Ujagrvl.exe
Résolu
Utilisateur anonyme
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
depuis quelque temps je reçois le message suivant ( au démarage de windows xp) :__ujagrvl.exe____- je ne sais pas ce que c'est , a quoi ça correspond __- comment le remmettre existant__- et je ne sais pas si c'est a cause de ça que le ???? vous pouvez m'aider
merci d'avance.
depuis quelque temps je reçois le message suivant ( au démarage de windows xp) :__ujagrvl.exe____- je ne sais pas ce que c'est , a quoi ça correspond __- comment le remmettre existant__- et je ne sais pas si c'est a cause de ça que le ???? vous pouvez m'aider
merci d'avance.
36 réponses
j'ai désactiver tout les antivirus ,mais aprament j'aurai un autre antivirus (norton internet security) qui n'est n'y dans demarer, dans le bureau ,en clair je le trouve plus pour pouvoir le suppimer
voila c bon tout est fait j'espère avoir battu par k.o ce probleme qui c'est bien acharné sur moi .
ComboFix 10-02-04.01 - Dan 04/02/2010 22:21:23.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3004.2125 [GMT 1:00]
Lancé depuis: c:\documents and settings\Dan\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100108-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Cache
c:\windows\system32\wupd.dat
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-04 au 2010-02-04 ))))))))))))))))))))))))))))))))))))
.
2010-02-04 13:31 . 2010-02-04 13:31 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes
2010-02-04 13:31 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 13:31 . 2010-02-04 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-04 13:31 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 13:31 . 2010-02-04 13:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 21:48 . 2010-02-04 09:29 1691 ----a-w- C:\UsbFix_Upload_Me_NOM-4A90469BAA0.zip
2010-02-03 21:39 . 2010-02-04 09:29 -------- d-----w- C:\UsbFix
2010-02-03 21:36 . 2010-02-04 13:18 -------- d-----w- c:\program files\trend micro
2010-02-03 21:36 . 2010-02-03 21:36 -------- d-----w- C:\rsit
2010-02-03 21:03 . 2010-02-03 21:03 -------- d-----w- c:\documents and settings\Dan\Application Data\Auslogics
2010-02-03 21:02 . 2010-02-03 23:00 -------- d-----w- c:\program files\AskBarDis
2010-02-03 21:02 . 2010-02-03 21:02 -------- d-----w- c:\program files\Auslogics
2010-01-30 19:19 . 2010-01-30 19:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-30 19:14 . 2010-01-30 19:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-24 22:55 . 2010-01-24 22:55 -------- d-----w- c:\documents and settings\Dan\Application Data\AVS4YOU
2010-01-24 22:55 . 2010-01-24 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-01-24 22:54 . 2010-01-24 22:54 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2010-01-24 22:54 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-01-24 22:54 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-01-24 22:54 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-01-24 22:54 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-24 22:54 . 2010-01-24 22:54 -------- d-----w- c:\program files\AVS4YOU
2010-01-24 22:37 . 2008-05-06 06:01 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-01-24 22:37 . 2008-05-06 06:01 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-01-24 22:37 . 2010-01-24 22:37 -------- d-----w- c:\program files\Xilisoft
2010-01-24 11:43 . 2010-01-24 11:43 -------- d-----w- c:\documents and settings\Dan\Application Data\MAGIX
2010-01-24 11:41 . 2010-01-31 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2010-01-24 11:40 . 2010-01-31 12:36 -------- d-----w- c:\program files\MAGIX
2010-01-24 11:40 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2010-01-24 11:40 . 2010-01-31 12:36 -------- d-----w- c:\windows\system32\MAGIX
2010-01-24 11:40 . 2008-04-15 14:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2010-01-24 11:34 . 2010-01-24 13:09 -------- d-----w- c:\program files\Pinnacle
2010-01-24 11:32 . 2010-01-24 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-01-24 11:32 . 2010-01-24 11:32 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Downloaded Installations
2010-01-19 14:09 . 2010-01-19 14:11 -------- dc-h--w- c:\windows\ie8
2010-01-19 13:50 . 2010-01-19 13:50 -------- d-----w- c:\program files\Fisher
2010-01-19 10:41 . 2010-01-19 14:11 -------- d--h--w- c:\windows\msdownld.tmp
2010-01-19 09:25 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-19 09:25 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-19 09:25 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-19 09:25 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-19 09:25 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-19 09:25 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-19 09:25 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-19 09:25 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-19 09:25 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-19 08:52 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-18 15:45 . 2010-02-04 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-18 15:43 . 2010-01-18 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-01-18 15:38 . 2010-01-18 16:10 -------- d-----w- c:\program files\eMule
2010-01-18 14:19 . 2010-02-03 21:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-18 14:19 . 2010-01-19 13:45 -------- d-----w- c:\program files\Nsasoft
2010-01-10 11:07 . 2010-01-10 11:07 884 ----a-w- c:\windows\shlfolder.sys
2010-01-10 10:55 . 2010-01-10 21:29 -------- d-----w- c:\program files\Adesign
2010-01-10 10:40 . 2010-01-10 10:40 -------- d-----w- c:\program files\AKVIS
2010-01-07 15:21 . 2010-01-07 15:21 58368 ---h--w- c:\documents and settings\Dan\pgtwbh.exe
2010-01-07 15:21 . 2010-01-07 15:21 58368 ----a-w- c:\windows\system32\qlfjyqw.exe
2010-01-07 13:25 . 2010-01-18 13:25 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Tific
2010-01-07 13:25 . 2010-01-07 13:25 -------- d-----w- c:\documents and settings\Dan\Application Data\Tific
2010-01-07 13:25 . 2010-01-07 13:25 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Symantec
2010-01-06 18:05 . 2010-01-07 13:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 19:27 . 2009-09-03 09:59 1 ----a-w- c:\documents and settings\Dan\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-31 18:21 . 2009-11-12 13:43 -------- d-----w- c:\program files\Free Easy Burner
2010-01-31 18:18 . 2009-09-01 10:52 -------- d-----w- c:\documents and settings\Dan\Application Data\vlc
2010-01-30 19:14 . 2009-09-01 10:46 -------- d-----w- c:\program files\Google
2010-01-24 22:03 . 2009-08-11 07:46 48424 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-24 21:58 . 2009-09-01 11:22 -------- d-----w- c:\documents and settings\Dan\Application Data\dvdcss
2010-01-24 21:15 . 2009-09-01 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-24 11:42 . 2010-01-24 11:42 -------- d-----w- c:\program files\Fichiers communs\MAGIX Shared
2010-01-23 18:10 . 2009-09-02 12:26 -------- d-----w- c:\documents and settings\Dan\Application Data\Uniblue
2010-01-23 18:06 . 2009-09-01 13:42 -------- d-----w- c:\program files\ma-config.com
2010-01-23 18:06 . 2009-09-01 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2010-01-21 22:12 . 2009-09-08 08:58 -------- d-----w- c:\program files\Free PDF to Word Converter
2010-01-21 22:07 . 2009-09-01 10:48 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-20 22:36 . 2009-09-02 21:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 14:01 . 2009-11-28 16:55 -------- d-----w- c:\documents and settings\Dan\Application Data\Samsung
2010-01-19 14:01 . 2009-09-01 15:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-19 13:53 . 2009-11-27 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Altova
2010-01-19 13:46 . 2009-09-01 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-01-18 15:54 . 2009-09-01 11:52 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-18 15:54 . 2009-09-01 11:52 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-01-18 15:43 . 2009-09-01 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-01 22:28 . 2008-04-23 04:30 601360 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-01 22:28 . 2008-04-23 04:30 118286 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-21 19:07 . 2008-04-23 04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-08 20:22 . 2009-12-08 20:22 -------- d-----w- c:\documents and settings\Dan\Application Data\Windows Search
2009-11-28 16:53 . 2009-11-22 10:36 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-11-24 13:25 . 2009-11-24 13:25 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 15:58 . 2008-04-23 04:29 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-12 14:04 . 2009-11-12 13:48 19545 ----a-w- c:\windows\hpoins01.dat
2009-11-12 13:32 . 2009-11-12 13:31 68960 ----a-w- c:\windows\hpoins05.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-14 14:18 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-14 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qlfjyqw"="c:\windows\system32\qlfjyqw.exe \u" [X]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-25 136192]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Dan\\pgtwbh.exe"=
"c:\\WINDOWS\\system32\\qlfjyqw.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [07/01/2009 23:39 20744]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [06/09/2009 13:42 149376]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19/01/2010 10:25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/01/2010 10:25 20560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [04/02/2010 14:31 236368]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [14/08/2009 08:34 244368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/02/2010 14:31 19160]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 20:14 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01/09/2009 16:15 1684736]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [07/12/2008 12:44 30088]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [24/01/2010 12:42 1527900]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 14:58 26248]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
2010-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:14]
2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:14]
2010-02-04 c:\windows\Tasks\Malwarebytes' Scheduled Update for Dan.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-02-04 15:07]
2010-02-04 c:\windows\Tasks\User_Feed_Synchronization-{00024DFE-4B27-4221-B62A-E7767B19139F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZJxdm418YYFR
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-{66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
HKLM-Run-ISUSPM Startup - c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe
AddRemove-{9E78C42C-4FF9-4F41-BBC4-BF872606E79D}_is1 - c:\program files\Driver Robot\1.1.0.14\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 22:28
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3088)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\msdtc.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\snmp.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\qlfjyqw.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Heure de fin: 2010-02-04 22:34:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-04 21:34
Avant-CF: 374 134 018 048 octets libres
Après-CF: 374 783 229 952 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - 31CC666B5DB7221289740760CF7A47F3
ComboFix 10-02-04.01 - Dan 04/02/2010 22:21:23.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3004.2125 [GMT 1:00]
Lancé depuis: c:\documents and settings\Dan\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100108-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Cache
c:\windows\system32\wupd.dat
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-04 au 2010-02-04 ))))))))))))))))))))))))))))))))))))
.
2010-02-04 13:31 . 2010-02-04 13:31 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes
2010-02-04 13:31 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 13:31 . 2010-02-04 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-04 13:31 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 13:31 . 2010-02-04 13:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 21:48 . 2010-02-04 09:29 1691 ----a-w- C:\UsbFix_Upload_Me_NOM-4A90469BAA0.zip
2010-02-03 21:39 . 2010-02-04 09:29 -------- d-----w- C:\UsbFix
2010-02-03 21:36 . 2010-02-04 13:18 -------- d-----w- c:\program files\trend micro
2010-02-03 21:36 . 2010-02-03 21:36 -------- d-----w- C:\rsit
2010-02-03 21:03 . 2010-02-03 21:03 -------- d-----w- c:\documents and settings\Dan\Application Data\Auslogics
2010-02-03 21:02 . 2010-02-03 23:00 -------- d-----w- c:\program files\AskBarDis
2010-02-03 21:02 . 2010-02-03 21:02 -------- d-----w- c:\program files\Auslogics
2010-01-30 19:19 . 2010-01-30 19:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-30 19:14 . 2010-01-30 19:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-24 22:55 . 2010-01-24 22:55 -------- d-----w- c:\documents and settings\Dan\Application Data\AVS4YOU
2010-01-24 22:55 . 2010-01-24 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-01-24 22:54 . 2010-01-24 22:54 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2010-01-24 22:54 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-01-24 22:54 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-01-24 22:54 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-01-24 22:54 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-24 22:54 . 2010-01-24 22:54 -------- d-----w- c:\program files\AVS4YOU
2010-01-24 22:37 . 2008-05-06 06:01 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-01-24 22:37 . 2008-05-06 06:01 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-01-24 22:37 . 2010-01-24 22:37 -------- d-----w- c:\program files\Xilisoft
2010-01-24 11:43 . 2010-01-24 11:43 -------- d-----w- c:\documents and settings\Dan\Application Data\MAGIX
2010-01-24 11:41 . 2010-01-31 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2010-01-24 11:40 . 2010-01-31 12:36 -------- d-----w- c:\program files\MAGIX
2010-01-24 11:40 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2010-01-24 11:40 . 2010-01-31 12:36 -------- d-----w- c:\windows\system32\MAGIX
2010-01-24 11:40 . 2008-04-15 14:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2010-01-24 11:34 . 2010-01-24 13:09 -------- d-----w- c:\program files\Pinnacle
2010-01-24 11:32 . 2010-01-24 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-01-24 11:32 . 2010-01-24 11:32 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Downloaded Installations
2010-01-19 14:09 . 2010-01-19 14:11 -------- dc-h--w- c:\windows\ie8
2010-01-19 13:50 . 2010-01-19 13:50 -------- d-----w- c:\program files\Fisher
2010-01-19 10:41 . 2010-01-19 14:11 -------- d--h--w- c:\windows\msdownld.tmp
2010-01-19 09:25 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-19 09:25 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-19 09:25 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-19 09:25 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-19 09:25 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-19 09:25 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-19 09:25 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-19 09:25 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-19 09:25 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-19 08:52 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-18 15:45 . 2010-02-04 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-18 15:43 . 2010-01-18 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-01-18 15:38 . 2010-01-18 16:10 -------- d-----w- c:\program files\eMule
2010-01-18 14:19 . 2010-02-03 21:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-18 14:19 . 2010-01-19 13:45 -------- d-----w- c:\program files\Nsasoft
2010-01-10 11:07 . 2010-01-10 11:07 884 ----a-w- c:\windows\shlfolder.sys
2010-01-10 10:55 . 2010-01-10 21:29 -------- d-----w- c:\program files\Adesign
2010-01-10 10:40 . 2010-01-10 10:40 -------- d-----w- c:\program files\AKVIS
2010-01-07 15:21 . 2010-01-07 15:21 58368 ---h--w- c:\documents and settings\Dan\pgtwbh.exe
2010-01-07 15:21 . 2010-01-07 15:21 58368 ----a-w- c:\windows\system32\qlfjyqw.exe
2010-01-07 13:25 . 2010-01-18 13:25 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Tific
2010-01-07 13:25 . 2010-01-07 13:25 -------- d-----w- c:\documents and settings\Dan\Application Data\Tific
2010-01-07 13:25 . 2010-01-07 13:25 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Symantec
2010-01-06 18:05 . 2010-01-07 13:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 19:27 . 2009-09-03 09:59 1 ----a-w- c:\documents and settings\Dan\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-31 18:21 . 2009-11-12 13:43 -------- d-----w- c:\program files\Free Easy Burner
2010-01-31 18:18 . 2009-09-01 10:52 -------- d-----w- c:\documents and settings\Dan\Application Data\vlc
2010-01-30 19:14 . 2009-09-01 10:46 -------- d-----w- c:\program files\Google
2010-01-24 22:03 . 2009-08-11 07:46 48424 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-24 21:58 . 2009-09-01 11:22 -------- d-----w- c:\documents and settings\Dan\Application Data\dvdcss
2010-01-24 21:15 . 2009-09-01 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-24 11:42 . 2010-01-24 11:42 -------- d-----w- c:\program files\Fichiers communs\MAGIX Shared
2010-01-23 18:10 . 2009-09-02 12:26 -------- d-----w- c:\documents and settings\Dan\Application Data\Uniblue
2010-01-23 18:06 . 2009-09-01 13:42 -------- d-----w- c:\program files\ma-config.com
2010-01-23 18:06 . 2009-09-01 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2010-01-21 22:12 . 2009-09-08 08:58 -------- d-----w- c:\program files\Free PDF to Word Converter
2010-01-21 22:07 . 2009-09-01 10:48 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-20 22:36 . 2009-09-02 21:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 14:01 . 2009-11-28 16:55 -------- d-----w- c:\documents and settings\Dan\Application Data\Samsung
2010-01-19 14:01 . 2009-09-01 15:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-19 13:53 . 2009-11-27 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Altova
2010-01-19 13:46 . 2009-09-01 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-01-18 15:54 . 2009-09-01 11:52 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-18 15:54 . 2009-09-01 11:52 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-01-18 15:43 . 2009-09-01 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-01 22:28 . 2008-04-23 04:30 601360 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-01 22:28 . 2008-04-23 04:30 118286 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-21 19:07 . 2008-04-23 04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-08 20:22 . 2009-12-08 20:22 -------- d-----w- c:\documents and settings\Dan\Application Data\Windows Search
2009-11-28 16:53 . 2009-11-22 10:36 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-11-24 13:25 . 2009-11-24 13:25 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 15:58 . 2008-04-23 04:29 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-12 14:04 . 2009-11-12 13:48 19545 ----a-w- c:\windows\hpoins01.dat
2009-11-12 13:32 . 2009-11-12 13:31 68960 ----a-w- c:\windows\hpoins05.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-14 14:18 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-14 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qlfjyqw"="c:\windows\system32\qlfjyqw.exe \u" [X]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-25 136192]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Dan\\pgtwbh.exe"=
"c:\\WINDOWS\\system32\\qlfjyqw.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [07/01/2009 23:39 20744]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [06/09/2009 13:42 149376]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19/01/2010 10:25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/01/2010 10:25 20560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [04/02/2010 14:31 236368]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [14/08/2009 08:34 244368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/02/2010 14:31 19160]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 20:14 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01/09/2009 16:15 1684736]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [07/12/2008 12:44 30088]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [24/01/2010 12:42 1527900]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 14:58 26248]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
2010-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:14]
2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:14]
2010-02-04 c:\windows\Tasks\Malwarebytes' Scheduled Update for Dan.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-02-04 15:07]
2010-02-04 c:\windows\Tasks\User_Feed_Synchronization-{00024DFE-4B27-4221-B62A-E7767B19139F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZJxdm418YYFR
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-{66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
HKLM-Run-ISUSPM Startup - c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe
AddRemove-{9E78C42C-4FF9-4F41-BBC4-BF872606E79D}_is1 - c:\program files\Driver Robot\1.1.0.14\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 22:28
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3088)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\msdtc.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\snmp.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\qlfjyqw.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Heure de fin: 2010-02-04 22:34:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-04 21:34
Avant-CF: 374 134 018 048 octets libres
Après-CF: 374 783 229 952 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - 31CC666B5DB7221289740760CF7A47F3
La bete est encore là :
c:\documents and settings\Dan\pgtwbh.exe
c:\windows\system32\qlfjyqw.exe
#######
On va la virer ;) :
• Télécharge OTM (OldTimer) sur ton Bureau.
• Clique droit sur OTM.exe et choisis Exécuter en tant qu'administrateur.
• Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:files
c:\windows\shlfolder.sys
c:\documents and settings\Dan\pgtwbh.exe
c:\windows\system32\qlfjyqw.exe
c:\documents and settings\Dan\Local Settings\Application Data\Symantec
c:\program files\AskBarDis
C:\UsbFix_Upload_Me_NOM-4A90469BAA0.zip
C:\rsit
C:\UsbFix
c:\documents and settings\All Users\Application Data\Norton
:reg
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"qlfjyqw"=-
:commands
[purity]
[emptytemp]
[reboot]
• Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
• Clique maintenant sur le bouton MoveIt! puis ferme OTM.
---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
• Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log
c:\documents and settings\Dan\pgtwbh.exe
c:\windows\system32\qlfjyqw.exe
#######
On va la virer ;) :
• Télécharge OTM (OldTimer) sur ton Bureau.
• Clique droit sur OTM.exe et choisis Exécuter en tant qu'administrateur.
• Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:files
c:\windows\shlfolder.sys
c:\documents and settings\Dan\pgtwbh.exe
c:\windows\system32\qlfjyqw.exe
c:\documents and settings\Dan\Local Settings\Application Data\Symantec
c:\program files\AskBarDis
C:\UsbFix_Upload_Me_NOM-4A90469BAA0.zip
C:\rsit
C:\UsbFix
c:\documents and settings\All Users\Application Data\Norton
:reg
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"qlfjyqw"=-
:commands
[purity]
[emptytemp]
[reboot]
• Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
• Clique maintenant sur le bouton MoveIt! puis ferme OTM.
---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
• Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
All processes killed
Error: Unable to interpret <c:\documents and settings\Dan\pgtwbh.exe > in the current context!
Error: Unable to interpret <c:\windows\system32\qlfjyqw.exe > in the current context!
Error: Unable to interpret <####### > in the current context!
Error: Unable to interpret <On va la virer ;) : > in the current context!
Error: Unable to interpret <• Télécharge OTM (OldTimer) sur ton Bureau. > in the current context!
Error: Unable to interpret <• Clique droit sur OTM.exe et choisis Exécuter en tant qu'administrateur. > in the current context!
Error: Unable to interpret <• Copie (Ctrl+C) le texte suivant ci-dessous : > in the current context!
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\windows\shlfolder.sys not found.
File/Folder c:\documents and settings\Dan\pgtwbh.exe not found.
File/Folder c:\windows\system32\qlfjyqw.exe not found.
File/Folder c:\documents and settings\Dan\Local Settings\Application Data\Symantec not found.
File/Folder c:\program files\AskBarDis not found.
File/Folder C:\UsbFix_Upload_Me_NOM-4A90469BAA0.zip not found.
File/Folder C:\rsit not found.
File/Folder C:\UsbFix not found.
File/Folder c:\documents and settings\All Users\Application Data\Norton not found.
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b1c1e16-6b34-430e-b074-5928eca4c150}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qlfjyqw not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Dan
->Temp folder emptied: 1460 bytes
->Temporary Internet Files folder emptied: 685451 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,00 mb
OTM by OldTimer - Version 3.1.7.1 log created on 02042010_232506
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_574.dat not found!
Registry entries deleted on Reboot...
Error: Unable to interpret <c:\documents and settings\Dan\pgtwbh.exe > in the current context!
Error: Unable to interpret <c:\windows\system32\qlfjyqw.exe > in the current context!
Error: Unable to interpret <####### > in the current context!
Error: Unable to interpret <On va la virer ;) : > in the current context!
Error: Unable to interpret <• Télécharge OTM (OldTimer) sur ton Bureau. > in the current context!
Error: Unable to interpret <• Clique droit sur OTM.exe et choisis Exécuter en tant qu'administrateur. > in the current context!
Error: Unable to interpret <• Copie (Ctrl+C) le texte suivant ci-dessous : > in the current context!
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\windows\shlfolder.sys not found.
File/Folder c:\documents and settings\Dan\pgtwbh.exe not found.
File/Folder c:\windows\system32\qlfjyqw.exe not found.
File/Folder c:\documents and settings\Dan\Local Settings\Application Data\Symantec not found.
File/Folder c:\program files\AskBarDis not found.
File/Folder C:\UsbFix_Upload_Me_NOM-4A90469BAA0.zip not found.
File/Folder C:\rsit not found.
File/Folder C:\UsbFix not found.
File/Folder c:\documents and settings\All Users\Application Data\Norton not found.
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b1c1e16-6b34-430e-b074-5928eca4c150}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qlfjyqw not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Dan
->Temp folder emptied: 1460 bytes
->Temporary Internet Files folder emptied: 685451 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,00 mb
OTM by OldTimer - Version 3.1.7.1 log created on 02042010_232506
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_574.dat not found!
Registry entries deleted on Reboot...
Il faut que tu recommence en ne mettant que ceci :
:processes
explorer.exe
:files
c:\windows\shlfolder.sys
c:\documents and settings\Dan\pgtwbh.exe
c:\windows\system32\qlfjyqw.exe
c:\documents and settings\Dan\Local Settings\Application Data\Symantec
c:\program files\AskBarDis
C:\UsbFix_Upload_Me_NOM-4A90469BAA0.zip
C:\rsit
C:\UsbFix
c:\documents and settings\All Users\Application Data\Norton
:reg
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"qlfjyqw"=-
:commands
[purity]
[emptytemp]
[reboot]
:processes
explorer.exe
:files
c:\windows\shlfolder.sys
c:\documents and settings\Dan\pgtwbh.exe
c:\windows\system32\qlfjyqw.exe
c:\documents and settings\Dan\Local Settings\Application Data\Symantec
c:\program files\AskBarDis
C:\UsbFix_Upload_Me_NOM-4A90469BAA0.zip
C:\rsit
C:\UsbFix
c:\documents and settings\All Users\Application Data\Norton
:reg
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"qlfjyqw"=-
:commands
[purity]
[emptytemp]
[reboot]
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\windows\shlfolder.sys not found.
File/Folder c:\documents and settings\Dan\pgtwbh.exe not found.
File/Folder c:\windows\system32\qlfjyqw.exe not found.
File/Folder c:\documents and settings\Dan\Local Settings\Application Data\Symantec not found.
File/Folder c:\program files\AskBarDis not found.
File/Folder C:\UsbFix_Upload_Me_NOM-4A90469BAA0.zip not found.
File/Folder C:\rsit not found.
File/Folder C:\UsbFix not found.
File/Folder c:\documents and settings\All Users\Application Data\Norton not found.
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b1c1e16-6b34-430e-b074-5928eca4c150}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qlfjyqw not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Dan
->Temp folder emptied: 1821 bytes
->Temporary Internet Files folder emptied: 7530946 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 7,00 mb
OTM by OldTimer - Version 3.1.7.1 log created on 02042010_234500
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_578.dat not found!
Registry entries deleted on Reboot...
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\windows\shlfolder.sys not found.
File/Folder c:\documents and settings\Dan\pgtwbh.exe not found.
File/Folder c:\windows\system32\qlfjyqw.exe not found.
File/Folder c:\documents and settings\Dan\Local Settings\Application Data\Symantec not found.
File/Folder c:\program files\AskBarDis not found.
File/Folder C:\UsbFix_Upload_Me_NOM-4A90469BAA0.zip not found.
File/Folder C:\rsit not found.
File/Folder C:\UsbFix not found.
File/Folder c:\documents and settings\All Users\Application Data\Norton not found.
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b1c1e16-6b34-430e-b074-5928eca4c150}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qlfjyqw not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Dan
->Temp folder emptied: 1821 bytes
->Temporary Internet Files folder emptied: 7530946 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 7,00 mb
OTM by OldTimer - Version 3.1.7.1 log created on 02042010_234500
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_578.dat not found!
Registry entries deleted on Reboot...
Logfile of random's system information tool 1.06 (written by random/random)
Run by Dan at 2010-02-04 23:53:59
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 358 GB (95%) free of 377 GB
Total RAM: 3004 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54:13, on 04/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Dan\Bureau\RSIT.exe
C:\Program Files\trend micro\Dan.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.ertdfgcvb.ch/p1/parisienne.html"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - ?p=ZJxdm418YYFR
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://config.zebulon.fr/plugins/MaConfig_4_0_1_3.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.jeux.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
Run by Dan at 2010-02-04 23:53:59
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 358 GB (95%) free of 377 GB
Total RAM: 3004 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54:13, on 04/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Dan\Bureau\RSIT.exe
C:\Program Files\trend micro\Dan.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.ertdfgcvb.ch/p1/parisienne.html"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - ?p=ZJxdm418YYFR
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://config.zebulon.fr/plugins/MaConfig_4_0_1_3.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.jeux.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
Ok , c est clean .
• Télécharge ToolsCleaner2 sur ton Bureau.
• Clique droit sur ToolsCleaner2.exe et choisis Exécuter en tant qu'administrateur.
• Clique sur Recherche et laisse le scan agir.
• Clique sur Suppression pour finaliser.
• Tu peux, si tu le souhaites, te servir des Options Facultatives.
• Clique sur Quitter pour obtenir le rapport.
• Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
########
*Désactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
---> Redémarre ton PC ...
*Réactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarre ton PC ...
( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).
Tuto : https://forum.pcastuces.com/desactiver_la_restauration_systeme-f31s7.htm
Et c est finit .
• Télécharge ToolsCleaner2 sur ton Bureau.
• Clique droit sur ToolsCleaner2.exe et choisis Exécuter en tant qu'administrateur.
• Clique sur Recherche et laisse le scan agir.
• Clique sur Suppression pour finaliser.
• Tu peux, si tu le souhaites, te servir des Options Facultatives.
• Clique sur Quitter pour obtenir le rapport.
• Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
########
*Désactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
---> Redémarre ton PC ...
*Réactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarre ton PC ...
( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).
Tuto : https://forum.pcastuces.com/desactiver_la_restauration_systeme-f31s7.htm
Et c est finit .
j'ai pas trouver le rapport a laracine alors je met ça :
[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Combofix.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\mbr.exe: trouvé !
C:\_OTM\MovedFiles\02042010_231920\C_\UsbFix: trouvé !
C:\_OTM\MovedFiles\02042010_231920\C_\Rsit: trouvé !
---------------------------------
--> Suppression:
C:\Program Files\trend micro\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\Combofix.txt: ERREUR DE SUPPRESSION !!
C:\UsbFix.txt: ERREUR DE SUPPRESSION !!
C:\Program Files\trend micro\hijackthis.log: ERREUR DE SUPPRESSION !!
C:\Qoobox\Quarantine\catchme.log: ERREUR DE SUPPRESSION !!
C:\WINDOWS\mbr.exe: ERREUR DE SUPPRESSION !!
C:\Qoobox: ERREUR DE SUPPRESSION !!
C:\_OTM: ERREUR DE SUPPRESSION !!
C:\Rsit: ERREUR DE SUPPRESSION !!
C:\_OTM\MovedFiles\02042010_231920\C_\UsbFix: ERREUR DE SUPPRESSION !!
C:\_OTM\MovedFiles\02042010_231920\C_\Rsit: ERREUR DE SUPPRESSION !!
[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Combofix.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\mbr.exe: trouvé !
C:\_OTM\MovedFiles\02042010_231920\C_\UsbFix: trouvé !
C:\_OTM\MovedFiles\02042010_231920\C_\Rsit: trouvé !
---------------------------------
--> Suppression:
C:\Program Files\trend micro\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\Combofix.txt: ERREUR DE SUPPRESSION !!
C:\UsbFix.txt: ERREUR DE SUPPRESSION !!
C:\Program Files\trend micro\hijackthis.log: ERREUR DE SUPPRESSION !!
C:\Qoobox\Quarantine\catchme.log: ERREUR DE SUPPRESSION !!
C:\WINDOWS\mbr.exe: ERREUR DE SUPPRESSION !!
C:\Qoobox: ERREUR DE SUPPRESSION !!
C:\_OTM: ERREUR DE SUPPRESSION !!
C:\Rsit: ERREUR DE SUPPRESSION !!
C:\_OTM\MovedFiles\02042010_231920\C_\UsbFix: ERREUR DE SUPPRESSION !!
C:\_OTM\MovedFiles\02042010_231920\C_\Rsit: ERREUR DE SUPPRESSION !!
