62
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.419.62
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.420.62
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.421.62
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.423.63
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.424.63
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.425.63
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.426.63
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.427.63
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.428.65
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.429.63
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.430.63
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.432.65
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.433.64
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.434.65
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.435.64
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.436.76
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.437.64
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.438.71
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.439.71
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.440.75
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.442.73
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.443.73
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.444.73
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.445.68
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.446.69
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.450.67
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.451.67
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.452.68
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.453.68
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.454.69
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.456.69
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.457.75
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.458.70
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.459.70
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.460.69
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.462.74
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.463.69
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.464.70
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.465.68
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.468.70
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.469.70
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.470.70
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.471.73
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.472.70
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.478.74
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.479.73
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.480.68
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.481.71
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.482.74
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.49.67
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.50.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.500.71
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.501.74
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.502.71
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.51.69
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.52.72
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.520.76
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.521.76
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.522.76
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.53.51
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.531.76
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.532.75
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.534.75
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.54.47
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.55.45
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.56.69
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.57.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.58.47
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.593.76
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.595.76
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.63.57
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.66.47
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.70.75
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\rules\rules.1.71.43
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\temp\dealio-14360.log
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\temp\dod_cache.xml
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\temp\_toolbar_tmp_2612_3456_3.html
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\temp\_toolbar_tmp_3224_1588_1.html
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\temp\_toolbar_tmp_3224_1588_4.html
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\temp\_toolbar_tmp_3236_168_1.html
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\temp\_toolbar_tmp_3492_3856_1.html
C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125\temp\_toolbar_tmp_3492_3856_2.html
C:\Program Files\Multi_Media
C:\Program Files\Multi_Media\INSTALL.LOG
C:\Program Files\Piolet Toolbar
C:\Program Files\Piolet Toolbar\v3.2.0.0
C:\Program Files\Piolet Toolbar\v3.2.0.0\installer.ico
C:\DOCUME~1\margaux\APPLIC~1\Search Settings
C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125
C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125\res
C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125\temp
C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125\res\ErrorPageTemplate.css
C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125\res\help.gif
C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125\res\pixel.gif
C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125\res\tabdata.js
C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125\res\tablib.js
C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125\res\tabwelcome_en.html
C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125\res\tab_icon.png
C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125\res\toolbar_background.gif
C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125\res\vista_directions.png
C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125\res\xp_directions.png
C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125\res\yahoo_search.gif
C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125\temp\ws-14524.log

-----------\\ Extensions

(margaux) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(margaux) - {ded516b2-b5b5-440e-9a96-7005bc1d3dd4} => xulcache

(pat) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(pat) - {ded516b2-b5b5-440e-9a96-7005bc1d3dd4} => xulcache


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\pat\Bureau\Autocad 2008 fra\Crack
C:\DOCUME~1\pat\Bureau\Autocad 2008 fra\Crack\install.txt



1 - "C:\ToolBar SD\TB_1.txt" - 26/10/2009|18:56 - Option : [1]

-----------\\ Fin du rapport a 18:56:03,57

etape 2

SmitFraudFix v2.424

Rapport fait à 18:59:39,46, 26/10/2009
Executé à partir de C:\Documents and Settings\pat\Mes documents\T‚l‚chargements\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\pat\Mes documents\Téléchargements\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\pat


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\pat\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\pat\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\pat\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\PROGRA~1\\Sophos\\SOPHOS~1\\SOPHOS~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.30.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{554BB5AA-7DF0-4439-BF3F-A6188B2F5BD1}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{554BB5AA-7DF0-4439-BF3F-A6188B2F5BD1}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{554BB5AA-7DF0-4439-BF3F-A6188B2F5BD1}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

etape 3




Avira AntiVir Personal
Date de création du fichier de rapport : lundi 26 octobre 2009 19:16

La recherche porte sur 1284893 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : pat
Nom de l'ordinateur : BAROUNETTE

Informations de version :
BUILD.DAT : 9.0.0.65 17959 Bytes 22/04/2009 12:06:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 21/04/2009 13:20:54
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 10:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 11:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 10:21:31
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 12:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 20:33:26
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 03/03/2009 07:41:14
ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 05/03/2009 14:58:20
Version du moteur : 8.2.0.100
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 17:36:42
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 26/02/2009 20:01:56
AESCN.DLL : 8.1.1.7 127347 Bytes 12/02/2009 11:44:25
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 18:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 04/03/2009 13:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 20:01:56
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 25/02/2009 15:49:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 20:01:56
AEGEN.DLL : 8.1.1.24 336244 Bytes 04/03/2009 13:06:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 14:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 17/02/2009 14:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 14:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:30
AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 11:39:26
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 14:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 15:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 15:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 10:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 08:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 15:40:59
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 17/02/2009 13:49:32
RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 10:07:05

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Bref contrôle système après installation
Fichier de configuration......................: c:\program files\avira\antivir desktop\setupprf.dat
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: arrêt
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Sélection de fichiers intelligente
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+SPR,

Début de la recherche : lundi 26 octobre 2009 19:16

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avconfig.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'setup.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msiexec.exe' - '1' module(s) sont contrôlés
Processus de recherche 'presetup.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avira_antivir_personal_free(2).exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IncMail.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ImApp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ALMon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'realsched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ALsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SAVAdminService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DevSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CDAC11BA.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SCFService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SCFManager.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SavService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'44' processus ont été contrôlés avec '44' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD2
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD3
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD4
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD5
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '52' fichiers).



Fin de la recherche : lundi 26 octobre 2009 19:16
Temps nécessaire: 00:11 Minute(s)

La recherche a été effectuée intégralement

0 Les répertoires ont été contrôlés
461 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
0 Impossible de contrôler des fichiers
461 Fichiers non infectés
3 Les archives ont été contrôlées
0 Avertissements
0 Consignes



voila j'ai terminé ,et encore bon courage

j'attend la suite

a+

bonjour Trying2

ci joint la suite des opérations


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : pat ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Activated)
C:\ (Local Disk) - NTFS - Total:137 Go (Free:12 Go)
D:\ (Local Disk) - FAT32 - Total:138 Go (Free:125 Go)
F:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 27/10/2009|19:25 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\margaux\APPLIC~1\Dealio\kb125
Supprime! - C:\Program Files\Multi_Media\INSTALL.LOG
Supprime! - C:\Program Files\Piolet Toolbar\v3.2.0.0
Supprime! - C:\DOCUME~1\margaux\APPLIC~1\Search Settings\kb125
Supprime! - C:\DOCUME~1\margaux\APPLIC~1\Dealio
Supprime! - C:\Program Files\Multi_Media
Supprime! - C:\Program Files\Piolet Toolbar
Supprime! - C:\DOCUME~1\margaux\APPLIC~1\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(margaux) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(margaux) - {ded516b2-b5b5-440e-9a96-7005bc1d3dd4} => xulcache

(pat) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(pat) - {ded516b2-b5b5-440e-9a96-7005bc1d3dd4} => xulcache


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\pat\Bureau\Autocad 2008 fra\Crack
C:\DOCUME~1\pat\Bureau\Autocad 2008 fra\Crack\install.txt



1 - "C:\ToolBar SD\TB_1.txt" - 26/10/2009|18:56 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 27/10/2009|19:26 - Option : [2]

-----------\\ Fin du rapport a 19:26:40,78

etape 2


SmitFraudFix v2.424

Rapport fait à 20:51:58,45, 27/10/2009
Executé à partir de C:\Documents and Settings\pat\Mes documents\T‚l‚chargements\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{554BB5AA-7DF0-4439-BF3F-A6188B2F5BD1}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{554BB5AA-7DF0-4439-BF3F-A6188B2F5BD1}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{554BB5AA-7DF0-4439-BF3F-A6188B2F5BD1}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{554BB5AA-7DF0-4439-BF3F-A6188B2F5BD1}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



rapport rooter

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 47 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 7.0.5730.11
Mozilla Firefox 3.5.3 (fr)
.
C:\ [Fixed-NTFS] .. ( Total:137 Go - Free:12 Go )
D:\ [Fixed-FAT32] .. ( Total:138 Go - Free:125 Go )
F:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
.
Scan : 21:05.43
Path : C:\Documents and Settings\pat\Mes documents\Téléchargements\Rooter.exe
User : pat ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (580)
______ \??\C:\WINDOWS\system32\csrss.exe (648)
______ \??\C:\WINDOWS\system32\winlogon.exe (688)
______ C:\WINDOWS\system32\services.exe (732)
______ C:\WINDOWS\system32\lsass.exe (744)
______ C:\WINDOWS\system32\Ati2evxx.exe (920)
______ C:\WINDOWS\system32\svchost.exe (936)
______ C:\WINDOWS\system32\svchost.exe (996)
______ C:\WINDOWS\System32\svchost.exe (1092)
______ C:\WINDOWS\system32\svchost.exe (1224)
______ C:\WINDOWS\system32\svchost.exe (1272)
______ C:\WINDOWS\system32\spoolsv.exe (1480)
______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (1528)
______ C:\WINDOWS\system32\svchost.exe (1596)
______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1768)
______ C:\WINDOWS\system32\Ati2evxx.exe (1788)
______ C:\WINDOWS\system32\drivers\CDAC11BA.EXE (1872)
______ C:\WINDOWS\Explorer.EXE (1924)
______ C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe (1932)
______ C:\Program Files\Java\jre6\bin\jqs.exe (156)
______ C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (204)
______ C:\WINDOWS\system32\svchost.exe (392)
______ C:\Program Files\Java\jre6\bin\jusched.exe (1244)
______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (1284)
______ C:\WINDOWS\system32\ctfmon.exe (1364)
______ C:\Program Files\IncrediMail\bin\IMApp.exe (1144)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (1348)
______ C:\WINDOWS\system32\wbem\wmiapsrv.exe (2100)
______ C:\WINDOWS\System32\alg.exe (2332)
______ C:\Documents and Settings\pat\Mes documents\Téléchargements\Rooter.exe (3512)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:3150249984)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:3150282240 | Length:147676677120)
\Device\Harddisk0\Partition0 (Start_Offset:150826959360 | Length:149239480320)
\Device\Harddisk0\Partition3 (Start_Offset:150826991616 | Length:149239448064)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\Symantec NetDetect.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:06.02
.
C:\Rooter$\Rooter_1.txt - (27/10/2009 | 21:06.02)



Pour kaspersky pour l'instant il est en cours de reactualisation donc pas possible pour le moment

je passe à l'étape 6

etape 6


C:\WINDOWS\system32\6334.exe
0 bytes size received / Se ha recibido un archivo vacio

C:\WINDOWS\system32\18467.exe
0 bytes size received / Se ha recibido un archivo vacio

C:\WINDOWS\system32\41.exe
0 bytes size received / Se ha recibido un archivo vacio


C:\gendel32.exe (Celui-là ne sent pas bon, pour sûr^^)

http://www.virustotal.com/fr/analisis/32e8e5edba4aacb769eac1266c360b4abe096566dda199d2fc2e0ac1fffe3208-1256597287

pour les trois premier je ne sais pas si c'est bon ???


bonne soirée , je me couche je me lève à 5 heures demain

a+ et bon courage

voici le rapport virus total

je ne souhaite pas particulièrement incredimail ,
par contre je souhaite conserver les adresses mail .
existe t -il autre chose pour la messagerie ?
que faut il utiliser comme antivirus ?



Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
Virus Total
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier swlrhwin.dll reçu le 2009.10.31 12:26:08 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/40 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 43 et 62 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.31 -
AhnLab-V3 5.0.0.2 2009.10.30 -
AntiVir 7.9.1.53 2009.10.30 -
Antiy-AVL 2.0.3.7 2009.10.30 -
Authentium 5.1.2.4 2009.10.31 -
Avast 4.8.1351.0 2009.10.30 -
AVG 8.5.0.423 2009.10.31 -
BitDefender 7.2 2009.10.31 -
CAT-QuickHeal 10.00 2009.10.31 -
ClamAV 0.94.1 2009.10.31 -
Comodo 2792 2009.10.31 -
DrWeb 5.0.0.12182 2009.10.31 -
eSafe 7.0.17.0 2009.10.29 -
eTrust-Vet 35.1.7094 2009.10.30 -
F-Prot 4.5.1.85 2009.10.31 -
F-Secure 9.0.15370.0 2009.10.30 -
Fortinet 3.120.0.0 2009.10.31 -
GData 19 2009.10.31 -
Ikarus T3.1.1.72.0 2009.10.31 -
Jiangmin 11.0.800 2009.10.31 -
K7AntiVirus 7.10.884 2009.10.30 -
Kaspersky 7.0.0.125 2009.10.31 -
McAfee 5787 2009.10.30 -
McAfee+Artemis 5787 2009.10.30 -
McAfee-GW-Edition 6.8.5 2009.10.31 -
Microsoft 1.5202 2009.10.31 -
NOD32 4560 2009.10.31 -
Norman 6.03.02 2009.10.30 -
nProtect 2009.1.8.0 2009.10.31 -
Panda 10.0.2.2 2009.10.31 -
PCTools 7.0.3.5 2009.10.30 -
Rising 21.53.52.00 2009.10.31 -
Sophos 4.47.0 2009.10.31 -
Sunbelt 3.2.1858.2 2009.10.30 -
Symantec 1.4.4.12 2009.10.31 -
TheHacker 6.5.0.2.056 2009.10.28 -
TrendMicro 8.950.0.1094 2009.10.31 -
VBA32 3.12.10.11 2009.10.30 -
ViRobot 2009.10.31.2015 2009.10.31 -
VirusBuster 4.6.5.0 2009.10.30 -
Information additionnelle
File size: 14 bytes
MD5...: bac8ec1f572e51c9957b70910a30840f
SHA1..: e982ac12c21262a390186487a478e9d5611673d6
SHA256: a5af1784698a805265c1f2288c9d778fe05ad05b2ca1c6aac9c24f268a2d3d17
ssdeep: 3:odUd:o+
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

ATENTION ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

Autre fichier
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 10/31/2009 at 02:07 PM

Application Version : 4.29.1004

Core Rules Database Version : 4216
Trace Rules Database Version: 2122

Scan type : Quick Scan
Total Scan Time : 00:12:59

Memory items scanned : 489
Memory threats detected : 0
Registry items scanned : 502
Registry threats detected : 0
File items scanned : 10039
File threats detected : 18

Adware.Tracking Cookie
C:\Documents and Settings\margaux\Cookies\margaux@ad.zanox[2].txt
C:\Documents and Settings\margaux\Cookies\margaux@fl01.ct2.comclick[2].txt
C:\Documents and Settings\margaux\Cookies\margaux@atdmt[2].txt
C:\Documents and Settings\margaux\Cookies\margaux@mediaplex[1].txt
C:\Documents and Settings\margaux\Cookies\margaux@track.effiliation[1].txt
C:\Documents and Settings\margaux\Cookies\margaux@adserver.aol[2].txt
C:\Documents and Settings\margaux\Cookies\margaux@imrworldwide[2].txt
C:\Documents and Settings\margaux\Cookies\margaux@xiti[1].txt
C:\Documents and Settings\margaux\Cookies\margaux@zedo[1].txt
C:\Documents and Settings\margaux\Cookies\margaux@mediastay.directtrack[2].txt
C:\Documents and Settings\margaux\Cookies\margaux@ads.adomos[1].txt
C:\Documents and Settings\margaux\Cookies\margaux@postclicktracking[1].txt
C:\Documents and Settings\margaux\Cookies\margaux@directtrack[1].txt
C:\Documents and Settings\margaux\Cookies\margaux@adv.surinter[1].txt
C:\Documents and Settings\margaux\Cookies\margaux@advertstream[1].txt
C:\Documents and Settings\nini\Cookies\nini@ad.zanox[1].txt
C:\Documents and Settings\nini\Cookies\nini@imrworldwide[1].txt
C:\Documents and Settings\nini\Cookies\nini@xiti[1].txt

désolé pour le retard ,

ci joint le rapport ,


List'em by g3n-h@ckm@n 1.0.5.3

Thx to Chiquitine29.....

User : pat (Administrateurs) # BAROUNETTE
Update on 09/11/2009 by g3n-h@ckm@n ::::: 20.30
Start at: 20:52:57 | 10/11/2009
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) 64 Processor 3400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

C:\ -> Disque fixe local | 137,53 Go (10,42 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 138,96 Go (125,75 Go free) [ACERDATA] | FAT32
F:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

C:\WINDOWS\System32\smss.exe 588
C:\WINDOWS\system32\csrss.exe 656
C:\WINDOWS\system32\winlogon.exe 696
C:\WINDOWS\system32\services.exe 740
C:\WINDOWS\system32\lsass.exe 752
C:\WINDOWS\system32\Ati2evxx.exe 928
C:\WINDOWS\system32\svchost.exe 944
C:\WINDOWS\system32\svchost.exe 1004
C:\WINDOWS\System32\svchost.exe 1100
C:\WINDOWS\system32\svchost.exe 1196
C:\WINDOWS\system32\svchost.exe 1252
C:\WINDOWS\system32\spoolsv.exe 1484
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1532
C:\WINDOWS\system32\svchost.exe 1596
C:\WINDOWS\system32\Ati2evxx.exe 1796
C:\WINDOWS\Explorer.EXE 1900
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2036
C:\Program Files\Java\jre6\bin\jusched.exe 2044
C:\WINDOWS\system32\ctfmon.exe 124
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 152
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 192
C:\WINDOWS\system32\drivers\CDAC11BA.EXE 208
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe 220
C:\Program Files\Java\jre6\bin\jqs.exe 420
C:\Program Files\IncrediMail\bin\IMApp.exe 448
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 572
C:\WINDOWS\system32\svchost.exe 1048
C:\WINDOWS\System32\alg.exe 2712
C:\WINDOWS\system32\wbem\wmiapsrv.exe 2864
C:\WINDOWS\system32\mmc.exe 3724
C:\WINDOWS\system32\mmc.exe 1080
C:\Program Files\Mozilla Firefox\firefox.exe 2164
C:\WINDOWS\explorer.exe 2728
C:\Documents and Settings\pat\Mes documents\Téléchargements\List_Killem.exe 2896
C:\WINDOWS\system32\cmd.exe 2828
C:\WINDOWS\system32\wbem\wmiprvse.exe 3664
C:\Documents and Settings\pat\Local Settings\Temp\1C.tmp\pv.exe 3136

======================
Cles de demarrage "Run"
======================
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"Malwarebytes Anti-Malware (reboot)"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

=====================
cles additionnelles
=====================
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

===============
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
"DisableTaskmgr"=dword:00000000

===============
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

===============
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

===============
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

======
BHO :
======
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
@="Canon Easy Web Print Helper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
@="Google Dictionary Compression sdch"
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4}]
@="Pando Toolbar BHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
@="JQSIEStartDetectorImpl"
"NoExplorer"=dword:00000001

==========================

=========================
Environnement variables :
=========================

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\pat\Application Data
choix=1
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=BAROUNETTE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\pat
LOGONSERVER=\\BAROUNETTE
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\pat\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\pat\LOCALS~1\Temp
TMP=C:\DOCUME~1\pat\LOCALS~1\Temp
USERDOMAIN=BAROUNETTE
USERNAME=pat
USERPROFILE=C:\Documents and Settings\pat
windir=C:\WINDOWS


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\drivers\Sonyhcp.dll
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\Documents and Settings\pat\Application Data\inst.exe
C:\Documents and Settings\pat\err.log
C:\Documents and Settings\pat\LOCAL Settings\Temp\SSUPDATE.EXE

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoSetActiveDesktop"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoSetActiveDesktop"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

ACRORD32.EXE-01080F7C.pf
ACRORD32INFO.EXE-1A3A138E.pf
ADOBEUPDATER.EXE-27F5105F.pf
ALG.EXE-275708CF.pf
ATI2EVXX.EXE-07A42849.pf
AVGNT.EXE-24287AD0.pf
AVNOTIFY.EXE-05C5A637.pf
AVSCAN.EXE-2BF7605E.pf
AVWSC.EXE-06733DFE.pf
CMD.EXE-034B0549.pf
CNMSE87.EXE-37898F0D.pf
CONTROL.EXE-24FBF8B3.pf
CSCRIPT.EXE-0A13A05C.pf
CTFMON.EXE-05E57A5E.pf
DEFRAG.EXE-2858C7E2.pf
DFRGNTFS.EXE-38C3807C.pf
DUMPREP.EXE-0AF2BF67.pf
DWWIN.EXE-2C373FB7.pf
EXCEL.EXE-1734EECA.pf
EXPLORER.EXE-02121B1A.pf
FIREFOX.EXE-06188867.pf
GOOGLEUPDATER.EXE-1D8A4379.pf
GOOGLEUPDATERSERVICE.EXE-2F4A2F77.pf
GUARDGUI.EXE-0C9FDE58.pf
HELPCTR.EXE-0BD5B31B.pf
HELPER.EXE-0324EC74.pf
HELPSVC.EXE-1C192440.pf
IMAPP.EXE-244EFD49.pf
IMNOTFY.EXE-0B3D61EF.pf
INCMAIL.EXE-2A673D8E.pf
JAVA.EXE-32FD225F.pf
JAVAW.EXE-392A4E93.pf
JAVAWS.EXE-078C20EA.pf
JQSNOTIFY.EXE-359F83C5.pf
JUCHECK.EXE-1E35CB2F.pf
JUSCHED.EXE-04A13915.pf
Layout.ini
LIST_KILLEM.EXE-0E977ACF.pf
LOGONUI.EXE-312BE1BF.pf
MBAM.EXE-0D37CDF0.pf
MMC.EXE-6F71AB1B.pf
MODE.COM-318FFE37.pf
MSPAINT.EXE-146E0237.pf
NERO.EXE-30D5F6F2.pf
NEROSTARTSMART.EXE-0C04C914.pf
NTOSBOOT-B00DFAAD.pf
POWERDVD.EXE-30958DB0.pf
PPTVIEW.EXE-126C1AE7.pf
PV.EXE-0B4C8C92.pf
READER_SL.EXE-02E193BD.pf
REG.EXE-07FA5B3F.pf
RUNDLL32.EXE-3DE4948B.pf
RUNDLL32.EXE-414F0223.pf
RUNDLL32.EXE-4FF9832D.pf
RUNDLL32.EXE-51175F22.pf
RUNDLL32.EXE-5225CB08.pf
RUNDLL32.EXE-60F3F325.pf
RUNDLL32.EXE-6970A17D.pf
RUNDLL32.EXE-6E8D4657.pf
RUNDLL32.EXE-70372209.pf
RUNDLL32.EXE-705E25B6.pf
RUNONCE.EXE-01CA3A2F.pf
SSUPDATE.EXE-07C21234.pf
SUPERANTISPYWARE.EXE-28713C90.pf
UPDATE.EXE-27B3A2A3.pf
UPDATE.EXE-2C3E3E06.pf
UPDATE.EXE-2F5EF2F5.pf
UPDATER.EXE-2521FBA7.pf
USERINIT.EXE-0743FDA9.pf
VERCLSID.EXE-28F52AD2.pf
VLC.EXE-02F29DFD.pf
WGATRAY.EXE-350D4455.pf
WINWORD.EXE-23347E4F.pf
WMIAPSRV.EXE-02740A4B.pf
WMIPRVSE.EXE-0D449B4F.pf
WMPLAYER.EXE-1ACCF80B.pf
WMPLAYER.EXE-1ACCF80C.pf
WUAUCLT.EXE-1360D60A.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

salut ,

c'est encore moi ,

j'ai un autre problème ,

lorsque je met un cd , rien ne se passe ,
lorsque je veut graver un cd ou un dvd , problème également ,

avant pas de problème , j'ai bien peur d'avoir effacé des choses qui ne fallait pas ,

pourtant il me semble que le pilote est en place ,
ci dessous le matériel .
DVD/CR-RW drives --> lite-on dvdrw SHW-1635S


que faut-il faire ?

merci encore de ton aide

J'ai répondu à ton MP ;)
@+