Comment se débarasser de Antivirus Plus?
s3pho
Messages postés
117
Date d'inscription
Statut
Membre
Dernière intervention
-
s3pho Messages postés 117 Date d'inscription Statut Membre Dernière intervention -
s3pho Messages postés 117 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
Il y a Quelque Jours , Antivirus Plus c'est installé tout seul sur mon PC. Je n'arrive pas a le Désinstaller, ni à trouver une solution.
Les Inconvenants:
- Google est en Anglais avec n'importe quel Logiciel Internet.
- Antivirus apparait toutes les 5 Minutes.
- Il Ralenti mon Ordinateur.
- Mon Logiciel Google Chrome se Lance automatiquement avec ce Site Bing.com Installés :S !
SVP C'est Important /!\ .
Il y a Quelque Jours , Antivirus Plus c'est installé tout seul sur mon PC. Je n'arrive pas a le Désinstaller, ni à trouver une solution.
Les Inconvenants:
- Google est en Anglais avec n'importe quel Logiciel Internet.
- Antivirus apparait toutes les 5 Minutes.
- Il Ralenti mon Ordinateur.
- Mon Logiciel Google Chrome se Lance automatiquement avec ce Site Bing.com Installés :S !
SVP C'est Important /!\ .
A voir également:
- Comment se débarasser de Antivirus Plus?
- Comodo antivirus - Télécharger - Sécurité
- Norton antivirus gratuit - Télécharger - Antivirus & Antimalwares
- Panda antivirus - Télécharger - Antivirus & Antimalwares
- Bitdefender antivirus free - Télécharger - Antivirus & Antimalwares
- Avg free antivirus - Télécharger - Antivirus & Antimalwares
21 réponses
Bonjour,
--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
--> Clique sur Continue à l'écran Disclaimer.
--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\Rsit.
--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
--> Clique sur Continue à l'écran Disclaimer.
--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\Rsit.
Il y a plusieurs infections.
--> Télécharge Lop S&D (par Eric_71 & Angeldark) sur ton Bureau.
--> Double-clique dessus pour lancer l'installation.
--> Puis double-clique sur Lop S&D présent sur ton Bureau.
(Sous Vista, il faut cliquer droit sur Lop S&D et choisir Exécuter en tant qu'administrateur)
--> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).
--> Patiente jusqu'à la fin du scan.
--> Poste le rapport généré (C:\lopR.txt).
--> Télécharge Lop S&D (par Eric_71 & Angeldark) sur ton Bureau.
--> Double-clique dessus pour lancer l'installation.
--> Puis double-clique sur Lop S&D présent sur ton Bureau.
(Sous Vista, il faut cliquer droit sur Lop S&D et choisir Exécuter en tant qu'administrateur)
--> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).
--> Patiente jusqu'à la fin du scan.
--> Poste le rapport généré (C:\lopR.txt).
--> Double-clique sur Lop S&D pour le lancer.
(Sous Vista, il faut cliquer droit sur Lop S&D et choisir Exécuter en tant qu'administrateur)
--> Choisis cette fois-ci l'option 2 (Suppression).
--> Ne ferme pas la fenêtre lors de la suppression !
--> Poste le rapport généré (C:\lopR.txt).
(Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
(Sous Vista, il faut cliquer droit sur Lop S&D et choisir Exécuter en tant qu'administrateur)
--> Choisis cette fois-ci l'option 2 (Suppression).
--> Ne ferme pas la fenêtre lors de la suppression !
--> Poste le rapport généré (C:\lopR.txt).
(Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
--> Double-clique sur UsbFix présent sur ton Bureau.
--> Choisis l'option 2 (Suppression).
--> Ton Bureau disparaîtra et le PC redémarrera.
--> Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
--> Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
--> Double-clique sur UsbFix présent sur ton Bureau.
--> Choisis l'option 2 (Suppression).
--> Ton Bureau disparaîtra et le PC redémarrera.
--> Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
--> Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
---> Relance UsbFix et choisis l'option 6 pour le désinstaller.
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
--> Relance MBAM, va dans Quarantaine et supprime tout.
--> Refais un scan RSIT et poste le rapport log.
--> Refais un scan RSIT et poste le rapport log.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2010-01-24 21:35:39
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 104 GB (90%) free of 114 GB
Total RAM: 511 MB (36% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:53, on 24/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\V0420Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Admin\Application Data\SystemProc\lsass.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\kwu4n.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\Kdh.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Mes documents\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 78.159.110.36 www.google.no
O1 - Hosts: 78.159.110.36 www.google.com.mx
O1 - Hosts: 78.159.110.36 www.google.co.za
O1 - Hosts: 78.159.110.36 www.google.fi
O1 - Hosts: 78.159.110.36 www.google.dk
O1 - Hosts: 78.159.110.36 www.google.es
O1 - Hosts: 78.159.110.36 www.google.se
O1 - Hosts: 78.159.110.36 www.google.be
O1 - Hosts: 78.159.110.36 www.google.com
Run by Admin at 2010-01-24 21:35:39
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 104 GB (90%) free of 114 GB
Total RAM: 511 MB (36% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:53, on 24/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\V0420Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Admin\Application Data\SystemProc\lsass.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\kwu4n.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\Kdh.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Mes documents\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 78.159.110.36 www.google.no
O1 - Hosts: 78.159.110.36 www.google.com.mx
O1 - Hosts: 78.159.110.36 www.google.co.za
O1 - Hosts: 78.159.110.36 www.google.fi
O1 - Hosts: 78.159.110.36 www.google.dk
O1 - Hosts: 78.159.110.36 www.google.es
O1 - Hosts: 78.159.110.36 www.google.se
O1 - Hosts: 78.159.110.36 www.google.be
O1 - Hosts: 78.159.110.36 www.google.com
info.txt logfile of random's system information tool 1.06 2010-01-24 21:35:58
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
CC_ccProxyExt-->MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ccPxyCore-->MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Creative Live! Cam Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c /remove
Creative Live! Cam Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x40c /remove
Creative Live! Cam Vista IM Driver (1.00.03.0000)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0420.uns -unsext NT -plugin V0420Pin.dll -pluginres CtCamPin.crl
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove
Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Epson Easy Photo Print 2-->C:\Program Files\InstallShield Installation Information\{DEDB47A3-C988-4A43-A645-E2CEA571E680}\SETUP.EXE -runfromtemp -l0x040c UNINST -removeonly
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus SX100_TX100 Manuel-->C:\Program Files\EPSON\TPMANUAL\ESSX100_TX100\FRA\USE_G\DOCUNINS.EXE
EPSON SX100 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEDE.EXE /R /APD /P:"EPSON SX100 Series"
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Gestionnaire de photos Creative-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c /remove
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Guide de l'utilisateur Creative Live! Cam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x40c /remove
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
IZArc 4.0 beta 1-->"C:\Program Files\IZArc\unins000.exe"
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LG Internet Kit-->C:\Program Files\InstallShield Installation Information\{40034B11-149E-4310-AE89-BB575B02525B}\setup.exe -runfromtemp -l0x040c UNINSTALL -removeonly
LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x040c -removeonly
LG USB Modem Drivers-->MsiExec.exe /I{FA02ACAC-9E14-4878-A257-92A22A647C2C}
LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{0000040C-78E1-11D2-B60F-006097C998E7}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security 2005 (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
RON Too1 Precisead-->C:\WINDOWS\system32\xsgbauafqlftfdcwg.exe
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Samsung PC Studio 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
Search Assistant Precisead-->C:\WINDOWS\system32\u_unrplgsruwp.dll.exe
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Script Blocking Installer-->MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Ulead PhotoImpact XL ESD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DDDE141-9696-4E33-AB82-EF398169D7E5}\setup.exe" -l0x9
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
======Hosts File======
78.159.110.36 www.google.no
78.159.110.36 www.google.com.mx
78.159.110.36 www.google.co.za
78.159.110.36 www.google.fi
78.159.110.36 www.google.dk
78.159.110.36 www.google.es
78.159.110.36 www.google.se
78.159.110.36 www.google.be
78.159.110.36 www.google.com
78.159.110.36 www.google.at
======Security center information======
AV: Norton Internet Security (disabled) (outdated)
FW: Norton Internet Security (disabled)
======System event log======
Computer Name: XPSP2-56E206DE1
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.
Record Number: 4651
Source Name: Cdrom
Time Written: 20091211185832.000000+060
Event Type: erreur
User:
Computer Name: XPSP2-56E206DE1
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.
Record Number: 4650
Source Name: Cdrom
Time Written: 20091211185831.000000+060
Event Type: erreur
User:
Computer Name: XPSP2-56E206DE1
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.
Record Number: 4649
Source Name: Cdrom
Time Written: 20091211185830.000000+060
Event Type: erreur
User:
Computer Name: XPSP2-56E206DE1
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.
Record Number: 4648
Source Name: Cdrom
Time Written: 20091211185829.000000+060
Event Type: erreur
User:
Computer Name: XPSP2-56E206DE1
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.
Record Number: 4647
Source Name: Cdrom
Time Written: 20091211185828.000000+060
Event Type: erreur
User:
=====Application event log=====
Computer Name: XPSP2-56E206DE1
Event Code: 101
Message: Niveau d'information : success
L'exécution suivante a été planifiée pour intervenir approximativement à 4:21 PM.
Record Number: 10340
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20091120125116.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: XPSP2-56E206DE1
Event Code: 101
Message: Niveau d'information : success
LiveUpdate automatique a terminé.
Record Number: 10339
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20091120125116.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: XPSP2-56E206DE1
Event Code: 101
Message: wuauclt (2080) Le moteur de base de données est arrêté.
Record Number: 10338
Source Name: ESENT
Time Written: 20091120124711.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-56E206DE1
Event Code: 103
Message: wuaueng.dll (2080) SUS20ClientDataStore: Le moteur de base de données a arrêté une instance (0).
Record Number: 10337
Source Name: ESENT
Time Written: 20091120124711.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-56E206DE1
Event Code: 101
Message: Niveau d'information : success
Le Planificateur a lancé LiveUpdate automatique.
Record Number: 10336
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20091120124537.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\C:\Program Files\DMV\MaxTV4\plugins
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
CC_ccProxyExt-->MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ccPxyCore-->MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Creative Live! Cam Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c /remove
Creative Live! Cam Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x40c /remove
Creative Live! Cam Vista IM Driver (1.00.03.0000)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0420.uns -unsext NT -plugin V0420Pin.dll -pluginres CtCamPin.crl
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove
Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Epson Easy Photo Print 2-->C:\Program Files\InstallShield Installation Information\{DEDB47A3-C988-4A43-A645-E2CEA571E680}\SETUP.EXE -runfromtemp -l0x040c UNINST -removeonly
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus SX100_TX100 Manuel-->C:\Program Files\EPSON\TPMANUAL\ESSX100_TX100\FRA\USE_G\DOCUNINS.EXE
EPSON SX100 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEDE.EXE /R /APD /P:"EPSON SX100 Series"
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Gestionnaire de photos Creative-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c /remove
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Guide de l'utilisateur Creative Live! Cam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x40c /remove
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
IZArc 4.0 beta 1-->"C:\Program Files\IZArc\unins000.exe"
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LG Internet Kit-->C:\Program Files\InstallShield Installation Information\{40034B11-149E-4310-AE89-BB575B02525B}\setup.exe -runfromtemp -l0x040c UNINSTALL -removeonly
LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x040c -removeonly
LG USB Modem Drivers-->MsiExec.exe /I{FA02ACAC-9E14-4878-A257-92A22A647C2C}
LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{0000040C-78E1-11D2-B60F-006097C998E7}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security 2005 (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
RON Too1 Precisead-->C:\WINDOWS\system32\xsgbauafqlftfdcwg.exe
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Samsung PC Studio 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
Search Assistant Precisead-->C:\WINDOWS\system32\u_unrplgsruwp.dll.exe
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Script Blocking Installer-->MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Ulead PhotoImpact XL ESD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DDDE141-9696-4E33-AB82-EF398169D7E5}\setup.exe" -l0x9
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
======Hosts File======
78.159.110.36 www.google.no
78.159.110.36 www.google.com.mx
78.159.110.36 www.google.co.za
78.159.110.36 www.google.fi
78.159.110.36 www.google.dk
78.159.110.36 www.google.es
78.159.110.36 www.google.se
78.159.110.36 www.google.be
78.159.110.36 www.google.com
78.159.110.36 www.google.at
======Security center information======
AV: Norton Internet Security (disabled) (outdated)
FW: Norton Internet Security (disabled)
======System event log======
Computer Name: XPSP2-56E206DE1
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.
Record Number: 4651
Source Name: Cdrom
Time Written: 20091211185832.000000+060
Event Type: erreur
User:
Computer Name: XPSP2-56E206DE1
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.
Record Number: 4650
Source Name: Cdrom
Time Written: 20091211185831.000000+060
Event Type: erreur
User:
Computer Name: XPSP2-56E206DE1
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.
Record Number: 4649
Source Name: Cdrom
Time Written: 20091211185830.000000+060
Event Type: erreur
User:
Computer Name: XPSP2-56E206DE1
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.
Record Number: 4648
Source Name: Cdrom
Time Written: 20091211185829.000000+060
Event Type: erreur
User:
Computer Name: XPSP2-56E206DE1
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.
Record Number: 4647
Source Name: Cdrom
Time Written: 20091211185828.000000+060
Event Type: erreur
User:
=====Application event log=====
Computer Name: XPSP2-56E206DE1
Event Code: 101
Message: Niveau d'information : success
L'exécution suivante a été planifiée pour intervenir approximativement à 4:21 PM.
Record Number: 10340
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20091120125116.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: XPSP2-56E206DE1
Event Code: 101
Message: Niveau d'information : success
LiveUpdate automatique a terminé.
Record Number: 10339
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20091120125116.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: XPSP2-56E206DE1
Event Code: 101
Message: wuauclt (2080) Le moteur de base de données est arrêté.
Record Number: 10338
Source Name: ESENT
Time Written: 20091120124711.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-56E206DE1
Event Code: 103
Message: wuaueng.dll (2080) SUS20ClientDataStore: Le moteur de base de données a arrêté une instance (0).
Record Number: 10337
Source Name: ESENT
Time Written: 20091120124711.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-56E206DE1
Event Code: 101
Message: Niveau d'information : success
Le Planificateur a lancé LiveUpdate automatique.
Record Number: 10336
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20091120124537.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\C:\Program Files\DMV\MaxTV4\plugins
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2010-01-24 21:40:05
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 104 GB (90%) free of 114 GB
Total RAM: 511 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:08, on 24/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\V0420Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Admin\Application Data\SystemProc\lsass.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\kwu4n.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\Kdh.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin\Mes documents\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 78.159.110.36 www.google.no
O1 - Hosts: 78.159.110.36 www.google.com.mx
O1 - Hosts: 78.159.110.36 www.google.co.za
O1 - Hosts: 78.159.110.36 www.google.fi
O1 - Hosts: 78.159.110.36 www.google.dk
O1 - Hosts: 78.159.110.36 www.google.es
O1 - Hosts: 78.159.110.36 www.google.se
O1 - Hosts: 78.159.110.36 www.google.be
O1 - Hosts: 78.159.110.36 www.google.com
O1 - Hosts: 78.159.110.36 www.google.at
O1 - Hosts: 78.159.110.36 www.google.it
O1 - Hosts: 78.159.110.36 www.google.com.au
O1 - Hosts: 78.159.110.36 search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.com.br
O1 - Hosts: 78.159.110.36 www.google.ca
O1 - Hosts: 78.159.110.36 uk.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.ch
O1 - Hosts: 78.159.110.36 www.google.pt
O1 - Hosts: 78.159.110.36 www.google.gr
O1 - Hosts: 78.159.110.36 www.google.de
O1 - Hosts: 78.159.110.36 www.google.ie
O1 - Hosts: 78.159.110.36 www.google.co.jp
O1 - Hosts: 78.159.110.36 www.google.nl
O1 - Hosts: 78.159.110.36 www.google.fr
O1 - Hosts: 78.159.110.36 us.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.co.uk
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: C:\WINDOWS\system32\cvge2ed2pk.dll - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\system32\cvge2ed2pk.dll
O2 - BHO: (no name) - {CBA1CF52-F2B7-46F3-9B1B-EB92558552F1} - c:\windows\system32\lrbvrdx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\title play.exe
O4 - HKLM\..\Run: [xrahfexiepvoe] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\qnnxhgfcti.dll"
O4 - HKLM\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Admin\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
O4 - HKCU\..\Run: [Trans Mp3] C:\DOCUME~1\Admin\APPLIC~1\LOCKSF~1\32 ADMIN.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [sefjhf98jfoidsfoishgoiusgdgfgd] C:\DOCUME~1\Admin\LOCALS~1\Temp\kwu4n.exe
O4 - HKCU\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Admin\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
O4 - HKCU\..\Run: [BMIMZMHMFM] C:\DOCUME~1\Admin\LOCALS~1\Temp\Kdh.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Admin\Application Data\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Global Startup: AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll
O20 - Winlogon Notify: jyuxwgqd - C:\WINDOWS\SYSTEM32\lrbvrdx.dll
O20 - Winlogon Notify: reset5c - C:\WINDOWS\SYSTEM32\reset5c.dll
O22 - SharedTaskScheduler: lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\system32\cvge2ed2pk.dll
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Run by Admin at 2010-01-24 21:40:05
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 104 GB (90%) free of 114 GB
Total RAM: 511 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:08, on 24/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\V0420Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Admin\Application Data\SystemProc\lsass.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\kwu4n.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\Kdh.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin\Mes documents\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 78.159.110.36 www.google.no
O1 - Hosts: 78.159.110.36 www.google.com.mx
O1 - Hosts: 78.159.110.36 www.google.co.za
O1 - Hosts: 78.159.110.36 www.google.fi
O1 - Hosts: 78.159.110.36 www.google.dk
O1 - Hosts: 78.159.110.36 www.google.es
O1 - Hosts: 78.159.110.36 www.google.se
O1 - Hosts: 78.159.110.36 www.google.be
O1 - Hosts: 78.159.110.36 www.google.com
O1 - Hosts: 78.159.110.36 www.google.at
O1 - Hosts: 78.159.110.36 www.google.it
O1 - Hosts: 78.159.110.36 www.google.com.au
O1 - Hosts: 78.159.110.36 search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.com.br
O1 - Hosts: 78.159.110.36 www.google.ca
O1 - Hosts: 78.159.110.36 uk.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.ch
O1 - Hosts: 78.159.110.36 www.google.pt
O1 - Hosts: 78.159.110.36 www.google.gr
O1 - Hosts: 78.159.110.36 www.google.de
O1 - Hosts: 78.159.110.36 www.google.ie
O1 - Hosts: 78.159.110.36 www.google.co.jp
O1 - Hosts: 78.159.110.36 www.google.nl
O1 - Hosts: 78.159.110.36 www.google.fr
O1 - Hosts: 78.159.110.36 us.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.co.uk
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: C:\WINDOWS\system32\cvge2ed2pk.dll - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\system32\cvge2ed2pk.dll
O2 - BHO: (no name) - {CBA1CF52-F2B7-46F3-9B1B-EB92558552F1} - c:\windows\system32\lrbvrdx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\title play.exe
O4 - HKLM\..\Run: [xrahfexiepvoe] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\qnnxhgfcti.dll"
O4 - HKLM\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Admin\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
O4 - HKCU\..\Run: [Trans Mp3] C:\DOCUME~1\Admin\APPLIC~1\LOCKSF~1\32 ADMIN.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [sefjhf98jfoidsfoishgoiusgdgfgd] C:\DOCUME~1\Admin\LOCALS~1\Temp\kwu4n.exe
O4 - HKCU\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Admin\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
O4 - HKCU\..\Run: [BMIMZMHMFM] C:\DOCUME~1\Admin\LOCALS~1\Temp\Kdh.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Admin\Application Data\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Global Startup: AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll
O20 - Winlogon Notify: jyuxwgqd - C:\WINDOWS\SYSTEM32\lrbvrdx.dll
O20 - Winlogon Notify: reset5c - C:\WINDOWS\SYSTEM32\reset5c.dll
O22 - SharedTaskScheduler: lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\system32\cvge2ed2pk.dll
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : BIOS Date: 07/18/03 16:14:52 Ver: 08.00.08
USER : Admin ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2005 (Not Activated)
Firewall : Norton Internet Security 2005 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:101 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 29/01/2010|17:38 )
--------------------\\ Listing des dossiers dans APPLIC~1
[24/08/2009|15:29] C:\DOCUME~1\Admin\APPLIC~1\Adobe
[22/01/2010|20:21] C:\DOCUME~1\Admin\APPLIC~1\AntiVirus Plus
[07/08/2009|15:17] C:\DOCUME~1\Admin\APPLIC~1\Apple Computer
[15/06/2009|12:56] C:\DOCUME~1\Admin\APPLIC~1\AVS4YOU
[18/10/2009|13:59] C:\DOCUME~1\Admin\APPLIC~1\Creative
[10/01/2010|16:37] C:\DOCUME~1\Admin\APPLIC~1\DivX
[31/05/2009|21:43] C:\DOCUME~1\Admin\APPLIC~1\DMV Technologies
[24/10/2009|18:11] C:\DOCUME~1\Admin\APPLIC~1\EPSON
[29/01/2010|15:19] C:\DOCUME~1\Admin\APPLIC~1\HTML Executable
[01/01/2001|01:17] C:\DOCUME~1\Admin\APPLIC~1\Identities
[11/04/2009|14:38] C:\DOCUME~1\Admin\APPLIC~1\InstallShield
[15/11/2009|15:25] C:\DOCUME~1\Admin\APPLIC~1\Leadertech
[15/11/2009|16:11] C:\DOCUME~1\Admin\APPLIC~1\LG Electronics
[27/01/2010|14:19] C:\DOCUME~1\Admin\APPLIC~1\LimeWire
[18/12/2009|16:11] C:\DOCUME~1\Admin\APPLIC~1\Locks Flaw Bind
[28/03/2009|01:50] C:\DOCUME~1\Admin\APPLIC~1\Macromedia
[01/08/2009|18:19] C:\DOCUME~1\Admin\APPLIC~1\Microsoft
[01/01/2001|01:49] C:\DOCUME~1\Admin\APPLIC~1\Microsoft Web Folders
[01/01/2001|01:05] C:\DOCUME~1\Admin\APPLIC~1\Mozilla
[27/10/2009|21:21] C:\DOCUME~1\Admin\APPLIC~1\Real
[13/05/2009|12:16] C:\DOCUME~1\Admin\APPLIC~1\Samsung
[11/12/2009|15:46] C:\DOCUME~1\Admin\APPLIC~1\Sony
[01/01/2001|01:26] C:\DOCUME~1\Admin\APPLIC~1\Sun
[01/01/2001|01:40] C:\DOCUME~1\Admin\APPLIC~1\Symantec
[22/01/2010|20:24] C:\DOCUME~1\Admin\APPLIC~1\SystemProc
[10/08/2009|13:29] C:\DOCUME~1\Admin\APPLIC~1\Ulead Systems
[23/09/2009|11:38] C:\DOCUME~1\Admin\APPLIC~1\vlc
[15/04/2009|19:41] C:\DOCUME~1\Admin\APPLIC~1\Windows Live Writer
[11/12/2009|14:52] C:\DOCUME~1\Admin\APPLIC~1\Yahoo!
[07/08/2009|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[12/06/2009|15:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[01/08/2009|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apowersoft
[07/08/2009|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[24/01/2010|16:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[15/06/2009|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[31/03/2009|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
[11/04/2009|14:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[18/12/2009|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
[02/08/2009|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
[01/11/2009|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[30/04/2009|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/12/2009|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
[23/01/2010|15:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[01/01/2001|01:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[11/04/2009|14:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[10/08/2009|13:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[31/05/2009|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[01/01/2001|01:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[22/12/2009|17:48] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
[06/12/2009|13:40] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[22/12/2009|18:14] C:\DOCUME~1\INVIT~1\APPLIC~1\LG Electronics
[22/12/2009|17:48] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[31/12/2009|10:22] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[08/12/2009|19:24] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
[31/12/2009|08:52] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
[15/12/2009|12:58] C:\DOCUME~1\INVIT~1\APPLIC~1\Ulead Systems
[22/12/2009|17:52] C:\DOCUME~1\INVIT~1\APPLIC~1\Yahoo!
[01/01/2001|01:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[01/01/2001|00:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec
[01/01/2001|01:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[29/01/2010 17:28][--ah-----] C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[29/01/2010 17:31][--ah-----] C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[29/01/2010 16:00][--ah-----] C:\WINDOWS\tasks\A2125E5C9185D744.job
[24/01/2010 16:04][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[29/01/2010 15:42][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1303643608-725345543-1003UA.job
[27/01/2010 14:42][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1303643608-725345543-1003Core.job
[22/01/2010 20:00][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur - Admin.job
[29/01/2010 17:27][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/10/2001 17:16][-r-h-----] C:\WINDOWS\tasks\desktop.ini
( A2125E5C9185D744.job )=( c:\docume~1\admin\applic~1\locksf~1\SignProxyShim.exe )
--------------------\\ Listing des dossiers dans C:\Program Files
[11/04/2009|14:40] C:\Program Files\ABBYY FineReader 6.0 Sprint
[15/11/2009|15:25] C:\Program Files\Adobe
[20/08/2009|19:20] C:\Program Files\Ares
[30/07/2009|12:42] C:\Program Files\Audacity
[11/12/2009|14:52] C:\Program Files\CCleaner
[01/01/2001|01:09] C:\Program Files\ComPlus Applications
[31/03/2009|20:13] C:\Program Files\Creative
[07/12/2009|16:56] C:\Program Files\DivX
[04/08/2009|12:17] C:\Program Files\DMV
[11/04/2009|14:40] C:\Program Files\epson
[11/04/2009|14:41] C:\Program Files\Epson Software
[23/01/2010|15:34] C:\Program Files\Fichiers communs
[11/12/2009|15:53] C:\Program Files\Google
[27/12/2009|15:12] C:\Program Files\InstallShield Installation Information
[01/01/2001|00:23] C:\Program Files\Internet Explorer
[08/06/2009|12:14] C:\Program Files\IZArc
[28/11/2009|13:53] C:\Program Files\Java
[27/12/2009|15:10] C:\Program Files\LG Electronics
[07/12/2009|16:57] C:\Program Files\LG PC Suite 2
[27/12/2009|15:14] C:\Program Files\LGInternetKit
[11/11/2009|15:14] C:\Program Files\LimeWire
[18/12/2009|16:11] C:\Program Files\Locks Flaw Bind
[16/11/2009|16:23] C:\Program Files\Messenger Plus! Live
[01/01/2001|00:21] C:\Program Files\Microsoft
[01/01/2001|01:12] C:\Program Files\microsoft frontpage
[01/01/2001|01:49] C:\Program Files\Microsoft Office
[25/11/2009|10:57] C:\Program Files\Microsoft Silverlight
[31/03/2009|19:05] C:\Program Files\Microsoft SQL Server Compact Edition
[31/03/2009|19:05] C:\Program Files\Microsoft Sync Framework
[01/01/2001|01:55] C:\Program Files\Microsoft Visual Studio
[07/12/2009|16:57] C:\Program Files\movie maker
[29/01/2010|17:31] C:\Program Files\Mozilla Firefox
[01/01/2001|01:12] C:\Program Files\msn gaming zone
[01/01/2001|01:10] C:\Program Files\NetMeeting
[01/01/2001|18:41] C:\Program Files\Norton Internet Security
[01/01/2001|01:14] C:\Program Files\Outlook Express
[06/12/2009|20:01] C:\Program Files\PhotoScape
[18/01/2010|19:01] C:\Program Files\Pvm
[04/08/2009|12:15] C:\Program Files\Samsung
[01/01/2001|01:10] C:\Program Files\Services en ligne
[23/01/2010|15:34] C:\Program Files\SUPERAntiSpyware
[28/03/2009|00:17] C:\Program Files\Symantec
[28/03/2009|00:16] C:\Program Files\SymNetDrv
[24/01/2010|21:40] C:\Program Files\trend micro
[15/11/2009|16:15] C:\Program Files\Ulead Systems
[10/08/2009|10:17] C:\Program Files\UnFREEz
[01/01/2001|01:16] C:\Program Files\Uninstall Information
[23/08/2009|22:23] C:\Program Files\VideoLAN
[13/08/2009|19:52] C:\Program Files\Windows Journal Viewer
[24/11/2009|19:01] C:\Program Files\Windows Live
[24/11/2009|18:56] C:\Program Files\Windows Live SkyDrive
[15/06/2009|12:54] C:\Program Files\Windows Media Player
[01/01/2001|01:12] C:\Program Files\Windows NT
[01/01/2001|01:10] C:\Program Files\WindowsUpdate
[01/01/2001|01:12] C:\Program Files\xerox
[22/01/2010|20:42] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[15/11/2009|15:25] C:\Program Files\Fichiers communs\Adobe
[20/08/2009|18:53] C:\Program Files\Fichiers communs\AVSMedia
[01/01/2001|01:55] C:\Program Files\Fichiers communs\Designer
[10/08/2009|13:24] C:\Program Files\Fichiers communs\InstallShield
[01/01/2001|01:26] C:\Program Files\Fichiers communs\Java
[15/06/2009|12:53] C:\Program Files\Fichiers communs\Microsoft Shared
[01/01/2001|01:10] C:\Program Files\Fichiers communs\MSSoap
[01/01/2001|02:04] C:\Program Files\Fichiers communs\ODBC
[01/01/2001|01:10] C:\Program Files\Fichiers communs\Services
[01/01/2001|02:04] C:\Program Files\Fichiers communs\SpeechEngines
[22/10/2009|14:21] C:\Program Files\Fichiers communs\Symantec Shared
[01/01/2001|01:53] C:\Program Files\Fichiers communs\System
[15/11/2009|15:26] C:\Program Files\Fichiers communs\Ulead Systems
[24/08/2009|15:26] C:\Program Files\Fichiers communs\Vbox
[01/01/2001|00:09] C:\Program Files\Fichiers communs\Windows Live
--------------------\\ Process
( 41 Processes )
iexplore.exe ~ [PID:2672]
iexplore.exe ~ [PID:2708]
iexplore.exe ~ [PID:2772]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\amen the.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\amen the.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\title play.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\title play.exe
C:\DOCUME~1\Admin\APPLIC~1\locksf~1
C:\DOCUME~1\Admin\APPLIC~1\locksf~1\32 ADMIN.exe
C:\DOCUME~1\Admin\APPLIC~1\locksf~1\cjqutjzy.exe
C:\DOCUME~1\Admin\APPLIC~1\locksf~1\hzmbirui.exe
C:\DOCUME~1\Admin\APPLIC~1\locksf~1\inter sixth audio army.exe
C:\DOCUME~1\Admin\APPLIC~1\locksf~1\mphlnrbg.exe
C:\DOCUME~1\Admin\APPLIC~1\locksf~1\SignProxyShim.exe
C:\DOCUME~1\Admin\APPLIC~1\locksf~1\zvqqigir.exe
C:\Program Files\locksf~1
C:\WINDOWS\Tasks\A2125E5C9185D744.job
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trans Mp3"="C:\\DOCUME~1\\Admin\\APPLIC~1\\LOCKSF~1\\32 ADMIN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stupid Data Dart Wave"="C:\\Documents and Settings\\All Users\\Application Data\\flag ace stupid data\\title play.exe"
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 17:46:28
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenKey, ZwQueryValueKey, ZwQueryDirectoryFile
scanning hidden processes ...
scanning hidden files ...
C:\WINDOWS\System32\kbdsock.dll 3072 bytes executable
C:\WINDOWS\System32\mshlps.dll 3072 bytes executable
scan completed successfully
hidden processes: 0
hidden files: 2
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Admin\Local Settings\Application Data\Ares\My Shared Folder\ulead photoimpact 12 crack+patch & serial.exe
C:\DOCUME~1\Admin\Mes documents\Downloads\Adobe Photoshop & Image Ready 7.0.1 [French] + Crack.rar
[F:77][D:12]-> C:\DOCUME~1\Admin\LOCALS~1\Temp
[F:10][D:0]-> C:\DOCUME~1\Admin\Cookies
[F:43][D:4]-> C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 29/01/2010|17:49 - Option : [1]
--------------------\\ Fin du rapport a 17:49:09
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : BIOS Date: 07/18/03 16:14:52 Ver: 08.00.08
USER : Admin ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2005 (Not Activated)
Firewall : Norton Internet Security 2005 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:101 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 29/01/2010|17:38 )
--------------------\\ Listing des dossiers dans APPLIC~1
[24/08/2009|15:29] C:\DOCUME~1\Admin\APPLIC~1\Adobe
[22/01/2010|20:21] C:\DOCUME~1\Admin\APPLIC~1\AntiVirus Plus
[07/08/2009|15:17] C:\DOCUME~1\Admin\APPLIC~1\Apple Computer
[15/06/2009|12:56] C:\DOCUME~1\Admin\APPLIC~1\AVS4YOU
[18/10/2009|13:59] C:\DOCUME~1\Admin\APPLIC~1\Creative
[10/01/2010|16:37] C:\DOCUME~1\Admin\APPLIC~1\DivX
[31/05/2009|21:43] C:\DOCUME~1\Admin\APPLIC~1\DMV Technologies
[24/10/2009|18:11] C:\DOCUME~1\Admin\APPLIC~1\EPSON
[29/01/2010|15:19] C:\DOCUME~1\Admin\APPLIC~1\HTML Executable
[01/01/2001|01:17] C:\DOCUME~1\Admin\APPLIC~1\Identities
[11/04/2009|14:38] C:\DOCUME~1\Admin\APPLIC~1\InstallShield
[15/11/2009|15:25] C:\DOCUME~1\Admin\APPLIC~1\Leadertech
[15/11/2009|16:11] C:\DOCUME~1\Admin\APPLIC~1\LG Electronics
[27/01/2010|14:19] C:\DOCUME~1\Admin\APPLIC~1\LimeWire
[18/12/2009|16:11] C:\DOCUME~1\Admin\APPLIC~1\Locks Flaw Bind
[28/03/2009|01:50] C:\DOCUME~1\Admin\APPLIC~1\Macromedia
[01/08/2009|18:19] C:\DOCUME~1\Admin\APPLIC~1\Microsoft
[01/01/2001|01:49] C:\DOCUME~1\Admin\APPLIC~1\Microsoft Web Folders
[01/01/2001|01:05] C:\DOCUME~1\Admin\APPLIC~1\Mozilla
[27/10/2009|21:21] C:\DOCUME~1\Admin\APPLIC~1\Real
[13/05/2009|12:16] C:\DOCUME~1\Admin\APPLIC~1\Samsung
[11/12/2009|15:46] C:\DOCUME~1\Admin\APPLIC~1\Sony
[01/01/2001|01:26] C:\DOCUME~1\Admin\APPLIC~1\Sun
[01/01/2001|01:40] C:\DOCUME~1\Admin\APPLIC~1\Symantec
[22/01/2010|20:24] C:\DOCUME~1\Admin\APPLIC~1\SystemProc
[10/08/2009|13:29] C:\DOCUME~1\Admin\APPLIC~1\Ulead Systems
[23/09/2009|11:38] C:\DOCUME~1\Admin\APPLIC~1\vlc
[15/04/2009|19:41] C:\DOCUME~1\Admin\APPLIC~1\Windows Live Writer
[11/12/2009|14:52] C:\DOCUME~1\Admin\APPLIC~1\Yahoo!
[07/08/2009|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[12/06/2009|15:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[01/08/2009|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apowersoft
[07/08/2009|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[24/01/2010|16:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[15/06/2009|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[31/03/2009|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
[11/04/2009|14:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[18/12/2009|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
[02/08/2009|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
[01/11/2009|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[30/04/2009|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/12/2009|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
[23/01/2010|15:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[01/01/2001|01:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[11/04/2009|14:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[10/08/2009|13:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[31/05/2009|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[01/01/2001|01:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[22/12/2009|17:48] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
[06/12/2009|13:40] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[22/12/2009|18:14] C:\DOCUME~1\INVIT~1\APPLIC~1\LG Electronics
[22/12/2009|17:48] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[31/12/2009|10:22] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[08/12/2009|19:24] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
[31/12/2009|08:52] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
[15/12/2009|12:58] C:\DOCUME~1\INVIT~1\APPLIC~1\Ulead Systems
[22/12/2009|17:52] C:\DOCUME~1\INVIT~1\APPLIC~1\Yahoo!
[01/01/2001|01:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[01/01/2001|00:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec
[01/01/2001|01:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[29/01/2010 17:28][--ah-----] C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[29/01/2010 17:31][--ah-----] C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[29/01/2010 16:00][--ah-----] C:\WINDOWS\tasks\A2125E5C9185D744.job
[24/01/2010 16:04][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[29/01/2010 15:42][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1303643608-725345543-1003UA.job
[27/01/2010 14:42][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1303643608-725345543-1003Core.job
[22/01/2010 20:00][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur - Admin.job
[29/01/2010 17:27][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/10/2001 17:16][-r-h-----] C:\WINDOWS\tasks\desktop.ini
( A2125E5C9185D744.job )=( c:\docume~1\admin\applic~1\locksf~1\SignProxyShim.exe )
--------------------\\ Listing des dossiers dans C:\Program Files
[11/04/2009|14:40] C:\Program Files\ABBYY FineReader 6.0 Sprint
[15/11/2009|15:25] C:\Program Files\Adobe
[20/08/2009|19:20] C:\Program Files\Ares
[30/07/2009|12:42] C:\Program Files\Audacity
[11/12/2009|14:52] C:\Program Files\CCleaner
[01/01/2001|01:09] C:\Program Files\ComPlus Applications
[31/03/2009|20:13] C:\Program Files\Creative
[07/12/2009|16:56] C:\Program Files\DivX
[04/08/2009|12:17] C:\Program Files\DMV
[11/04/2009|14:40] C:\Program Files\epson
[11/04/2009|14:41] C:\Program Files\Epson Software
[23/01/2010|15:34] C:\Program Files\Fichiers communs
[11/12/2009|15:53] C:\Program Files\Google
[27/12/2009|15:12] C:\Program Files\InstallShield Installation Information
[01/01/2001|00:23] C:\Program Files\Internet Explorer
[08/06/2009|12:14] C:\Program Files\IZArc
[28/11/2009|13:53] C:\Program Files\Java
[27/12/2009|15:10] C:\Program Files\LG Electronics
[07/12/2009|16:57] C:\Program Files\LG PC Suite 2
[27/12/2009|15:14] C:\Program Files\LGInternetKit
[11/11/2009|15:14] C:\Program Files\LimeWire
[18/12/2009|16:11] C:\Program Files\Locks Flaw Bind
[16/11/2009|16:23] C:\Program Files\Messenger Plus! Live
[01/01/2001|00:21] C:\Program Files\Microsoft
[01/01/2001|01:12] C:\Program Files\microsoft frontpage
[01/01/2001|01:49] C:\Program Files\Microsoft Office
[25/11/2009|10:57] C:\Program Files\Microsoft Silverlight
[31/03/2009|19:05] C:\Program Files\Microsoft SQL Server Compact Edition
[31/03/2009|19:05] C:\Program Files\Microsoft Sync Framework
[01/01/2001|01:55] C:\Program Files\Microsoft Visual Studio
[07/12/2009|16:57] C:\Program Files\movie maker
[29/01/2010|17:31] C:\Program Files\Mozilla Firefox
[01/01/2001|01:12] C:\Program Files\msn gaming zone
[01/01/2001|01:10] C:\Program Files\NetMeeting
[01/01/2001|18:41] C:\Program Files\Norton Internet Security
[01/01/2001|01:14] C:\Program Files\Outlook Express
[06/12/2009|20:01] C:\Program Files\PhotoScape
[18/01/2010|19:01] C:\Program Files\Pvm
[04/08/2009|12:15] C:\Program Files\Samsung
[01/01/2001|01:10] C:\Program Files\Services en ligne
[23/01/2010|15:34] C:\Program Files\SUPERAntiSpyware
[28/03/2009|00:17] C:\Program Files\Symantec
[28/03/2009|00:16] C:\Program Files\SymNetDrv
[24/01/2010|21:40] C:\Program Files\trend micro
[15/11/2009|16:15] C:\Program Files\Ulead Systems
[10/08/2009|10:17] C:\Program Files\UnFREEz
[01/01/2001|01:16] C:\Program Files\Uninstall Information
[23/08/2009|22:23] C:\Program Files\VideoLAN
[13/08/2009|19:52] C:\Program Files\Windows Journal Viewer
[24/11/2009|19:01] C:\Program Files\Windows Live
[24/11/2009|18:56] C:\Program Files\Windows Live SkyDrive
[15/06/2009|12:54] C:\Program Files\Windows Media Player
[01/01/2001|01:12] C:\Program Files\Windows NT
[01/01/2001|01:10] C:\Program Files\WindowsUpdate
[01/01/2001|01:12] C:\Program Files\xerox
[22/01/2010|20:42] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[15/11/2009|15:25] C:\Program Files\Fichiers communs\Adobe
[20/08/2009|18:53] C:\Program Files\Fichiers communs\AVSMedia
[01/01/2001|01:55] C:\Program Files\Fichiers communs\Designer
[10/08/2009|13:24] C:\Program Files\Fichiers communs\InstallShield
[01/01/2001|01:26] C:\Program Files\Fichiers communs\Java
[15/06/2009|12:53] C:\Program Files\Fichiers communs\Microsoft Shared
[01/01/2001|01:10] C:\Program Files\Fichiers communs\MSSoap
[01/01/2001|02:04] C:\Program Files\Fichiers communs\ODBC
[01/01/2001|01:10] C:\Program Files\Fichiers communs\Services
[01/01/2001|02:04] C:\Program Files\Fichiers communs\SpeechEngines
[22/10/2009|14:21] C:\Program Files\Fichiers communs\Symantec Shared
[01/01/2001|01:53] C:\Program Files\Fichiers communs\System
[15/11/2009|15:26] C:\Program Files\Fichiers communs\Ulead Systems
[24/08/2009|15:26] C:\Program Files\Fichiers communs\Vbox
[01/01/2001|00:09] C:\Program Files\Fichiers communs\Windows Live
--------------------\\ Process
( 41 Processes )
iexplore.exe ~ [PID:2672]
iexplore.exe ~ [PID:2708]
iexplore.exe ~ [PID:2772]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\amen the.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\amen the.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\title play.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\title play.exe
C:\DOCUME~1\Admin\APPLIC~1\locksf~1
C:\DOCUME~1\Admin\APPLIC~1\locksf~1\32 ADMIN.exe
C:\DOCUME~1\Admin\APPLIC~1\locksf~1\cjqutjzy.exe
C:\DOCUME~1\Admin\APPLIC~1\locksf~1\hzmbirui.exe
C:\DOCUME~1\Admin\APPLIC~1\locksf~1\inter sixth audio army.exe
C:\DOCUME~1\Admin\APPLIC~1\locksf~1\mphlnrbg.exe
C:\DOCUME~1\Admin\APPLIC~1\locksf~1\SignProxyShim.exe
C:\DOCUME~1\Admin\APPLIC~1\locksf~1\zvqqigir.exe
C:\Program Files\locksf~1
C:\WINDOWS\Tasks\A2125E5C9185D744.job
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trans Mp3"="C:\\DOCUME~1\\Admin\\APPLIC~1\\LOCKSF~1\\32 ADMIN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stupid Data Dart Wave"="C:\\Documents and Settings\\All Users\\Application Data\\flag ace stupid data\\title play.exe"
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 17:46:28
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenKey, ZwQueryValueKey, ZwQueryDirectoryFile
scanning hidden processes ...
scanning hidden files ...
C:\WINDOWS\System32\kbdsock.dll 3072 bytes executable
C:\WINDOWS\System32\mshlps.dll 3072 bytes executable
scan completed successfully
hidden processes: 0
hidden files: 2
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Admin\Local Settings\Application Data\Ares\My Shared Folder\ulead photoimpact 12 crack+patch & serial.exe
C:\DOCUME~1\Admin\Mes documents\Downloads\Adobe Photoshop & Image Ready 7.0.1 [French] + Crack.rar
[F:77][D:12]-> C:\DOCUME~1\Admin\LOCALS~1\Temp
[F:10][D:0]-> C:\DOCUME~1\Admin\Cookies
[F:43][D:4]-> C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 29/01/2010|17:49 - Option : [1]
--------------------\\ Fin du rapport a 17:49:09
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : BIOS Date: 07/18/03 16:14:52 Ver: 08.00.08
USER : Admin ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2005 (Not Activated)
Firewall : Norton Internet Security 2005 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:101 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 30/01/2010|17:31 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\amen the.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\amen the.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\title play.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\title play.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1\32 ADMIN.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1\cjqutjzy.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1\hzmbirui.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1\inter sixth audio army.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1\mphlnrbg.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1\SignProxyShim.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1\zvqqigir.exe
Supprime! - C:\WINDOWS\Tasks\A2125E5C9185D744.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1
Supprime! - C:\Program Files\locksf~1
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[24/08/2009|15:29] C:\DOCUME~1\Admin\APPLIC~1\Adobe
[22/01/2010|20:21] C:\DOCUME~1\Admin\APPLIC~1\AntiVirus Plus
[07/08/2009|15:17] C:\DOCUME~1\Admin\APPLIC~1\Apple Computer
[15/06/2009|12:56] C:\DOCUME~1\Admin\APPLIC~1\AVS4YOU
[18/10/2009|13:59] C:\DOCUME~1\Admin\APPLIC~1\Creative
[10/01/2010|16:37] C:\DOCUME~1\Admin\APPLIC~1\DivX
[31/05/2009|21:43] C:\DOCUME~1\Admin\APPLIC~1\DMV Technologies
[24/10/2009|18:11] C:\DOCUME~1\Admin\APPLIC~1\EPSON
[29/01/2010|15:19] C:\DOCUME~1\Admin\APPLIC~1\HTML Executable
[01/01/2001|01:17] C:\DOCUME~1\Admin\APPLIC~1\Identities
[11/04/2009|14:38] C:\DOCUME~1\Admin\APPLIC~1\InstallShield
[15/11/2009|15:25] C:\DOCUME~1\Admin\APPLIC~1\Leadertech
[15/11/2009|16:11] C:\DOCUME~1\Admin\APPLIC~1\LG Electronics
[27/01/2010|14:19] C:\DOCUME~1\Admin\APPLIC~1\LimeWire
[28/03/2009|01:50] C:\DOCUME~1\Admin\APPLIC~1\Macromedia
[01/08/2009|18:19] C:\DOCUME~1\Admin\APPLIC~1\Microsoft
[01/01/2001|01:49] C:\DOCUME~1\Admin\APPLIC~1\Microsoft Web Folders
[01/01/2001|01:05] C:\DOCUME~1\Admin\APPLIC~1\Mozilla
[27/10/2009|21:21] C:\DOCUME~1\Admin\APPLIC~1\Real
[13/05/2009|12:16] C:\DOCUME~1\Admin\APPLIC~1\Samsung
[11/12/2009|15:46] C:\DOCUME~1\Admin\APPLIC~1\Sony
[01/01/2001|01:26] C:\DOCUME~1\Admin\APPLIC~1\Sun
[01/01/2001|01:40] C:\DOCUME~1\Admin\APPLIC~1\Symantec
[22/01/2010|20:24] C:\DOCUME~1\Admin\APPLIC~1\SystemProc
[10/08/2009|13:29] C:\DOCUME~1\Admin\APPLIC~1\Ulead Systems
[23/09/2009|11:38] C:\DOCUME~1\Admin\APPLIC~1\vlc
[15/04/2009|19:41] C:\DOCUME~1\Admin\APPLIC~1\Windows Live Writer
[11/12/2009|14:52] C:\DOCUME~1\Admin\APPLIC~1\Yahoo!
[07/08/2009|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[12/06/2009|15:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[01/08/2009|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apowersoft
[07/08/2009|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[24/01/2010|16:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[15/06/2009|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[31/03/2009|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
[11/04/2009|14:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[02/08/2009|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
[01/11/2009|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[30/04/2009|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/12/2009|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
[23/01/2010|15:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[01/01/2001|01:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[11/04/2009|14:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[10/08/2009|13:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[31/05/2009|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[01/01/2001|01:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[22/12/2009|17:48] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
[06/12/2009|13:40] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[22/12/2009|18:14] C:\DOCUME~1\INVIT~1\APPLIC~1\LG Electronics
[22/12/2009|17:48] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[31/12/2009|10:22] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[08/12/2009|19:24] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
[31/12/2009|08:52] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
[15/12/2009|12:58] C:\DOCUME~1\INVIT~1\APPLIC~1\Ulead Systems
[22/12/2009|17:52] C:\DOCUME~1\INVIT~1\APPLIC~1\Yahoo!
[01/01/2001|01:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[01/01/2001|00:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec
[01/01/2001|01:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[30/01/2010 17:21][--ah-----] C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[30/01/2010 17:31][--ah-----] C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[24/01/2010 16:04][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[29/01/2010 20:42][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1303643608-725345543-1003UA.job
[27/01/2010 14:42][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1303643608-725345543-1003Core.job
[22/01/2010 20:00][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur - Admin.job
[30/01/2010 17:19][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/10/2001 17:16][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[11/04/2009|14:40] C:\Program Files\ABBYY FineReader 6.0 Sprint
[15/11/2009|15:25] C:\Program Files\Adobe
[20/08/2009|19:20] C:\Program Files\Ares
[30/07/2009|12:42] C:\Program Files\Audacity
[11/12/2009|14:52] C:\Program Files\CCleaner
[01/01/2001|01:09] C:\Program Files\ComPlus Applications
[31/03/2009|20:13] C:\Program Files\Creative
[07/12/2009|16:56] C:\Program Files\DivX
[04/08/2009|12:17] C:\Program Files\DMV
[11/04/2009|14:40] C:\Program Files\epson
[11/04/2009|14:41] C:\Program Files\Epson Software
[23/01/2010|15:34] C:\Program Files\Fichiers communs
[11/12/2009|15:53] C:\Program Files\Google
[27/12/2009|15:12] C:\Program Files\InstallShield Installation Information
[01/01/2001|00:23] C:\Program Files\Internet Explorer
[08/06/2009|12:14] C:\Program Files\IZArc
[28/11/2009|13:53] C:\Program Files\Java
[27/12/2009|15:10] C:\Program Files\LG Electronics
[07/12/2009|16:57] C:\Program Files\LG PC Suite 2
[27/12/2009|15:14] C:\Program Files\LGInternetKit
[11/11/2009|15:14] C:\Program Files\LimeWire
[16/11/2009|16:23] C:\Program Files\Messenger Plus! Live
[01/01/2001|00:21] C:\Program Files\Microsoft
[01/01/2001|01:12] C:\Program Files\microsoft frontpage
[01/01/2001|01:49] C:\Program Files\Microsoft Office
[25/11/2009|10:57] C:\Program Files\Microsoft Silverlight
[31/03/2009|19:05] C:\Program Files\Microsoft SQL Server Compact Edition
[31/03/2009|19:05] C:\Program Files\Microsoft Sync Framework
[01/01/2001|01:55] C:\Program Files\Microsoft Visual Studio
[07/12/2009|16:57] C:\Program Files\movie maker
[30/01/2010|17:25] C:\Program Files\Mozilla Firefox
[01/01/2001|01:12] C:\Program Files\msn gaming zone
[01/01/2001|01:10] C:\Program Files\NetMeeting
[01/01/2001|18:41] C:\Program Files\Norton Internet Security
[01/01/2001|01:14] C:\Program Files\Outlook Express
[06/12/2009|20:01] C:\Program Files\PhotoScape
[18/01/2010|19:01] C:\Program Files\Pvm
[04/08/2009|12:15] C:\Program Files\Samsung
[01/01/2001|01:10] C:\Program Files\Services en ligne
[23/01/2010|15:34] C:\Program Files\SUPERAntiSpyware
[28/03/2009|00:17] C:\Program Files\Symantec
[28/03/2009|00:16] C:\Program Files\SymNetDrv
[24/01/2010|21:40] C:\Program Files\trend micro
[15/11/2009|16:15] C:\Program Files\Ulead Systems
[10/08/2009|10:17] C:\Program Files\UnFREEz
[01/01/2001|01:16] C:\Program Files\Uninstall Information
[23/08/2009|22:23] C:\Program Files\VideoLAN
[13/08/2009|19:52] C:\Program Files\Windows Journal Viewer
[24/11/2009|19:01] C:\Program Files\Windows Live
[24/11/2009|18:56] C:\Program Files\Windows Live SkyDrive
[15/06/2009|12:54] C:\Program Files\Windows Media Player
[01/01/2001|01:12] C:\Program Files\Windows NT
[01/01/2001|01:10] C:\Program Files\WindowsUpdate
[01/01/2001|01:12] C:\Program Files\xerox
[22/01/2010|20:42] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[15/11/2009|15:25] C:\Program Files\Fichiers communs\Adobe
[20/08/2009|18:53] C:\Program Files\Fichiers communs\AVSMedia
[01/01/2001|01:55] C:\Program Files\Fichiers communs\Designer
[10/08/2009|13:24] C:\Program Files\Fichiers communs\InstallShield
[01/01/2001|01:26] C:\Program Files\Fichiers communs\Java
[15/06/2009|12:53] C:\Program Files\Fichiers communs\Microsoft Shared
[01/01/2001|01:10] C:\Program Files\Fichiers communs\MSSoap
[01/01/2001|02:04] C:\Program Files\Fichiers communs\ODBC
[01/01/2001|01:10] C:\Program Files\Fichiers communs\Services
[01/01/2001|02:04] C:\Program Files\Fichiers communs\SpeechEngines
[22/10/2009|14:21] C:\Program Files\Fichiers communs\Symantec Shared
[01/01/2001|01:53] C:\Program Files\Fichiers communs\System
[15/11/2009|15:26] C:\Program Files\Fichiers communs\Ulead Systems
[24/08/2009|15:26] C:\Program Files\Fichiers communs\Vbox
[01/01/2001|00:09] C:\Program Files\Fichiers communs\Windows Live
--------------------\\ Process
( 37 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 17:39:19
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenKey, ZwQueryValueKey, ZwQueryDirectoryFile
scanning hidden processes ...
scanning hidden files ...
C:\WINDOWS\System32\kbdsock.dll 3072 bytes executable
C:\WINDOWS\System32\mshlps.dll 3072 bytes executable
scan completed successfully
hidden processes: 0
hidden files: 2
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Admin\Local Settings\Application Data\Ares\My Shared Folder\ulead photoimpact 12 crack+patch & serial.exe
C:\DOCUME~1\Admin\Mes documents\Downloads\Adobe Photoshop & Image Ready 7.0.1 [French] + Crack.rar
[F:111][D:13]-> C:\DOCUME~1\Admin\LOCALS~1\Temp
[F:10][D:0]-> C:\DOCUME~1\Admin\Cookies
[F:69][D:4]-> C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 29/01/2010|17:49 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 30/01/2010|17:42 - Option : [2]
--------------------\\ Fin du rapport a 17:42:33
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : BIOS Date: 07/18/03 16:14:52 Ver: 08.00.08
USER : Admin ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2005 (Not Activated)
Firewall : Norton Internet Security 2005 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:101 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 30/01/2010|17:31 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\amen the.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\amen the.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\title play.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\title play.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1\32 ADMIN.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1\cjqutjzy.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1\hzmbirui.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1\inter sixth audio army.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1\mphlnrbg.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1\SignProxyShim.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1\zvqqigir.exe
Supprime! - C:\WINDOWS\Tasks\A2125E5C9185D744.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\locksf~1
Supprime! - C:\Program Files\locksf~1
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[24/08/2009|15:29] C:\DOCUME~1\Admin\APPLIC~1\Adobe
[22/01/2010|20:21] C:\DOCUME~1\Admin\APPLIC~1\AntiVirus Plus
[07/08/2009|15:17] C:\DOCUME~1\Admin\APPLIC~1\Apple Computer
[15/06/2009|12:56] C:\DOCUME~1\Admin\APPLIC~1\AVS4YOU
[18/10/2009|13:59] C:\DOCUME~1\Admin\APPLIC~1\Creative
[10/01/2010|16:37] C:\DOCUME~1\Admin\APPLIC~1\DivX
[31/05/2009|21:43] C:\DOCUME~1\Admin\APPLIC~1\DMV Technologies
[24/10/2009|18:11] C:\DOCUME~1\Admin\APPLIC~1\EPSON
[29/01/2010|15:19] C:\DOCUME~1\Admin\APPLIC~1\HTML Executable
[01/01/2001|01:17] C:\DOCUME~1\Admin\APPLIC~1\Identities
[11/04/2009|14:38] C:\DOCUME~1\Admin\APPLIC~1\InstallShield
[15/11/2009|15:25] C:\DOCUME~1\Admin\APPLIC~1\Leadertech
[15/11/2009|16:11] C:\DOCUME~1\Admin\APPLIC~1\LG Electronics
[27/01/2010|14:19] C:\DOCUME~1\Admin\APPLIC~1\LimeWire
[28/03/2009|01:50] C:\DOCUME~1\Admin\APPLIC~1\Macromedia
[01/08/2009|18:19] C:\DOCUME~1\Admin\APPLIC~1\Microsoft
[01/01/2001|01:49] C:\DOCUME~1\Admin\APPLIC~1\Microsoft Web Folders
[01/01/2001|01:05] C:\DOCUME~1\Admin\APPLIC~1\Mozilla
[27/10/2009|21:21] C:\DOCUME~1\Admin\APPLIC~1\Real
[13/05/2009|12:16] C:\DOCUME~1\Admin\APPLIC~1\Samsung
[11/12/2009|15:46] C:\DOCUME~1\Admin\APPLIC~1\Sony
[01/01/2001|01:26] C:\DOCUME~1\Admin\APPLIC~1\Sun
[01/01/2001|01:40] C:\DOCUME~1\Admin\APPLIC~1\Symantec
[22/01/2010|20:24] C:\DOCUME~1\Admin\APPLIC~1\SystemProc
[10/08/2009|13:29] C:\DOCUME~1\Admin\APPLIC~1\Ulead Systems
[23/09/2009|11:38] C:\DOCUME~1\Admin\APPLIC~1\vlc
[15/04/2009|19:41] C:\DOCUME~1\Admin\APPLIC~1\Windows Live Writer
[11/12/2009|14:52] C:\DOCUME~1\Admin\APPLIC~1\Yahoo!
[07/08/2009|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[12/06/2009|15:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[01/08/2009|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apowersoft
[07/08/2009|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[24/01/2010|16:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[15/06/2009|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[31/03/2009|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
[11/04/2009|14:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[02/08/2009|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
[01/11/2009|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[30/04/2009|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/12/2009|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
[23/01/2010|15:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[01/01/2001|01:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[11/04/2009|14:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[10/08/2009|13:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[31/05/2009|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[01/01/2001|01:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[22/12/2009|17:48] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
[06/12/2009|13:40] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[22/12/2009|18:14] C:\DOCUME~1\INVIT~1\APPLIC~1\LG Electronics
[22/12/2009|17:48] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[31/12/2009|10:22] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[08/12/2009|19:24] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
[31/12/2009|08:52] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
[15/12/2009|12:58] C:\DOCUME~1\INVIT~1\APPLIC~1\Ulead Systems
[22/12/2009|17:52] C:\DOCUME~1\INVIT~1\APPLIC~1\Yahoo!
[01/01/2001|01:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[01/01/2001|00:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec
[01/01/2001|01:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[30/01/2010 17:21][--ah-----] C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[30/01/2010 17:31][--ah-----] C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[24/01/2010 16:04][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[29/01/2010 20:42][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1303643608-725345543-1003UA.job
[27/01/2010 14:42][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1303643608-725345543-1003Core.job
[22/01/2010 20:00][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur - Admin.job
[30/01/2010 17:19][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/10/2001 17:16][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[11/04/2009|14:40] C:\Program Files\ABBYY FineReader 6.0 Sprint
[15/11/2009|15:25] C:\Program Files\Adobe
[20/08/2009|19:20] C:\Program Files\Ares
[30/07/2009|12:42] C:\Program Files\Audacity
[11/12/2009|14:52] C:\Program Files\CCleaner
[01/01/2001|01:09] C:\Program Files\ComPlus Applications
[31/03/2009|20:13] C:\Program Files\Creative
[07/12/2009|16:56] C:\Program Files\DivX
[04/08/2009|12:17] C:\Program Files\DMV
[11/04/2009|14:40] C:\Program Files\epson
[11/04/2009|14:41] C:\Program Files\Epson Software
[23/01/2010|15:34] C:\Program Files\Fichiers communs
[11/12/2009|15:53] C:\Program Files\Google
[27/12/2009|15:12] C:\Program Files\InstallShield Installation Information
[01/01/2001|00:23] C:\Program Files\Internet Explorer
[08/06/2009|12:14] C:\Program Files\IZArc
[28/11/2009|13:53] C:\Program Files\Java
[27/12/2009|15:10] C:\Program Files\LG Electronics
[07/12/2009|16:57] C:\Program Files\LG PC Suite 2
[27/12/2009|15:14] C:\Program Files\LGInternetKit
[11/11/2009|15:14] C:\Program Files\LimeWire
[16/11/2009|16:23] C:\Program Files\Messenger Plus! Live
[01/01/2001|00:21] C:\Program Files\Microsoft
[01/01/2001|01:12] C:\Program Files\microsoft frontpage
[01/01/2001|01:49] C:\Program Files\Microsoft Office
[25/11/2009|10:57] C:\Program Files\Microsoft Silverlight
[31/03/2009|19:05] C:\Program Files\Microsoft SQL Server Compact Edition
[31/03/2009|19:05] C:\Program Files\Microsoft Sync Framework
[01/01/2001|01:55] C:\Program Files\Microsoft Visual Studio
[07/12/2009|16:57] C:\Program Files\movie maker
[30/01/2010|17:25] C:\Program Files\Mozilla Firefox
[01/01/2001|01:12] C:\Program Files\msn gaming zone
[01/01/2001|01:10] C:\Program Files\NetMeeting
[01/01/2001|18:41] C:\Program Files\Norton Internet Security
[01/01/2001|01:14] C:\Program Files\Outlook Express
[06/12/2009|20:01] C:\Program Files\PhotoScape
[18/01/2010|19:01] C:\Program Files\Pvm
[04/08/2009|12:15] C:\Program Files\Samsung
[01/01/2001|01:10] C:\Program Files\Services en ligne
[23/01/2010|15:34] C:\Program Files\SUPERAntiSpyware
[28/03/2009|00:17] C:\Program Files\Symantec
[28/03/2009|00:16] C:\Program Files\SymNetDrv
[24/01/2010|21:40] C:\Program Files\trend micro
[15/11/2009|16:15] C:\Program Files\Ulead Systems
[10/08/2009|10:17] C:\Program Files\UnFREEz
[01/01/2001|01:16] C:\Program Files\Uninstall Information
[23/08/2009|22:23] C:\Program Files\VideoLAN
[13/08/2009|19:52] C:\Program Files\Windows Journal Viewer
[24/11/2009|19:01] C:\Program Files\Windows Live
[24/11/2009|18:56] C:\Program Files\Windows Live SkyDrive
[15/06/2009|12:54] C:\Program Files\Windows Media Player
[01/01/2001|01:12] C:\Program Files\Windows NT
[01/01/2001|01:10] C:\Program Files\WindowsUpdate
[01/01/2001|01:12] C:\Program Files\xerox
[22/01/2010|20:42] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[15/11/2009|15:25] C:\Program Files\Fichiers communs\Adobe
[20/08/2009|18:53] C:\Program Files\Fichiers communs\AVSMedia
[01/01/2001|01:55] C:\Program Files\Fichiers communs\Designer
[10/08/2009|13:24] C:\Program Files\Fichiers communs\InstallShield
[01/01/2001|01:26] C:\Program Files\Fichiers communs\Java
[15/06/2009|12:53] C:\Program Files\Fichiers communs\Microsoft Shared
[01/01/2001|01:10] C:\Program Files\Fichiers communs\MSSoap
[01/01/2001|02:04] C:\Program Files\Fichiers communs\ODBC
[01/01/2001|01:10] C:\Program Files\Fichiers communs\Services
[01/01/2001|02:04] C:\Program Files\Fichiers communs\SpeechEngines
[22/10/2009|14:21] C:\Program Files\Fichiers communs\Symantec Shared
[01/01/2001|01:53] C:\Program Files\Fichiers communs\System
[15/11/2009|15:26] C:\Program Files\Fichiers communs\Ulead Systems
[24/08/2009|15:26] C:\Program Files\Fichiers communs\Vbox
[01/01/2001|00:09] C:\Program Files\Fichiers communs\Windows Live
--------------------\\ Process
( 37 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 17:39:19
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenKey, ZwQueryValueKey, ZwQueryDirectoryFile
scanning hidden processes ...
scanning hidden files ...
C:\WINDOWS\System32\kbdsock.dll 3072 bytes executable
C:\WINDOWS\System32\mshlps.dll 3072 bytes executable
scan completed successfully
hidden processes: 0
hidden files: 2
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Admin\Local Settings\Application Data\Ares\My Shared Folder\ulead photoimpact 12 crack+patch & serial.exe
C:\DOCUME~1\Admin\Mes documents\Downloads\Adobe Photoshop & Image Ready 7.0.1 [French] + Crack.rar
[F:111][D:13]-> C:\DOCUME~1\Admin\LOCALS~1\Temp
[F:10][D:0]-> C:\DOCUME~1\Admin\Cookies
[F:69][D:4]-> C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 29/01/2010|17:49 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 30/01/2010|17:42 - Option : [2]
--------------------\\ Fin du rapport a 17:42:33
Bien.
--> Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton Bureau.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
--> Double-clique sur le programme UsbFix situé sur ton Bureau.
--> Choisis l'option 1 (Recherche).
--> Laisse travailler l'outil.
--> Poste le rapport UsbFix.txt.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
--> Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton Bureau.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
--> Double-clique sur le programme UsbFix situé sur ton Bureau.
--> Choisis l'option 1 (Recherche).
--> Laisse travailler l'outil.
--> Poste le rapport UsbFix.txt.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
############################## | UsbFix V6.082 |
User : Admin (Utilisateurs) # XPSP2-56E206DE1
Update on 29/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 18:21:17 | 30/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Norton Internet Security 2005 [ (!) Disabled | (!) Outdated ]
FW : Norton Internet Security[ (!) Disabled ]2005
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 111,78 Go (101,18 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible # 1,86 Go (1,78 Go free) [SAMSUNG] # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 472
C:\WINDOWS\system32\csrss.exe 520
C:\WINDOWS\system32\winlogon.exe 544
C:\WINDOWS\system32\services.exe 588
C:\WINDOWS\system32\lsass.exe 600
C:\WINDOWS\system32\svchost.exe 780
C:\WINDOWS\system32\svchost.exe 836
C:\WINDOWS\System32\svchost.exe 904
C:\WINDOWS\system32\svchost.exe 972
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe 1128
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe 1156
C:\WINDOWS\Explorer.EXE 1400
C:\WINDOWS\system32\rundll32.exe 1572
C:\WINDOWS\system32\spoolsv.exe 1920
C:\Program Files\Java\jre6\bin\jqs.exe 176
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe 240
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 284
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 380
C:\WINDOWS\system32\svchost.exe 616
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe 752
C:\WINDOWS\System32\alg.exe 1040
C:\WINDOWS\V0420Mon.exe 2080
C:\Documents and Settings\Admin\Application Data\SystemProc\lsass.exe 2088
C:\Program Files\Java\jre6\bin\jusched.exe 2116
C:\WINDOWS\system32\rundll32.exe 2132
C:\Program Files\Ares\Ares.exe 2212
C:\DOCUME~1\Admin\LOCALS~1\Temp\kwu4n.exe 2220
C:\DOCUME~1\Admin\LOCALS~1\Temp\Kdh.exe 2264
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2280
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 2300
C:\WINDOWS\system32\NOTEPAD.EXE 2644
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3220
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3716
C:\Program Files\Windows Live\Contacts\wlcomm.exe 3988
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 1236
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3652
C:\Program Files\Mozilla Firefox\firefox.exe 2188
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 2460
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 188
C:\WINDOWS\system32\wbem\wmiprvse.exe 3768
################## | Elements infectieux |
C:\WINDOWS\msa.exe
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\WINDOWS\System32\reset5c.dll
C:\WINDOWS\System32\sshnas21.dll
C:\DOCUME~1\Admin\LOCALS~1\Temp\Kdh.exe
C:\rapef.exe
################## | Registre |
[HKCU\SOFTWARE\BMIMZMHMFM]
[HKCU\SOFTWARE\Microsoft\Handle]
[HKCU\SOFTWARE\WS9E3IQBKY]
[HKCU\SOFTWARE\XML]
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BMIMZMHMFM"
[HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS]
[HKLM\SYSTEM\ControlSet001\Services\SSHNAS]
[HKLM\SYSTEM\ControlSet002\Services\SSHNAS]
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS]
[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHNAS]
[HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHNAS]
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{744df600-f2f1-11de-a815-000c6e681473}
Shell\AutoRun\command =H:\USBAutoRun.exe
################## | ! Fin du rapport # UsbFix V6.082 ! |
User : Admin (Utilisateurs) # XPSP2-56E206DE1
Update on 29/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 18:21:17 | 30/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Norton Internet Security 2005 [ (!) Disabled | (!) Outdated ]
FW : Norton Internet Security[ (!) Disabled ]2005
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 111,78 Go (101,18 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible # 1,86 Go (1,78 Go free) [SAMSUNG] # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 472
C:\WINDOWS\system32\csrss.exe 520
C:\WINDOWS\system32\winlogon.exe 544
C:\WINDOWS\system32\services.exe 588
C:\WINDOWS\system32\lsass.exe 600
C:\WINDOWS\system32\svchost.exe 780
C:\WINDOWS\system32\svchost.exe 836
C:\WINDOWS\System32\svchost.exe 904
C:\WINDOWS\system32\svchost.exe 972
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe 1128
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe 1156
C:\WINDOWS\Explorer.EXE 1400
C:\WINDOWS\system32\rundll32.exe 1572
C:\WINDOWS\system32\spoolsv.exe 1920
C:\Program Files\Java\jre6\bin\jqs.exe 176
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe 240
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 284
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 380
C:\WINDOWS\system32\svchost.exe 616
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe 752
C:\WINDOWS\System32\alg.exe 1040
C:\WINDOWS\V0420Mon.exe 2080
C:\Documents and Settings\Admin\Application Data\SystemProc\lsass.exe 2088
C:\Program Files\Java\jre6\bin\jusched.exe 2116
C:\WINDOWS\system32\rundll32.exe 2132
C:\Program Files\Ares\Ares.exe 2212
C:\DOCUME~1\Admin\LOCALS~1\Temp\kwu4n.exe 2220
C:\DOCUME~1\Admin\LOCALS~1\Temp\Kdh.exe 2264
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2280
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 2300
C:\WINDOWS\system32\NOTEPAD.EXE 2644
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3220
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3716
C:\Program Files\Windows Live\Contacts\wlcomm.exe 3988
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 1236
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3652
C:\Program Files\Mozilla Firefox\firefox.exe 2188
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 2460
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 188
C:\WINDOWS\system32\wbem\wmiprvse.exe 3768
################## | Elements infectieux |
C:\WINDOWS\msa.exe
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\WINDOWS\System32\reset5c.dll
C:\WINDOWS\System32\sshnas21.dll
C:\DOCUME~1\Admin\LOCALS~1\Temp\Kdh.exe
C:\rapef.exe
################## | Registre |
[HKCU\SOFTWARE\BMIMZMHMFM]
[HKCU\SOFTWARE\Microsoft\Handle]
[HKCU\SOFTWARE\WS9E3IQBKY]
[HKCU\SOFTWARE\XML]
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BMIMZMHMFM"
[HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS]
[HKLM\SYSTEM\ControlSet001\Services\SSHNAS]
[HKLM\SYSTEM\ControlSet002\Services\SSHNAS]
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS]
[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHNAS]
[HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHNAS]
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{744df600-f2f1-11de-a815-000c6e681473}
Shell\AutoRun\command =H:\USBAutoRun.exe
################## | ! Fin du rapport # UsbFix V6.082 ! |
############################## | UsbFix V6.082 |
User : Admin (Utilisateurs) # XPSP2-56E206DE1
Update on 29/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:13:40 | 30/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Norton Internet Security 2005 [ (!) Disabled | (!) Outdated ]
FW : Norton Internet Security[ (!) Disabled ]2005
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 111,78 Go (101,1 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible # 1,86 Go (1,78 Go free) [SAMSUNG] # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 484
C:\WINDOWS\system32\csrss.exe 540
C:\WINDOWS\system32\winlogon.exe 564
C:\WINDOWS\system32\services.exe 608
C:\WINDOWS\system32\lsass.exe 620
C:\WINDOWS\system32\svchost.exe 792
C:\WINDOWS\system32\svchost.exe 848
C:\WINDOWS\System32\svchost.exe 932
C:\WINDOWS\system32\svchost.exe 1120
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe 1232
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe 1260
C:\WINDOWS\Explorer.EXE 1480
C:\WINDOWS\system32\spoolsv.exe 1316
C:\Program Files\Java\jre6\bin\jqs.exe 1632
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe 1544
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 1748
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1868
C:\WINDOWS\system32\svchost.exe 2068
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe 2116
C:\WINDOWS\system32\wbem\wmiprvse.exe 2520
C:\WINDOWS\System32\alg.exe 2528
################## | Elements infectieux |
Supprimé ! C:\WINDOWS\msa.exe
Supprimé ! C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Supprimé ! C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Supprimé ! C:\WINDOWS\System32\reset5c.dll
Supprimé ! C:\WINDOWS\System32\sshnas21.dll
Supprimé ! C:\DOCUME~1\Admin\LOCALS~1\Temp\Kdh.exe
Supprimé ! C:\rapef.exe
Supprimé ! C:\Recycler\S-1-5-21-746137067-1303643608-725345543-1003
Supprimé ! C:\Recycler\S-1-5-21-746137067-1303643608-725345543-501
################## | Registre |
Supprimé ! [HKCU\SOFTWARE\BMIMZMHMFM]
Supprimé ! [HKCU\SOFTWARE\Microsoft\Handle]
Supprimé ! [HKCU\SOFTWARE\WS9E3IQBKY]
Supprimé ! [HKCU\SOFTWARE\XML]
Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BMIMZMHMFM"
Supprimé ! [HKLM\software\microsoft\shared tools\msconfig\startupreg\Windows UDP Control Center]
Supprimé ! [HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS]
Supprimé ! [HKLM\SYSTEM\ControlSet002\Services\SSHNAS]
Supprimé ! [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHNAS]
Supprimé ! [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu"
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{744df600-f2f1-11de-a815-000c6e681473}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[01/01/2001 01:12|--a------|0] C:\AUTOEXEC.BAT
[24/04/2009 10:43|---hs----|212] C:\boot.ini
[02/10/2001 17:15|-rahs----|4952] C:\Bootfont.bin
[01/01/2001 01:12|--a------|0] C:\CONFIG.SYS
[01/01/2001 01:12|-rahs----|0] C:\IO.SYS
[06/04/2009 17:57|--a------|0] C:\lngg.exe
[06/04/2009 21:12|--a------|2570] C:\lnggxx.exe
[30/01/2010 17:42|--a------|12174] C:\lopR.txt
[01/01/2001 01:12|-rahs----|0] C:\MSDOS.SYS
[03/08/2004 21:38|-rahs----|47564] C:\NTDETECT.COM
[03/08/2004 21:59|-rahs----|251712] C:\ntldr
[07/04/2009 13:47|--a------|133120] C:\oespn.exe
[07/04/2009 13:48|--a------|133120] C:\oespnx.exe
[29/02/2004 16:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[11/04/2009 13:58|--a------|0] C:\par1.exe
[08/04/2009 20:48|--a------|2056] C:\paret2.exe
[13/04/2009 13:48|--a------|0] C:\rapdfhxf.exe
[09/01/2010 20:44|--a------|0] C:\Tech_Vista.log
[08/05/2009 16:42|--ahs----|5120] C:\Thumbs.db
[30/01/2010 19:21|--a------|4348] C:\UsbFix.txt
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# H:\autorun.inf -> Dossier créé par UsbFix.
################## | Upload |
Veuillez envoyer le fichier : C:\DOCUME~1\Admin\Bureau\UsbFix_Upload_Me_XPSP2-56E206DE1.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.082 ! |
User : Admin (Utilisateurs) # XPSP2-56E206DE1
Update on 29/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:13:40 | 30/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Norton Internet Security 2005 [ (!) Disabled | (!) Outdated ]
FW : Norton Internet Security[ (!) Disabled ]2005
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 111,78 Go (101,1 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible # 1,86 Go (1,78 Go free) [SAMSUNG] # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 484
C:\WINDOWS\system32\csrss.exe 540
C:\WINDOWS\system32\winlogon.exe 564
C:\WINDOWS\system32\services.exe 608
C:\WINDOWS\system32\lsass.exe 620
C:\WINDOWS\system32\svchost.exe 792
C:\WINDOWS\system32\svchost.exe 848
C:\WINDOWS\System32\svchost.exe 932
C:\WINDOWS\system32\svchost.exe 1120
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe 1232
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe 1260
C:\WINDOWS\Explorer.EXE 1480
C:\WINDOWS\system32\spoolsv.exe 1316
C:\Program Files\Java\jre6\bin\jqs.exe 1632
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe 1544
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 1748
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1868
C:\WINDOWS\system32\svchost.exe 2068
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe 2116
C:\WINDOWS\system32\wbem\wmiprvse.exe 2520
C:\WINDOWS\System32\alg.exe 2528
################## | Elements infectieux |
Supprimé ! C:\WINDOWS\msa.exe
Supprimé ! C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Supprimé ! C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Supprimé ! C:\WINDOWS\System32\reset5c.dll
Supprimé ! C:\WINDOWS\System32\sshnas21.dll
Supprimé ! C:\DOCUME~1\Admin\LOCALS~1\Temp\Kdh.exe
Supprimé ! C:\rapef.exe
Supprimé ! C:\Recycler\S-1-5-21-746137067-1303643608-725345543-1003
Supprimé ! C:\Recycler\S-1-5-21-746137067-1303643608-725345543-501
################## | Registre |
Supprimé ! [HKCU\SOFTWARE\BMIMZMHMFM]
Supprimé ! [HKCU\SOFTWARE\Microsoft\Handle]
Supprimé ! [HKCU\SOFTWARE\WS9E3IQBKY]
Supprimé ! [HKCU\SOFTWARE\XML]
Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BMIMZMHMFM"
Supprimé ! [HKLM\software\microsoft\shared tools\msconfig\startupreg\Windows UDP Control Center]
Supprimé ! [HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS]
Supprimé ! [HKLM\SYSTEM\ControlSet002\Services\SSHNAS]
Supprimé ! [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHNAS]
Supprimé ! [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu"
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{744df600-f2f1-11de-a815-000c6e681473}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[01/01/2001 01:12|--a------|0] C:\AUTOEXEC.BAT
[24/04/2009 10:43|---hs----|212] C:\boot.ini
[02/10/2001 17:15|-rahs----|4952] C:\Bootfont.bin
[01/01/2001 01:12|--a------|0] C:\CONFIG.SYS
[01/01/2001 01:12|-rahs----|0] C:\IO.SYS
[06/04/2009 17:57|--a------|0] C:\lngg.exe
[06/04/2009 21:12|--a------|2570] C:\lnggxx.exe
[30/01/2010 17:42|--a------|12174] C:\lopR.txt
[01/01/2001 01:12|-rahs----|0] C:\MSDOS.SYS
[03/08/2004 21:38|-rahs----|47564] C:\NTDETECT.COM
[03/08/2004 21:59|-rahs----|251712] C:\ntldr
[07/04/2009 13:47|--a------|133120] C:\oespn.exe
[07/04/2009 13:48|--a------|133120] C:\oespnx.exe
[29/02/2004 16:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[11/04/2009 13:58|--a------|0] C:\par1.exe
[08/04/2009 20:48|--a------|2056] C:\paret2.exe
[13/04/2009 13:48|--a------|0] C:\rapdfhxf.exe
[09/01/2010 20:44|--a------|0] C:\Tech_Vista.log
[08/05/2009 16:42|--ahs----|5120] C:\Thumbs.db
[30/01/2010 19:21|--a------|4348] C:\UsbFix.txt
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# H:\autorun.inf -> Dossier créé par UsbFix.
################## | Upload |
Veuillez envoyer le fichier : C:\DOCUME~1\Admin\Bureau\UsbFix_Upload_Me_XPSP2-56E206DE1.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.082 ! |
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3663
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
30/01/2010 20:59:33
mbam-log-2010-01-30 (20-59-32).txt
Type de recherche: Examen rapide
Eléments examinés: 115509
Temps écoulé: 16 minute(s), 52 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 32
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\dnmsplsa.dll (Trojan.Hiloti) -> Delete on reboot.
C:\WINDOWS\system32\cvge2ed2pk.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\lrbvrdx.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cba1cf52-f2b7-46f3-9b1b-eb92558552f1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jyuxwgqd (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{cba1cf52-f2b7-46f3-9b1b-eb92558552f1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c4bf49a2-94f1-42bd-f034-3604811c807d} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c4bf49a2-94f1-42bd-f034-3604811c807d} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4bf49a2-94f1-42bd-f034-3604811c807d} (Trojan.Downloader) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ktizdnsm (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cba1cf52-f2b7-46f3-9b1b-eb92558552f1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e4d1d3eb-e6cd-4bcd-938a-8ecf13578c99} (Trojan.Boxxe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e4d1d3eb-e6cd-4bcd-938a-8ecf13578c99} (Trojan.Boxxe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xsgbauafqlftfdcwg (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c4bf49a2-94f1-42bd-f034-3604811c807d} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus plus (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus plus (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xrahfexiepvoe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sefjhf98jfoidsfoishgoiusgdgfgd (Trojan.Downloader) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: dnmsplsa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: c:\windows\system32\kbdsock.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: system32\kbdsock.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\Admin\Menu Démarrer\Programmes\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\WINDOWS\system32\lrbvrdx.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\dnmsplsa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cvge2ed2pk.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Documents and Settings\Admin\Local Settings\Temp\kwu4n.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbdsock.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\unrplgsruwp.dll-uninst.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dztditz.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kuq660py7y.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comui.dll (Trojan.Boxxe) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\info.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mshlps.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xsgbauafqlftfdcwg.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\lodvt.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\Admin\Menu Démarrer\Programmes\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Menu Démarrer\Programmes\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\paret2.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\net.net (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qnnxhgfcti.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.
Version de la base de données: 3663
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
30/01/2010 20:59:33
mbam-log-2010-01-30 (20-59-32).txt
Type de recherche: Examen rapide
Eléments examinés: 115509
Temps écoulé: 16 minute(s), 52 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 32
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\dnmsplsa.dll (Trojan.Hiloti) -> Delete on reboot.
C:\WINDOWS\system32\cvge2ed2pk.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\lrbvrdx.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cba1cf52-f2b7-46f3-9b1b-eb92558552f1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jyuxwgqd (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{cba1cf52-f2b7-46f3-9b1b-eb92558552f1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c4bf49a2-94f1-42bd-f034-3604811c807d} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c4bf49a2-94f1-42bd-f034-3604811c807d} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4bf49a2-94f1-42bd-f034-3604811c807d} (Trojan.Downloader) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ktizdnsm (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cba1cf52-f2b7-46f3-9b1b-eb92558552f1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e4d1d3eb-e6cd-4bcd-938a-8ecf13578c99} (Trojan.Boxxe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e4d1d3eb-e6cd-4bcd-938a-8ecf13578c99} (Trojan.Boxxe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xsgbauafqlftfdcwg (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c4bf49a2-94f1-42bd-f034-3604811c807d} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus plus (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus plus (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xrahfexiepvoe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sefjhf98jfoidsfoishgoiusgdgfgd (Trojan.Downloader) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: dnmsplsa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: c:\windows\system32\kbdsock.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: system32\kbdsock.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\Admin\Menu Démarrer\Programmes\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\WINDOWS\system32\lrbvrdx.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\dnmsplsa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cvge2ed2pk.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Documents and Settings\Admin\Local Settings\Temp\kwu4n.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbdsock.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\unrplgsruwp.dll-uninst.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dztditz.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kuq660py7y.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comui.dll (Trojan.Boxxe) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\info.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mshlps.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xsgbauafqlftfdcwg.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\lodvt.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\Admin\Menu Démarrer\Programmes\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Menu Démarrer\Programmes\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\paret2.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\net.net (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qnnxhgfcti.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2010-01-31 14:12:44
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 104 GB (91%) free of 114 GB
Total RAM: 511 MB (26% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:51, on 31/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\V0420Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Mes documents\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 78.159.110.36 www.google.no
O1 - Hosts: 78.159.110.36 www.google.com.mx
O1 - Hosts: 78.159.110.36 www.google.co.za
O1 - Hosts: 78.159.110.36 www.google.fi
O1 - Hosts: 78.159.110.36 www.google.dk
O1 - Hosts: 78.159.110.36 www.google.es
O1 - Hosts: 78.159.110.36 www.google.se
O1 - Hosts: 78.159.110.36 www.google.be
O1 - Hosts: 78.159.110.36 www.google.com
O1 - Hosts: 78.159.110.36 www.google.at
O1 - Hosts: 78.159.110.36 www.google.it
O1 - Hosts: 78.159.110.36 www.google.com.au
O1 - Hosts: 78.159.110.36 search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.com.br
O1 - Hosts: 78.159.110.36 www.google.ca
O1 - Hosts: 78.159.110.36 uk.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.ch
O1 - Hosts: 78.159.110.36 www.google.pt
O1 - Hosts: 78.159.110.36 www.google.gr
O1 - Hosts: 78.159.110.36 www.google.de
O1 - Hosts: 78.159.110.36 www.google.ie
O1 - Hosts: 78.159.110.36 www.google.co.jp
O1 - Hosts: 78.159.110.36 www.google.nl
O1 - Hosts: 78.159.110.36 www.google.fr
O1 - Hosts: 78.159.110.36 us.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.co.uk
O2 - BHO: (no name) - {01D79D10-0017-4C11-A115-A30577C55486} - C:\WINDOWS\system32\vymilqrm.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {CBA1CF52-F2B7-46F3-9B1B-EB92558552F1} - c:\windows\system32\lrbvrdx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: jyuxwgqd - C:\WINDOWS\SYSTEM32\lrbvrdx.dll
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Run by Admin at 2010-01-31 14:12:44
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 104 GB (91%) free of 114 GB
Total RAM: 511 MB (26% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:51, on 31/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\V0420Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Mes documents\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 78.159.110.36 www.google.no
O1 - Hosts: 78.159.110.36 www.google.com.mx
O1 - Hosts: 78.159.110.36 www.google.co.za
O1 - Hosts: 78.159.110.36 www.google.fi
O1 - Hosts: 78.159.110.36 www.google.dk
O1 - Hosts: 78.159.110.36 www.google.es
O1 - Hosts: 78.159.110.36 www.google.se
O1 - Hosts: 78.159.110.36 www.google.be
O1 - Hosts: 78.159.110.36 www.google.com
O1 - Hosts: 78.159.110.36 www.google.at
O1 - Hosts: 78.159.110.36 www.google.it
O1 - Hosts: 78.159.110.36 www.google.com.au
O1 - Hosts: 78.159.110.36 search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.com.br
O1 - Hosts: 78.159.110.36 www.google.ca
O1 - Hosts: 78.159.110.36 uk.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.ch
O1 - Hosts: 78.159.110.36 www.google.pt
O1 - Hosts: 78.159.110.36 www.google.gr
O1 - Hosts: 78.159.110.36 www.google.de
O1 - Hosts: 78.159.110.36 www.google.ie
O1 - Hosts: 78.159.110.36 www.google.co.jp
O1 - Hosts: 78.159.110.36 www.google.nl
O1 - Hosts: 78.159.110.36 www.google.fr
O1 - Hosts: 78.159.110.36 us.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.co.uk
O2 - BHO: (no name) - {01D79D10-0017-4C11-A115-A30577C55486} - C:\WINDOWS\system32\vymilqrm.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {CBA1CF52-F2B7-46F3-9B1B-EB92558552F1} - c:\windows\system32\lrbvrdx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: jyuxwgqd - C:\WINDOWS\SYSTEM32\lrbvrdx.dll
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\
--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
ComboFix 10-01-30.07 - Admin 31/01/2010 17:49:50.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.201 [GMT 1:00]
Lancé depuis: c:\documents and settings\Admin\Mes documents\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\chrome.manifest
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\chrome\xulcache.jar
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\defaults\preferences\xulcache.js
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\install.rdf
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\chrome.manifest
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\chrome\xulcache.jar
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\defaults\preferences\xulcache.js
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\install.rdf
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\chrome.manifest
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\chrome\xulcache.jar
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\defaults\preferences\xulcache.js
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\install.rdf
c:\documents and settings\Admin\Application Data\SystemProc
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\chrome.manifest
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\chrome\xulcache.jar
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\defaults\preferences\xulcache.js
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\install.rdf
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\chrome.manifest
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\chrome\xulcache.jar
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\defaults\preferences\xulcache.js
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\install.rdf
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\chrome.manifest
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\chrome\xulcache.jar
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\defaults\preferences\xulcache.js
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\install.rdf
C:\Thumbs.db
c:\windows\system32\drivers\liisxlfd.sys
c:\windows\system32\drivers\qtkwlgjs.sys
c:\windows\system32\dztditz.dll
c:\windows\system32\lrbvrdx.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\vymilqrm.dll
Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_KTIZDNSM
-------\Legacy_LIISXLFD
-------\Legacy_SSHNAS
-------\Service_ktizdnsm
-------\Service_liisxlfd
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-31 ))))))))))))))))))))))))))))))))))))
.
2010-01-30 19:21 . 2010-01-30 19:21 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2010-01-30 19:21 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 19:21 . 2010-01-30 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-30 19:21 . 2010-01-30 19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-30 19:21 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 17:19 . 2010-01-30 19:21 -------- d-----w- C:\UsbFix
2010-01-29 16:36 . 2010-01-30 16:42 -------- d-----w- C:\Lop SD
2010-01-29 14:19 . 2010-01-29 14:19 -------- d-----w- c:\documents and settings\Admin\Application Data\HTML Executable
2010-01-27 18:07 . 2010-01-29 14:12 28409 ----a-w- c:\windows\system32\H000AIO96S.dat
2010-01-24 20:35 . 2010-01-31 13:12 -------- d-----w- c:\program files\trend micro
2010-01-24 20:35 . 2010-01-24 20:35 -------- d-----w- C:\rsit
2010-01-24 14:36 . 2010-01-24 14:36 -------- d-----w- C:\found.002
2010-01-23 14:13 . 2010-01-23 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-23 14:13 . 2010-01-23 14:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-22 19:22 . 2010-01-31 16:56 791552 ----a-w- c:\windows\system32\drivers\lodvt.sys
2010-01-06 05:02 . 2010-01-06 05:02 -------- d-----w- C:\found.001
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 14:59 . 2001-01-01 00:05 -------- d-----w- c:\documents and settings\Admin\Application Data\LimeWire
2010-01-30 20:02 . 2001-01-01 00:02 -------- d-----w- c:\program files\LimeWire
2010-01-24 15:03 . 2009-08-07 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-22 19:42 . 2009-12-11 13:52 -------- d-----w- c:\program files\Yahoo!
2010-01-18 18:01 . 2009-08-01 19:56 -------- d-----w- c:\program files\Pvm
2010-01-10 15:37 . 2009-11-16 16:41 -------- d-----w- c:\documents and settings\Admin\Application Data\DivX
2009-12-27 14:14 . 2009-12-27 14:12 -------- d-----w- c:\program files\LGInternetKit
2009-12-27 14:12 . 2009-03-31 18:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-27 14:10 . 2009-11-15 14:21 -------- d-----w- c:\program files\LG Electronics
2009-12-23 20:10 . 2000-12-31 23:04 53400 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-11 14:53 . 2009-11-15 14:19 -------- d-----w- c:\program files\Google
2009-12-11 14:46 . 2009-12-11 14:46 -------- d-----w- c:\documents and settings\Admin\Application Data\Sony
2009-12-11 14:46 . 2009-12-11 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-12-11 13:52 . 2009-12-11 13:52 -------- d-----w- c:\program files\CCleaner
2009-12-11 13:52 . 2009-12-11 13:52 -------- d-----w- c:\documents and settings\Admin\Application Data\Yahoo!
2009-12-07 15:57 . 2009-11-15 14:17 -------- d-----w- c:\program files\LG PC Suite 2
2009-12-07 15:56 . 2009-11-15 14:17 -------- d-----w- c:\program files\DivX
2009-12-06 19:01 . 2009-08-12 10:14 -------- d-----w- c:\program files\PhotoScape
2009-11-28 12:52 . 2009-11-28 12:52 152576 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 12:52 . 2009-11-28 12:52 79488 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-25 10:02 . 2001-10-02 16:17 71596 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-25 10:02 . 2001-10-02 16:17 458562 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-11 09:44 . 2009-09-11 09:44 359936 ----a-w- c:\program files\mozilla firefox\components\unrplgsruwp.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-27 133104]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="-" [X]
"V0420Mon.exe"="c:\windows\V0420Mon.exe" [2007-04-30 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2005-08-23 341]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Démarrer^Programmes^Démarrage^AntiVirus Plus.lnk]
path=c:\documents and settings\Admin\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk
backup=c:\windows\pss\AntiVirus Plus.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2003-04-03 19:35 50176 ----a-w- c:\windows\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-01-31 11:56 58728 ----a-w- c:\program files\Fichiers communs\Symantec Shared\CCAPP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2007-06-07 12:01 155648 ------w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX100 Series]
2008-02-05 06:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEDE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2009-08-05 21:48 647520 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
2009-03-27 23:16 100056 ----a-w- c:\progra~1\SYMNET~1\SNDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
2007-04-30 01:00 32768 ----a-r- c:\windows\V0420Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\lsass.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [31/03/2009 19:06 54752]
R3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [31/03/2009 20:15 99648]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - LIISXLFD
*Deregistered* - liisxlfd
*Deregistered* - lodvt
.
Contenu du dossier 'Tâches planifiées'
2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1303643608-725345543-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-27 15:29]
2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1303643608-725345543-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-27 15:29]
2010-01-22 c:\windows\Tasks\Norton AntiVirus - Analyser mon ordinateur - Admin.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2004-08-31 10:04]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\
FF - component: c:\program files\Mozilla Firefox\components\unrplgsruwp.dll
FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{01D79D10-0017-4C11-A115-A30577C55486} - c:\windows\system32\vymilqrm.dll
MSConfigStartUp-AntiVirus Plus - c:\documents and settings\Admin\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll
MSConfigStartUp-Stupid Data Dart Wave - c:\documents and settings\All Users\Application Data\flag ace stupid data\amen the.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-Trans Mp3 - c:\docume~1\Admin\APPLIC~1\LOCKSF~1\32 ADMIN.exe
AddRemove-VLC media player - c:\program files\VideoLAN\VLC\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 17:58
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr]
"ImagePath"="-"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]
"ImagePath"="-"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]
"ImagePath"="-"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]
"ImagePath"="-"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lodvt]
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3516)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'explorer.exe'(2160)
c:\windows\system32\browselc.dll
c:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\ODBC32.dll
c:\progra~1\LGPCSU~1\PHONEM~1\Phone.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
c:\progra~1\IZArc\IZArcCM.dll
c:\program files\Epson Software\Easy Photo Print\EPPShell.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-01-31 17:59:45 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-31 16:59
Avant-CF: 109 034 848 256 octets libres
Après-CF: 109 067 792 384 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - A55BAE3EEFA539FED239215C07774E49
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.201 [GMT 1:00]
Lancé depuis: c:\documents and settings\Admin\Mes documents\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\chrome.manifest
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\chrome\xulcache.jar
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\defaults\preferences\xulcache.js
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\install.rdf
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\chrome.manifest
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\chrome\xulcache.jar
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\defaults\preferences\xulcache.js
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\install.rdf
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\chrome.manifest
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\chrome\xulcache.jar
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\defaults\preferences\xulcache.js
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\install.rdf
c:\documents and settings\Admin\Application Data\SystemProc
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\chrome.manifest
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\chrome\xulcache.jar
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\defaults\preferences\xulcache.js
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{0f9258ff-8549-471b-9b6e-3c2847352204}\install.rdf
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\chrome.manifest
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\chrome\xulcache.jar
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\defaults\preferences\xulcache.js
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{e3c6c238-4f0b-470b-a4da-c4d014c14346}\install.rdf
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\chrome.manifest
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\chrome\xulcache.jar
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\defaults\preferences\xulcache.js
c:\documents and settings\Invité\Application Data\Mozilla\Firefox\Profiles\9cnfmwqt.default\extensions\{fc51303c-1c33-4b1f-afe6-155a17a90629}\install.rdf
C:\Thumbs.db
c:\windows\system32\drivers\liisxlfd.sys
c:\windows\system32\drivers\qtkwlgjs.sys
c:\windows\system32\dztditz.dll
c:\windows\system32\lrbvrdx.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\vymilqrm.dll
Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_KTIZDNSM
-------\Legacy_LIISXLFD
-------\Legacy_SSHNAS
-------\Service_ktizdnsm
-------\Service_liisxlfd
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-31 ))))))))))))))))))))))))))))))))))))
.
2010-01-30 19:21 . 2010-01-30 19:21 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2010-01-30 19:21 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 19:21 . 2010-01-30 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-30 19:21 . 2010-01-30 19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-30 19:21 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 17:19 . 2010-01-30 19:21 -------- d-----w- C:\UsbFix
2010-01-29 16:36 . 2010-01-30 16:42 -------- d-----w- C:\Lop SD
2010-01-29 14:19 . 2010-01-29 14:19 -------- d-----w- c:\documents and settings\Admin\Application Data\HTML Executable
2010-01-27 18:07 . 2010-01-29 14:12 28409 ----a-w- c:\windows\system32\H000AIO96S.dat
2010-01-24 20:35 . 2010-01-31 13:12 -------- d-----w- c:\program files\trend micro
2010-01-24 20:35 . 2010-01-24 20:35 -------- d-----w- C:\rsit
2010-01-24 14:36 . 2010-01-24 14:36 -------- d-----w- C:\found.002
2010-01-23 14:13 . 2010-01-23 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-23 14:13 . 2010-01-23 14:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-22 19:22 . 2010-01-31 16:56 791552 ----a-w- c:\windows\system32\drivers\lodvt.sys
2010-01-06 05:02 . 2010-01-06 05:02 -------- d-----w- C:\found.001
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 14:59 . 2001-01-01 00:05 -------- d-----w- c:\documents and settings\Admin\Application Data\LimeWire
2010-01-30 20:02 . 2001-01-01 00:02 -------- d-----w- c:\program files\LimeWire
2010-01-24 15:03 . 2009-08-07 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-22 19:42 . 2009-12-11 13:52 -------- d-----w- c:\program files\Yahoo!
2010-01-18 18:01 . 2009-08-01 19:56 -------- d-----w- c:\program files\Pvm
2010-01-10 15:37 . 2009-11-16 16:41 -------- d-----w- c:\documents and settings\Admin\Application Data\DivX
2009-12-27 14:14 . 2009-12-27 14:12 -------- d-----w- c:\program files\LGInternetKit
2009-12-27 14:12 . 2009-03-31 18:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-27 14:10 . 2009-11-15 14:21 -------- d-----w- c:\program files\LG Electronics
2009-12-23 20:10 . 2000-12-31 23:04 53400 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-11 14:53 . 2009-11-15 14:19 -------- d-----w- c:\program files\Google
2009-12-11 14:46 . 2009-12-11 14:46 -------- d-----w- c:\documents and settings\Admin\Application Data\Sony
2009-12-11 14:46 . 2009-12-11 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-12-11 13:52 . 2009-12-11 13:52 -------- d-----w- c:\program files\CCleaner
2009-12-11 13:52 . 2009-12-11 13:52 -------- d-----w- c:\documents and settings\Admin\Application Data\Yahoo!
2009-12-07 15:57 . 2009-11-15 14:17 -------- d-----w- c:\program files\LG PC Suite 2
2009-12-07 15:56 . 2009-11-15 14:17 -------- d-----w- c:\program files\DivX
2009-12-06 19:01 . 2009-08-12 10:14 -------- d-----w- c:\program files\PhotoScape
2009-11-28 12:52 . 2009-11-28 12:52 152576 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 12:52 . 2009-11-28 12:52 79488 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-25 10:02 . 2001-10-02 16:17 71596 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-25 10:02 . 2001-10-02 16:17 458562 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-11 09:44 . 2009-09-11 09:44 359936 ----a-w- c:\program files\mozilla firefox\components\unrplgsruwp.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-27 133104]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="-" [X]
"V0420Mon.exe"="c:\windows\V0420Mon.exe" [2007-04-30 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2005-08-23 341]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Démarrer^Programmes^Démarrage^AntiVirus Plus.lnk]
path=c:\documents and settings\Admin\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk
backup=c:\windows\pss\AntiVirus Plus.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2003-04-03 19:35 50176 ----a-w- c:\windows\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-01-31 11:56 58728 ----a-w- c:\program files\Fichiers communs\Symantec Shared\CCAPP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2007-06-07 12:01 155648 ------w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX100 Series]
2008-02-05 06:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEDE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2009-08-05 21:48 647520 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
2009-03-27 23:16 100056 ----a-w- c:\progra~1\SYMNET~1\SNDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
2007-04-30 01:00 32768 ----a-r- c:\windows\V0420Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\lsass.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [31/03/2009 19:06 54752]
R3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [31/03/2009 20:15 99648]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - LIISXLFD
*Deregistered* - liisxlfd
*Deregistered* - lodvt
.
Contenu du dossier 'Tâches planifiées'
2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1303643608-725345543-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-27 15:29]
2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1303643608-725345543-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-27 15:29]
2010-01-22 c:\windows\Tasks\Norton AntiVirus - Analyser mon ordinateur - Admin.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2004-08-31 10:04]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\bn74ebef.default\
FF - component: c:\program files\Mozilla Firefox\components\unrplgsruwp.dll
FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{01D79D10-0017-4C11-A115-A30577C55486} - c:\windows\system32\vymilqrm.dll
MSConfigStartUp-AntiVirus Plus - c:\documents and settings\Admin\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll
MSConfigStartUp-Stupid Data Dart Wave - c:\documents and settings\All Users\Application Data\flag ace stupid data\amen the.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-Trans Mp3 - c:\docume~1\Admin\APPLIC~1\LOCKSF~1\32 ADMIN.exe
AddRemove-VLC media player - c:\program files\VideoLAN\VLC\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 17:58
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr]
"ImagePath"="-"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]
"ImagePath"="-"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]
"ImagePath"="-"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]
"ImagePath"="-"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lodvt]
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3516)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'explorer.exe'(2160)
c:\windows\system32\browselc.dll
c:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\ODBC32.dll
c:\progra~1\LGPCSU~1\PHONEM~1\Phone.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
c:\progra~1\IZArc\IZArcCM.dll
c:\program files\Epson Software\Easy Photo Print\EPPShell.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-01-31 17:59:45 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-31 16:59
Avant-CF: 109 034 848 256 octets libres
Après-CF: 109 067 792 384 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - A55BAE3EEFA539FED239215C07774E49
