Antivirus plus supprimé - google anglais pub Fermé

Question

Bonjour,

J'ai réussi à supprimer antivirus plus de ce pc grâce à malwarebytes antimalware.
J'ai fait une procédure genproc pour supprimer d'autres infections.
Seulement maintenant meme en tapant google.fr on obtient le site anglais.
Quand on fait des recherches sur google les liens de résultats redirigent vers de la pub.
Autre bizarrerie, les moteurs de recherche de IE8 en haut à droit n'apparaissent pas avec l'icone spécifique aux moteur mais avec une loupe.
Voici un rapport RSIT :

info.txt :
http://www.cijoint.fr/cjlink.php?file=cj201001/cij9phjv4U.txt

log.txt :
http://www.cijoint.fr/cjlink.php?file=cj201001/cijgIQ71Kf.txt

Utilisateur anonyme · Answer

Salut mat
Télécharge USBFix (de El Desaparecido, C_XX et Chimay8)  sur ton bureau
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe­
ou
https://www.ionos.fr/?affiliate_id=77097 

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Sélectionne l'option 1 ( Recherche )

# Laisse travailler l'outil.

# Ensuite poste le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

matduchesne · Answer

Je n'ai pas sous les mains les éventuelles clés USB de la proprio de la machine, voici le rapport :


############################## | UsbFix V6.075 |

User : La goutte d'or (Administrateurs) # GOUTTE-941035E9
Update on 19/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 16:31:51 | 19/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) XP 1700+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100119-0] 4.8.1368 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 55,89 Go (12,91 Go free) # NTFS
D:\ -> Disque CD-ROM # 400,49 Mo (0 Mo free) [Sims2SP7] # CDFS
E:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 492
C:\WINDOWS\system32\csrss.exe 552
C:\WINDOWS\system32\winlogon.exe 592
C:\WINDOWS\system32\services.exe 640
C:\WINDOWS\system32\lsass.exe 652
C:\WINDOWS\system32\svchost.exe 816
C:\WINDOWS\system32\svchost.exe 876
C:\WINDOWS\System32\svchost.exe 944
C:\WINDOWS\system32\svchost.exe 1016
C:\WINDOWS\system32\svchost.exe 1148
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1288
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1336
C:\WINDOWS\system32\spoolsv.exe 1556
C:\WINDOWS\system32\svchost.exe 352
C:\WINDOWS\system32\svchost.exe 468
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 1720
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 1736
C:\WINDOWS\System32\alg.exe 1924
C:\WINDOWS\Explorer.EXE 2100
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 1680
C:\WINDOWS\System32\svchost.exe 2276
C:\WINDOWS\system32\ctfmon.exe 2976
C:\Program Files\Internet Explorer\iexplore.exe 440
C:\Program Files\Internet Explorer\iexplore.exe 3280
C:\Program Files\Internet Explorer\iexplore.exe 4068
C:\WINDOWS\system32\wbem\wmiprvse.exe 1836

################## | Elements infectieux |

D:\autorun.inf  

################## | Registre |


################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\D
Shell\AutoRun\command =D:\Autorun.exe 

HKCU\..\..\Explorer\MountPoints2\{3844ddb7-ed90-11dd-99dc-806d6172696f}
Shell\AutoRun\command =D:\Autorun.exe 

################## | ! Fin du rapport # UsbFix V6.075 ! |

matduchesne · Answer

Je n'ai pas uploader le fichier zip qui fait 811 Mo !
Voici le rapport, je referais USBFix avec les clés.


############################## | UsbFix V6.075 |

User : La goutte d'or (Administrateurs) # GOUTTE-941035E9
Update on 19/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:44:31 | 19/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) XP 1700+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100119-0] 4.8.1368 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 55,89 Go (12,88 Go free) # NTFS
D:\ -> Disque CD-ROM # 400,49 Mo (0 Mo free) [Sims2SP7] # CDFS
E:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 500
C:\WINDOWS\system32\csrss.exe 548
C:\WINDOWS\system32\winlogon.exe 592
C:\WINDOWS\system32\services.exe 640
C:\WINDOWS\system32\lsass.exe 652
C:\WINDOWS\system32\svchost.exe 816
C:\WINDOWS\system32\svchost.exe 896
C:\WINDOWS\System32\svchost.exe 972
C:\WINDOWS\system32\svchost.exe 1080
C:\WINDOWS\system32\svchost.exe 1172
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1292
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1348
C:\WINDOWS\system32\spoolsv.exe 1624
C:\WINDOWS\system32\svchost.exe 436
C:\WINDOWS\system32\svchost.exe 532
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 1908
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 1948
C:\WINDOWS\System32\alg.exe 1068
C:\WINDOWS\Explorer.EXE 1136
C:\WINDOWS\system32\wbem\wmiprvse.exe 1900

################## | Elements infectieux |

Supprimé ! C:\Recycler\S-1-5-21-1757981266-1844237615-839522115-1004 
Supprimé ! C:\Recycler\S-1-5-21-1757981266-1844237615-839522115-1005 
Supprimé ! C:\Recycler\S-1-5-21-1757981266-1844237615-839522115-500 
Supprimé ! C:\Recycler\S-1-5-21-776561741-1417001333-682003330-1004 
Non supprimé ! D:\autorun.inf 

################## | Registre |


################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\D\Shell\AutoRun\Command  

################## | Listing des fichiers présent |

[19/01/2010 13:41|--a------|2988] C:\Ad-Report-CLEAN[1].log 
[19/08/2004 13:15|--a------|0] C:\AUTOEXEC.BAT 
[19/01/2010 12:55|---hs----|216] C:\boot.ini 
[14/04/2008 13:00|-rahs----|4952] C:\Bootfont.bin 
[18/01/2010 17:37|--a------|1381] C:\cleannavi.txt 
[19/08/2004 13:15|--a------|0] C:\CONFIG.SYS 
[19/08/2004 13:40|--ah-----|39] C:\CTJINI.INI 
[20/12/2009 21:14|--a------|12885] C:\error.log 
[21/04/2007 09:06|---hs----|5577] C:\ffastun.ffa 
[21/04/2007 09:06|---hs----|1925120] C:\ffastun.ffl 
[21/04/2007 09:06|--ah-----|593920] C:\ffastun.ffo 
[21/04/2007 09:06|---hs----|5488640] C:\ffastun0.ffx 
[21/04/2007 21:41|--a------|1925120] C:\ffastunT.ffl 
[?|?|?] C:\hiberfil.sys 
[19/08/2004 13:15|-rahs----|0] C:\IO.SYS 
[19/08/2004 13:15|-rahs----|0] C:\MSDOS.SYS 
[14/04/2008 13:00|-rahs----|47564] C:\NTDETECT.COM 
[14/04/2008 13:00|-rahs----|252240] C:
tldr 
[?|?|?] C:\pagefile.sys 
[19/12/2005 21:52|--a------|192] C:\persist.dbs 
[05/08/2007 14:51|--a------|66286] C:\playground.log 
[18/01/2010 17:56|--a------|40479] C:\TB.txt 
[19/01/2010 17:57|--a------|3245] C:\UsbFix.txt 
[12/03/2008 05:03|-r-------|703552] D:\AutoRun.exe 
[12/03/2008 03:58|-r-------|662592] D:\AutoRunGUI.dll 
[12/03/2008 01:33|-r-------|10134] D:\Sims2SP7.ico 
[12/03/2008 03:58|-r-------|293952] D:\Sims2SP7_Uninst.exe 
[12/03/2008 05:02|-r-------|178] D:\autorun.inf 
[12/03/2008 05:02|-r-------|576] D:\common_filelist.txt 
[12/03/2008 05:02|-r-------|220660136] D:\compressed.zip 
[12/03/2008 05:03|-r-------|359488] D:\eauninstall.exe 
[12/03/2008 01:33|-r-------|10134] D:\eauninstall.ico 

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.  

################## | Upload | 

Veuillez envoyer le fichier : C:\DOCUME~1\LAGOUT~1\Bureau\UsbFix_Upload_Me_GOUTTE-941035E9.zip : https://www.ionos.fr/?affiliate_id=77097 
Merci pour votre contribution .  

################## | ! Fin du rapport # UsbFix V6.075 ! |

matduchesne · Answer

Ca y est j'ai réparé le fichiers hosts.
On continue ?

matduchesne · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by La goutte d'or at 2010-01-20 14:18:52
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 14 GB (25%) free of 57 GB
Total RAM: 767 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:02, on 20/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\La goutte d'or\Bureau\RSIT.exe
C:\Program Files	rend micro\La goutte d'or.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Wanadoo 6.2; Orange 8.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.jeuxjeuxjeux.fr/jeu/jeux-plateforme/420-milk-run-run%21.html"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - https://www.jeu.fr/?utm_source=spildomains&utm_medium=redirect&utm_campaign=powersoccer.jeu.fr
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75DF0440-7810-47F8-ADF3-C73C708F47AF}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

matduchesne · Answer

Aucun nuisible trouvé, j'avais déjà utilisé Malwarebytes pour supprimer Antivirus Pro.
Par contres les pubs intempestives subsistent.
Voici le rapport :

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3601
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/01/2010 16:25:47
mbam-log-2010-01-20 (16-25-47).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 306928
Temps écoulé: 1 hour(s), 24 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

matduchesne · Answer

Je me suis mis vite fait sur le pc, pas de pubs google a l'air d'aller.
Seulement un virus détecté par avast apparait sans cesse :
c:\windows\system32\drivers\atapi.sys
Win32.Alureon-EU

matduchesne · Answer

Après avoir essayé quarantaine puis supprimer pour ce fichier suspect j'ai mis réparer avec avast et je n'ai plus d'alerte je l'ai passé sur virustotal, il trouve une alerte eSafe : Win32.Rootkit, voici le rapport : Antivirus;Version;Dernière mise à jour;Résultat a-squared;4.5.0.50;2010.01.21;- AhnLab-V3;5.0.0.2;2010.01.21;- AntiVir;7.9.1.146;2010.01.21;- Antiy-AVL;2.0.3.7;2010.01.21;- Authentium;5.2.0.5;2010.01.21;- Avast;4.8.1351.0;2010.01.21;- AVG;9.0.0.730;2010.01.21;- BitDefender;7.2;2010.01.21;- CAT-QuickHeal;10.00;2010.01.21;- ClamAV;0.94.1;2010.01.21;- Comodo;3656;2010.01.21;- DrWeb;5.0.1.12222;2010.01.21;- eSafe;7.0.17.0;2010.01.20;Win32.Rootkit eTrust-Vet;35.2.7250;2010.01.21;- F-Prot;4.5.1.85;2010.01.20;- F-Secure;9.0.15370.0;2010.01.21;- Fortinet;4.0.14.0;2010.01.21;- GData;19;2010.01.21;- Ikarus;T3.1.1.80.0;2010.01.21;- Jiangmin;13.0.900;2010.01.21;- K7AntiVirus;7.10.951;2010.01.20;- Kaspersky;7.0.0.125;2010.01.21;- McAfee;5867;2010.01.20;- McAfee+Artemis;5867;2010.01.20;- McAfee-GW-Edition;6.8.5;2010.01.21;- Microsoft;1.5302;2010.01.21;- NOD32;4791;2010.01.20;- Norman;6.04.03;2010.01.20;- nProtect;2009.1.8.0;2010.01.21;- Panda;10.0.2.2;2010.01.21;- PCTools;7.0.3.5;2010.01.21;- Prevx;3.0;2010.01.21;- Rising;22.31.03.04;2010.01.21;- Sophos;4.50.0;2010.01.21;- Sunbelt;3.2.1858.2;2010.01.21;- Symantec;20091.2.0.41;2010.01.21;- TheHacker;6.5.0.8.157;2010.01.21;- TrendMicro;9.120.0.1004;2010.01.21;- VBA32;3.12.12.1;2010.01.20;- ViRobot;2010.1.21.2148;2010.01.21;- VirusBuster;5.0.21.0;2010.01.20;- Information additionnelle File size: 96512 bytes MD5...: 9f3a2f5aa6875c72bf062c712cfa2674 SHA1..: a719156e8ad67456556a02c34e762944234e7a44 SHA256: b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9 ssdeep: 1536:MwXpkfV74F1D7yNEZIHRRJMohmus27G1j/XBoDQi7oaRMJfYHFktprll1Kb
DD0uu:MQ+N74vkEZIxMohjsimBoDTRMBwFktZu
PEiD..: - PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x159f7
timedatestamp.....: 0x4802539d (Sun Apr 13 18:40:29 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x97ba 0x9800 6.45 0d7d81391f33c6450a81be1e3ac8c7b7
NONPAGE 0x9b80 0x18e8 0x1900 6.48 c74a833abd81cc5d037de168e055ad29
.rdata 0xb480 0xa64 0xa80 4.31 8523651899e28819a14bf9415af25708
.data 0xbf00 0xd94 0xe00 0.45 3575b51634ae7a56f55f1ee0a6213834
PAGESCAN 0xcd00 0x157f 0x1580 6.20 dc4c309c4db9576daa752fdd125fccf9
PAGE 0xe280 0x61da 0x6200 6.46 40b83d4d552384e58a03517a98eb4863
INIT 0x14480 0x22be 0x2300 6.47 906462abc478368424ea462d5868d2e3
.rsrc 0x16780 0x3e0 0x400 3.36 8fd2d82e745b289c28bc056d3a0d62ab
.reloc 0x16b80 0xd20 0xd80 6.39 ce2b0898cc0e40b618e5df9099f6be45

( 3 imports )
> ntoskrnl.exe: RtlInitUnicodeString, swprintf, KeSetEvent, IoCreateSymbolicLink, IoGetConfigurationInformation, IoDeleteSymbolicLink, MmFreeMappingAddress, IoFreeErrorLogEntry, IoDisconnectInterrupt, MmUnmapIoSpace, ObReferenceObjectByPointer, IofCompleteRequest, RtlCompareUnicodeString, IofCallDriver, MmAllocateMappingAddress, IoAllocateErrorLogEntry, IoConnectInterrupt, IoDetachDevice, KeWaitForSingleObject, KeInitializeEvent, KeCancelTimer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoBuildDeviceIoControlRequest, IoQueueWorkItem, MmMapIoSpace, IoInvalidateDeviceRelations, IoReportDetectedDevice, IoReportResourceForDetection, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, PoRequestPowerIrp, KeInsertByKeyDeviceQueue, PoRegisterDeviceForIdleDetection, sprintf, MmMapLockedPagesSpecifyCache, ObfDereferenceObject, IoGetAttachedDeviceReference, IoInvalidateDeviceState, ZwClose, ObReferenceObjectByHandle, ZwCreateDirectoryObject, IoBuildSynchronousFsdRequest, PoStartNextPowerIrp, IoCreateDevice, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, RtlQueryRegistryValues, ZwOpenKey, RtlFreeUnicodeString, IoStartTimer, KeInitializeTimer, IoInitializeTimer, KeInitializeDpc, KeInitializeSpinLock, IoInitializeIrp, ZwCreateKey, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, ZwSetValueKey, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, IoStartPacket, KefReleaseSpinLockFromDpcLevel, IoBuildAsynchronousFsdRequest, IoFreeMdl, MmUnlockPages, IoWriteErrorLogEntry, KeRemoveByKeyDeviceQueue, MmMapLockedPagesWithReservedMapping, MmUnmapReservedMapping, KeSynchronizeExecution, IoStartNextPacket, KeBugCheckEx, KeRemoveDeviceQueue, KeSetTimer, _allmul, MmProbeAndLockPages, _except_handler3, PoSetPowerState, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, RtlDeleteRegistryValue, _aulldiv, strstr, _strupr, KeQuerySystemTime, IoWMIRegistrationControl, KeTickCount, IoAttachDeviceToDeviceStack, IoDeleteDevice, ExAllocatePoolWithTag, IoAllocateWorkItem, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, MmLockPagableDataSection, IoGetDriverObjectExtension, MmUnlockPagableImageSection, ExFreePoolWithTag, IoFreeIrp, IoFreeWorkItem, InitSafeBootMode, RtlCompareMemory, PoCallDriver, memmove, MmHighestUserAddress
> HAL.dll: KfAcquireSpinLock, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalGetInterruptVector, HalTranslateBusAddress, KeStallExecutionProcessor, KfReleaseSpinLock, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR
> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest

( 0 exports )
RDS...: NSRL Reference Data Set
- pdfid.: - trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) packers (Kaspersky): PE_Patch sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: IDE/ATAPI Port Driver
original name: atapi.sys
internal name: atapi.sys
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

matduchesne · Answer

J'avais lancé le scan le pc a planté.
Je l'ai éteint et rallumé j'ai été obligé de démarrer en derniere bonne configuration connue.
Je relance Gmer le pc se bloque à nouveau, au moment ou Gmer scanne le fichier atapi.sys justement.
Je dois faire le scan en mode sans échec ?

matduchesne · Answer

Bonjour,

Pas de problème pour l'attente, si je savais me débrouiller seul je n'aurai pas de soucis. Je conçois qu'on ait des choses à faire...

Voici le rapport :

List'em by g3n-h@ckm@n 1.2.1.0
User : La goutte d'or (Administrateurs) 
Update on 21/01/2010 by g3n-h@ckm@n ::::: 10:30 
Start at: 10:01:19 | 22/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) XP 1700+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100122-0] 4.8.1368 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 55,89 Go (13,73 Go free) | NTFS
D:\ -> Disque CD-ROM | 400,49 Mo (0 Mo free) [Sims2SP7] | CDFS
E:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\La goutte d'or\Local Settings\Temp\3.tmp\pv.exe

======================
Keys "Run" 
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr	REG_SZ         	"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe	REG_SZ         	C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
avast!	REG_SZ         	C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
Cmaudio	REG_SZ         	RunDll32 cmicnfg.cpl,CMICtrlWnd 
MSConfig	REG_SZ         	C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoDriveTypeAutoRun	REG_DWORD      	128 (0x80) 
NoDriveAutoRun	REG_DWORD      	128 (0x80) 
HonorAutoRunSetting	REG_DWORD      	0 (0x0) 

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
HonorAutoRunSetting	REG_DWORD      	0 (0x0) 
NoDriveAutoRun	REG_DWORD      	128 (0x80) 
NoDriveTypeAutoRun	REG_DWORD      	128 (0x80) 

=============== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS	REG_SZ         	

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify	ermsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972}	REG_SZ         	 

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\msnmsgr.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe	REG_SZ         	C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\msnmsgr.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe	REG_SZ         	C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4BFD075D-C36E-4F28-BB0A-5D472795197A}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7530BFB8-7293-4D34-9923-61A11451AFC5}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.orange.fr/portail

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 
EapHost : 0x3 
SharedAccess : 0x2 
wuauserv : 0x2 

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\La goutte d'or\Local Settings\Temp\3.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
## 
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\La goutte d'or\Local Settings\Temp\3.tmp
## C:\> hashdeep C:\WINDOWS\System32\DllCache\atapi.sys
## 
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\DllCache\atapi.sys

Sources
======= 
 
C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys  
C:\WINDOWS\system32\dllcache\atapi.sys  
C:\WINDOWS\system32\drivers\atapi.sys  

Référence :
==========

Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_SP2_32b  : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b  : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b  : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b  : 02062C0B390B7729EDC9E69C680A6F3C
 

D:\Autorun.inf :
----------------
[autorun]
open=Autorun.exe
Icon=Sims2SP7.ico
Name=The Sims 2 Kitchen & Bath Interior Design Stuff

[Special]
Disk=1
ProductGuiID={6522C636-B04C-4333-9BEB-9E0C0B6350D6}


=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse                 	 
    55,89 Go total,  13,73 Go libre (24%),  6% fragment‚ (fragmentation du fichier 11%)

Il ne vous est pas n‚cessaire de d‚fragmenter ce volume. 	 

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache  
Present !! : C:\WINDOWS\SET3.tmp  
Present !! : C:\WINDOWS\SET4.tmp  
Present !! : C:\WINDOWS\SET8.tmp  
Present !! : C:\WINDOWS\SETE5.tmp  
Present !! : C:\WINDOWS\SETE6.tmp  
Present !! : C:\WINDOWS\SETF2.tmp  
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn  
Present !! : C:\Documents and Settings\La goutte d'or\LOCAL Settings\Temp\AutoRun.exe  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\msconfig  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 11:01:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK 

==========
Programs
==========

Ad-aware
Adobe
Ahead
Alwil Software
Apple Software Update
ArcSoft
ATI Technologies
AvantGo Connect
C-Media 3D Audio
CCleaner
Common Files
ComPlus Applications
CONEXANT
Creative
Cubemaster Gold
CyberLink
Davilex
directx
EA GAMES
eMule
Enjoy 5e
ESET
Fichiers communs
Gamenext
Google
Google Video
Hewlett-Packard
HighMAT CD Writing Wizard
IA Style
InstallShield Installation Information
Internet Explorer
InterVideo
Java
Larousse
Lavasoft
List_Kill'em
Logitech
LSI SoftModem
Malwarebytes' Anti-Malware
Mars
Maxis
Messenger
MessengerPlus! 3
Microsoft
Microsoft ActiveSync
Microsoft AutoRoute
Microsoft CAPICOM 2.1.0.2
Microsoft Encarta
microsoft frontpage
Microsoft Money
Microsoft Office
Microsoft Picture It! 2002
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Works
Microsoft Works Suite 2002
Mindscape
monAlbumPhoto
Movie Maker
mp3DirectCut
MSBuild
MSECache
MSN
MSN Apps
MSN Gaming Zone
MSN Messenger
Music Manager
Navilog1
NetMeeting
NOS
Oberon Media
OLITEC
Online Services
orange
OrangeHSS
Outlook Express
phenomedia
Photo Story 3 for Windows
QuickTime
Reference Assemblies
Securitoo
Services en ligne
SiSLan
Spybot - Search & Destroy
Sun
Taroteam
Thomson
TransfertPocket
trend micro
Uninstall Information
Wanadoo
Windows Journal Viewer
Windows Live
Windows Live SkyDrive
Windows Media Connect
Windows Media Connect 2
Windows Media Player
Windows Messaging
Windows NT
WindowsUpdate
xerox
Yahoo!
Zylom Games

============
Drive C:
============

$CTJTMP
6a1715b835955eca8f95b4
a
Ad-Remover
Ad-Report-CLEAN[1].log
Application Data
ATI
AUTOEXEC.BAT
autorun.inf
boot.ini
Bootfont.bin
c1ff7f9d5c5ac4cf88eb
c23636a7ec1eb03b2a0a6a
CET
cleannavi.txt
Config.Msi
CONFIG.SYS
CTJINI.INI
DBBackup
Documents and Settings
emulepointfr
error.log
ffastun.ffa
ffastun.ffl
ffastun.ffo
ffastun0.ffx
ffastunT.ffl
found.000
FXIWIN19
GenProc
hiberfil.sys
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
NTDETECT.COM
ntldr
pagefile.sys
persist.dbs
playground.log
Program Files
RECYCLER
rsit
ShopperReports
System Volume Information
TB.txt
Temp
ToolBar SD
UsbFix
UsbFix.txt
WINDOWS
Xavier
Yoog_Fix
 
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials 
 
C:\Program Files\Adobe\Acrobat 7.0\Update\Patchw32.dll 
C:\Program Files\Adobe\Photoshop Elements\Aper‡us\Filtres\Textures\Patchwork.atn 
C:\Program Files\Adobe\Photoshop Elements\Modules externes\Effets\Patchwork.8bf 
C:\Program Files\Enjoy 5e\data\media\crack.mp3 
C:\Program Files\Hewlett-Packard\Update\com\hp\photosmart\update\Patcher 
C:\Program Files\Hewlett-Packard\Update\com\hp\photosmart\update\Patcher\_mt_Patcher.wrn 
C:\Program Files\Maxis\Les Sims\TemplateUserData\Patch 
C:\Program Files\Maxis\Les Sims\TemplateUserData\Patch\Burb_11.FAM 
C:\Program Files\Maxis\Les Sims\TemplateUserData\Patch\Charming_13.FAM 
C:\Program Files\Maxis\Les Sims\TemplateUserData\Patch\Goth Sr_12.FAM 
C:\Program Files\Maxis\Les Sims\TemplateUserData\Patch\Hick_10.FAM 
C:\Program Files\Maxis\Les Sims\TemplateUserData\Patch\Kat_6.FAM 
C:\Program Files\Maxis\Les Sims\TemplateUserData\Patch\Strays_4000.FAM 
C:\Program Files\Maxis\Les Sims\UserData\Patch 
C:\Program Files\Maxis\Les Sims\UserData2\Patch 
C:\Program Files\Maxis\Les Sims\UserData3\Patch 
C:\Program Files\Maxis\Les Sims\UserData4\Patch 
C:\Program Files\Maxis\Les Sims\UserData5\Patch 
C:\Program Files\Maxis\Les Sims\UserData6\Patch 
C:\Program Files\Maxis\Les Sims\UserData7\Patch 
C:\Program Files\Maxis\Les Sims\UserData8\Patch 
 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

matduchesne · Answer

C'est grave docteur ? ;)

matduchesne · Answer

Comme demandé précedemment une copie d'écran d'une pub :

http://www.cijoint.fr/cjlink.php?file=cj201001/cijoi74vKo.jpg

matduchesne · Answer

--
Quel bonheur deList'em by g3n-h@ckm@n 1.2.1.0
User : La goutte d'or (Administrateurs) 
Update on 21/01/2010 by g3n-h@ckm@n ::::: 10:30 
Start at: 10:01:19 | 22/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) XP 1700+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100122-0] 4.8.1368 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 55,89 Go (13,73 Go free) | NTFS
D:\ -> Disque CD-ROM | 400,49 Mo (0 Mo free) [Sims2SP7] | CDFS
E:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\La goutte d'or\Local Settings\Temp\3.tmp\pv.exe

======================
Keys "Run" 
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr	REG_SZ         	"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe	REG_SZ         	C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
avast!	REG_SZ         	C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
Cmaudio	REG_SZ         	RunDll32 cmicnfg.cpl,CMICtrlWnd 
MSConfig	REG_SZ         	C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoDriveTypeAutoRun	REG_DWORD      	128 (0x80) 
NoDriveAutoRun	REG_DWORD      	128 (0x80) 
HonorAutoRunSetting	REG_DWORD      	0 (0x0) 

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
HonorAutoRunSetting	REG_DWORD      	0 (0x0) 
NoDriveAutoRun	REG_DWORD      	128 (0x80) 
NoDriveTypeAutoRun	REG_DWORD      	128 (0x80) 

=============== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS	REG_SZ         	

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify	ermsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972}	REG_SZ         	 

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\msnmsgr.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe	REG_SZ         	C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\msnmsgr.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe	REG_SZ         	C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4BFD075D-C36E-4F28-BB0A-5D472795197A}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7530BFB8-7293-4D34-9923-61A11451AFC5}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.orange.fr/portail

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 
EapHost : 0x3 
SharedAccess : 0x2 
wuauserv : 0x2 

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\La goutte d'or\Local Settings\Temp\3.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
## 
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\La goutte d'or\Local Settings\Temp\3.tmp
## C:\> hashdeep C:\WINDOWS\System32\DllCache\atapi.sys
## 
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\DllCache\atapi.sys

Sources
======= 
 
C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys  
C:\WINDOWS\system32\dllcache\atapi.sys  
C:\WINDOWS\system32\drivers\atapi.sys  

Référence :
==========

Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_SP2_32b  : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b  : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b  : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b  : 02062C0B390B7729EDC9E69C680A6F3C
 

D:\Autorun.inf :
----------------
[autorun]
open=Autorun.exe
Icon=Sims2SP7.ico
Name=The Sims 2 Kitchen & Bath Interior Design Stuff

[Special]
Disk=1
ProductGuiID={6522C636-B04C-4333-9BEB-9E0C0B6350D6}


=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse                 	 
    55,89 Go total,  13,73 Go libre (24%),  6% fragment‚ (fragmentation du fichier 11%)

Il ne vous est pas n‚cessaire de d‚fragmenter ce volume. 	 

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache  
Present !! : C:\WINDOWS\SET3.tmp  
Present !! : C:\WINDOWS\SET4.tmp  
Present !! : C:\WINDOWS\SET8.tmp  
Present !! : C:\WINDOWS\SETE5.tmp  
Present !! : C:\WINDOWS\SETE6.tmp  
Present !! : C:\WINDOWS\SETF2.tmp  
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn  
Present !! : C:\Documents and Settings\La goutte d'or\LOCAL Settings\Temp\AutoRun.exe  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\msconfig  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 11:01:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK 

==========
Programs
==========

Ad-aware
Adobe
Ahead
Alwil Software
Apple Software Update
ArcSoft
ATI Technologies
AvantGo Connect
C-Media 3D Audio
CCleaner
Common Files
ComPlus Applications
CONEXANT
Creative
Cubemaster Gold
CyberLink
Davilex
directx
EA GAMES
eMule
Enjoy 5e
ESET
Fichiers communs
Gamenext
Google
Google Video
Hewlett-Packard
HighMAT CD Writing Wizard
IA Style
InstallShield Installation Information
Internet Explorer
InterVideo
Java
Larousse
Lavasoft
List_Kill'em
Logitech
LSI SoftModem
Malwarebytes' Anti-Malware
Mars
Maxis
Messenger
MessengerPlus! 3
Microsoft
Microsoft ActiveSync
Microsoft AutoRoute
Microsoft CAPICOM 2.1.0.2
Microsoft Encarta
microsoft frontpage
Microsoft Money
Microsoft Office
Microsoft Picture It! 2002
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Works
Microsoft Works Suite 2002
Mindscape
monAlbumPhoto
Movie Maker
mp3DirectCut
MSBuild
MSECache
MSN
MSN Apps
MSN Gaming Zone
MSN Messenger
Music Manager
Navilog1
NetMeeting
NOS
Oberon Media
OLITEC
Online Services
orange
OrangeHSS
Outlook Express
phenomedia
Photo Story 3 for Windows
QuickTime
Reference Assemblies
Securitoo
Services en ligne
SiSLan
Spybot - Search & Destroy
Sun
Taroteam
Thomson
TransfertPocket
trend micro
Uninstall Information
Wanadoo
Windows Journal Viewer
Windows Live
Windows Live SkyDrive
Windows Media Connect
Windows Media Connect 2
Windows Media Player
Windows Messaging
Windows NT
WindowsUpdate
xerox
Yahoo!
Zylom Games

============
Drive C:
============

$CTJTMP
6a1715b835955eca8f95b4
a
Ad-Remover
Ad-Report-CLEAN[1].log
Application Data
ATI
AUTOEXEC.BAT
autorun.inf
boot.ini
Bootfont.bin
c1ff7f9d5c5ac4cf88eb
c23636a7ec1eb03b2a0a6a
CET
cleannavi.txt
Config.Msi
CONFIG.SYS
CTJINI.INI
DBBackup
Documents and Settings
emulepointfr
error.log
ffastun.ffa
ffastun.ffl
ffastun.ffo
ffastun0.ffx
ffastunT.ffl
found.000
FXIWIN19
GenProc
hiberfil.sys
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
NTDETECT.COM
ntldr
pagefile.sys
persist.dbs
playground.log
Program Files
RECYCLER
rsit
ShopperReports
System Volume Information
TB.txt
Temp
ToolBar SD
UsbFix
UsbFix.txt
WINDOWS
Xavier
Yoog_Fix
 
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials 
 
C:\Program Files\Adobe\Acrobat 7.0\Update\Patchw32.dll 
C:\Program Files\Adobe\Photoshop Elements\Aper‡us\Filtres\Textures\Patchwork.atn 
C:\Program Files\Adobe\Photoshop Elements\Modules externes\Effets\Patchwork.8bf 
C:\Program Files\Enjoy 5e\data\media\crack.mp3 
C:\Program Files\Hewlett-Packard\Update\com\hp\photosmart\update\Patcher 
C:\Program Files\Hewlett-Packard\Update\com\hp\photosmart\update\Patcher\_mt_Patcher.wrn 
C:\Program Files\Maxis\Les Sims\TemplateUserData\Patch 
C:\Program Files\Maxis\Les Sims\TemplateUserData\Patch\Burb_11.FAM 
C:\Program Files\Maxis\Les Sims\TemplateUserData\Patch\Charming_13.FAM 
C:\Program Files\Maxis\Les Sims\TemplateUserData\Patch\Goth Sr_12.FAM 
C:\Program Files\Maxis\Les Sims\TemplateUserData\Patch\Hick_10.FAM 
C:\Program Files\Maxis\Les Sims\TemplateUserData\Patch\Kat_6.FAM 
C:\Program Files\Maxis\Les Sims\TemplateUserData\Patch\Strays_4000.FAM 
C:\Program Files\Maxis\Les Sims\UserData\Patch 
C:\Program Files\Maxis\Les Sims\UserData2\Patch 
C:\Program Files\Maxis\Les Sims\UserData3\Patch 
C:\Program Files\Maxis\Les Sims\UserData4\Patch 
C:\Program Files\Maxis\Les Sims\UserData5\Patch 
C:\Program Files\Maxis\Les Sims\UserData6\Patch 
C:\Program Files\Maxis\Les Sims\UserData7\Patch 
C:\Program Files\Maxis\Les Sims\UserData8\Patch 
 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ se faire aider par les membres actifs des forums de CommentCaMarche !

matduchesne · Answer

Mes excuses ce n'est pas le bon fichier, voici Kill'em au lieu de List'em :
(encore des popup, un casino en ouvrant à l'instant)

Kill'em by g3n-h@ckm@n 1.2.1.0 
 
User : La goutte d'or (Administrateurs) 
Update on 21/01/2010 by g3n-h@ckm@n ::::: 10:30 
Start at: 23:59:54 | 23/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) XP 1700+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100123-2] 4.8.1368 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 55,89 Go (13,63 Go free) | NTFS
D:\ -> Disque CD-ROM | 400,49 Mo (0 Mo free) [Sims2SP7] | CDFS
E:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\La goutte d'or\Local Settings\Temp\9.tmp\ERUNT.EXE
C:\Documents and Settings\La goutte d'or\Local Settings\Temp\9.tmp\pv.exe
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quarantined & Deleted !! : C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache 
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SETE5.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SETE6.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SETF2.tmp 
 
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn 
Quarantined & Deleted !! : C:\Documents and Settings\La goutte d'or\LOCAL Settings\Temp\AutoRun.exe 
 
==============
host file OK !
==============

========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe  
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe  

============
Disk Cleaned
============
 
================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

matduchesne · Answer

Bonjour,
Je ne vois pas le programme ShopperReports dans Ajout/Suppressions de programmes, ni sur le disque dans c:\program files ?
Comment le supprimer ?

Edit : J'ai fait une recherche du mot clé shoppers et je trouve plein de dossiers, je supprime tout ? Ou vaut mieux utiliser un outil ?

matduchesne · Answer

Voici le rapport, j'avais fait un petit nettoyage manuel avant, j'ai également supprimé des anciens dossiers utilisateurs dans documents and settings d'une installation précédente de windows.

 24/01/2010 ---- 16:03:29,03  

----------------------------------
§§§§§§ [ShopperReports] §§§§§§
----------------------------------
[X] Registre
[  ] Fichier (rapide)
[  ] Fichier (disque systeme)
[X] Fichier (complete)




********************
     [Registre] 
********************

Aucune entrée détectée

*******************
     [Fichier] 
*******************

c:\ToolBar SD\Backup-TB\DOCUME~1\Xavier\APPLIC~1\ShopperReports
c:\ToolBar SD\Backup-TB\Program Files\ShopperReports
c:\ToolBar SD\Backup-TB\DOCUME~1\Xavier\APPLIC~1\ShopperReports
c:\ToolBar SD\Backup-TB\Program Files\ShopperReports


*********************
     [Même date] 
*********************

Aucun fichier créé à la même date détecté


----------------------------------
§§§§§ Fin Rapport §§§§§ 
----------------------------------

matduchesne · Answer

Des pubs diverses s'ouvrent toujours oui, là je viens d'avoir un autre truc mais je sais plus le thème.

Voici le RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by La goutte d'or at 2010-01-24 16:14:41
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 15 GB (27%) free of 57 GB
Total RAM: 767 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:14:58, on 24/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\La goutte d'or\Bureau\RSIT.exe
C:\Program Files	rend micro\La goutte d'or.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Wanadoo 6.2; Orange 8.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.jeuxjeuxjeux.fr/jeu/jeux-plateforme/420-milk-run-run%21.html"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powersoccer.jeu.fr/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75DF0440-7810-47F8-ADF3-C73C708F47AF}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

matduchesne · Answer

D'accord tant pis.
Je vais rendre le PC avec le problème je pense vu que ça fait une semaine qu'on est dessus.
A moins que d'autres helpeurs aient des idées ?
Merci en tout cas pour le boulot (comme d'hab !).

A+

matduchesne · Answer

Bon finalement j'ai à nouveau le problème de départ :
Depuis le moteur de recherche integré à IE8 (google seul par défaut) je tape "get adobe reader".
J'arrive sur les résultats google mais quand je vais sur le premier lien ça m'ouvre u site de pub :

https://www.cs102175.com/click.php?s=1&k=736920237&pub=342

Je réessaye à l'instant et ça fonctionne normalement, à n'y rien comprendre..

matduchesne · Answer

J'avais exécuté tools cleaner donc voici les deux nouveaux rapports :

http://www.cijoint.fr/cjlink.php?file=cj201001/cij2pxzlZb.txt

http://www.cijoint.fr/cjlink.php?file=cj201001/cijiKVYxWA.txt

Antivirus plus supprimé -> google anglais pub

20 réponses