Virus generic et rapport hijackthis
lela724
Messages postés
4
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Ci joint mon rapport hijack this pour analyse.
Impossible de supprimer un trojan generic qui redirige toutes mes pages internet sauf mes Favorites.
Pffffffffff
de l'aide les hommes SVP
Meric d'avance
Logfile of random's system information tool 1.06 (written by random/random)
Run by MAY LEO at 2009-11-17 20:44:39
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 61 GB (27%) free of 228 GB
Total RAM: 510 MB (17% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:55, on 17/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MAY LEO\Local Settings\Temporary Internet Files\Content.IE5\C7U9K5AQ\RSIT[1].exe
C:\Program Files\trend micro\MAY LEO.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ctfmon] RUNDLL32.EXE C:\WINDOWS\system32\fgjk4wvb.dll,w
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\rdolib.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 8867 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2009-07-31 909040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-09-16 62784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll [2009-07-31 159472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2009-07-31 909040]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon"=C:\WINDOWS\system32\fgjk4wvb.dll [2009-11-12 61440]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-20 7110656]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Neuf Media Center"=C:\Program Files\SFR\Media Center\MediaCenter.exe [2008-10-10 726336]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]
C:\Documents and Settings\MAY LEO\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\rdolib.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SFR\Media Center\httpd\httpd.exe"="C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f216009-8a75-11de-82e0-00142a9241d9}]
shell\AutoRun\command - K:\DTVaultPrivacy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5049136-602b-11de-82c1-00142a9241d9}]
shell\AutoRun\command - WDSetup.exe
======List of files/folders created in the last 1 months======
2009-11-17 20:44:39 ----D---- C:\rsit
2009-11-17 20:44:39 ----D---- C:\Program Files\trend micro
2009-11-16 23:47:54 ----D---- C:\Documents and Settings\MAY LEO\Application Data\Malwarebytes
2009-11-16 23:47:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-16 23:47:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-16 23:44:58 ----A---- C:\WINDOWS\system32\XceedCry.dll
2009-11-16 23:44:58 ----A---- C:\WINDOWS\system32\XceedBkp.dll
2009-11-16 23:44:58 ----A---- C:\WINDOWS\system32\msstdfmt.dll
2009-11-16 23:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-11-16 23:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-11-16 22:59:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-11-15 16:59:48 ----D---- C:\WINDOWS\Prefetch
2009-11-15 16:55:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-15 16:55:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-11-15 16:55:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-11-15 16:55:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-11-15 16:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-11-15 16:54:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-11-15 16:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-11-15 16:54:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-11-15 16:54:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-11-15 16:54:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-11-15 16:54:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-11-15 16:54:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-11-15 16:53:49 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-11-15 16:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-15 16:53:31 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-15 16:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-11-15 16:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-11-15 16:52:59 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-11-15 16:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-11-15 16:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-11-15 16:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-11-15 16:52:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-11-15 16:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-11-15 16:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-11-15 16:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-11-15 16:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-11-15 16:51:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-11-15 16:51:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-11-15 16:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-11-15 16:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-11-15 16:51:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-11-15 16:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-11-15 16:50:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-11-15 16:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-11-15 16:50:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-11-15 16:50:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2009-11-15 16:49:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-11-15 16:49:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-11-15 16:49:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-11-15 16:49:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-11-15 16:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-11-15 16:49:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-11-15 16:49:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-11-15 16:48:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-11-15 16:48:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-11-15 16:48:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-11-15 16:48:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-11-15 16:48:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-11-15 16:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-11-15 16:42:35 ----D---- C:\WINDOWS\system32\fr
2009-11-15 16:42:35 ----D---- C:\WINDOWS\l2schemas
2009-11-15 16:42:34 ----D---- C:\WINDOWS\system32\bits
2009-11-15 16:37:12 ----D---- C:\WINDOWS\network diagnostic
2009-11-15 16:32:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-11-15 16:32:21 ----D---- C:\WINDOWS\EHome
2009-11-15 16:17:17 ----D---- C:\WINDOWS\ie8updates
2009-11-15 16:15:46 ----D---- C:\WINDOWS\WBEM
2009-11-15 16:14:51 ----HDC---- C:\WINDOWS\ie8
2009-11-15 16:14:51 ----D---- C:\WINDOWS\system32\fr-FR
2009-11-13 21:00:54 ----A---- C:\WINDOWS\system32\flags.ini
2009-11-12 21:02:30 ----D---- C:\WINDOWS\Minidump
2009-11-12 20:57:37 ----A---- C:\WINDOWS\system32\C1.tmp
2009-11-12 20:57:33 ----A---- C:\WINDOWS\system32\B4.tmp
2009-11-12 20:57:29 ----A---- C:\WINDOWS\system32\fgjk4wvb.dll
2009-11-12 20:57:19 ----A---- C:\WINDOWS\system32\8898,89.exe
2009-11-12 00:11:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2009-11-06 23:50:23 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
======List of files/folders modified in the last 1 months======
2009-11-17 20:44:44 ----D---- C:\WINDOWS\Temp
2009-11-17 20:44:39 ----RD---- C:\Program Files
2009-11-17 20:35:23 ----D---- C:\WINDOWS\system32
2009-11-17 20:35:23 ----D---- C:\WINDOWS
2009-11-17 19:32:41 ----D---- C:\Documents and Settings\MAY LEO\Application Data\OpenOffice.org2
2009-11-17 01:27:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-17 01:24:14 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-16 23:47:33 ----D---- C:\WINDOWS\system32\drivers
2009-11-16 23:00:22 ----HD---- C:\WINDOWS\inf
2009-11-16 23:00:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-16 23:00:12 ----A---- C:\WINDOWS\imsins.BAK
2009-11-16 23:00:05 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-16 21:30:54 ----D---- C:\Documents and Settings\MAY LEO\Application Data\vlc
2009-11-15 19:06:03 ----D---- C:\Documents and Settings\MAY LEO\Application Data\dvdcss
2009-11-15 17:04:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-15 17:00:53 ----A---- C:\WINDOWS\OEWABLog.txt
2009-11-15 16:59:55 ----A---- C:\WINDOWS\setuplog.txt
2009-11-15 16:59:23 ----D---- C:\WINDOWS\system32\Setup
2009-11-15 16:59:23 ----D---- C:\WINDOWS\AppPatch
2009-11-15 16:59:23 ----D---- C:\Program Files\Messenger
2009-11-15 16:59:22 ----D---- C:\WINDOWS\system32\wbem
2009-11-15 16:59:21 ----RSD---- C:\WINDOWS\Fonts
2009-11-15 16:55:49 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-15 16:54:43 ----D---- C:\Program Files\Outlook Express
2009-11-15 16:48:24 ----D---- C:\WINDOWS\WinSxS
2009-11-15 16:47:36 ----D---- C:\WINDOWS\security
2009-11-15 16:42:56 ----D---- C:\WINDOWS\ime
2009-11-15 16:42:56 ----D---- C:\WINDOWS\Help
2009-11-15 16:42:37 ----D---- C:\WINDOWS\system32\usmt
2009-11-15 16:42:36 ----D---- C:\Program Files\Internet Explorer
2009-11-15 16:42:35 ----SHD---- C:\WINDOWS\Installer
2009-11-15 16:42:34 ----D---- C:\WINDOWS\PeerNet
2009-11-15 16:42:34 ----D---- C:\Program Files\Movie Maker
2009-11-15 16:39:39 ----D---- C:\WINDOWS\ServicePackFiles
2009-11-15 16:39:34 ----D---- C:\WINDOWS\system32\Restore
2009-11-15 16:39:34 ----D---- C:\WINDOWS\system32\npp
2009-11-15 16:39:32 ----D---- C:\WINDOWS\msagent
2009-11-15 16:39:31 ----D---- C:\WINDOWS\srchasst
2009-11-15 16:39:30 ----D---- C:\Program Files\NetMeeting
2009-11-15 16:39:28 ----D---- C:\WINDOWS\system32\Com
2009-11-15 16:39:26 ----D---- C:\Program Files\Windows Media Player
2009-11-15 16:39:25 ----D---- C:\Program Files\Windows NT
2009-11-15 16:39:22 ----D---- C:\Program Files\Fichiers communs\System
2009-11-15 16:39:08 ----D---- C:\WINDOWS\system32\oobe
2009-11-15 16:39:05 ----D---- C:\WINDOWS\system
2009-11-15 16:35:46 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-15 16:16:02 ----D---- C:\WINDOWS\system32\config
2009-11-15 16:15:38 ----D---- C:\WINDOWS\Media
2009-11-15 12:30:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-12 20:52:54 ----D---- C:\WINDOWS\Registration
2009-11-05 09:36:22 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-26 21:11:10 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-23 19:22:23 ----D---- C:\Program Files\McAfee
2009-10-22 10:17:28 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-18 21:50:26 ----D---- C:\Documents and Settings\MAY LEO\Application Data\Azureus
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R2 FBAPI;FBAPI; \??\C:\WINDOWS\system32\drivers\FBAPI.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-19 3644800]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-07-20 3198368]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-02 10368]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2005-02-18 124160]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2004-01-21 5915]
S3 PID_08A0;Labtec WebCam Pro(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2004-01-21 271360]
S3 PVUSB;CESG502 USB Driver; C:\WINDOWS\system32\DRIVERS\CESG502.sys [2009-10-10 40672]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-09-15 894136]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-20 127043]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2006-02-08 69120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PsShutdownSvc;PsShutdown; C:\WINDOWS\System32\PSSDNSVC.EXE [2005-10-19 65536]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Event Type: Informations
User: MAYLEO\MAY LEO
Computer Name: MAYLEO
Event Code: 11707
Message: Produit : QuickTime -- L'installation s'est terminée correctement.
Record Number: 3632
Source Name: MsiInstaller
Time Written: 20070714210236.000000+120
Event Type: Informations
User: MAYLEO\MAY LEO
Computer Name: MAYLEO
Event Code: 11707
Message: Produit : Apple Software Update -- L'installation s'est terminée correctement.
Record Number: 3631
Source Name: MsiInstaller
Time Written: 20070714205741.000000+120
Event Type: Informations
User: MAYLEO\MAY LEO
Computer Name: MAYLEO
Event Code: 11707
Message: Produit : Apple Mobile Device Support -- L'installation s'est terminée correctement.
Record Number: 3630
Source Name: MsiInstaller
Time Written: 20070714205635.000000+120
Event Type: Informations
User: MAYLEO\MAY LEO
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%PIXIEHOME%\bin;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PIXIEHOME"=C:\Program Files\Pixie
"SHADERS"=%PIXIEHOME%\shaders
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
-----------------EOF-----------------
Ci joint mon rapport hijack this pour analyse.
Impossible de supprimer un trojan generic qui redirige toutes mes pages internet sauf mes Favorites.
Pffffffffff
de l'aide les hommes SVP
Meric d'avance
Logfile of random's system information tool 1.06 (written by random/random)
Run by MAY LEO at 2009-11-17 20:44:39
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 61 GB (27%) free of 228 GB
Total RAM: 510 MB (17% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:55, on 17/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MAY LEO\Local Settings\Temporary Internet Files\Content.IE5\C7U9K5AQ\RSIT[1].exe
C:\Program Files\trend micro\MAY LEO.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ctfmon] RUNDLL32.EXE C:\WINDOWS\system32\fgjk4wvb.dll,w
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\rdolib.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 8867 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2009-07-31 909040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-09-16 62784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll [2009-07-31 159472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2009-07-31 909040]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon"=C:\WINDOWS\system32\fgjk4wvb.dll [2009-11-12 61440]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-20 7110656]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Neuf Media Center"=C:\Program Files\SFR\Media Center\MediaCenter.exe [2008-10-10 726336]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]
C:\Documents and Settings\MAY LEO\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\rdolib.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SFR\Media Center\httpd\httpd.exe"="C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f216009-8a75-11de-82e0-00142a9241d9}]
shell\AutoRun\command - K:\DTVaultPrivacy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5049136-602b-11de-82c1-00142a9241d9}]
shell\AutoRun\command - WDSetup.exe
======List of files/folders created in the last 1 months======
2009-11-17 20:44:39 ----D---- C:\rsit
2009-11-17 20:44:39 ----D---- C:\Program Files\trend micro
2009-11-16 23:47:54 ----D---- C:\Documents and Settings\MAY LEO\Application Data\Malwarebytes
2009-11-16 23:47:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-16 23:47:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-16 23:44:58 ----A---- C:\WINDOWS\system32\XceedCry.dll
2009-11-16 23:44:58 ----A---- C:\WINDOWS\system32\XceedBkp.dll
2009-11-16 23:44:58 ----A---- C:\WINDOWS\system32\msstdfmt.dll
2009-11-16 23:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-11-16 23:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-11-16 22:59:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-11-15 16:59:48 ----D---- C:\WINDOWS\Prefetch
2009-11-15 16:55:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-15 16:55:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-11-15 16:55:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-11-15 16:55:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-11-15 16:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-11-15 16:54:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-11-15 16:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-11-15 16:54:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-11-15 16:54:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-11-15 16:54:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-11-15 16:54:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-11-15 16:54:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-11-15 16:53:49 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-11-15 16:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-15 16:53:31 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-15 16:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-11-15 16:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-11-15 16:52:59 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-11-15 16:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-11-15 16:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-11-15 16:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-11-15 16:52:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-11-15 16:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-11-15 16:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-11-15 16:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-11-15 16:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-11-15 16:51:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-11-15 16:51:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-11-15 16:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-11-15 16:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-11-15 16:51:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-11-15 16:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-11-15 16:50:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-11-15 16:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-11-15 16:50:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-11-15 16:50:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2009-11-15 16:49:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-11-15 16:49:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-11-15 16:49:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-11-15 16:49:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-11-15 16:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-11-15 16:49:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-11-15 16:49:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-11-15 16:48:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-11-15 16:48:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-11-15 16:48:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-11-15 16:48:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-11-15 16:48:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-11-15 16:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-11-15 16:42:35 ----D---- C:\WINDOWS\system32\fr
2009-11-15 16:42:35 ----D---- C:\WINDOWS\l2schemas
2009-11-15 16:42:34 ----D---- C:\WINDOWS\system32\bits
2009-11-15 16:37:12 ----D---- C:\WINDOWS\network diagnostic
2009-11-15 16:32:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-11-15 16:32:21 ----D---- C:\WINDOWS\EHome
2009-11-15 16:17:17 ----D---- C:\WINDOWS\ie8updates
2009-11-15 16:15:46 ----D---- C:\WINDOWS\WBEM
2009-11-15 16:14:51 ----HDC---- C:\WINDOWS\ie8
2009-11-15 16:14:51 ----D---- C:\WINDOWS\system32\fr-FR
2009-11-13 21:00:54 ----A---- C:\WINDOWS\system32\flags.ini
2009-11-12 21:02:30 ----D---- C:\WINDOWS\Minidump
2009-11-12 20:57:37 ----A---- C:\WINDOWS\system32\C1.tmp
2009-11-12 20:57:33 ----A---- C:\WINDOWS\system32\B4.tmp
2009-11-12 20:57:29 ----A---- C:\WINDOWS\system32\fgjk4wvb.dll
2009-11-12 20:57:19 ----A---- C:\WINDOWS\system32\8898,89.exe
2009-11-12 00:11:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2009-11-06 23:50:23 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
======List of files/folders modified in the last 1 months======
2009-11-17 20:44:44 ----D---- C:\WINDOWS\Temp
2009-11-17 20:44:39 ----RD---- C:\Program Files
2009-11-17 20:35:23 ----D---- C:\WINDOWS\system32
2009-11-17 20:35:23 ----D---- C:\WINDOWS
2009-11-17 19:32:41 ----D---- C:\Documents and Settings\MAY LEO\Application Data\OpenOffice.org2
2009-11-17 01:27:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-17 01:24:14 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-16 23:47:33 ----D---- C:\WINDOWS\system32\drivers
2009-11-16 23:00:22 ----HD---- C:\WINDOWS\inf
2009-11-16 23:00:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-16 23:00:12 ----A---- C:\WINDOWS\imsins.BAK
2009-11-16 23:00:05 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-16 21:30:54 ----D---- C:\Documents and Settings\MAY LEO\Application Data\vlc
2009-11-15 19:06:03 ----D---- C:\Documents and Settings\MAY LEO\Application Data\dvdcss
2009-11-15 17:04:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-15 17:00:53 ----A---- C:\WINDOWS\OEWABLog.txt
2009-11-15 16:59:55 ----A---- C:\WINDOWS\setuplog.txt
2009-11-15 16:59:23 ----D---- C:\WINDOWS\system32\Setup
2009-11-15 16:59:23 ----D---- C:\WINDOWS\AppPatch
2009-11-15 16:59:23 ----D---- C:\Program Files\Messenger
2009-11-15 16:59:22 ----D---- C:\WINDOWS\system32\wbem
2009-11-15 16:59:21 ----RSD---- C:\WINDOWS\Fonts
2009-11-15 16:55:49 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-15 16:54:43 ----D---- C:\Program Files\Outlook Express
2009-11-15 16:48:24 ----D---- C:\WINDOWS\WinSxS
2009-11-15 16:47:36 ----D---- C:\WINDOWS\security
2009-11-15 16:42:56 ----D---- C:\WINDOWS\ime
2009-11-15 16:42:56 ----D---- C:\WINDOWS\Help
2009-11-15 16:42:37 ----D---- C:\WINDOWS\system32\usmt
2009-11-15 16:42:36 ----D---- C:\Program Files\Internet Explorer
2009-11-15 16:42:35 ----SHD---- C:\WINDOWS\Installer
2009-11-15 16:42:34 ----D---- C:\WINDOWS\PeerNet
2009-11-15 16:42:34 ----D---- C:\Program Files\Movie Maker
2009-11-15 16:39:39 ----D---- C:\WINDOWS\ServicePackFiles
2009-11-15 16:39:34 ----D---- C:\WINDOWS\system32\Restore
2009-11-15 16:39:34 ----D---- C:\WINDOWS\system32\npp
2009-11-15 16:39:32 ----D---- C:\WINDOWS\msagent
2009-11-15 16:39:31 ----D---- C:\WINDOWS\srchasst
2009-11-15 16:39:30 ----D---- C:\Program Files\NetMeeting
2009-11-15 16:39:28 ----D---- C:\WINDOWS\system32\Com
2009-11-15 16:39:26 ----D---- C:\Program Files\Windows Media Player
2009-11-15 16:39:25 ----D---- C:\Program Files\Windows NT
2009-11-15 16:39:22 ----D---- C:\Program Files\Fichiers communs\System
2009-11-15 16:39:08 ----D---- C:\WINDOWS\system32\oobe
2009-11-15 16:39:05 ----D---- C:\WINDOWS\system
2009-11-15 16:35:46 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-15 16:16:02 ----D---- C:\WINDOWS\system32\config
2009-11-15 16:15:38 ----D---- C:\WINDOWS\Media
2009-11-15 12:30:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-12 20:52:54 ----D---- C:\WINDOWS\Registration
2009-11-05 09:36:22 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-26 21:11:10 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-23 19:22:23 ----D---- C:\Program Files\McAfee
2009-10-22 10:17:28 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-18 21:50:26 ----D---- C:\Documents and Settings\MAY LEO\Application Data\Azureus
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R2 FBAPI;FBAPI; \??\C:\WINDOWS\system32\drivers\FBAPI.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-19 3644800]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-07-20 3198368]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-02 10368]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2005-02-18 124160]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2004-01-21 5915]
S3 PID_08A0;Labtec WebCam Pro(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2004-01-21 271360]
S3 PVUSB;CESG502 USB Driver; C:\WINDOWS\system32\DRIVERS\CESG502.sys [2009-10-10 40672]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-09-15 894136]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-20 127043]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2006-02-08 69120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PsShutdownSvc;PsShutdown; C:\WINDOWS\System32\PSSDNSVC.EXE [2005-10-19 65536]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Event Type: Informations
User: MAYLEO\MAY LEO
Computer Name: MAYLEO
Event Code: 11707
Message: Produit : QuickTime -- L'installation s'est terminée correctement.
Record Number: 3632
Source Name: MsiInstaller
Time Written: 20070714210236.000000+120
Event Type: Informations
User: MAYLEO\MAY LEO
Computer Name: MAYLEO
Event Code: 11707
Message: Produit : Apple Software Update -- L'installation s'est terminée correctement.
Record Number: 3631
Source Name: MsiInstaller
Time Written: 20070714205741.000000+120
Event Type: Informations
User: MAYLEO\MAY LEO
Computer Name: MAYLEO
Event Code: 11707
Message: Produit : Apple Mobile Device Support -- L'installation s'est terminée correctement.
Record Number: 3630
Source Name: MsiInstaller
Time Written: 20070714205635.000000+120
Event Type: Informations
User: MAYLEO\MAY LEO
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%PIXIEHOME%\bin;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PIXIEHOME"=C:\Program Files\Pixie
"SHADERS"=%PIXIEHOME%\shaders
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
-----------------EOF-----------------
Configuration: Windows XP Internet Explorer 8.0
A voir également:
- Virus generic et rapport hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Virus mcafee - Accueil - Piratage
- Rapport de stage - Guide
- Rapport de crash windows - Guide
- Un exemple de rapport de travail ✓ - Forum Word
7 réponses
• Bonjour
Bonjour
• Télécharge et installe : Malwarebyte’s Anti-Malware
• (NB : S'il te manque"COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
• Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes
• Poste le rapport de scan après la suppression ici.(poste le rapport, même si rien n'est détecté.)
• Si tu as besoin d’aide regarde ce tutorial
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Bonjour
• Télécharge et installe : Malwarebyte’s Anti-Malware
• (NB : S'il te manque"COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
• Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes
• Poste le rapport de scan après la suppression ici.(poste le rapport, même si rien n'est détecté.)
• Si tu as besoin d’aide regarde ce tutorial
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Hello
merci de ton aide ci joint le rapport
A tout de suite mon sauveur
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3188
Windows 5.1.2600 Service Pack 3
17/11/2009 22:25:46
mbam-log-2009-11-17 (22-25-38).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 216374
Temps écoulé: 1 hour(s), 12 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\rdolib.dll (Spyware.Passwords) -> No action taken.
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.Passwords) -> Data: c:\windows\system32\rdolib.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.Passwords) -> Data: system32\rdolib.dll -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.SearchPage) -> Bad: (http://join.clonecashsystem.com/track/NjU1ODMuMjYuMzEuMzUuMC4wLjAuMC4w) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\MAY LEO\Modèles\rdolib.dll (Spyware.Passwords) -> No action taken.
C:\System Volume Information\_restore{21250966-7C26-4CEF-85F2-5C4F1F1E9E32}\RP859\A0044049.dll (Spyware.Passwords) -> No action taken.
C:\System Volume Information\_restore{21250966-7C26-4CEF-85F2-5C4F1F1E9E32}\RP861\A0044169.dll (Spyware.Passwords) -> No action taken.
C:\System Volume Information\_restore{21250966-7C26-4CEF-85F2-5C4F1F1E9E32}\RP865\A0047811.dll (Spyware.Passwords) -> No action taken.
C:\WINDOWS\system32\rdolib.dll (Spyware.Passwords) -> No action taken.
C:\Clone Cash System.url (Malware.Trace) -> No action taken.
C:\Documents and Settings\LocalService\Favoris\Clone Cash System.url (Malware.Trace) -> No action taken.
C:\Documents and Settings\MAY LEO\Favoris\Clone Cash System.url (Malware.Trace) -> No action taken.
merci de ton aide ci joint le rapport
A tout de suite mon sauveur
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3188
Windows 5.1.2600 Service Pack 3
17/11/2009 22:25:46
mbam-log-2009-11-17 (22-25-38).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 216374
Temps écoulé: 1 hour(s), 12 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\rdolib.dll (Spyware.Passwords) -> No action taken.
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.Passwords) -> Data: c:\windows\system32\rdolib.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.Passwords) -> Data: system32\rdolib.dll -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.SearchPage) -> Bad: (http://join.clonecashsystem.com/track/NjU1ODMuMjYuMzEuMzUuMC4wLjAuMC4w) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\MAY LEO\Modèles\rdolib.dll (Spyware.Passwords) -> No action taken.
C:\System Volume Information\_restore{21250966-7C26-4CEF-85F2-5C4F1F1E9E32}\RP859\A0044049.dll (Spyware.Passwords) -> No action taken.
C:\System Volume Information\_restore{21250966-7C26-4CEF-85F2-5C4F1F1E9E32}\RP861\A0044169.dll (Spyware.Passwords) -> No action taken.
C:\System Volume Information\_restore{21250966-7C26-4CEF-85F2-5C4F1F1E9E32}\RP865\A0047811.dll (Spyware.Passwords) -> No action taken.
C:\WINDOWS\system32\rdolib.dll (Spyware.Passwords) -> No action taken.
C:\Clone Cash System.url (Malware.Trace) -> No action taken.
C:\Documents and Settings\LocalService\Favoris\Clone Cash System.url (Malware.Trace) -> No action taken.
C:\Documents and Settings\MAY LEO\Favoris\Clone Cash System.url (Malware.Trace) -> No action taken.
Sur le rapport Mbam il est indiqué No action taken. Ce qui veux dire aucune action entreprise.
Il est impératif de supprimer toute trace d'infection a la fin des scan.
Relances Malawaresbytes et cette fois supprimes ce qu'il te trouvera.
Post le rapport apres la suppression.Merci.
Il est impératif de supprimer toute trace d'infection a la fin des scan.
Relances Malawaresbytes et cette fois supprimes ce qu'il te trouvera.
Post le rapport apres la suppression.Merci.
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3188
Windows 5.1.2600 Service Pack 3
17/11/2009 22:58:35
mbam-log-2009-11-17 (22-58-35).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 216374
Temps écoulé: 1 hour(s), 12 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\rdolib.dll (Spyware.Passwords) -> Delete on reboot.
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.Passwords) -> Data: c:\windows\system32\rdolib.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.Passwords) -> Data: system32\rdolib.dll -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.SearchPage) -> Bad: (http://join.clonecashsystem.com/track/NjU1ODMuMjYuMzEuMzUuMC4wLjAuMC4w) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\MAY LEO\Modèles\rdolib.dll (Spyware.Passwords) -> Delete on reboot.
C:\System Volume Information\_restore{21250966-7C26-4CEF-85F2-5C4F1F1E9E32}\RP859\A0044049.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21250966-7C26-4CEF-85F2-5C4F1F1E9E32}\RP861\A0044169.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21250966-7C26-4CEF-85F2-5C4F1F1E9E32}\RP865\A0047811.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rdolib.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Clone Cash System.url (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Favoris\Clone Cash System.url (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAY LEO\Favoris\Clone Cash System.url (Malware.Trace) -> Quarantined and deleted successfully.
Version de la base de données: 3188
Windows 5.1.2600 Service Pack 3
17/11/2009 22:58:35
mbam-log-2009-11-17 (22-58-35).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 216374
Temps écoulé: 1 hour(s), 12 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\rdolib.dll (Spyware.Passwords) -> Delete on reboot.
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.Passwords) -> Data: c:\windows\system32\rdolib.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.Passwords) -> Data: system32\rdolib.dll -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.SearchPage) -> Bad: (http://join.clonecashsystem.com/track/NjU1ODMuMjYuMzEuMzUuMC4wLjAuMC4w) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\MAY LEO\Modèles\rdolib.dll (Spyware.Passwords) -> Delete on reboot.
C:\System Volume Information\_restore{21250966-7C26-4CEF-85F2-5C4F1F1E9E32}\RP859\A0044049.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21250966-7C26-4CEF-85F2-5C4F1F1E9E32}\RP861\A0044169.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21250966-7C26-4CEF-85F2-5C4F1F1E9E32}\RP865\A0047811.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rdolib.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Clone Cash System.url (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Favoris\Clone Cash System.url (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAY LEO\Favoris\Clone Cash System.url (Malware.Trace) -> Quarantined and deleted successfully.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
merci beaucoup
problème réglé.
J'avais déjà fait mais sans actualisation des process
Merci de ton aide A+
problème réglé.
J'avais déjà fait mais sans actualisation des process
Merci de ton aide A+
Salut,
Attention !
Je me permet d'intervenir, parce que si tu pars comme ça, tu risques d'avoir des soucis pour plusieurs raison :
- Désinfection non terminée
- C:\WINDOWS\system32\rdolib.dll (Spyware.Passwords) -> Delete on reboot.
Cette infection est capable de garder des informations ultra secrètes : numéros bancaires, mots de passe, ....
Je vous laisse poursuivre...
Attention !
Je me permet d'intervenir, parce que si tu pars comme ça, tu risques d'avoir des soucis pour plusieurs raison :
- Désinfection non terminée
- C:\WINDOWS\system32\rdolib.dll (Spyware.Passwords) -> Delete on reboot.
Cette infection est capable de garder des informations ultra secrètes : numéros bancaires, mots de passe, ....
Je vous laisse poursuivre...
Salut crapoulou
C:\WINDOWS\system32\rdolib.dll (Spyware.Passwords) -> Delete on reboot.
Tu dois redemarrer ton systéme pour éradiquer l'infection .Tu dois en profiter pour changer tes mots de passe .
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge combofix(de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte. (important en cas de problème)
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
#Si combofix ne veut pas se lancer renommes le en ccm.exe et éxécutes le en mode sans échec .
Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser¬-combofix
C:\WINDOWS\system32\rdolib.dll (Spyware.Passwords) -> Delete on reboot.
Tu dois redemarrer ton systéme pour éradiquer l'infection .Tu dois en profiter pour changer tes mots de passe .
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge combofix(de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte. (important en cas de problème)
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
#Si combofix ne veut pas se lancer renommes le en ccm.exe et éxécutes le en mode sans échec .
Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser¬-combofix
