Sujet Précédent Sujet Suivant

Virus Antivirus Pro 2010

Fermé
macsim Messages postés 7 Date d'inscription vendredi 23 octobre 2009 Statut Membre Dernière intervention 27 octobre 2009 - 24 oct. 2009 à 00:01
macsim Messages postés 7 Date d'inscription vendredi 23 octobre 2009 Statut Membre Dernière intervention 27 octobre 2009 - 27 oct. 2009 à 18:58
Bonjour,

Je crois être infecté par ce virus.

J'ai besoin de votre aide !!

Merci d'avance pour votre aide


Voici un rapport de RSIT :

info.txt logfile of random's system information tool 1.06 2009-10-23 23:53:44

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACID Xpress 7.0-->MsiExec.exe /X{1C4C5C53-D960-4E1C-96A6-F6B52EA43A45}
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\8bb24e071e5922899698c2105557bd2\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{185D0A67-E066-44AE-926D-F6305813301C}
Adobe After Effects CS3 Template Projects & Footage-->MsiExec.exe /I{80C13322-2085-49F5-8B19-2A9FA20F14E9}
Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{60B87ADA-167E-4239-AD64-40992C8D220F}
Adobe After Effects CS3-->MsiExec.exe /I{0A3D355B-4FCC-41AF-8C61-A2BA15D26237}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{7162AC2C-733F-4127-ACAD-C5F0F27D123D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS4 Extension - Flash Lite STI fr-->MsiExec.exe /I{BD423B54-8668-44B6-8610-D24514445E88}
Adobe Flash CS4 Professional-->C:\Program Files\Common Files\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe --uninstall=1
Adobe Flash CS4 STI-fr-->MsiExec.exe /I{48F9998C-3BA0-42D3-82E6-5882441EB8CE}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{0742B739-DCA3-4A21-AADD-B7CBF49C2058}
Adobe Premiere Pro CS3-->MsiExec.exe /I{A6CDBEB9-2DF5-4455-A647-F3DF0441D5C3}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}
Adobe Setup-->MsiExec.exe /I{EED50C97-C79E-4149-BD82-7C5A22437708}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Apple Mobile Device Support-->MsiExec.exe /I{373CDFEC-F0DE-4C40-81AB-EF64F6F2F948}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASUS WiFi-AP Solo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Corel Painter Essentials 3-->MsiExec.exe /I{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
FileZilla Client 3.2.0-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FlashDevelop 3.0.3-->C:\Program Files\FlashDevelop\Uninstall.exe
GetDataBack for FAT-->"C:\Program Files\Runtime Software\GetDataBack\Uninstall.exe" "C:\Program Files\Runtime Software\GetDataBack\install.log" -u
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{8610BEA1-FD76-4340-8326-7946DDC2EE7B}
Java Platform, Enterprise Edition 5 SDK-->"C:\Sun\SDK\uninstall.exe" -javahome "C:\Sun\SDK\jdk"
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly
KhalSetup-->MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x40c -removeonly
Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
Magic ISO Maker v5.4 (build 0239)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.101-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mixxx 1.7.0-->C:\Program Files\Mixxx\uninst.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Python 2.6.1-->MsiExec.exe /I{9CC89170-000B-457D-91F1-53691F85B223}
Python 3.0-->MsiExec.exe /I{E0E56E21-55DE-4F77-A109-1BAA72348743}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
TortoiseSVN 1.5.7.15182 (32 bit)-->MsiExec.exe /X{27968397-2FC3-4D79-BD5D-E6AC44A263FE}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Usb Joypad v1.22-->C:\PROGRA~1\Joypad\UNWISE.EXE C:\PROGRA~1\Joypad\INSTALL.LOG
Vuze-->C:\Program Files\Vuze\uninstall.exe
Wacom Tablet-->C:\Program Files\Tablet\Wacom\Remove.exe /u
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XAMPP 1.7.0-->"C:\xampp\uninstall.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Antivirus BitDefender (disabled) (outdated)
AV: AntiVir Desktop
FW: Pare-feu BitDefender (disabled)

======System event log======

Computer Name: MACSIM
Event Code: 7034
Message: The mysql service terminated unexpectedly. It has done this 1 time(s).

Record Number: 18837
Source Name: Service Control Manager
Time Written: 20090913150119.000000+120
Event Type: error
User:

Computer Name: MACSIM
Event Code: 7000
Message: The BDVEDISK service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 18833
Source Name: Service Control Manager
Time Written: 20090913150117.000000+120
Event Type: error
User:

Computer Name: MACSIM
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 18827
Source Name: Tcpip
Time Written: 20090912123233.000000+120
Event Type: warning
User:

Computer Name: MACSIM
Event Code: 7034
Message: The mysql service terminated unexpectedly. It has done this 1 time(s).

Record Number: 18801
Source Name: Service Control Manager
Time Written: 20090912110826.000000+120
Event Type: error
User:

Computer Name: MACSIM
Event Code: 7000
Message: The BDVEDISK service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 18798
Source Name: Service Control Manager
Time Written: 20090912110824.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: MACSIM
Event Code: 3
Message: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)

Record Number: 16901
Source Name: Adobe Version Cue CS3
Time Written: 20091017160653.000000+120
Event Type: error
User:

Computer Name: MACSIM
Event Code: 3
Message: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)

Record Number: 16900
Source Name: Adobe Version Cue CS3
Time Written: 20091017160653.000000+120
Event Type: error
User:

Computer Name: MACSIM
Event Code: 3
Message: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)

Record Number: 16899
Source Name: Adobe Version Cue CS3
Time Written: 20091017160653.000000+120
Event Type: error
User:

Computer Name: MACSIM
Event Code: 1004
Message: Faulting application mysqld.exe, version 0.0.0.0, faulting module mysqld.exe, version 0.0.0.0, fault address 0x002b8853.

Record Number: 16898
Source Name: Application Error
Time Written: 20091017123757.000000+120
Event Type: error
User:

Computer Name: MACSIM
Event Code: 1000
Message: Faulting application mysqld.exe, version 0.0.0.0, faulting module mysqld.exe, version 0.0.0.0, fault address 0x002b8853.

Record Number: 16897
Source Name: Application Error
Time Written: 20091017122727.000000+120
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\TortoiseSVN\bin;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by max at 2009-10-23 23:53:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (37%) free of 154 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:42, on 23/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Temp\wpv331255703227.exe
C:\WINDOWS\system32\restorer64_a.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Temp\_ex-08.exe
C:\Documents and Settings\max\Application Data\seres.exe
C:\Documents and Settings\max\Application Data\svcst.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\26581729\26581729.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\max\LOCALS~1\Temp\7.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\max\Desktop\RSIT.exe
C:\Program Files\trend micro\max.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe cpcp.cpo bef0regiiav
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\Temp\wpv331255703227.exe
O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 - HKLM\..\Run: [26581729] C:\DOCUME~1\ALLUSE~1\APPLIC~1\26581729\26581729.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\max\restorer64_a.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\max\Application Data\seres.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\max\Application Data\svcst.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: SDK Tray Menu.lnk = ?
O4 - Startup: zavupd32.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_1_0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE661F73-2E89-4903-94A0-DF939368C558}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBB9B577-80C5-45CE-853C-C6452C8E1C22}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\max\My Documents
O24 - Desktop Component 2: (no name) - D:\Mes Photos\Photos Thailande
A voir également:

12 réponses

Réponse 1 / 12
kduc Messages postés 1462 Date d'inscription lundi 4 août 2008 Statut Membre Dernière intervention 1 novembre 2011 133
24 oct. 2009 à 00:31
Salut,

(si ce n’ est déjà fait) Télécharge CCleaner :
http://www.filehippo.com/download_ccleaner.html
("Download Latest Version", sur la droite) et laisse-toi guider.
A un moment, il te sera demandé de cocher :
"Ajouter la barre d' outils Yahoo". Refuse et …
Laisse-le s’ installer tel que …

-------
Redémarre le PC en mode sans échec ...
https://www.pcastuces.com/pratique/windows/mode_sans_echec/page2.html
(méthode F8 de préférence)

--------------------------------------------
Tu n' auras pas accès à Internet pendant le "mode sans échec".
Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la
sur le "bureau" pour l' avoir à ta disposition.
--------------------------------------------

Affiche les fichiers et dossiers cachés
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche --> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».

Rends-toi dans > Démarrer > Panneau de config. > Ajout/suppres… de prog.

Supprime, si tu le(s) trouves > Antivirus Pro 2010

Ensuite, va dans > Démarrer > Poste de travail > C:\

et supprime le(s) programme(s)/ fichier(s) en gras, ci-dessous, si tu le(s) trouves.

C:\Documents and Settings\max\Application Data\seres.exe
C:\Documents and Settings\max\Application Data\svcst.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\26581729
C:\WINDOWS\system32\restorer64_a.exe
C:\Documents and Settings\max\Application Data\lizkavd.exe

Remet les fichiers et dossiers cachés comme tu les as trouvés !

Lance CCleaner ...
Clique sur > Analyser > Nettoyer, puis sur OK dans la fenêtre qui s' affiche.
(re)Lance le nettoyage et (re)confirme par OK.

Redémarre le PC en mode normal ...

Ensuite,

1/ Télécharge Toolbar S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

Lance l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionne la langue de ton choix puis, valide avec la touche "Entrée".
Ensuite, choisis l'option 1 (Recherche).
Patiente jusqu'à la fin de la recherche.
Le contenu du rapport est situé dans : C:\TB.txt
Poste-le.

---
2/ Télécharge et installe SmitFraudFix :
http://siri.urz.free.fr/Fix/SmitfraudFix.php (par S!Ri)

Double-clique sur SmitfraudFix.exe
Dans le menu, fais le choix 1 et appuie sur "Entrée" pour créer un
rapport que tu trouveras à la racine du disque dur C:\rapport.txt

Poste-le.
0
Réponse 2 / 12
macsim Messages postés 7 Date d'inscription vendredi 23 octobre 2009 Statut Membre Dernière intervention 27 octobre 2009
24 oct. 2009 à 00:40
Merci beaucoup pour la rapidité !
Voici le rapport :

SmitFraudFix v2.424

Scan done at 0:37:50,14, 24/10/2009
Run from C:\Documents and Settings\max\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\max\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\max


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\max\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\max\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\max\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Documents and Settings\\max\\My Documents"
"SubscribedURL"="C:\\Documents and Settings\\max\\My Documents"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="D:\\Mes Photos\\Photos Thailande"
"SubscribedURL"="D:\\Mes Photos\\Photos Thailande"
"FriendlyName"=""

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter - Packet Scheduler Miniport
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CE661F73-2E89-4903-94A0-DF939368C558}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FBB9B577-80C5-45CE-853C-C6452C8E1C22}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CE661F73-2E89-4903-94A0-DF939368C558}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FBB9B577-80C5-45CE-853C-C6452C8E1C22}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CE661F73-2E89-4903-94A0-DF939368C558}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FBB9B577-80C5-45CE-853C-C6452C8E1C22}: NameServer=212.27.53.252,212.27.54.252


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 3 / 12
kduc Messages postés 1462 Date d'inscription lundi 4 août 2008 Statut Membre Dernière intervention 1 novembre 2011 133
24 oct. 2009 à 00:48
...

Tu as fais tout ce que j' ai mis dans mon dernier message ?
0
Réponse 4 / 12
macsim Messages postés 7 Date d'inscription vendredi 23 octobre 2009 Statut Membre Dernière intervention 27 octobre 2009
24 oct. 2009 à 01:29
Bonsoir,

Visiblement reste à supprimer - _ex-08.exe 05689735.exe wpv111~.exe
voici le rapport toolbarSD :


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel Pentium III Xeon processor )
BIOS : BIOS Date: 03/12/08 10:02:08 Ver: 08.00.12
USER : max ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
Firewall : Pare-feu BitDefender 12.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:150 Go (Free:55 Go)
D:\ (Local Disk) - NTFS - Total:314 Go (Free:29 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:76 Go (Free:13 Go)
G:\ (Local Disk) - NTFS - Total:74 Go (Free:35 Go)
H:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
I:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 24/10/2009| 1:26 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\max\Desktop\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\branches\3.0.0\demos\src\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\away3d\branches\3.0.0\demos\src\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\away3d\branches\3.0.0\demos\src\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\branches\3.0.0\demos\src\assets\.svn\prop-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\3.0.0\demos\src\assets\.svn\prop-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\3.0.0\demos\src\assets\.svn\prop-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\3.0.0\demos\src\assets\.svn\text-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\3.0.0\demos\src\assets\.svn\text-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\3.0.0\demos\src\assets\.svn\text-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\clipping\demos\src\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\away3d\branches\clipping\demos\src\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\away3d\branches\clipping\demos\src\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\branches\clipping\demos\src\assets\.svn\prop-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\clipping\demos\src\assets\.svn\prop-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\clipping\demos\src\assets\.svn\prop-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\clipping\demos\src\assets\.svn\text-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\clipping\demos\src\assets\.svn\text-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\clipping\demos\src\assets\.svn\text-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\haxe\demos\src\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\away3d\branches\haxe\demos\src\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\away3d\branches\haxe\demos\src\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\branches\haxe\demos\src\assets\.svn\prop-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\haxe\demos\src\assets\.svn\prop-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\haxe\demos\src\assets\.svn\prop-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\haxe\demos\src\assets\.svn\text-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\haxe\demos\src\assets\.svn\text-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\haxe\demos\src\assets\.svn\text-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\ik\demos\src\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\away3d\branches\ik\demos\src\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\away3d\branches\ik\demos\src\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\branches\ik\demos\src\assets\.svn\prop-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\ik\demos\src\assets\.svn\prop-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\ik\demos\src\assets\.svn\prop-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\ik\demos\src\assets\.svn\text-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\ik\demos\src\assets\.svn\text-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\ik\demos\src\assets\.svn\text-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\multiplayer\demos\src\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\away3d\branches\multiplayer\demos\src\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\away3d\branches\multiplayer\demos\src\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\branches\multiplayer\demos\src\assets\.svn\prop-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\multiplayer\demos\src\assets\.svn\prop-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\multiplayer\demos\src\assets\.svn\prop-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\multiplayer\demos\src\assets\.svn\text-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\multiplayer\demos\src\assets\.svn\text-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\multiplayer\demos\src\assets\.svn\text-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\textfields\demos\src\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\away3d\branches\textfields\demos\src\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\away3d\branches\textfields\demos\src\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\branches\textfields\demos\src\assets\.svn\prop-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\textfields\demos\src\assets\.svn\prop-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\textfields\demos\src\assets\.svn\prop-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\textfields\demos\src\assets\.svn\text-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\textfields\demos\src\assets\.svn\text-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\branches\textfields\demos\src\assets\.svn\text-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.1.0\demos\src\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\away3d\tags\2.1.0\demos\src\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\away3d\tags\2.1.0\demos\src\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\tags\2.1.0\demos\src\assets\.svn\prop-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.1.0\demos\src\assets\.svn\prop-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.1.0\demos\src\assets\.svn\prop-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.1.0\demos\src\assets\.svn\text-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.1.0\demos\src\assets\.svn\text-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.1.0\demos\src\assets\.svn\text-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.2.0\trunk\demos\src\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\away3d\tags\2.2.0\trunk\demos\src\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\away3d\tags\2.2.0\trunk\demos\src\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\tags\2.2.0\trunk\demos\src\assets\.svn\prop-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.2.0\trunk\demos\src\assets\.svn\prop-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.2.0\trunk\demos\src\assets\.svn\prop-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.2.0\trunk\demos\src\assets\.svn\text-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.2.0\trunk\demos\src\assets\.svn\text-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.2.0\trunk\demos\src\assets\.svn\text-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.0\demos\src\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.0\demos\src\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.0\demos\src\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.0\demos\src\assets\.svn\prop-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.0\demos\src\assets\.svn\prop-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.0\demos\src\assets\.svn\prop-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.0\demos\src\assets\.svn\text-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.0\demos\src\assets\.svn\text-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.0\demos\src\assets\.svn\text-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.3\demos\src\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.3\demos\src\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.3\demos\src\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.3\demos\src\assets\.svn\prop-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.3\demos\src\assets\.svn\prop-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.3\demos\src\assets\.svn\prop-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.3\demos\src\assets\.svn\text-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.3\demos\src\assets\.svn\text-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.3.3\demos\src\assets\.svn\text-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.4.0\demos\src\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\away3d\tags\2.4.0\demos\src\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\away3d\tags\2.4.0\demos\src\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\tags\2.4.0\demos\src\assets\.svn\prop-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.4.0\demos\src\assets\.svn\prop-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.4.0\demos\src\assets\.svn\prop-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.4.0\demos\src\assets\.svn\text-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.4.0\demos\src\assets\.svn\text-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\2.4.0\demos\src\assets\.svn\text-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\3.3.3\demos\src\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\away3d\tags\3.3.3\demos\src\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\away3d\tags\3.3.3\demos\src\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\tags\3.3.3\demos\src\assets\.svn\prop-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\3.3.3\demos\src\assets\.svn\prop-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\3.3.3\demos\src\assets\.svn\prop-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\3.3.3\demos\src\assets\.svn\text-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\3.3.3\demos\src\assets\.svn\text-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\3.3.3\demos\src\assets\.svn\text-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\3.4.0\demos\src\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\away3d\tags\3.4.0\demos\src\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\away3d\tags\3.4.0\demos\src\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\tags\3.4.0\demos\src\assets\.svn\prop-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\3.4.0\demos\src\assets\.svn\prop-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\3.4.0\demos\src\assets\.svn\prop-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\3.4.0\demos\src\assets\.svn\text-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\3.4.0\demos\src\assets\.svn\text-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\tags\3.4.0\demos\src\assets\.svn\text-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\trunk\fp10\Examples\Away3D\as\src\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\away3d\trunk\fp10\Examples\Away3D\as\src\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\away3d\trunk\fp10\Examples\Away3D\as\src\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\trunk\fp10\Examples\Away3D\as\src\assets\.svn\prop-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\trunk\fp10\Examples\Away3D\as\src\assets\.svn\prop-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\trunk\fp10\Examples\Away3D\as\src\assets\.svn\prop-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\trunk\fp10\Examples\Away3D\as\src\assets\.svn\text-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\trunk\fp10\Examples\Away3D\as\src\assets\.svn\text-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\trunk\fp10\Examples\Away3D\as\src\assets\.svn\text-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\trunk\fp9\Examples\Away3D\as\src\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\away3d\trunk\fp9\Examples\Away3D\as\src\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\away3d\trunk\fp9\Examples\Away3D\as\src\assets\cracksOverlay.png
C:\DOCUME~1\max\Desktop\away3d\trunk\fp9\Examples\Away3D\as\src\assets\.svn\prop-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\trunk\fp9\Examples\Away3D\as\src\assets\.svn\prop-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\trunk\fp9\Examples\Away3D\as\src\assets\.svn\prop-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\Desktop\away3d\trunk\fp9\Examples\Away3D\as\src\assets\.svn\text-base\cracks.jpg.svn-base
C:\DOCUME~1\max\Desktop\away3d\trunk\fp9\Examples\Away3D\as\src\assets\.svn\text-base\cracksOverlay.fla.svn-base
C:\DOCUME~1\max\Desktop\away3d\trunk\fp9\Examples\Away3D\as\src\assets\.svn\text-base\cracksOverlay.png.svn-base
C:\DOCUME~1\max\My Documents\Azureus Downloads\Adobe_Flash_CS4_v10.0_Professional-SHOCKiSO\crack.zip
C:\DOCUME~1\max\My Documents\Azureus Downloads\Adobe_Flash_CS4_v10.0_Professional-SHOCKiSO\shk-afcs\crack.zip



1 - "C:\ToolBar SD\TB_1.txt" - 24/10/2009| 1:27 - Option : [1]

-----------\\ Fin du rapport a 1:27:59,35
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
macsim Messages postés 7 Date d'inscription vendredi 23 octobre 2009 Statut Membre Dernière intervention 27 octobre 2009
24 oct. 2009 à 01:32
Rapport smitfraud:

SmitFraudFix v2.424

Scan done at 1:31:32,79, 24/10/2009
Run from C:\Documents and Settings\max\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Temp\wpv111255703227.exe
C:\WINDOWS\Temp\_ex-08.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\05689735\05689735.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\max\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\WINDOWS\system32\wscntfy.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\max


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\max\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\max\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\max\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Documents and Settings\\max\\My Documents"
"SubscribedURL"="C:\\Documents and Settings\\max\\My Documents"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="D:\\Mes Photos\\Photos Thailande"
"SubscribedURL"="D:\\Mes Photos\\Photos Thailande"
"FriendlyName"=""

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter - Packet Scheduler Miniport
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CE661F73-2E89-4903-94A0-DF939368C558}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FBB9B577-80C5-45CE-853C-C6452C8E1C22}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CE661F73-2E89-4903-94A0-DF939368C558}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FBB9B577-80C5-45CE-853C-C6452C8E1C22}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CE661F73-2E89-4903-94A0-DF939368C558}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FBB9B577-80C5-45CE-853C-C6452C8E1C22}: NameServer=212.27.53.252,212.27.54.252


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 6 / 12
kduc Messages postés 1462 Date d'inscription lundi 4 août 2008 Statut Membre Dernière intervention 1 novembre 2011 133
24 oct. 2009 à 01:50
...

"--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\max\Desktop\assets\cracks.jpg
C:\DOCUME~1\max\Desktop\assets\cracksOverlay.fla
C:\DOCUME~1\max\Desktop\assets\cracksOverlay.png "

Il est conseillé de supprimer les cracks : https://forum.malekal.com/viewtopic.php?t=893&start=

---

Fais tout ce qui suit, dans l' ordre stp ...

Fais un clic droit sur le lien pour installer SDFix (par AndyManchesta) :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Choisis "Enregistrer sous" (dans IE c'est "Enregistrer la cible/le lien sous..")
et sauvegarde-le (Enregistrer dans) sur le Bureau.

Important : dans "Nom du fichier" enregistre (renomme) "sdfix" ou "SdFix.exe" en sd-fix.exe

Redémarre en mode sans échec ...
https://www.pcastuces.com/pratique/windows/mode_sans_echec/page2.htm
(de préférence par F8 au démarrage).

--------------------------------------------
Tu n' auras pas accès à Internet pendant le "mode sans échec".
Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la
sur le "bureau" pour l' avoir à ta disposition.
--------------------------------------------

Sur le bureau, double-clique sur sd-fix.exe et choisis Install pour l'extraire sur le Bureau.
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur
RunThis.cmd (ou RunThis.bat) pour lancer le script.

Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre des trojans trouvés puis te
demandera d'appuyer sur une touche pour redémarrer. Fais-le.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va
continuer à s'exécuter et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera "Finished".
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera
aussi dans le dossier SDFix sous le nom Report.txt.

Copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.

Tuto : https://www.malekal.com/slenfbot-still-an-other-irc-bot/

---
Ensuite, ...

Ouvre le bloc-notes et fais un copier coller de ce qui est en gras, ci-dessous (copie tout d'un trait) :

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sysgif32"=-
"restorer64_a"=-
"26581729"=-
"PromoReg"=-
"RegistryMonitor1"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"restorer64_a"=-
"mserv"=-
"svchost"=-

Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

L'icône de fix.reg doit ressembler à cela : https://www.hiboox.com

Redémarre le PC en mode sans échec ...
https://www.pcastuces.com/pratique/windows/mode_sans_echec/page2.html
(méthode F8 de préférence)

--------------------------------------------
Tu n' auras pas accès à Internet pendant le "mode sans échec".
Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la
sur le "bureau" pour l' avoir à ta disposition.
--------------------------------------------

Ferme toutes les fenêtres et applications.
Relance HijackThis et clique sur > Do a system scan only puis, coche
les cases devant les lignes qui suivent (et uniquement ces lignes), si tjrs présentes :

F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe cpcp.cpo bef0regiiav
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\Temp\wpv331255703227.exe
O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 - HKLM\..\Run: [26581729] C:\DOCUME~1\ALLUSE~1\APPLIC~1\26581729\26581729.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe
O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\max\restorer64_a.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\max\Application Data\seres.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\max\Application Data\svcst.exe
O4 - Startup: zavupd32.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?

Ensuite, clique sur > Fix checked et valide par "Yes". Referme HijackThis.

Affiche les fichiers et dossiers cachés
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche --> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».

Ensuite, va dans > Démarrer > Poste de travail > C:\

et supprime le(s) programme(s)/ fichier(s) en gras, ci-dessous, si tu le(s) trouves.

C:\WINDOWS\Temp\wpv331255703227.exe <-
C:\WINDOWS\system32\restorer64_a.exe <-
C:\DOCUME~1\ALLUSE~1\APPLIC~1\26581729 <-
C:\WINDOWS\Temp\_ex-08.exe <-
C:\WINDOWS\system32\qtplugin.exe <-
C:\Documents and Settings\max\restorer64_a.exe <-
C:\Documents and Settings\max\Application Data\seres.exe <-
C:\Documents and Settings\max\Application Data\svcst.exe <-

Sur le bureau, double clique sur fix2.reg => tu dois obligatoirement avoir un message
"Voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est le cas, clique sur "oui"

Remet les fichiers et dossiers cachés comme tu les as trouvés !

Lance CCleaner ...
Clique sur > Analyser > Nettoyer, puis sur OK dans la fenêtre qui s' affiche.
(re)Lance le nettoyage et (re)confirme par OK.

Redémarre le PC en mode normal ...

Relance un scan HijackThis et poste le rapport.

---
Bonne nuit ...

---
PS : installe la toute dernière version de Adobe/Acrobat car, celle que tu possèdes est susceptible de contenir des failles de sécurité :

http://www.secuser.com/vulnerabilite/2009/091013-adobe-reader.htm

0
Réponse 7 / 12
macsim Messages postés 7 Date d'inscription vendredi 23 octobre 2009 Statut Membre Dernière intervention 27 octobre 2009
24 oct. 2009 à 02:58
Merci pour tout,

voici les rapports :

SDFIX :

[b]SDFix: Version 1.240 [/b]
Run by max on 24/10/2009 at 02:10

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\DOCUME~1\max\LOCALS~1\Temp\TMP49.tmp - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 02:25:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PnP\PciIrqRouting\IrqMiniports\C5581045]
"Name"="Opti Viper"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\\Program Files\\Spotify\\spotify.exe"="C:\\Program Files\\Spotify\\spotify.exe:*:Enabled:Spotify"
"C:\\Documents and Settings\\max\\Desktop\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Documents and Settings\\max\\Desktop\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\\Documents and Settings\\max\\Local Settings\\Temp\\java_ee_sdk-5_07-jdk-6u16-windows-ml.exe2\\package\\jre\\bin\\javaw.exe"="C:\\Documents and Settings\\max\\Local Settings\\Temp\\java_ee_sdk-5_07-jdk-6u16-windows-ml.exe2\\package\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Sun\\SDK\\jdk\\bin\\java.exe"="C:\\Sun\\SDK\\jdk\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Fri 7 Aug 2009 98 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti4.tmp"
Fri 6 Mar 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

[b]Finished![/b]




Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:55:27, on 24/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: SDK Tray Menu.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_1_0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE661F73-2E89-4903-94A0-DF939368C558}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBB9B577-80C5-45CE-853C-C6452C8E1C22}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\max\My Documents
O24 - Desktop Component 2: (no name) - D:\Mes Photos\Photos Thailande
0
Réponse 8 / 12
kduc Messages postés 1462 Date d'inscription lundi 4 août 2008 Statut Membre Dernière intervention 1 novembre 2011 133
24 oct. 2009 à 10:30
Salut,

Parfait.

Maintenant, télécharge, installe et mets à jour Malwarebytes Anti-Malwares
http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html puis, lance un scan COMPLET et poste le rapport.

PS : si MalwareByte's a détecté des infections, clique sur Afficher les résultats,
puis sur Supprimer la sélection.
0
Réponse 9 / 12
macsim Messages postés 7 Date d'inscription vendredi 23 octobre 2009 Statut Membre Dernière intervention 27 octobre 2009
24 oct. 2009 à 18:08
Merci beaucoup,

Il semble que le virus a été éradiqué.

Je crois que l'on peut mettre résolu!
0
Réponse 10 / 12
kduc Messages postés 1462 Date d'inscription lundi 4 août 2008 Statut Membre Dernière intervention 1 novembre 2011 133
24 oct. 2009 à 19:03
...

Tu ne souhaites pas poster le rapport Malwarebytes ?
0
Réponse 11 / 12
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
24 oct. 2009 à 19:41
bonjour, oui il serait bien de poster le rapport de malwarebytes , car il peut avoir supprimé des chose mais d'après ce qu'il aura trouvé possible que le passage d'un autre outil pour être sur que plus rien ne traine sur le pc , pour retrouver le rapport de malwarebytes

. double-cliques sur malwarebytes
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
0
Réponse 12 / 12
macsim Messages postés 7 Date d'inscription vendredi 23 octobre 2009 Statut Membre Dernière intervention 27 octobre 2009
27 oct. 2009 à 18:58
En effet,

Je vais suivre vos conseils...

Juste un peu de patience, je le lancerai cette nuit.

Merci beaucoup pour votre aide à tous les deux !

A demain...
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
pro direct soccer fiable ?
Doudy28 -
Alex -

7 réponses
Mode d'utilisation de la caméra V380 en français
delacree -
Gigi -

14 réponses