Aidez moi gros virus voici mon hijackthis

Résolu

rafoufe42 Messages postés 82 Date d'inscription Statut Membre Dernière intervention -
fix200 Messages postés 3243 Date d'inscription Statut Contributeur sécurité Dernière intervention - 8 janv. 2010 à 16:23

Bonjour, mon rapport hijackthis svp

Logfile of random's system information tool 1.06 (written by random/random)
Run by fernandes antoine at 2010-01-06 19:33:50
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 19 GB (12%) free of 156 GB
Total RAM: 959 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:14, on 06/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\RSIT.exe
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Raph\fernandes antoine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\vga active.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [owns curb] C:\DOCUME~1\FERNAN~1.MAI\APPLIC~1\BIKE01~1\Bin Four Grid.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; FDM; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"https://www.miniclip.com/games/china-2008/en/"
O4 - S-1-5-18 Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\WINDOWS\system32\CF5110.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

Afficher la suite

A voir également:

Aidez moi gros virus voici mon hijackthis
Hijackthis - Télécharger - Antivirus & Antimalwares
Virus mcafee - Accueil - Piratage
Virus facebook demande d'amis - Accueil - Facebook
Undisclosed-recipients virus - Guide
Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares

44 réponses

Réponse 21 / 44

fix200 Messages postés 3243 Date d'inscription Statut Contributeur sécurité Dernière intervention 158

Ok ;)
Et la prochaine fois lorsque tu utilises MBAM, pense à le mettre à jour, et utiliser l'analyse rapide plutôt que la complète.

Réponse 22 / 44

rafoufe42 Messages postés 82 Date d'inscription Statut Membre Dernière intervention 2

Je vais relancer l'analyse rapide mbam

ComboFix 10-01-04.01 - fernandes antoine 07/01/2010 20:45:20.2.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.959.535 [GMT 1:00]
Lancé depuis: c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Bureau\raph.exe
Commutateurs utilisés :: c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Bureau\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\41.exe"
"c:\windows\system32\helper32.dll"
"c:\windows\system32\IS15.exe"
"c:\windows\system32\smss32.exe"
"c:\windows\system32\winlogon32.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Bureau\Internet Security 2010.lnk
c:\program files\InternetSecurity2010
c:\windows\system32\41.exe
c:\windows\system32\helper32.dll
c:\windows\system32\winlogon32.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-07 au 2010-01-07 ))))))))))))))))))))))))))))))))))))
.

2010-01-06 18:49 . 2010-01-06 19:04 -------- d-----w- C:\Lop SD
2010-01-06 16:48 . 2010-01-06 15:54 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-06 16:48 . 2010-01-06 15:54 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-01-06 16:48 . 2010-01-06 15:54 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-01-06 16:48 . 2010-01-06 15:54 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-06 16:48 . 2010-01-06 15:54 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2010-01-06 16:48 . 2010-01-06 15:54 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-01-06 15:54 . 2010-01-06 15:55 -------- d-----w- C:\$AVG
2010-01-06 15:54 . 2010-01-06 15:54 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-06 15:54 . 2010-01-06 15:54 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-06 15:54 . 2010-01-06 15:54 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-06 15:54 . 2010-01-06 15:54 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-06 15:54 . 2010-01-06 15:54 -------- d-----w- c:\program files\AVG
2010-01-06 15:54 . 2010-01-06 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-06 15:53 . 2010-01-06 16:34 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-06 15:09 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-06 15:09 . 2010-01-06 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 15:09 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 14:40 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-01-06 14:40 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2009-12-27 19:39 . 2009-12-27 19:39 -------- d-----w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\Samsung
2009-12-26 17:49 . 2009-12-26 17:49 -------- d-----w- c:\program files\Gameforge4D
2009-12-26 17:11 . 2008-03-05 15:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2009-12-26 17:11 . 2008-03-05 15:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2009-12-26 17:11 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-12-26 17:11 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-12-26 17:11 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-12-26 17:11 . 2007-10-22 02:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2009-12-26 17:11 . 2007-10-12 14:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2009-12-26 17:11 . 2007-10-02 08:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2009-12-26 17:11 . 2007-10-12 14:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-12-26 17:10 . 2009-12-26 17:10 -------- d-----w- c:\windows\Logs
2009-12-26 16:58 . 2009-12-26 16:58 -------- d-----w- c:\program files\Microsoft Hardware
2009-12-26 14:42 . 2006-05-03 21:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2009-12-26 14:42 . 2009-12-26 14:42 -------- d-----w- c:\program files\DIFX
2009-12-26 14:42 . 2008-02-22 14:33 14976 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2009-12-26 14:42 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2009-12-26 14:42 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2009-12-26 14:42 . 2008-02-22 14:33 114304 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2009-12-26 14:42 . 2008-02-22 14:33 87936 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2009-12-26 14:42 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2009-12-26 14:42 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2009-12-26 14:42 . 2009-12-26 14:42 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-12-26 14:41 . 2009-12-26 14:50 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-12-26 14:41 . 2009-12-26 14:41 -------- d-----w- c:\program files\Samsung
2009-12-25 16:32 . 2008-04-14 03:05 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-12-25 16:32 . 2008-04-14 03:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-12-25 16:31 . 2001-08-17 21:02 2688 -c--a-w- c:\windows\system32\dllcache\hidswvd.sys
2009-12-25 16:31 . 2001-08-17 21:02 2688 ----a-w- c:\windows\system32\drivers\HIDSwvd.sys
2009-12-25 16:31 . 2008-04-13 19:45 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2009-12-25 16:31 . 2008-04-13 19:45 59136 ----a-w- c:\windows\system32\drivers\GcKernel.sys
2009-12-15 20:20 . 2009-12-15 20:20 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-12-15 20:20 . 2009-12-15 20:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 19:56 . 2009-02-10 10:15 -------- d-----w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\Free Download Manager
2010-01-07 19:53 . 2008-07-30 15:52 -------- d-----w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\OpenOffice.org2
2010-01-06 17:03 . 2009-09-18 14:30 3476 ----a-w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\wklnhst.dat
2010-01-02 20:08 . 2008-07-30 15:53 1 ----a-w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-12-27 20:37 . 2008-07-30 11:41 82104 ----a-w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-26 14:41 . 2008-07-30 15:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 14:40 . 2008-09-20 20:24 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-12-16 19:48 . 2009-09-26 19:54 -------- d-----w- c:\program files\Iminent
2009-12-16 19:45 . 2009-09-26 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Toolbar4
2009-12-16 19:45 . 2009-01-16 22:22 -------- d-----w- c:\program files\DWGeditor
2009-12-16 19:44 . 2009-02-10 10:49 -------- d-----w- c:\program files\eMule
2009-12-06 15:17 . 2008-07-30 12:20 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-01 16:56 . 2009-11-30 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-30 21:07 . 2009-01-16 22:27 -------- d-----w- c:\program files\Fichiers communs\SolidWorks Shared
2009-11-30 21:06 . 2009-06-23 21:42 -------- d-----w- c:\program files\Lphant
2009-11-30 21:06 . 2009-07-01 10:48 -------- d-----w- c:\program files\Ad-remover
2009-11-30 20:52 . 2009-11-30 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-11-30 20:52 . 2009-11-30 20:52 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-11-28 12:41 . 2009-07-15 12:50 -------- d-----w- c:\program files\Metin2_France
2009-11-25 18:11 . 2009-11-25 18:11 -------- d-----w- c:\program files\Axon Data
2009-11-25 16:43 . 2008-08-06 11:26 -------- d-----w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\LimeWire
2009-11-23 14:26 . 2009-12-05 17:48 52224 ----a-w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\Mozilla\Firefox\Profiles\ik9x3a3p.default\extensions\{346de098-61f9-4b42-89da-6dfba7091bb6}\components\FFExternalAlert.dll
2009-11-23 14:26 . 2009-12-05 17:48 114688 ----a-w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\Mozilla\Firefox\Profiles\ik9x3a3p.default\extensions\{346de098-61f9-4b42-89da-6dfba7091bb6}\components\npmozax.dll
2009-11-22 12:13 . 2009-11-22 12:10 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2009-10-25 12:07 . 2004-08-05 12:00 81096 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-25 12:07 . 2004-08-05 12:00 501232 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-20 12:33 . 2009-11-30 19:34 103424 ----a-w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\Mozilla\Firefox\Profiles\ik9x3a3p.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-10-20 12:33 . 2009-11-30 19:34 545280 ----a-w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\Mozilla\Firefox\Profiles\ik9x3a3p.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-10-20 12:33 . 2009-11-30 19:34 4716544 ----a-w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\Mozilla\Firefox\Profiles\ik9x3a3p.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-10-20 12:33 . 2009-11-30 19:34 344064 ----a-w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\Mozilla\Firefox\Profiles\ik9x3a3p.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-10-20 12:33 . 2009-11-30 19:34 153600 ----a-w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\Mozilla\Firefox\Profiles\ik9x3a3p.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-10-14 16:05 . 2009-10-14 16:05 702520 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-14 14:47 . 2009-10-13 21:32 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-14 14:47 . 2009-10-13 21:32 139152 ----a-w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\PnkBstrK.sys
2009-10-14 14:47 . 2009-10-13 21:32 139152 ----a-w- c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\PnkBstrK.sys
2009-10-14 14:47 . 2009-10-13 21:32 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-14 14:47 . 2009-10-13 21:32 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-14 14:47 . 2009-10-13 21:32 794408 ----a-w- c:\windows\system32\pbsvc.exe
2008-09-20 20:13 . 2008-09-20 20:13 15397 ----a-w- c:\program files\settings.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-01-07_18.01.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-30 17:19 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2008-07-30 11:16 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2008-07-30 11:16 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-01-07 18:04 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-01-07 18:04 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2008-07-30 11:16 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2008-07-30 11:16 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-05 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-05 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2008-07-30 11:16 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2008-07-30 11:16 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2008-07-30 11:16 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2008-07-31 11:08 . 2009-08-06 18:23 215920 c:\windows\system32\muweb.dll
+ 2008-07-31 11:08 . 2009-08-06 18:23 274288 c:\windows\system32\mucltui.dll
+ 2008-07-30 11:16 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2008-07-30 11:16 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2008-07-30 11:16 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2008-07-30 11:16 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2008-07-30 11:16 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-11-12 2474031]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"Internet Security 2010"="c:\program files\InternetSecurity2010\IS2010.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"SideWinderTrayV4"="c:\progra~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe" [2000-06-02 24650]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-06 2033432]

c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Menu D‚marrer\Programmes\D‚marrage\
Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2008-4-17 488728]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Menu D‚marrer\Programmes\D‚marrage\
Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2008-4-17 488728]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Menu D‚marrer\Programmes\D‚marrage\
Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2008-4-17 488728]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Activer l'ensemble clavier et souris sans fil Labtec.lnk - c:\program files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe [2008-8-15 258048]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]

c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Menu D‚marrer\Programmes\D‚marrage\
Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2008-4-17 488728]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-06 15:54 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Metin2_France\\metin2.bin"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Return to Castle Wolfenstein\\WolfMP.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1334:UDP"= 1334:UDP:Windows Media Format SDK (iexplore.exe)
"1335:UDP"= 1335:UDP:Windows Media Format SDK (iexplore.exe)
"1340:UDP"= 1340:UDP:Windows Media Format SDK (iexplore.exe)
"11093:TCP"= 11093:TCP:emule

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [06/01/2010 16:54 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [06/01/2010 16:54 360584]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [15/08/2008 12:44 11776]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [06/01/2010 15:40 270888]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [06/01/2010 16:54 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [06/01/2010 16:54 285392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [18/12/2008 19:27 54752]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 11:38 92008]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [06/01/2010 15:40 65576]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [06/01/2010 16:09 38224]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 13:11 224896]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://www.google.fr/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\Mozilla\Firefox\Profiles\ik9x3a3p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - IMBooster4web-en Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=2&q=
FF - component: c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\Mozilla\Firefox\Profiles\ik9x3a3p.default\extensions\{346de098-61f9-4b42-89da-6dfba7091bb6}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\fernandes antoine.MAISON-30EE0A86\Application Data\Mozilla\Firefox\Profiles\ik9x3a3p.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

---- PARAMETRES FIREFOX ----
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 20:53
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1343024091-2139871995-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F54BDA24-BE59-3784-0EE1-8209A9C9A2A7}*]
"oalmpedcbhghekmpmcmgdmjeegdfkm"=hex:6b,61,6d,6c,6a,6e,6c,6d,64,69,6f,69,70,6c,
68,66,65,6f,6c,6b,68,68,00,00
"nabmnjonndmolahekcfhnhpebhec"=hex:6b,61,6d,6c,6a,6e,6c,6d,64,69,6f,69,70,6c,
68,66,65,6f,6c,6b,68,68,00,01
"oapmllmkokomibknfokimmfncbeoko"=hex:64,61,6d,6c,6e,6d,6f,6c,00,70
"eadmllpkck"=hex:65,61,70,6f,61,6b,6f,6a,6a,6e,00,00
"caonnn"=hex:67,61,6d,6c,64,6e,67,69,69,63,65,63,66,69,00,00

[HKEY_USERS\S-1-5-21-1343024091-2139871995-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:97,05,50,28,e9,12,72,51,ba,a0,c0,49,9c,3b,28,bd,25,88,22,de,07,
9d,63,ce,5e,55,ca,f7,23,c1,31,6b,b3,b8,ca,a2,48,17,f6,f9,76,9d,e6,9e,76,b0,\
"rkeysecu"=hex:d9,c1,c1,44,25,75,1a,1e,23,12,bf,fa,6f,d3,d1,05
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(7228)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\msls31.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2010-01-07 20:57:57 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-07 19:57
ComboFix2.txt 2010-01-07 18:07

Avant-CF: 21 461 471 232 octets libres
Après-CF: 21 434 290 176 octets libres

- - End Of File - - 54725D162897D79510B91347AD3EF9F4

Réponse 23 / 44

rafoufe42 Messages postés 82 Date d'inscription Statut Membre Dernière intervention 2

jai un petit souci avec mbam l'analyse bloque a un moment.J'ai essayé trois fois et pareil

Réponse 24 / 44

moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

ok

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancer seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 44

rafoufe42 Messages postés 82 Date d'inscription Statut Membre Dernière intervention 2

voila

List'em by g3n-h@ckm@n 1.1.7.1

Thx to Chiquitine29.....& CCM team

User : fernandes antoine (Administrateurs) # MAISON-30EE0A86
Update on 03/12/2009 by g3n-h@ckm@n ::::: 21:00
Start at: 21:47:19 | 07/01/2010
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) 4 CPU 3.00GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AVG Anti-Virus Free 9.0 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 152,66 Go (19,93 Go free) | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM
I:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\35.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Free Download Manager REG_SZ "C:\Program Files\Free Download Manager\fdm.exe" -autorun
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
CursorXP REG_SZ C:\Program Files\CursorXP\CursorXP.exe
Internet Security 2010 REG_SZ C:\Program Files\InternetSecurity2010\IS2010.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
fssui REG_SZ "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
SideWinderTrayV4 REG_SZ C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
AVG9_TRAY REG_SZ C:\PROGRA~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Malwarebytes' Anti-Malware REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableRegistryTools REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\WINDOWS\system32\usmt\migwiz.exe REG_SZ C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Metin2_France\metin2.bin REG_SZ C:\Program Files\Metin2_France\metin2.bin:*:Disabled:metin2
C:\WINDOWS\system32\PnkBstrA.exe REG_SZ C:\WINDOWS\system32\PnkBstrA.exe:*:Disabled:PnkBstrA
C:\WINDOWS\system32\PnkBstrB.exe REG_SZ C:\WINDOWS\system32\PnkBstrB.exe:*:Disabled:PnkBstrB
C:\Program Files\SopCast\adv\SopAdver.exe REG_SZ C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live FolderShare
C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe REG_SZ C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP
C:\Program Files\AVG\AVG9\avgemc.exe REG_SZ C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe
C:\Program Files\AVG\AVG9\avgupd.exe REG_SZ C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe REG_SZ C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\CabBuilder
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B8BE5E93-A60C-4D26-A2DC-220313175592}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E6187999-9FEC-46A1-A20F-F4CA977D5643}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2

=========

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
153 Go total, 19,93 Go libre (13%), 32% fragment‚ (fragmentation du fichier 65%)

Vous devriez d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\WINDOWS\Fonts\GRGAREF.TTF
C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
C:\WINDOWS\mbr.exe
C:\WINDOWS\System32\MSINET.oca
C:\WINDOWS\System32\vbzip10.dll
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Application Data\wklnhst.dat
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\Application Data\Kiwee Toolbar

¤¤¤¤¤¤¤¤¤¤ Keys :

"HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKCU\Software\AppDataLow\AskBarDis
HKCU\software\Iminent
HKLM\software\Iminent

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 21:50:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000f78
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F54BDA24-BE59-3784-0EE1-8209A9C9A2A7}]
"oalmpedcbhghekmpmcmgdmjeegdfkm"=hex:6b,61,6d,6c,6a,6e,6c,6d,64,69,6f,69,70,6c,68,66,65,6f,6c,6b,68,..
"nabmnjonndmolahekcfhnhpebhec"=hex:6b,61,6d,6c,6a,6e,6c,6d,64,69,6f,69,70,6c,68,66,65,6f,6c,6b,68,..
"oapmllmkokomibknfokimmfncbeoko"=hex:64,61,6d,6c,6e,6d,6f,6c,00,70
"eadmllpkck"=hex:65,61,70,6f,61,6b,6f,6a,6a,6e,00,00
"caonnn"=hex:67,61,6d,6c,64,6e,67,69,69,63,65,63,66,69,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

Ad-remover
Adobe
ADSL Drivers
AGEIA Technologies
Alwil Software
America's Army
Apple Software Update
ArcSoft
AVG
Axon Data
Bonjour
Boonty
BoontyGames
Browser Mouse
Canon
ComPlus Applications
Conduit
Cool MP3 Converter
CursorXP
Cyanide
DIFX
DWGeditor
eMule
Encarta
Enigma Software Group
Ensemble clavier et souris sans fil Labtec
ESTsoft
Fichiers communs
Free Download Manager
Gameforge4D
Google
Iminent
Inkscape
InstallShield Installation Information
Internet Explorer
Java
K-Lite Codec Pack
LimeWire
List_Kill'em
Logitech
Lphant
Malwarebytes' Anti-Malware
MediaCoder
Messenger
Messenger Plus! Live
Metin2_France
Microsoft
Microsoft AutoRoute
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Hardware
microsoft money 2005
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Works
Microsoft Works Suite 2005
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSECache
MSN
MSN Gaming Zone
MSXML 4.0
NETGEAR
NetMeeting
Online Services
OpenOffice.org 2.4
Outlook Express
Paint.NET
Paprikari
PDFCreator
PDFCreator Toolbar
Picture It! Premium 10
QuickTime
Real
Realtek AC97
Reference Assemblies
Return to Castle Wolfenstein
Rockstar Games
S3Inc
Samsung
ScanSoft
Services en ligne
settings.dat
SFR
SolidWorks
SopCast
TomTom HOME 2
TomTom International B.V
trend micro
Ubi Soft
Uninstall Information
VDOWNLOADER
VIA
VideoLAN
Windows Live
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
xerox
Zylom Games

============
Lecteur C:
============

$AVG
7a005552cf1b7eeffbf4a7
AUTOEXEC.BAT
Boot.bak
boot.ini
Bootfont.bin
CanonMP
cmdcons
cmldr
CMLoader.log
ComboFix.txt
Config.Msi
CONFIG.SYS
Documents and Settings
Downloads
IO.SYS
Kill'em
List'em.txt
Lop SD
lopR.txt
MSDOS.SYS
NTDETECT.COM
ntldr
OEMSettings
pagefile.sys
Program Files
Qoobox
Rooter$
rsit
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
System Volume Information
TournamentDemo
UT2004Demo
WINDOWS

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Mes documents\LimeWire\Saved\SolidWorks 2007 Crack\crack
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Mes documents\LimeWire\Saved\SolidWorks 2008 Office Premium SP3.0 w COSMOS\crack
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Mes documents\LimeWire\Saved\[ PC Games ] - Age of Empires II(FULL)(2)\crack.zip
C:\Program Files\Inkscape\python\Lib\site-packages\numpy\f2py\crackfortran.py
C:\Program Files\Inkscape\python\Lib\site-packages\numpy\f2py\crackfortran.pyc
C:\Program Files\Inkscape\python\Lib\site-packages\numpy\f2py\crackfortran.pyo
C:\Program Files\Metin2_France\PatchUpdater.exe
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Mes documents\LimeWire\Saved\PC GAMES - 2 Max Payne (Full Game)(1)\Max Payne\MaxPayne1-01Patch.exe
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Mes documents\LimeWire\Saved\[ PC Games ] - Age of Empires II(FULL)(2)\crack.zip

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 26 / 44

moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

▶ Relance List&Kill'em avec le raccourci sur ton bureau ,

mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse

...................

pas convaincu par MBAM

désinstalles le et supprimes le

puis tu le retécharges + mise à jour+ examen rapide + rapport

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Réponse 27 / 44

rafoufe42 Messages postés 82 Date d'inscription Statut Membre Dernière intervention 2

Je m'occupe de mbam tout de suite

Kill'em by g3n-h@ckm@n 1.1.7.1

User : fernandes antoine (Administrateurs) # MAISON-30EE0A86
Update on 03/12/2009 by g3n-h@ckm@n ::::: 21:00
Start at: 22:06:40 | 07/01/2010
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) 4 CPU 3.00GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AVG Anti-Virus Free 9.0 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 152,66 Go (19,96 Go free) | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM
I:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\39.tmp\pv.exe

Detections :
==========

¤¤¤¤¤¤¤¤¤¤ Files/folders :

"C:\WINDOWS\Fonts\GRGAREF.TTF"
"C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}"
"C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}"
"C:\WINDOWS\mbr.exe"
"C:\WINDOWS\system32\MSINET.oca"
"C:\WINDOWS\System32\vbzip10.dll"
"C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\Application Data\Kiwee Toolbar"

¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

Quarantine :

GRGAREF.TTF.Kill'em
Kiwee Toolbar.Kill'em
MBR.exe.Kill'em
MSINET.oca.Kill'em
vbzip10.dll.Kill'em
{86D4B82A-ABED-442A-BE86-96357B70F4FE}.Kill'em
{E1B94435-241E-4519-B1C3-C4DD9EB352A2}.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKCU\Software\AppDataLow\AskBarDis
Deleted : HKCU\software\Iminent
Deleted : HKLM\software\Iminent

============
Disk Cleaned
============

================
Prefetch cleaned
================

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 28 / 44

rafoufe42 Messages postés 82 Date d'inscription Statut Membre Dernière intervention 2

Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/01/2010 22:22:57
mbam-log-2010-01-07 (22-22-57).txt

Type de recherche: Examen rapide
Eléments examinés: 127219
Temps écoulé: 6 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet security 2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Menu Démarrer\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

Réponse 29 / 44

moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

tu peux desinstaller killem et vider la quarantaine MBAM

comment va le pc ?

relances RSIT et postes juste le rapport log

Réponse 30 / 44

rafoufe42 Messages postés 82 Date d'inscription Statut Membre Dernière intervention 2

Le PC remarche normalement

voila le rapport
Logfile of random's system information tool 1.06 (written by random/random)
Run by fernandes antoine at 2010-01-08 11:15:44
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 20 GB (13%) free of 156 GB
Total RAM: 959 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:14, on 06/01/201011:16 08/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\RSIT.exe
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Raph\fernandes antoine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\vga active.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [owns curb] C:\DOCUME~1\FERNAN~1.MAI\APPLIC~1\BIKE01~1\Bin Four Grid.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; FDM; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"https://www.miniclip.com/games/china-2008/en/"
O4 - S-1-5-18 Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\WINDOWS\system32\CF5110.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

Réponse 31 / 44

moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

as tu installer quelque chose entre deux manips

les mêmes infections sont revenues !!

relances lop option 1

Réponse 32 / 44

Utilisateur anonyme

Hello,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:14, on 06/01/201011:16 08/01/2010

a+

Réponse 33 / 44

rafoufe42 Messages postés 82 Date d'inscription Statut Membre Dernière intervention 2

NON rien du tout!!! J'ai juste éteint mon ordi cette nuit

Réponse 34 / 44

rafoufe42 Messages postés 82 Date d'inscription Statut Membre Dernière intervention 2

NON rien du tout!!! J'ai juste éteint mon ordi cette nuit

Réponse 35 / 44

moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

bien vu !!! (merci)

rafoufe42

cliques sur C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Raph\fernandes antoine.exe

Au menu principal, cliquer sur Do a system Scan only and Save a Logfile
Un rapport sera alors généré dans un fichier bloc-notes, il sera situé dans le dossier désinfection initialement créé pour l'installation.
Postes le ici

Réponse 36 / 44

rafoufe42 Messages postés 82 Date d'inscription Statut Membre Dernière intervention 2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:45, on 08/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Raph\fernandes antoine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; FDM; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/china-2008/fr/"
O4 - S-1-5-18 Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

Réponse 37 / 44

moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

ok

j'aime mieux ce rapport là

1)
cliques sur C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Raph\fernandes antoine.exe
Au menu principal, choisir do a scan only, puis cocher la case devant les lignes suivantes à corriger et cliquer en bas sur Fix Checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

..........................

2)

IMPORTANT

Purger la restauration systeme XP

http://www.bibou0007.com/windows-xp-f101/purger-la-restauration-du-systeme-sous-windows-xp-t151.htm

.....................

3)
Télécharge ToolsCleaner2sur ton Bureau.
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/

* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Tu peux supprimer ToolCleaner ensuite

Réponse 38 / 44

rafoufe42 Messages postés 82 Date d'inscription Statut Membre Dernière intervention 2

Un petit souci ça ma suprimé la fleche de ma souris

Réponse 39 / 44

rafoufe42 Messages postés 82 Date d'inscription Statut Membre Dernière intervention 2

nn c'est bon ça s'est rétabli je vais faire tool cleaners

Réponse 40 / 44

rafoufe42

voila
[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\lopR.txt: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Raph\HijackThis.exe: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Raph\hijackthis.log: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\35.tmp\catchme.exe: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\35.tmp\mbr.log: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\35.tmp\mbr.exe: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\39.tmp\catchme.exe: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\39.tmp\mbr.exe: trouvé !
C:\Lop SD\catchme.exe: trouvé !
C:\Lop SD\catchme.log: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-remover\BACKUP\Ad-R.exe: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Raph\HijackThis.exe: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\35.tmp\catchme.exe: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\39.tmp\catchme.exe: supprimé !
C:\Lop SD\catchme.exe: supprimé !
C:\Program Files\Ad-remover\BACKUP\Ad-R.exe: supprimé !
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\lopR.txt: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Rsit.exe: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Raph\hijackthis.log: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\35.tmp\mbr.log: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\35.tmp\mbr.exe: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\39.tmp\mbr.exe: supprimé !
C:\Lop SD\catchme.log: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Ad-remover: supprimé !

Fichiers temporaires nettoyés !oil

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\lopR.txt: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Raph\HijackThis.exe: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Raph\hijackthis.log: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\35.tmp\catchme.exe: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\35.tmp\mbr.log: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\35.tmp\mbr.exe: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\39.tmp\catchme.exe: trouvé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\39.tmp\mbr.exe: trouvé !
C:\Lop SD\catchme.exe: trouvé !
C:\Lop SD\catchme.log: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-remover\BACKUP\Ad-R.exe: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Raph\HijackThis.exe: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\35.tmp\catchme.exe: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\39.tmp\catchme.exe: supprimé !
C:\Lop SD\catchme.exe: supprimé !
C:\Program Files\Ad-remover\BACKUP\Ad-R.exe: supprimé !
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\lopR.txt: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Rsit.exe: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Bureau\Raph\hijackthis.log: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\35.tmp\mbr.log: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\35.tmp\mbr.exe: supprimé !
C:\Documents and Settings\fernandes antoine.MAISON-30EE0A86\Local Settings\temp\39.tmp\mbr.exe: supprimé !
C:\Lop SD\catchme.log: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Ad-remover: supprimé !

Fichiers temporaires nettoyés !

Discussions similaires

Softonic,est-ce un virus ?

message de postmaster incessant !

Désinstaller Softonic

Message Apple virus !!

4 virus en raison d’un porno ????

Votre réponse

Discussions similaires