Problem avec msn !!!! Virus
crystina
Messages postés
80
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,j'ai un soucis que j'arrive pas à résoudre ! EN faite on n'était entrain de s'échanger des liens et quand d'un coup un truc s'est mis,j'ai pas fait atention j'ai clquer dessus ; voila comment ça s'apel * foto :D http://mefotos.me.ohost.de/getimage.php?=ptiotratz@hotmail.fr avec l'adress de mon ami à la fin , le problem c'est que tout le monde le recoit et certains de mes amis sont infecté maintenant ! Comment faire pour le retirer ? Mon anti virus c'est le pack numericable et il détecte rien ! on m'as dit de désinstaller msn et de changer de mot de pass ce que j'ai fait mais il esr revenu 4h après ! On m'as dit spybot et clean virus msn , j'ai fait et c'est encore là !!! Please audez moi ! merci d'avance...
A voir également:
- Problem avec msn !!!! Virus
- Virus mcafee - Accueil - Piratage
- Telecharger msn - Télécharger - Messagerie
- Msn explorer - Télécharger - Divers Web & Internet
- Virus facebook demande d'amis - Accueil - Facebook
- Msn messenger - Télécharger - Messagerie
132 réponses
c'est le pack sécurié numericable et je sais pas comment le désactiver aussi ! désolé je n'y comprend rien
je n'arrive pas désactiver le pack sécurité numéricable ! J'attend ta réponse, je ne veux pas faire n'importe quoi !!
J'ai compris pour le mode recherche par contre....impossible de desactiver mon anti virus je trouve pas......alors quand tu auras le rapport ca sera avec le anti virus activé !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok ! la c'est à 60% ! moi non plus j'ai rien trouvé !!!!!! et pourtant il y a une assistance !! et bah que dalle !!!
à la fin de désinfection ;-)
il faut jamais remplacer un antivirus en cours de désinfection car il ,se peut que tu ne puisse plus avoir de protection :-)
il faut jamais remplacer un antivirus en cours de désinfection car il ,se peut que tu ne puisse plus avoir de protection :-)
List'em by g3n-h@ckm@n 1.1.5.2
Thx to Chiquitine29.....& CCM team
User : HP (Administrateurs) # SMEVE
Update on 14/12/2009 by g3n-h@ckm@n ::::: 00:00
Start at: 18:14:06 | 19/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Celeron(R) CPU 2.53GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Pack Sécurité Numericable 9.01 9.01 [ Enabled | Updated ]
FW : Pack Sécurité Numericable 9.01[ Enabled ]9.01
C:\ -> Disque fixe local | 37,26 Go (5,64 Go free) | NTFS
D:\ -> Disque CD-ROM | 58,74 Mo (0 Mo free) [DWA-110] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 628
C:\WINDOWS\system32\csrss.exe 676
C:\WINDOWS\system32\winlogon.exe 700
C:\WINDOWS\system32\services.exe 744
C:\WINDOWS\system32\lsass.exe 756
C:\WINDOWS\system32\svchost.exe 904
C:\WINDOWS\system32\svchost.exe 964
C:\WINDOWS\System32\svchost.exe 1004
C:\WINDOWS\system32\svchost.exe 1040
C:\WINDOWS\system32\svchost.exe 1216
C:\WINDOWS\system32\svchost.exe 1280
C:\WINDOWS\system32\spoolsv.exe 1520
C:\WINDOWS\system32\svchost.exe 1604
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe 308
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 372
C:\Program Files\Bonjour\mDNSResponder.exe 392
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fsgk32st.exe 456
C:\Program Files\PacksecuriteNumericable\Common\FSMA32.EXE 480
C:\Program Files\PacksecuriteNumericable\Anti-Virus\FSGK32.EXE 500
C:\Program Files\Java\jre6\bin\jqs.exe 576
C:\Program Files\PacksecuriteNumericable\Common\FSHDLL32.EXE 616
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 136
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 1028
C:\WINDOWS\system32\HPZipm12.exe 1172
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe 1312
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1364
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 1452
C:\WINDOWS\system32\svchost.exe 1632
C:\Program Files\PacksecuriteNumericable\FWES\Program\fsdfwd.exe 1428
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fssm32.exe 1640
C:\Program Files\PacksecuriteNumericable\ORSP Client\fsorsp.exe 1676
C:\WINDOWS\System32\alg.exe 2060
C:\WINDOWS\Explorer.EXE 2740
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 2976
C:\WINDOWS\system32\igfxtray.exe 3476
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fsav32.exe 3696
C:\WINDOWS\system32\hkcmd.exe 3788
C:\WINDOWS\system32\igfxpers.exe 3804
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe 3820
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe 3860
C:\Program Files\Logitech\QuickCam\Quickcam.exe 3880
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe 3900
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe 3944
C:\Program Files\iTunes\iTunesHelper.exe 420
C:\Program Files\PacksecuriteNumericable\Common\FSM32.EXE 492
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe 672
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe 1184
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe 1332
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe 1400
C:\WINDOWS\system32\ctfmon.exe 1848
C:\WINDOWS\rndll.exe 1908
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 1996
C:\Program Files\Messenger\msmsgs.exe 2148
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 3040
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe 3620
C:\Documents and Settings\HP\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe 416
C:\Program Files\iPod\bin\iPodService.exe 2208
C:\WINDOWS\system32\wbem\wmiapsrv.exe 3520
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe 2140
C:\Program Files\Windows Live\Contacts\wlcomm.exe 236
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac 468
C:\Program Files\Internet Explorer\iexplore.exe 2040
C:\Program Files\Internet Explorer\iexplore.exe 5500
C:\Program Files\Internet Explorer\iexplore.exe 1852
C:\Documents and Settings\HP\Bureau\List_Kill'em.exe 4568
C:\WINDOWS\system32\cmd.exe 4160
C:\WINDOWS\system32\wbem\wmiprvse.exe 1328
C:\Documents and Settings\HP\Local Settings\Temp\115.tmp\pv.exe 140
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
EA Core REG_SZ "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
DrvLsnr REG_SZ C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
ArcSoft Connection Service REG_SZ C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
Smapp REG_SZ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
AdobeCS4ServiceManager REG_SZ "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
F-Secure Manager REG_SZ "C:\Program Files\PacksecuriteNumericable\Common\FSM32.EXE" /splash
F-Secure TNB REG_SZ "C:\Program Files\PacksecuriteNumericable\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
Corel Photo Downloader REG_SZ "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
Corel File Shell Monitor REG_SZ C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
ANIWZCS2Service REG_SZ C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
D-Link D-Link Wireless G DWA-110 REG_SZ C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
Firevall Administrating REG_SZ rndll.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ MsgPlusLoader.dll
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\IncrediMail\bin\ImApp.exe REG_SZ C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\IncMail.exe REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\ImpCnt.exe REG_SZ C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\BearShare Applications\BearShare\BearShare.exe REG_SZ C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Mozilla Firefox\firefox.exe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
C:\Program Files\Zattoo\zattood.exe REG_SZ C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood
C:\Program Files\Zattoo\Zattoo2.exe REG_SZ C:\Program Files\Zattoo\Zattoo2.exe:*:Enabled:
C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe REG_SZ C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\DOCUME~1\HP\LOCALS~1\Temp\IXP000.TMP\gfhrtrt.exe REG_SZ C:\DOCUME~1\HP\LOCALS~1\Temp\IXP000.TMP\gfhrtrt.exe:*:Enabled:Firevall Administrating
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
D:\Autorun.inf :
----------------
[autorun]
OPEN=AUTORUN.EXE
ICON=AUTORUN.EXE,0
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
37,26 Go total, 5,65 Go libre (15%), 34% fragment‚ (fragmentation du fichier 64%)
Vous devriez d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Program Files\Search Guard PlusU
C:\Program Files\SGPSA
C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
C:\WINDOWS\System32\aniwzcsusername
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\System32\drivers\lvuvc.hs
C:\WINDOWS\System32\log.txt
C:\WINDOWS\System32\SET126.tmp
C:\Documents and Settings\HP\Local Settings\Application Data\ewewymu.exe
C:\Documents and Settings\HP\Local Settings\Application Data\Kiwee Toolbar
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
¤¤¤¤¤¤¤¤¤¤ Keys :
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Firevall Administrating"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{66886C4D-B307-4ECA-A228-52CA9B9851A4}"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}
HKLM\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}
HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
HKLM\Software\Classes\Interface\{90F62EF7-58D1-4E8E-BB3E-CFB10BA9E47B}
HKLM\Software\Classes\Interface\{B2B92BC9-E149-4EE8-A93E-0B8CFB329808}
HKLM\Software\Classes\TypeLib\{022C671F-6CBA-4A03-A8F9-3B3A361B235A}
HKLM\Software\Classes\TypeLib\{8AD815FC-607B-419F-8B70-D345A507A54E}
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 20:27:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
Ableton
Ad-remover
Adobe
Alwil Software
Analog Devices
ANI
Apple Software Update
ArcSoft
ASIO4ALL v2
Astonsoft
AvRack
AVS4YOU
AxBx
bleem
Bonjour
CCleaner
Common Files
ComPlus Applications
Conduit
Corel
D-Link
Disney Interactive
DivX
Electronic Arts
eMule
Fichiers communs
Goa
Google
HP
Image-Line
Iminent
IncrediMail
InstallShield Installation Information
Intel
Intel Corporation
Internet Explorer
iPod
iTunes
Java
Lavalys
Logitech
Malwarebytes' Anti-Malware
McAfee Security Scan
Messenger
Messenger Plus! Live
MessengerPlus! 3
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft WSE
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
Navilog1
NetMeeting
Oberon Media
Online Services
orange
Outlook Express
Outsim
PacksecuriteNumericable
Player Metaboli
QuickTime
Realtek Sound Manager
REAPER
Reference Assemblies
RomStation
Safari
Search Guard Plus
Search Guard PlusU
Services en ligne
SGPSA
Spybot - Search & Destroy
Trend Micro
TRENDnet
Uninstall Information
Utilitaire de configuration iPhone
VideoLAN
VstPlugins
Windows Live
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
============
Lecteur C:
============
71af13d11561e0f11742
Ad-Report-Clean-17.03.2009.log
Ad-Report-Scan-16.03.2009.log
Application Data
AUTOEXEC.BAT
b5ba0c04ae8ede0d19d441a4a000
boot.ini
Bootfont.bin
Casino
coktel
Config.Msi
CONFIG.SYS
Documents and Settings
Downloads
HP
IntelPRO
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
Nathan
NTDETECT.COM
ntldr
oldver
pagefile.sys
Poker
Program Files
ProgramData
RECYCLER
rsit
sqmdata00.sqm
sqmnoopt00.sqm
System Volume Information
Temp
users
WINDOWS
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Thx to Chiquitine29.....& CCM team
User : HP (Administrateurs) # SMEVE
Update on 14/12/2009 by g3n-h@ckm@n ::::: 00:00
Start at: 18:14:06 | 19/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Celeron(R) CPU 2.53GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Pack Sécurité Numericable 9.01 9.01 [ Enabled | Updated ]
FW : Pack Sécurité Numericable 9.01[ Enabled ]9.01
C:\ -> Disque fixe local | 37,26 Go (5,64 Go free) | NTFS
D:\ -> Disque CD-ROM | 58,74 Mo (0 Mo free) [DWA-110] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 628
C:\WINDOWS\system32\csrss.exe 676
C:\WINDOWS\system32\winlogon.exe 700
C:\WINDOWS\system32\services.exe 744
C:\WINDOWS\system32\lsass.exe 756
C:\WINDOWS\system32\svchost.exe 904
C:\WINDOWS\system32\svchost.exe 964
C:\WINDOWS\System32\svchost.exe 1004
C:\WINDOWS\system32\svchost.exe 1040
C:\WINDOWS\system32\svchost.exe 1216
C:\WINDOWS\system32\svchost.exe 1280
C:\WINDOWS\system32\spoolsv.exe 1520
C:\WINDOWS\system32\svchost.exe 1604
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe 308
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 372
C:\Program Files\Bonjour\mDNSResponder.exe 392
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fsgk32st.exe 456
C:\Program Files\PacksecuriteNumericable\Common\FSMA32.EXE 480
C:\Program Files\PacksecuriteNumericable\Anti-Virus\FSGK32.EXE 500
C:\Program Files\Java\jre6\bin\jqs.exe 576
C:\Program Files\PacksecuriteNumericable\Common\FSHDLL32.EXE 616
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 136
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 1028
C:\WINDOWS\system32\HPZipm12.exe 1172
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe 1312
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1364
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 1452
C:\WINDOWS\system32\svchost.exe 1632
C:\Program Files\PacksecuriteNumericable\FWES\Program\fsdfwd.exe 1428
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fssm32.exe 1640
C:\Program Files\PacksecuriteNumericable\ORSP Client\fsorsp.exe 1676
C:\WINDOWS\System32\alg.exe 2060
C:\WINDOWS\Explorer.EXE 2740
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 2976
C:\WINDOWS\system32\igfxtray.exe 3476
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fsav32.exe 3696
C:\WINDOWS\system32\hkcmd.exe 3788
C:\WINDOWS\system32\igfxpers.exe 3804
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe 3820
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe 3860
C:\Program Files\Logitech\QuickCam\Quickcam.exe 3880
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe 3900
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe 3944
C:\Program Files\iTunes\iTunesHelper.exe 420
C:\Program Files\PacksecuriteNumericable\Common\FSM32.EXE 492
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe 672
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe 1184
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe 1332
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe 1400
C:\WINDOWS\system32\ctfmon.exe 1848
C:\WINDOWS\rndll.exe 1908
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 1996
C:\Program Files\Messenger\msmsgs.exe 2148
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 3040
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe 3620
C:\Documents and Settings\HP\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe 416
C:\Program Files\iPod\bin\iPodService.exe 2208
C:\WINDOWS\system32\wbem\wmiapsrv.exe 3520
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe 2140
C:\Program Files\Windows Live\Contacts\wlcomm.exe 236
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac 468
C:\Program Files\Internet Explorer\iexplore.exe 2040
C:\Program Files\Internet Explorer\iexplore.exe 5500
C:\Program Files\Internet Explorer\iexplore.exe 1852
C:\Documents and Settings\HP\Bureau\List_Kill'em.exe 4568
C:\WINDOWS\system32\cmd.exe 4160
C:\WINDOWS\system32\wbem\wmiprvse.exe 1328
C:\Documents and Settings\HP\Local Settings\Temp\115.tmp\pv.exe 140
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
EA Core REG_SZ "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
DrvLsnr REG_SZ C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
ArcSoft Connection Service REG_SZ C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
Smapp REG_SZ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
AdobeCS4ServiceManager REG_SZ "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
F-Secure Manager REG_SZ "C:\Program Files\PacksecuriteNumericable\Common\FSM32.EXE" /splash
F-Secure TNB REG_SZ "C:\Program Files\PacksecuriteNumericable\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
Corel Photo Downloader REG_SZ "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
Corel File Shell Monitor REG_SZ C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
ANIWZCS2Service REG_SZ C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
D-Link D-Link Wireless G DWA-110 REG_SZ C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
Firevall Administrating REG_SZ rndll.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ MsgPlusLoader.dll
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\IncrediMail\bin\ImApp.exe REG_SZ C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\IncMail.exe REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\ImpCnt.exe REG_SZ C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\BearShare Applications\BearShare\BearShare.exe REG_SZ C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Mozilla Firefox\firefox.exe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
C:\Program Files\Zattoo\zattood.exe REG_SZ C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood
C:\Program Files\Zattoo\Zattoo2.exe REG_SZ C:\Program Files\Zattoo\Zattoo2.exe:*:Enabled:
C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe REG_SZ C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\DOCUME~1\HP\LOCALS~1\Temp\IXP000.TMP\gfhrtrt.exe REG_SZ C:\DOCUME~1\HP\LOCALS~1\Temp\IXP000.TMP\gfhrtrt.exe:*:Enabled:Firevall Administrating
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
D:\Autorun.inf :
----------------
[autorun]
OPEN=AUTORUN.EXE
ICON=AUTORUN.EXE,0
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
37,26 Go total, 5,65 Go libre (15%), 34% fragment‚ (fragmentation du fichier 64%)
Vous devriez d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Program Files\Search Guard PlusU
C:\Program Files\SGPSA
C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
C:\WINDOWS\System32\aniwzcsusername
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\System32\drivers\lvuvc.hs
C:\WINDOWS\System32\log.txt
C:\WINDOWS\System32\SET126.tmp
C:\Documents and Settings\HP\Local Settings\Application Data\ewewymu.exe
C:\Documents and Settings\HP\Local Settings\Application Data\Kiwee Toolbar
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
¤¤¤¤¤¤¤¤¤¤ Keys :
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Firevall Administrating"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{66886C4D-B307-4ECA-A228-52CA9B9851A4}"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}
HKLM\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}
HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
HKLM\Software\Classes\Interface\{90F62EF7-58D1-4E8E-BB3E-CFB10BA9E47B}
HKLM\Software\Classes\Interface\{B2B92BC9-E149-4EE8-A93E-0B8CFB329808}
HKLM\Software\Classes\TypeLib\{022C671F-6CBA-4A03-A8F9-3B3A361B235A}
HKLM\Software\Classes\TypeLib\{8AD815FC-607B-419F-8B70-D345A507A54E}
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 20:27:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
Ableton
Ad-remover
Adobe
Alwil Software
Analog Devices
ANI
Apple Software Update
ArcSoft
ASIO4ALL v2
Astonsoft
AvRack
AVS4YOU
AxBx
bleem
Bonjour
CCleaner
Common Files
ComPlus Applications
Conduit
Corel
D-Link
Disney Interactive
DivX
Electronic Arts
eMule
Fichiers communs
Goa
HP
Image-Line
Iminent
IncrediMail
InstallShield Installation Information
Intel
Intel Corporation
Internet Explorer
iPod
iTunes
Java
Lavalys
Logitech
Malwarebytes' Anti-Malware
McAfee Security Scan
Messenger
Messenger Plus! Live
MessengerPlus! 3
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft WSE
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
Navilog1
NetMeeting
Oberon Media
Online Services
orange
Outlook Express
Outsim
PacksecuriteNumericable
Player Metaboli
QuickTime
Realtek Sound Manager
REAPER
Reference Assemblies
RomStation
Safari
Search Guard Plus
Search Guard PlusU
Services en ligne
SGPSA
Spybot - Search & Destroy
Trend Micro
TRENDnet
Uninstall Information
Utilitaire de configuration iPhone
VideoLAN
VstPlugins
Windows Live
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
============
Lecteur C:
============
71af13d11561e0f11742
Ad-Report-Clean-17.03.2009.log
Ad-Report-Scan-16.03.2009.log
Application Data
AUTOEXEC.BAT
b5ba0c04ae8ede0d19d441a4a000
boot.ini
Bootfont.bin
Casino
coktel
Config.Msi
CONFIG.SYS
Documents and Settings
Downloads
HP
IntelPRO
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
Nathan
NTDETECT.COM
ntldr
oldver
pagefile.sys
Poker
Program Files
ProgramData
RECYCLER
rsit
sqmdata00.sqm
sqmnoopt00.sqm
System Volume Information
Temp
users
WINDOWS
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Mode Suppression
REDEMARRE EN MODE SANS ECHEC
Redémarre l'ordinateur en tapotant la touche F8 plusieurs fois jusqu'à l'apparition d'un menu (blanc sur fond noir).
Ne t'inquiète pas si les couleurs et les icônes ne sont pas comme d'habitude
Dans ce menu, à l'aide des touches directionnelles, mettez en surbrillance la ligne Démarrer en mode sans échec.
Choisir le système d'exploitation à démarrer.
Choisir votre compte habituel pour vous loguer.
A l'avertissement disant que l'ordinateur a démarré en mode sans échec, cliquer sur Continuer.
Remarque: Sur certains ordinateurs, la touche F8 est inopérante. Utiliser dans ce cas la touche F5 ou F12(ordinateur US).
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Tuto:http://www.vista-xp.fr/forum/topic93.html
Relance List&Kill'em (clic droit pour vista),
mais cette fois-ci :
choisis l'option 2 = Mode Destruction
laisse travailler l'outil
après les vérifications , un rapport va s'ouvrir.
Ferme-le.
Un deuxième rapport va s’ouvrir,
colle son contenu dans ta réponse après avoir redémarré en mode normal
REDEMARRE EN MODE SANS ECHEC
Redémarre l'ordinateur en tapotant la touche F8 plusieurs fois jusqu'à l'apparition d'un menu (blanc sur fond noir).
Ne t'inquiète pas si les couleurs et les icônes ne sont pas comme d'habitude
Dans ce menu, à l'aide des touches directionnelles, mettez en surbrillance la ligne Démarrer en mode sans échec.
Choisir le système d'exploitation à démarrer.
Choisir votre compte habituel pour vous loguer.
A l'avertissement disant que l'ordinateur a démarré en mode sans échec, cliquer sur Continuer.
Remarque: Sur certains ordinateurs, la touche F8 est inopérante. Utiliser dans ce cas la touche F5 ou F12(ordinateur US).
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Tuto:http://www.vista-xp.fr/forum/topic93.html
Relance List&Kill'em (clic droit pour vista),
mais cette fois-ci :
choisis l'option 2 = Mode Destruction
laisse travailler l'outil
après les vérifications , un rapport va s'ouvrir.
Ferme-le.
Un deuxième rapport va s’ouvrir,
colle son contenu dans ta réponse après avoir redémarré en mode normal
Kill'em by g3n-h@ckm@n 1.1.5.2
User : HP () # SMEVE
Update on 14/12/2009 by g3n-h@ckm@n ::::: 00:00
Start at: 07:52:27 | 20/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Celeron(R) CPU 2.53GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Pack Sécurité Numericable 9.01 9.01 [ Enabled | Updated ]
FW : Pack Sécurité Numericable 9.01[ Enabled ]9.01
C:\ -> Disque fixe local | 37,26 Go (4,83 Go free) | NTFS
D:\ -> Disque CD-ROM | 58,74 Mo (0 Mo free) [DWA-110] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 160
C:\WINDOWS\system32\csrss.exe 208
C:\WINDOWS\system32\winlogon.exe 232
C:\WINDOWS\system32\services.exe 276
C:\WINDOWS\system32\lsass.exe 288
C:\WINDOWS\system32\svchost.exe 440
C:\WINDOWS\system32\svchost.exe 488
C:\WINDOWS\system32\svchost.exe 528
C:\WINDOWS\Explorer.EXE 800
C:\WINDOWS\system32\wbem\wmiprvse.exe 868
C:\Documents and Settings\HP\Bureau\List_Kill'em.exe 1048
C:\WINDOWS\system32\cmd.exe 1064
C:\Documents and Settings\HP\Local Settings\Temp\1.tmp\pv.exe 1192
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
"C:\Program Files\Search Guard PlusU"
"C:\Program Files\SGPSA"
"C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}"
"C:\WINDOWS\system32\aniwzcsusername"
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
"C:\WINDOWS\System32\drivers\lvuvc.hs"
"C:\WINDOWS\System32\log.txt"
C:\WINDOWS\System32\SET126.tmp
C:\Documents and Settings\HP\Local Settings\Application Data\ewewymu.exe
"C:\Documents and Settings\HP\Local Settings\Application Data\Kiwee Toolbar"
"C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png"
"C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png"
"C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png"
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
ANIWZCSUSERNAME.Kill'em
ewewymu.exe.Kill'em
hosts.msn.Kill'em
iGSh.png.Kill'em
iMSh.png.Kill'em
iPSh.png.Kill'em
Kiwee Toolbar.Kill'em
log.txt.Kill'em
lvuvc.hs.Kill'em
Search Guard PlusU.Kill'em
SET126.tmp.Kill'em
SGPSA.Kill'em
{E1B94435-241E-4519-B1C3-C4DD9EB352A2}.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{66886C4D-B307-4ECA-A228-52CA9B9851A4}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}
Deleted : HKLM\Software\Classes\Interface\{90F62EF7-58D1-4E8E-BB3E-CFB10BA9E47B}
Deleted : HKLM\Software\Classes\Interface\{B2B92BC9-E149-4EE8-A93E-0B8CFB329808}
Deleted : HKLM\Software\Classes\TypeLib\{022C671F-6CBA-4A03-A8F9-3B3A361B235A}
Deleted : HKLM\Software\Classes\TypeLib\{8AD815FC-607B-419F-8B70-D345A507A54E}
============
Disk Cleaned
============
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : HP () # SMEVE
Update on 14/12/2009 by g3n-h@ckm@n ::::: 00:00
Start at: 07:52:27 | 20/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Celeron(R) CPU 2.53GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Pack Sécurité Numericable 9.01 9.01 [ Enabled | Updated ]
FW : Pack Sécurité Numericable 9.01[ Enabled ]9.01
C:\ -> Disque fixe local | 37,26 Go (4,83 Go free) | NTFS
D:\ -> Disque CD-ROM | 58,74 Mo (0 Mo free) [DWA-110] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 160
C:\WINDOWS\system32\csrss.exe 208
C:\WINDOWS\system32\winlogon.exe 232
C:\WINDOWS\system32\services.exe 276
C:\WINDOWS\system32\lsass.exe 288
C:\WINDOWS\system32\svchost.exe 440
C:\WINDOWS\system32\svchost.exe 488
C:\WINDOWS\system32\svchost.exe 528
C:\WINDOWS\Explorer.EXE 800
C:\WINDOWS\system32\wbem\wmiprvse.exe 868
C:\Documents and Settings\HP\Bureau\List_Kill'em.exe 1048
C:\WINDOWS\system32\cmd.exe 1064
C:\Documents and Settings\HP\Local Settings\Temp\1.tmp\pv.exe 1192
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
"C:\Program Files\Search Guard PlusU"
"C:\Program Files\SGPSA"
"C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}"
"C:\WINDOWS\system32\aniwzcsusername"
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
"C:\WINDOWS\System32\drivers\lvuvc.hs"
"C:\WINDOWS\System32\log.txt"
C:\WINDOWS\System32\SET126.tmp
C:\Documents and Settings\HP\Local Settings\Application Data\ewewymu.exe
"C:\Documents and Settings\HP\Local Settings\Application Data\Kiwee Toolbar"
"C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png"
"C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png"
"C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png"
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
ANIWZCSUSERNAME.Kill'em
ewewymu.exe.Kill'em
hosts.msn.Kill'em
iGSh.png.Kill'em
iMSh.png.Kill'em
iPSh.png.Kill'em
Kiwee Toolbar.Kill'em
log.txt.Kill'em
lvuvc.hs.Kill'em
Search Guard PlusU.Kill'em
SET126.tmp.Kill'em
SGPSA.Kill'em
{E1B94435-241E-4519-B1C3-C4DD9EB352A2}.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{66886C4D-B307-4ECA-A228-52CA9B9851A4}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}
Deleted : HKLM\Software\Classes\Interface\{90F62EF7-58D1-4E8E-BB3E-CFB10BA9E47B}
Deleted : HKLM\Software\Classes\Interface\{B2B92BC9-E149-4EE8-A93E-0B8CFB329808}
Deleted : HKLM\Software\Classes\TypeLib\{022C671F-6CBA-4A03-A8F9-3B3A361B235A}
Deleted : HKLM\Software\Classes\TypeLib\{8AD815FC-607B-419F-8B70-D345A507A54E}
============
Disk Cleaned
============
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
désolé mais j'ai reçu ton message que ce matin !!! Vive MSN et son beug !!! C'est insupportable, c'est de pire en pire ce virus tout les 20 minutes ma souris se bloque et envoi le lien foto à tout mes contacts même ceux hors ligne, et jepeux rien faire tout est bloqué pendant que toutes les fenêtres défilent avec le lien ! Enfin j'epère que c'est pas trop grave et qu'on va réussir à le détruire !!! merci . Parcontre j'ai fais le choix 2 mais c'est suppression et non destruction dans List&Kill'em , j'espère que j'ai pas fais de conneries !
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 20:27:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
je l'ai fait mais à part mon mp3 pour le recharger, je n'aî plus de clé usb
Rootkit scan 2009-12-19 20:27:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
je l'ai fait mais à part mon mp3 pour le recharger, je n'aî plus de clé usb
############################## | UsbFix V6.066 |
User : HP (Administrateurs) # SMEVE
Update on 20/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 08:47:23 | 20/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Celeron(R) CPU 2.53GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Pack Sécurité Numericable 9.01 9.01 [ Enabled | Updated ]
FW : Pack Sécurité Numericable 9.01[ Enabled ]9.01
C:\ -> Disque fixe local # 37,26 Go (5,92 Go free) # NTFS
D:\ -> Disque CD-ROM # 58,74 Mo (0 Mo free) [DWA-110] # CDFS
E:\ -> Disque amovible # 1,87 Go (831,86 Mo free) [ZEN STONE] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 620
C:\WINDOWS\system32\csrss.exe 672
C:\WINDOWS\system32\winlogon.exe 696
C:\WINDOWS\system32\services.exe 740
C:\WINDOWS\system32\lsass.exe 752
C:\WINDOWS\system32\svchost.exe 908
C:\WINDOWS\system32\svchost.exe 968
C:\WINDOWS\System32\svchost.exe 1064
C:\WINDOWS\system32\svchost.exe 1100
C:\WINDOWS\system32\svchost.exe 1284
C:\WINDOWS\system32\svchost.exe 1356
C:\WINDOWS\system32\spoolsv.exe 1596
C:\WINDOWS\system32\svchost.exe 1680
C:\WINDOWS\Explorer.EXE 716
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe 1092
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe 1152
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1200
C:\Program Files\Bonjour\mDNSResponder.exe 1216
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fsgk32st.exe 1300
C:\Program Files\PacksecuriteNumericable\Common\FSMA32.EXE 1352
C:\Program Files\PacksecuriteNumericable\Anti-Virus\FSGK32.EXE 1392
C:\Program Files\Java\jre6\bin\jqs.exe 1416
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 1500
C:\Program Files\PacksecuriteNumericable\Common\FSHDLL32.EXE 1520
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 1716
C:\WINDOWS\system32\HPZipm12.exe 1780
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe 1816
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1880
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 2040
C:\WINDOWS\system32\svchost.exe 212
C:\WINDOWS\system32\wuauclt.exe 1472
C:\WINDOWS\system32\wbem\wmiprvse.exe 1324
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 2096
C:\Program Files\PacksecuriteNumericable\FWES\Program\fsdfwd.exe 2200
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fssm32.exe 2244
C:\Program Files\PacksecuriteNumericable\ORSP Client\fsorsp.exe 2288
C:\WINDOWS\System32\alg.exe 2508
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fsav32.exe 2856
C:\WINDOWS\system32\wbem\wmiapsrv.exe 3060
C:\WINDOWS\system32\wbem\wmiprvse.exe 3116
################## | Fichiers # Dossiers infectieux |
exuse moi
User : HP (Administrateurs) # SMEVE
Update on 20/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 08:47:23 | 20/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Celeron(R) CPU 2.53GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Pack Sécurité Numericable 9.01 9.01 [ Enabled | Updated ]
FW : Pack Sécurité Numericable 9.01[ Enabled ]9.01
C:\ -> Disque fixe local # 37,26 Go (5,92 Go free) # NTFS
D:\ -> Disque CD-ROM # 58,74 Mo (0 Mo free) [DWA-110] # CDFS
E:\ -> Disque amovible # 1,87 Go (831,86 Mo free) [ZEN STONE] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 620
C:\WINDOWS\system32\csrss.exe 672
C:\WINDOWS\system32\winlogon.exe 696
C:\WINDOWS\system32\services.exe 740
C:\WINDOWS\system32\lsass.exe 752
C:\WINDOWS\system32\svchost.exe 908
C:\WINDOWS\system32\svchost.exe 968
C:\WINDOWS\System32\svchost.exe 1064
C:\WINDOWS\system32\svchost.exe 1100
C:\WINDOWS\system32\svchost.exe 1284
C:\WINDOWS\system32\svchost.exe 1356
C:\WINDOWS\system32\spoolsv.exe 1596
C:\WINDOWS\system32\svchost.exe 1680
C:\WINDOWS\Explorer.EXE 716
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe 1092
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe 1152
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1200
C:\Program Files\Bonjour\mDNSResponder.exe 1216
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fsgk32st.exe 1300
C:\Program Files\PacksecuriteNumericable\Common\FSMA32.EXE 1352
C:\Program Files\PacksecuriteNumericable\Anti-Virus\FSGK32.EXE 1392
C:\Program Files\Java\jre6\bin\jqs.exe 1416
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 1500
C:\Program Files\PacksecuriteNumericable\Common\FSHDLL32.EXE 1520
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 1716
C:\WINDOWS\system32\HPZipm12.exe 1780
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe 1816
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1880
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 2040
C:\WINDOWS\system32\svchost.exe 212
C:\WINDOWS\system32\wuauclt.exe 1472
C:\WINDOWS\system32\wbem\wmiprvse.exe 1324
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 2096
C:\Program Files\PacksecuriteNumericable\FWES\Program\fsdfwd.exe 2200
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fssm32.exe 2244
C:\Program Files\PacksecuriteNumericable\ORSP Client\fsorsp.exe 2288
C:\WINDOWS\System32\alg.exe 2508
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fsav32.exe 2856
C:\WINDOWS\system32\wbem\wmiapsrv.exe 3060
C:\WINDOWS\system32\wbem\wmiprvse.exe 3116
################## | Fichiers # Dossiers infectieux |
exuse moi
ben j'ai tout selectionner pourtant , bizarre
############################## | UsbFix V6.066 |
User : HP (Administrateurs) # SMEVE
Update on 20/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 08:47:23 | 20/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Celeron(R) CPU 2.53GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Pack Sécurité Numericable 9.01 9.01 [ Enabled | Updated ]
FW : Pack Sécurité Numericable 9.01[ Enabled ]9.01
C:\ -> Disque fixe local # 37,26 Go (5,92 Go free) # NTFS
D:\ -> Disque CD-ROM # 58,74 Mo (0 Mo free) [DWA-110] # CDFS
E:\ -> Disque amovible # 1,87 Go (831,86 Mo free) [ZEN STONE] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 620
C:\WINDOWS\system32\csrss.exe 672
C:\WINDOWS\system32\winlogon.exe 696
C:\WINDOWS\system32\services.exe 740
C:\WINDOWS\system32\lsass.exe 752
C:\WINDOWS\system32\svchost.exe 908
C:\WINDOWS\system32\svchost.exe 968
C:\WINDOWS\System32\svchost.exe 1064
C:\WINDOWS\system32\svchost.exe 1100
C:\WINDOWS\system32\svchost.exe 1284
C:\WINDOWS\system32\svchost.exe 1356
C:\WINDOWS\system32\spoolsv.exe 1596
C:\WINDOWS\system32\svchost.exe 1680
C:\WINDOWS\Explorer.EXE 716
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe 1092
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe 1152
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1200
C:\Program Files\Bonjour\mDNSResponder.exe 1216
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fsgk32st.exe 1300
C:\Program Files\PacksecuriteNumericable\Common\FSMA32.EXE 1352
C:\Program Files\PacksecuriteNumericable\Anti-Virus\FSGK32.EXE 1392
C:\Program Files\Java\jre6\bin\jqs.exe 1416
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 1500
C:\Program Files\PacksecuriteNumericable\Common\FSHDLL32.EXE 1520
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 1716
C:\WINDOWS\system32\HPZipm12.exe 1780
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe 1816
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1880
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 2040
C:\WINDOWS\system32\svchost.exe 212
C:\WINDOWS\system32\wuauclt.exe 1472
C:\WINDOWS\system32\wbem\wmiprvse.exe 1324
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 2096
C:\Program Files\PacksecuriteNumericable\FWES\Program\fsdfwd.exe 2200
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fssm32.exe 2244
C:\Program Files\PacksecuriteNumericable\ORSP Client\fsorsp.exe 2288
C:\WINDOWS\System32\alg.exe 2508
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fsav32.exe 2856
C:\WINDOWS\system32\wbem\wmiapsrv.exe 3060
C:\WINDOWS\system32\wbem\wmiprvse.exe 3116
################## | Fichiers # Dossiers infectieux |
############################## | UsbFix V6.066 |
User : HP (Administrateurs) # SMEVE
Update on 20/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 08:47:23 | 20/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Celeron(R) CPU 2.53GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Pack Sécurité Numericable 9.01 9.01 [ Enabled | Updated ]
FW : Pack Sécurité Numericable 9.01[ Enabled ]9.01
C:\ -> Disque fixe local # 37,26 Go (5,92 Go free) # NTFS
D:\ -> Disque CD-ROM # 58,74 Mo (0 Mo free) [DWA-110] # CDFS
E:\ -> Disque amovible # 1,87 Go (831,86 Mo free) [ZEN STONE] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 620
C:\WINDOWS\system32\csrss.exe 672
C:\WINDOWS\system32\winlogon.exe 696
C:\WINDOWS\system32\services.exe 740
C:\WINDOWS\system32\lsass.exe 752
C:\WINDOWS\system32\svchost.exe 908
C:\WINDOWS\system32\svchost.exe 968
C:\WINDOWS\System32\svchost.exe 1064
C:\WINDOWS\system32\svchost.exe 1100
C:\WINDOWS\system32\svchost.exe 1284
C:\WINDOWS\system32\svchost.exe 1356
C:\WINDOWS\system32\spoolsv.exe 1596
C:\WINDOWS\system32\svchost.exe 1680
C:\WINDOWS\Explorer.EXE 716
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe 1092
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe 1152
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1200
C:\Program Files\Bonjour\mDNSResponder.exe 1216
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fsgk32st.exe 1300
C:\Program Files\PacksecuriteNumericable\Common\FSMA32.EXE 1352
C:\Program Files\PacksecuriteNumericable\Anti-Virus\FSGK32.EXE 1392
C:\Program Files\Java\jre6\bin\jqs.exe 1416
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 1500
C:\Program Files\PacksecuriteNumericable\Common\FSHDLL32.EXE 1520
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 1716
C:\WINDOWS\system32\HPZipm12.exe 1780
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe 1816
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1880
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 2040
C:\WINDOWS\system32\svchost.exe 212
C:\WINDOWS\system32\wuauclt.exe 1472
C:\WINDOWS\system32\wbem\wmiprvse.exe 1324
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 2096
C:\Program Files\PacksecuriteNumericable\FWES\Program\fsdfwd.exe 2200
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fssm32.exe 2244
C:\Program Files\PacksecuriteNumericable\ORSP Client\fsorsp.exe 2288
C:\WINDOWS\System32\alg.exe 2508
C:\Program Files\PacksecuriteNumericable\Anti-Virus\fsav32.exe 2856
C:\WINDOWS\system32\wbem\wmiapsrv.exe 3060
C:\WINDOWS\system32\wbem\wmiprvse.exe 3116
################## | Fichiers # Dossiers infectieux |
