Hijack this svp!!!!!

tank5727 -  
 Utilisateur anonyme -
Bonjour,
voici le résultat de hijack this. Quelqu un peut il me dire quoi faire par la suite svp?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:54, on 2010-02-03
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\smss32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC09.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG09.exe
C:\WINDOWS\msa.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: (no name) - {16D23DAC-5498-42ED-8742-F2EA7B0AC805} - C:\WINDOWS\System32\console32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: peltodgx - {0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [Pmiqehegucob] rundll32.exe "C:\WINDOWS\oputomobunitoba.dll",Startup
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [ROUA3O12PW] C:\WINDOWS\msa.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.3; SIMBAR={8AD13F04-BABF-4779-A30D-8041E20E7568}; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"https://www.hugedomains.com/domain_profile.cfm?d=cuetable&e=com"
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\frank martin\Application Data\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.buy-internet-security10.com
O15 - Trusted Zone: http://*.buy-internetsecurity10.com
O15 - Trusted Zone: http://*.is-soft-download.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.is-software-download25.com
O15 - Trusted Zone: http://*.buy-internet-security10.com (HKLM)
O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u7-windows-i586-jc.cab&AuthParam=1580978829_3fac487ff39b191ded7866fc4973d48d&ext=.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69BFC7AA-7066-4AA8-A868-C94BD0356273}: NameServer = 93.188.162.16,93.188.161.55
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.16,93.188.161.55
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.16,93.188.161.55
O20 - AppInit_DLLs: C:\WINDOWS\System32\dispex32.dll
O20 - Winlogon Notify: 40540926757 - C:\WINDOWS\System32\dispex32.dll
O20 - Winlogon Notify: __c00854F1 - C:\WINDOWS\system32\__c00854F1.dat
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 1: (no name) - http://immeublesdubasrichelieu.ca/

20 réponses

Réponse 1 / 20
Utilisateur anonyme
 
Hello ,

Je ne te cache pas que tu est tres infecté ..

Commence par ceci :


• Télécharge UsbFix sur ton Bureau :

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir.

• Double clic sur UsbFix.exe présent sur ton bureau .

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

• Ton bureau disparaîtra et le pc redémarrera.

• Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

Ensuite poste le rapport UsbFix.txt qui apparaîtra avec le bureau.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

• Tuto : http://pagesperso-orange.fr/NosTools/tuto_usbfix3.html
• Home : http://pagesperso-orange.fr/NosTools/usbfix.html
3
tank5727
 
j ai télécharger usb fix mais il refuse de s'ouvrir. un message "files infect" et usbfix se referme avant meme que j aille fait quoique ce soit. Merci de m aider svp?!!
0
Réponse 2 / 20
Utilisateur anonyme
 
Bonsoir
je suis, et en plus, il a 2 anti-virus
le PC est beurré
1
Réponse 3 / 20
Utilisateur anonyme
 
salut ( pas oublier le .scr ^^)


Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur all

ne modifie pas ceci :

"files created whithin" et "files modified whithin"

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt".

1
tank5727
 
http://www.cijoint.fr/cjlink.php?file=cj201002/cijYgiUUg9.txt
http://www.cijoint.fr/cjlink.php?file=cj201002/cijS0LWlr8.txt
merci
0
Réponse 4 / 20
Utilisateur anonyme
 

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 20
jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 617
 
bonjour, désolé @+
0
Réponse 6 / 20
Utilisateur anonyme
 
• Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
• Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
• Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
• Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
• Sélectionne Exécuter un examen rapide.
• Clique sur Rechercher. L'analyse démarre.
• A la fin de l'analyse, un message s'affiche :

"L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés."

• Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
• Ferme tes navigateurs.
• Si des malwares ont été détectés, clique sur Afficher les résultats.
• Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

0
tank5727
 
voici le résultat:
Malwarebytes' Anti-Malware 1.44
Database version: 3686
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-02-03 18:29:14
mbam-log-2010-02-03 (18-29-14).txt

Scan type: Quick Scan
Objects scanned: 136420
Time elapsed: 19 minute(s), 33 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 6
Registry Keys Infected: 15
Registry Values Infected: 6
Registry Data Items Infected: 14
Folders Infected: 4
Files Infected: 56

Memory Processes Infected:
C:\WINDOWS\system32\smss32.exe (Rogue.Installer) -> Unloaded process successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\oputomobunitoba.dll (Trojan.Hiloti) -> Delete on reboot.
C:\WINDOWS\bat409.dll (Trojan.Hiloti) -> Delete on reboot.
C:\WINDOWS\system32\dispex32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\E.tmp (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\__c00854F1.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\console32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16d23dac-5498-42ed-8742-f2ea7b0ac805} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{16d23dac-5498-42ed-8742-f2ea7b0ac805} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\40540926757 (Trojan.Tracur) -> Delete on reboot.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00854f1 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{16d23dac-5498-42ed-8742-f2ea7b0ac805} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pmiqehegucob (Trojan.Hiloti) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\roua3o12pw (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: bat409.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dispex32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dispex32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Rogue.Installer) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Rogue.Installer) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.16,93.188.161.55 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69bfc7aa-7066-4aa8-a868-c94bd0356273}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.16,93.188.161.55 -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\bat409.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\console32.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\oputomobunitoba.dll (Trojan.Hiloti) -> Delete on reboot.
C:\WINDOWS\system32\dispex32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\E.tmp (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\smss32.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\106.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdosys32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmloader32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dskquota32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfrgres32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\docprop232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dswave32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\es32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogon32.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hnetmon32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\frank martin\Local Settings\Temp\Jjf.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\frank martin\Local Settings\Temp\0.7759227279713774.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\frank martin\Local Settings\Temp\saxermwcon.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\000036e2.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u437146492v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u437146492v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u437146492v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u437146492v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi437146492v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi437146492v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi437146492v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu437146492v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu437146492v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu437146492v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu437146492v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu437146492v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu437146492v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu437146492v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu437146492v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu437146492v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu437146492v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u437146492v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u437146492v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u437146492v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u437146492v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u437146492v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00854F1.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c008D96B.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c009CF91.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\frank martin\Favoris\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\frank martin\Favoris\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IS15.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
0
Réponse 7 / 20
Utilisateur anonyme
 
Réouvre malewarebyte's , va sur quarantaine et supprime tou

####

Tu veux bien retenter ceci stp :

https://forums.commentcamarche.net/forum/affich-16437537-hijack-this-svp#2
0
tank5727
 
voici le résultat:

############################## | UsbFix V6.087 |

User : frank martin (Administrateurs) # TANK-6DB87EDA7E
Update on 04/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 18:50:36 | 2010-02-03
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) XP 3200+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
AV : avast! Antivirus 5.0.83886476 [ Enabled | Updated ]

C:\ -> Disque fixe local # 149,04 Go (108,25 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM # 659,02 Mo (0 Mo free) [class of 2009] # CDFS
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## | Elements infectieux |

Supprimé ! C:\DOCUME~1\FRANKM~1\APPLIC~1\SystemProc
Supprimé ! C:\DOCUME~1\FRANKM~1\LOCALS~1\Temp\Jjg.exe
Supprimé ! C:\DOCUME~1\FRANKM~1\LOCALS~1\Temp\a.dat
Supprimé ! C:\Recycler\S-1-5-21-682003330-220523388-839522115-1003
Supprimé ! C:\Recycler\S-1-5-21-682003330-220523388-839522115-1004

################## | Registre |


################## | Mountpoints2 |


################## | Listing des fichiers présent |

[2010-02-03 18:49|--a------|44291] C:\aaw7boot.log
[2008-08-22 17:19|--a------|0] C:\AUTOEXEC.BAT
[2010-01-03 09:57|--a------|608256] C:\blackra1n.exe
[2010-01-03 10:18|--a------|3260] C:\blackra1n.log
[2008-08-22 17:11|---hs----|327] C:\boot.ini
[2004-08-05 07:00|-rahs----|4952] C:\Bootfont.bin
[2008-08-22 17:19|--a------|0] C:\CONFIG.SYS
[2008-10-04 10:22|--a------|2743] C:\fixnavi.txt
[2008-08-27 19:17|--a------|22569392] C:\hp_53_enu.exe
[2008-08-27 19:18|--a------|22569392] C:\hp_53_enu1.exe
[2008-08-27 19:40|--a------|23331768] C:\hp_53_fra2.exe
[2008-08-26 19:10|--a------|15452536] C:\IE7-WindowsXP-x86-enu.exe
[2010-02-01 18:27|--a------|921624] C:\img2-001.raw
[2008-08-22 17:19|-rahs----|0] C:\IO.SYS
[2008-08-24 16:51|--a------|63530280] C:\iTunesSetup.exe
[2008-08-24 16:40|--a------|4898704] C:\LimeWireWin.exe
[2008-08-22 17:19|-rahs----|0] C:\MSDOS.SYS
[2004-08-05 07:00|-rahs----|47564] C:\NTDETECT.COM
[2008-08-25 00:08|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[2008-08-24 16:37|--a------|7666990] C:\parp.exe
[2008-10-04 07:21|--a------|6051] C:\rapport.txt
[2008-08-25 18:38|--a------|17653] C:\Reglements_concours_babylon.pdf
[2008-08-24 16:32|--a------|22453544] C:\SkypeSetup.exe
[2010-02-03 19:03|--a------|4097] C:\UsbFix.txt
[2008-08-23 13:12|--a------|18716368] C:\WDM_A405.exe
[2008-08-24 07:24|--a------|2402832] C:\WLinstaller.exe
[2010-02-02 03:07|--a------|68] C:\xcrashdump.dat
[2009-06-17 00:26|-r-------|205785817] E:\MissJennyClassOf2009.wmv
[1994-12-31 19:00|-r-------|44] E:\Track01.cda
[1994-12-31 19:40|-r-------|44] E:\Track11.cda

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
0
Réponse 8 / 20
Utilisateur anonyme
 
Bonjour ,


• Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
• Double-clique sur RSIT.exe afin de lancer le programme.
• Clique sur Continue à l'écran Disclaimer.
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.
0
tank5727
 
log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by frank martin at 2010-02-04 19:11:33
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 111 GB (72%) free of 153 GB
Total RAM: 447 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:34, on 2010-02-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\frank martin\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\frank martin.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: peltodgx - {0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.3; SIMBAR={8AD13F04-BABF-4779-A30D-8041E20E7568}; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"https://www.hugedomains.com/domain_profile.cfm?d=cuetable&e=com"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.buy-internet-security10.com
O15 - Trusted Zone: http://*.buy-internetsecurity10.com
O15 - Trusted Zone: http://*.is-soft-download.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.is-software-download25.com
O15 - Trusted Zone: http://*.buy-internet-security10.com (HKLM)
O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u7-windows-i586-jc.cab&AuthParam=1580978829_3fac487ff39b191ded7866fc4973d48d&ext=.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 1: (no name) - http://immeublesdubasrichelieu.ca/
0
Réponse 9 / 20
Utilisateur anonyme
 
Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>[ ! ATTENTION ! ]<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<


Ferme tes applications en cours ( ainsi que ton navigateur ) .
DESACTIVE TOUTES TES DEFENSES (anti-virus, garde anti spy-ware, pare-feu) le temps de la manipe.
En effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !
> Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...


Tuto ( aide ) ici : http://www.bleepingcomputer.com/co [...] r-combofix
Note : pour XP, il est IMPERATIF d'installer la Console de Récupération de Windows si l'outil le demande ( voir tuto ci-dessus ).

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>[ ! ATTENTION ! ]<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<


Ensuite :
> Clique droit / "executer en tant qu'admin..." sur l'icône "Combofix.exe" pour lancer l'outil .
> A la fenêtre "DISCLAIMER..." , clique sur "oui" et laisse travailler ...


Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée ici : C:\Combofix.txt

Réactive bien tes défenses .


> Poste le rapport Combofix pour analyse et attends la suite ...
0
tank5727
 
voici le rappport:
ComboFix 10-02-04.06 - frank martin 2010-02-04 23:51:05.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.447.82 [GMT -5:00]
Lancé depuis: c:\documents and settings\frank martin\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\frank martin\Application Data\02000000dba996ac757C.manifest
c:\documents and settings\frank martin\Application Data\02000000dba996ac757O.manifest
c:\documents and settings\frank martin\Application Data\02000000dba996ac757P.manifest
c:\documents and settings\frank martin\Application Data\02000000dba996ac757S.manifest
c:\documents and settings\frank martin\Application Data\inst.exe
c:\documents and settings\frank martin\Local Settings\Application Data\{C48F4F33-558D-4142-800D-50B90C006B0E}
c:\documents and settings\frank martin\Local Settings\Application Data\{C48F4F33-558D-4142-800D-50B90C006B0E}\chrome.manifest
c:\documents and settings\frank martin\Local Settings\Application Data\{C48F4F33-558D-4142-800D-50B90C006B0E}\chrome\content\_cfg.js
c:\documents and settings\frank martin\Local Settings\Application Data\{C48F4F33-558D-4142-800D-50B90C006B0E}\chrome\content\overlay.xul
c:\documents and settings\frank martin\Local Settings\Application Data\{C48F4F33-558D-4142-800D-50B90C006B0E}\install.rdf
c:\documents and settings\genevievieve\Application Data\inst.exe
c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\15961.exe
c:\windows\system32\16827.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\1919315521
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\21726.exe
c:\windows\system32\23281.exe
c:\windows\system32\2341.exe
c:\windows\system32\24464.exe
c:\windows\system32\24912.exe
c:\windows\system32\25267.exe
c:\windows\system32\26455.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\28841.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\30216.exe
c:\windows\system32\31113.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5705.exe
c:\windows\system32\5764.exe
c:\windows\system32\6334.exe
c:\windows\system32\920.exe
c:\windows\system32\9961.exe
c:\windows\system32\au3305adc.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\unrar.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
C:\xcrashdump.dat

Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV


((((((((((((((((((((((((((((( Fichiers créés du 2010-01-05 au 2010-02-05 ))))))))))))))))))))))))))))))))))))
.

2010-02-05 00:11 . 2010-02-05 00:13 -------- d-----w- C:\rsit
2010-02-04 00:22 . 2010-02-04 00:22 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-02-04 00:03 . 2010-02-04 00:03 124919 ----a-w- C:\UsbFix_Upload_Me_TANK-6DB87EDA7E.zip
2010-02-03 23:05 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 23:05 . 2010-02-03 23:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 23:05 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 22:55 . 2010-02-04 00:06 -------- d-----w- C:\UsbFix
2010-02-03 21:10 . 2010-02-03 17:18 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-03 17:19 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-03 17:10 . 2010-02-03 17:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-02-03 15:14 . 2010-02-05 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-03 12:28 . 2010-02-03 12:28 -------- d-----r- c:\documents and settings\LocalService\Favoris
2010-02-03 09:13 . 2010-02-03 09:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-02-03 05:20 . 2010-02-03 05:20 0 ----a-w- c:\windows\Lgaciresoxiwuvur.bin
2010-02-03 05:20 . 2010-02-03 21:58 120 ----a-w- c:\windows\Bvuseter.dat
2010-01-25 20:23 . 2009-11-25 16:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-25 20:23 . 2009-03-30 14:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-25 20:23 . 2009-02-13 16:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-25 20:23 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-25 20:23 . 2010-01-25 20:23 -------- d-----w- c:\program files\Avira
2010-01-25 20:23 . 2010-01-25 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-13 12:05 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 17:18 . 2010-02-03 17:18 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 17:18 . 2010-02-03 17:14 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-04 17:18 . 2010-02-03 17:13 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 17:18 . 2010-02-03 17:11 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-03 17:18 . 2010-02-03 17:18 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-03 17:18 . 2010-02-03 17:18 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-03 17:18 . 2010-02-03 17:18 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-03 17:18 . 2010-02-03 17:18 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-03 17:18 . 2010-02-03 17:18 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-03 17:18 . 2010-02-03 17:18 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-03 17:18 . 2010-02-03 17:18 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-02-03 17:15 . 2010-02-03 17:15 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-03 17:15 . 2010-02-03 17:15 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-03 17:15 . 2010-02-03 17:15 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-03 17:15 . 2010-02-03 17:15 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-03 17:13 . 2010-02-03 17:13 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-03 17:13 . 2010-02-03 17:12 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-03 17:12 . 2010-02-03 17:12 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-03 17:09 . 2008-10-04 00:35 -------- d-----w- c:\program files\Lavasoft
2010-02-03 17:09 . 2008-10-04 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-03 15:14 . 2009-03-12 01:37 -------- d-----w- c:\program files\Alwil Software
2010-02-03 05:24 . 2009-05-03 19:06 -------- d-----w- c:\program files\Action Poker
2010-02-02 04:06 . 2008-08-22 23:10 -------- d-----w- c:\documents and settings\frank martin\Application Data\LimeWire
2010-01-31 13:24 . 2008-08-22 23:08 -------- d-----w- c:\program files\Google
2010-01-29 21:50 . 2009-07-19 10:47 -------- d-----w- c:\program files\Tiger Gaming
2010-01-20 20:01 . 2009-10-03 03:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-03 14:57 . 2009-12-31 00:17 608256 ----a-w- C:\blackra1n.exe
2009-12-31 00:24 . 2008-08-24 21:54 -------- d-----w- c:\documents and settings\frank martin\Application Data\Apple Computer
2009-12-29 04:45 . 2008-09-04 20:06 10 ----a-w- c:\windows\popcinfo.dat
2009-12-23 07:06 . 2009-12-23 07:05 -------- d-----w- c:\program files\iTunes
2009-12-23 07:06 . 2009-12-23 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-23 07:06 . 2009-12-23 07:06 -------- d-----w- c:\program files\iPod
2009-12-23 07:06 . 2008-10-20 19:19 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-12-23 07:03 . 2009-12-23 07:03 -------- d-----w- c:\program files\QuickTime
2009-12-23 06:50 . 2009-12-23 06:50 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-23 06:42 . 2009-12-23 06:42 -------- d-----w- c:\program files\Safari
2009-12-23 06:37 . 2009-12-23 06:37 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-23 06:36 . 2008-09-01 11:13 -------- d-----w- c:\documents and settings\genevievieve\Application Data\Apple Computer
2009-12-22 21:03 . 2009-12-22 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-12-21 19:07 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-12 15:48 . 2009-12-08 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2009-12-09 12:51 . 2004-08-05 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-09 12:51 . 2004-08-05 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-26 21:00 . 2009-02-21 19:07 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-26 21:00 . 2009-02-21 19:07 47360 ----a-w- c:\documents and settings\frank martin\Application Data\pcouffin.sys
2009-11-26 21:00 . 2009-02-21 19:07 47360 ----a-w- c:\documents and settings\frank martin\Application Data\pcouffin.sys
2009-11-26 20:03 . 2008-08-28 00:38 10134 ----a-r- c:\documents and settings\frank martin\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-11-26 02:09 . 2009-11-26 02:08 2605832 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s5_l4.exe
2009-11-21 15:58 . 2004-08-05 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 17:36 . 2009-11-20 17:36 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-01-18 01:16 . 2009-01-18 01:16 0 --sh--w- c:\windows\SCAA552E0.tmp
.

------- Sigcheck -------

[7] 2008-04-14 02:33 . AA370F0D5B900E13D40E9CB834B5DA10 . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[7] 2004-08-05 12:00 . 762B2A5F0E8B0164A5DB6741959DFB0C . 52736 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2006-01-07 491520]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-02-03 64288]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-01-25 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-24 1181328]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-09-23 238960]
.
Contenu du dossier 'Tâches planifiées'

2010-02-05 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:18]

2010-02-05 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:18]

2010-02-05 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:18]

2010-02-05 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:18]

2010-02-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:18]

2010-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 13:24]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 13:24]

2010-02-05 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hp\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2008-08-27 04:26]

2010-02-05 c:\windows\Tasks\User_Feed_Synchronization-{A1C318EF-37A1-42F4-944E-29FE4C417613}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: banquelaurentienne.ca
Trusted Zone: buy-internet-security10.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: is-soft-download.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: laurentianbank.ca\www
Trusted Zone: buy-internet-security10.com
Trusted Zone: buy-internetsecurity10.com
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 00:09
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(6172)
c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\msls31.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Fichiers communs\Microsoft Shared\Ink\SKCHUI.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\VTTimer.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Heure de fin: 2010-02-05 00:18:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-05 05:18

Avant-CF: 115 805 827 072 octets libres
Après-CF: 117 116 444 672 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=4 LastKnownGood=2 Sets=1,2,4,5
- - End Of File - - BD32E614656624505069F1223B5C2F95

merci encore!
0
tank5727
 
Voici le rappport:
ComboFix 10-02-04.06 - frank martin 2010-02-04 23:51:05.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.447.82 [GMT -5:00]
Lancé depuis: c:\documents and settings\frank martin\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\frank martin\Application Data\02000000dba996ac757C.manifest
c:\documents and settings\frank martin\Application Data\02000000dba996ac757O.manifest
c:\documents and settings\frank martin\Application Data\02000000dba996ac757P.manifest
c:\documents and settings\frank martin\Application Data\02000000dba996ac757S.manifest
c:\documents and settings\frank martin\Application Data\inst.exe
c:\documents and settings\frank martin\Local Settings\Application Data\{C48F4F33-558D-4142-800D-50B90C006B0E}
c:\documents and settings\frank martin\Local Settings\Application Data\{C48F4F33-558D-4142-800D-50B90C006B0E}\chrome.manifest
c:\documents and settings\frank martin\Local Settings\Application Data\{C48F4F33-558D-4142-800D-50B90C006B0E}\chrome\content\_­cfg.js
c:\documents and settings\frank martin\Local Settings\Application Data\{C48F4F33-558D-4142-800D-50B90C006B0E}\chrome\content\o­verlay.xul
c:\documents and settings\frank martin\Local Settings\Application Data\{C48F4F33-558D-4142-800D-50B90C006B0E}\install.rdf
c:\documents and settings\genevievieve\Application Data\inst.exe
c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\15961.exe
c:\windows\system32\16827.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\1919315521
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\21726.exe
c:\windows\system32\23281.exe
c:\windows\system32\2341.exe
c:\windows\system32\24464.exe
c:\windows\system32\24912.exe
c:\windows\system32\25267.exe
c:\windows\system32\26455.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\28841.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\30216.exe
c:\windows\system32\31113.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5705.exe
c:\windows\system32\5764.exe
c:\windows\system32\6334.exe
c:\windows\system32\920.exe
c:\windows\system32\9961.exe
c:\windows\system32\au3305adc.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\unrar.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
C:\xcrashdump.dat

Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV


((((((((((((((((((((((((((((( Fichiers créés du 2010-01-05 au 2010-02-05 ))))))))))))))))))))))))))))))))))))
.

2010-02-05 00:11 . 2010-02-05 00:13 -------- d-----w- C:\rsit
2010-02-04 00:22 . 2010-02-04 00:22 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-02-04 00:03 . 2010-02-04 00:03 124919 ----a-w- C:\UsbFix_Upload_Me_TANK-6DB87EDA7E.zi­p
2010-02-03 23:05 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissar­my.sys
2010-02-03 23:05 . 2010-02-03 23:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 23:05 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 22:55 . 2010-02-04 00:06 -------- d-----w- C:\UsbFix
2010-02-03 21:10 . 2010-02-03 17:18 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-03 17:19 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-03 17:10 . 2010-02-03 17:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-02-03 15:14 . 2010-02-05 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-03 12:28 . 2010-02-03 12:28 -------- d-----r- c:\documents and settings\LocalService\Favoris
2010-02-03 09:13 . 2010-02-03 09:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-02-03 05:20 . 2010-02-03 05:20 0 ----a-w- c:\windows\Lgaciresoxiwuvur.bin
2010-02-03 05:20 . 2010-02-03 21:58 120 ----a-w- c:\windows\Bvuseter.dat
2010-01-25 20:23 . 2009-11-25 16:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sy­s
2010-01-25 20:23 . 2009-03-30 14:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-25 20:23 . 2009-02-13 16:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sy­s
2010-01-25 20:23 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys­
2010-01-25 20:23 . 2010-01-25 20:23 -------- d-----w- c:\program files\Avira
2010-01-25 20:23 . 2010-01-25 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-13 12:05 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.­dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 17:18 . 2010-02-03 17:18 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 17:18 . 2010-02-03 17:14 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-04 17:18 . 2010-02-03 17:13 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 17:18 . 2010-02-03 17:11 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-03 17:18 . 2010-02-03 17:18 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-03 17:18 . 2010-02-03 17:18 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-03 17:18 . 2010-02-03 17:18 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-03 17:18 . 2010-02-03 17:18 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-03 17:18 . 2010-02-03 17:18 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-03 17:18 . 2010-02-03 17:18 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-03 17:18 . 2010-02-03 17:18 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-02-03 17:15 . 2010-02-03 17:15 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-03 17:15 . 2010-02-03 17:15 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-03 17:15 . 2010-02-03 17:15 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-03 17:15 . 2010-02-03 17:15 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-03 17:13 . 2010-02-03 17:13 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-03 17:13 . 2010-02-03 17:12 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-03 17:12 . 2010-02-03 17:12 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-03 17:09 . 2008-10-04 00:35 -------- d-----w- c:\program files\Lavasoft
2010-02-03 17:09 . 2008-10-04 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-03 15:14 . 2009-03-12 01:37 -------- d-----w- c:\program files\Alwil Software
2010-02-03 05:24 . 2009-05-03 19:06 -------- d-----w- c:\program files\Action Poker
2010-02-02 04:06 . 2008-08-22 23:10 -------- d-----w- c:\documents and settings\frank martin\Application Data\LimeWire
2010-01-31 13:24 . 2008-08-22 23:08 -------- d-----w- c:\program files\Google
2010-01-29 21:50 . 2009-07-19 10:47 -------- d-----w- c:\program files\Tiger Gaming
2010-01-20 20:01 . 2009-10-03 03:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-03 14:57 . 2009-12-31 00:17 608256 ----a-w- C:\blackra1n.exe
2009-12-31 00:24 . 2008-08-24 21:54 -------- d-----w- c:\documents and settings\frank martin\Application Data\Apple Computer
2009-12-29 04:45 . 2008-09-04 20:06 10 ----a-w- c:\windows\popcinfo.dat
2009-12-23 07:06 . 2009-12-23 07:05 -------- d-----w- c:\program files\iTunes
2009-12-23 07:06 . 2009-12-23 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-23 07:06 . 2009-12-23 07:06 -------- d-----w- c:\program files\iPod
2009-12-23 07:06 . 2008-10-20 19:19 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-12-23 07:03 . 2009-12-23 07:03 -------- d-----w- c:\program files\QuickTime
2009-12-23 06:50 . 2009-12-23 06:50 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-23 06:42 . 2009-12-23 06:42 -------- d-----w- c:\program files\Safari
2009-12-23 06:37 . 2009-12-23 06:37 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-23 06:36 . 2008-09-01 11:13 -------- d-----w- c:\documents and settings\genevievieve\Application Data\Apple Computer
2009-12-22 21:03 . 2009-12-22 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-12-21 19:07 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-12 15:48 . 2009-12-08 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2009-12-09 12:51 . 2004-08-05 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-09 12:51 . 2004-08-05 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-26 21:00 . 2009-02-21 19:07 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sy­s
2009-11-26 21:00 . 2009-02-21 19:07 47360 ----a-w- c:\documents and settings\frank martin\Application Data\pcouffin.sys
2009-11-26 21:00 . 2009-02-21 19:07 47360 ----a-w- c:\documents and settings\frank martin\Application Data\pcouffin.sys
2009-11-26 20:03 . 2008-08-28 00:38 10134 ----a-r- c:\documents and settings\frank martin\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534­EE}\ARPPRODUCTICON.exe
2009-11-26 02:09 . 2009-11-26 02:08 2605832 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s5_l4.exe
2009-11-21 15:58 . 2004-08-05 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 17:36 . 2009-11-20 17:36 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys­
2009-01-18 01:16 . 2009-01-18 01:16 0 --sh--w- c:\windows\SCAA552E0.tmp
.

------- Sigcheck -------

[7] 2008-04-14 02:33 . AA370F0D5B900E13D40E9CB834B5DA10 . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[7] 2004-08-05 12:00 . 762B2A5F0E8B0164A5DB6741959DFB0C . 52736 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2006-01-07 491520]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-02-03 64288]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-01-25 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-24 1181328]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-09-23 238960]
.
Contenu du dossier 'Tâches planifiées'

2010-02-05 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:18]

2010-02-05 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:18]

2010-02-05 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:18]

2010-02-05 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:18]

2010-02-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:18]

2010-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 13:24]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 13:24]

2010-02-05 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hp\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2008-08-27 04:26]

2010-02-05 c:\windows\Tasks\User_Feed_Synchronization-{A1C318EF-37A1-42F4-944E-29FE4C417613}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: banquelaurentienne.ca
Trusted Zone: buy-internet-security10.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: is-soft-download.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: laurentianbank.ca\www
Trusted Zone: buy-internet-security10.com
Trusted Zone: buy-internetsecurity10.com
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 00:09
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(6172)
c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\msls31.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Fichiers communs\Microsoft Shared\Ink\SKCHUI.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\VTTimer.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Heure de fin: 2010-02-05 00:18:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-05 05:18

Avant-CF: 115 805 827 072 octets libres
Après-CF: 117 116 444 672 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=4 LastKnownGood=2 Sets=1,2,4,5
- - End Of File - - BD32E614656624505069F1223B5C2F95

merci encore!
0
Réponse 10 / 20
Utilisateur anonyme
 
salut pour avancer tu peux remettre un RSIT stp ?
0
tank5727
 
SALUT,QU EST CE QU UN RSIT?
0
Réponse 11 / 20
Utilisateur anonyme
 
ca :

https://forums.commentcamarche.net/forum/affich-16437537-hijack-this-svp#10
0
tank5727
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by frank martin at 2010-02-05 20:30:33
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 112 GB (73%) free of 153 GB
Total RAM: 447 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:23, on 2010-02-05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\logon.scr
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\frank martin\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\frank martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.3; SIMBAR={8AD13F04-BABF-4779-A30D-8041E20E7568}; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://cuetable.com/P/Player/?@3GAOj4HbQc2IJEf4PAiX@"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.buy-internet-security10.com
O15 - Trusted Zone: http://*.buy-internetsecurity10.com
O15 - Trusted Zone: http://*.is-soft-download.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.is-software-download25.com
O15 - Trusted Zone: http://*.buy-internet-security10.com (HKLM)
O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 1: (no name) - http://immeublesdubasrichelieu.ca/
0
Réponse 12 / 20
Utilisateur anonyme
 
tu es en France ?
0
tank5727
 
Non, je viens du Québec, Canada. Et toi?
0
Réponse 13 / 20
Utilisateur anonyme
 
▶ Télécharge Zeb-Restoreet enregistre ce fichier sur le bureau.

▶-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.

▶-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe

▶- Coche la case devant : sites de confiance

▶- Ne coche aucune autre case

▶-Clique sur Restaurer

▶-Redémarre ton PC

ensuite :

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

0
Réponse 14 / 20
Utilisateur anonyme
 
Salut Pascal ,

Je te laisse la suite .

Au cas ou t as pas vu , attention a : C:\WINDOWS\system32\logon.scr

D kiss .
0
Réponse 15 / 20
Utilisateur anonyme
 
bonsoir cedric
0
tank5727
 
quand je double clic sur le fichier zeb restore, plein de possibilité de case peuvent être coché, mais aucune inscription n est inscrite à coté de ces cases. Donc, je ne peux cocher site de confiance.
0
Réponse 16 / 20
Utilisateur anonyme
 
ferme-le et lance le avec le clic droit "executer en tant qu'administrateur"
0
tank5727
 
il refuse de s ouvrir lorsque j essaie en tant qu administrateur. L ordi effectue un bruit et rien ne se passe. si je l'ouvre normalement, 3 rangés de 5 cases apparaissent, mais aucune inscriptions a coté de ces cases.
0
Réponse 17 / 20
Utilisateur anonyme
 
coche tout
0
tank5727
 
finalement, j ai réussi:
List'em by g3n-h@ckm@n 1.2.4.0

User : frank martin (Administrateurs)
Update on 05/02/2010 by g3n-h@ckm@n ::::: 18.40
Start at: 21:24:45 | 2010-02-05
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Athlon(tm) XP 3200+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! Antivirus 5.0.83886476 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 149,04 Go (108,91 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM | 659,02 Mo (0 Mo free) [class of 2009] | CDFS
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\frank martin\Local Settings\temp\A.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMan REG_SZ SOUNDMAN.EXE
HPHmon05 REG_SZ C:\WINDOWS\system32\hphmon05.exe
VTTimer REG_SZ VTTimer.exe
avast5 REG_SZ C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableRegistryTools REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ TANK-6DB87EDA7E
DefaultUserName REG_SZ frank martin
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ frank martin
AltDefaultDomainName REG_SZ TANK-6DB87EDA7E
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\Microsoft LifeCam\LifeExp.exe REG_SZ C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe
C:\Program Files\Microsoft LifeCam\LifeCam.exe REG_SZ C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Disabled:LifeCam.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\ma-config.com\maconfservice.exe REG_SZ C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6F15128C-E66A-490C-B848-5000B5ABEEAC}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B8BE5E93-A60C-4D26-A2DC-220313175592}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\frank martin\Local Settings\temp\A.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys


Sources
=======


Référence :
==========

Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
149 Go total, 109 Go libre (73%), 7% fragment‚ (fragmentation du fichier 14%)

Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\blackra1n.exe
Present !! : C:\WINDOWS\002913_.tmp
Present !! : C:\WINDOWS\DUMP1a3e.tmp
Present !! : C:\WINDOWS\DUMP272f.tmp
Present !! : C:\WINDOWS\DUMP27fa.tmp
Present !! : C:\WINDOWS\DUMP2838.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\Lgaciresoxiwuvur.bin
Present !! : C:\WINDOWS\mbr.exe
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\SET84.tmp
Present !! : C:\WINDOWS\System32\SET8D.tmp
Present !! : C:\WINDOWS\System32\SET8F.tmp
Present !! : C:\WINDOWS\System32\SET9B.tmp
Present !! : C:\WINDOWS\System32\SETAC.tmp
Present !! : C:\WINDOWS\System32\SETAE.tmp
Present !! : C:\WINDOWS\System32\SETBD.tmp

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\ImageOle.GifAnimator
Present !! : HKCR\ImageOle.GifAnimator.1
Present !! : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
Present !! : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Present !! : HKCR\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d}
Present !! : HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Present !! : HKLM\SOFTWARE\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}
Present !! : "HKLM\software\Poker 770"
Present !! : HKLM\SYSTEM\ControlSet001\Services\tdssserv
Present !! : HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_tdssserv
Present !! : HKLM\SYSTEM\ControlSet004\Services\tdssserv

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 21:45:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\im0i[1].js 32612 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\index[2].htm 673 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\inputs[1].js 2113 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\iwon-myway-mysearch-ch06[1].png 266 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\i_animated_loading_32_2[1].gif 946 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\i_info[1].gif 171 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\i_next_page_disable[1].gif 65 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\i_onecare[1].gif 1582 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\offline16_wp[1].gif 206 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\onglets_2_128x8[1].gif 890 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\online16[1].png 338 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\online16_wp[1].gif 210 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\OYSCADBTVWZCANUDLFBCAZ69NN9CA99ACN4CA44QUARCAUU0GM2CAMIM9LSCA5Q2JQDCAZTUTJWCAC9Q1KJCAYBF2CGCACGP3IMCAJW69AJCACE6SV1CATA01WZCAQJIGQJCASKY9DFCAPN5SDLCA9TOWA5 475 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\P2LCALTBQBGCAA4Z2IDCARB2HIZCAHXAAZ3CAG9QXC8CALWO5OZCADOC86XCA3HRH12CARTLLBOCADWN35ACAH4KS1YCAA1WJFWCA95ELO4CAJ4KFSTCAG8AS01CAYPREDZCALJUUMJCAAJ7N4ECADRAKH0 41 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\IBrokenheartDogfacePizza[1].gif 1528 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\thickbox[1].css 4412 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\ticker[1].swf 38695 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\titlebar_logo[1].gif 1144 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\repost[1] 5048 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\rose[1].gif 243 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\rouge[1].png 349 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\rvx6gkpk[1].js 75492 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\s107528909143_3861[1].jpg 6889 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\s16929140023_9785[1].jpg 3566 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\s1716331969_2098[1].jpg 3553 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\s1798182537_7375[1].jpg 5557 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\s1804297594_1170[1].jpg 2763 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\s20531316728_2397[1].jpg 2399 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\s217959015359_5459[1].jpg 3851 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\s38953060250_5416[1].jpg 5350 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\s44979874371_6313[1].jpg 2570 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\s5511234787_4505[1].jpg 5214 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\mini[1].swf 80105 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\motion_log[1].htm 0 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\motion_log[2].htm 0 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\motion_log[3].htm 0 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\motion_log[4].htm 0 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\motion_log[5].htm 0 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\motion_log[6].htm 0 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\motion_log[7].htm 0 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\header_bg[1].png 194 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\header_bliss_197x30[1].jpg 989 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\HistoryFrame_13.3.3227.0707[1].htm 1293 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\HistoryFrame_13.3.3227.0707[2].htm 1293 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\HistoryFrame_13.3.3227.0707[3].htm 1293 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\history_manager[1].html 581 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\hit[1].gif 43 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\hockey;tile=1;dcopt=ist;sz=728x90;ord=31072009230702[1] 543 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\hug_girl[1].gif 301 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\VVUCAIWKW2MCAZL5HR5CAXRBN4SCAOXGYCNCA4H8LC2CASS7ULECAQYGP3RCADEI92ICAZK49M7CARIV4IICAME84WPCAFBFEN6CAB5JI2RCASTGO55CADE7X1TCABP4KLCCAZ30JQUCABQ1QKQCA6J9KV0 4011 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\WebIM[1].css 10321 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\whatsnewservice[1].asmx 52590 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\widetop[1].gif 236 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\widgets[1].xml 2060 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\windowsmedia_masthead_ltr[1].gif 3244 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\wink[1].gif 1117 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\wm_com_v_rgb_15x15[1].png 981 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\logo_BASKET[1].gif 483 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\logo_BOXE[1].gif 2045 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\logo_LABDIV[1].gif 1592 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\logo_LAHCIT[1].gif 1717 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\logo_LCFALO[1].gif 1022 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\logo_LNBDIV[1].gif 1711 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\logo_TENNIS[1].gif 2096 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\ltr[3].jpg 30579 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\toolbarv2b2[1].jpg 16857 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\TOOLBAR[1] 486 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\transaction[1].txt 4 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\transaction[2].txt 4 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\transaction[3].txt 4 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\TwentyByTwenty[1].gif 594 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\typeahead_log[1].php 0 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\utility[1].js 3252 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\v70match[1].htm 492 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\v70match[2].htm 488 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\v70match[3].htm 488 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\v70match[4].htm 488 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\selects_text[1].gif 8200 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\servicesmenu_monbottin[1].gif 1228 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\SGICAK2D967CA7EUM71CAHU63XACAZYYL1NCAPNJ2JBCA6YDZF7CALXTG34CAXRBYDICARF7K41CA321XF9CAIN7DKLCA00JWQGCA5FKI0ACAFXKG21CAO50B2CCAF10TXRCA5ZL2NMCAS8S82HCA3W24LO 507 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\shadow50[1].png 665 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\shadow[1].png 28374 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\sma7[1].js 2844 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\small_DENICASA[1].gif 1285 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\smenu_camp_prof[1].gif 345 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\smenu_camp_prof_f2[1].gif 410 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\smenu_contacts_benev[1].gif 425 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\smenu_dons_command[1].gif 360 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\smenu_dons_command_f2[1].gif 426 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\smenu_festival_part[1].gif 614 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\smenu_festival_part_f2[1].gif 684 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\smenu_presse_photos_f2[1].gif 220 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q548810736_9287[1].jpg 2760 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q555640795_3388[1].jpg 2715 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q563491015_9088[1].jpg 2553 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q578405143_4554[1].jpg 2758 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q583385507_2760[1].jpg 2920 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q586537999_260[1].jpg 2292 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q606015668_1721[1].jpg 1853 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q612883039_442[1].jpg 1932 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q614812994_9446[1].jpg 3029 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q642448641_8741[1].jpg 2546 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q651145737_7321[1].jpg 2193 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q671180536_389[1].jpg 2384 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q675430020_8552[1].jpg 2382 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q679811012_2926[1].jpg 2883 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q690465194_4919[1].jpg 2427 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q692436421_9076[1].jpg 3070 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q701910241_6450[1].jpg 2321 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q702301277_3333[1].jpg 1845 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q719227180_7995[1].jpg 2120 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q720827420_716[1].jpg 2670 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q735739675_3109[1].jpg 2653 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q757664091_5339[1].jpg 2850 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q822825493_6714[1].jpg 2480 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\imageCA0JT210.jpg 5763 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\imageCAA0ZT4F.jpg 6353 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\images.jpg 5211 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\images[10].jpg 4437 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\images[11].jpg 3333 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\images[1].htm 40867 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\images[1].jpg 5441 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\images[2].jpg 3775 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\images[3].jpg 2259 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\images[4].jpg 3082 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\images[5].jpg 2197 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\images[6].jpg 2169 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\images[7].jpg 4643 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\images[8].jpg 3041 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\images[9].jpg 4243 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\namethumb_JEANCHAR[1].gif 452 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\namethumb_RODGBRUL[1].gif 1228 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\navigationbar_middle[1].gif 154 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\navon_11865[1].js 2102 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\navon_11866[1].js 2099 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\navtree_11807[2].js 12682 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\navtree_11807[3].js 12672 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\newsmenubackground[1].gif 149 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\newsmenu_divers[1].gif 1035 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\newsmenu_economie[1].gif 1406 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\newsmenu_editoriaux[1].gif 1451 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\newsmenu_opinions[1].gif 1291 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\news[1].jpg 1947 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\statistiques_280x15[1].jpg 5319 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\stop_1[1].gif 886 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\strip[1].png 3127 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\styles[1].css 22269 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\style[1].css 49980 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\style[2].css 49980 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\style[3].css 19726 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\support[1].gif 1028 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\survey_icon[1].gif 644 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\spacer[1].gif 43 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\spacer[3].gif 43 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\spacer[4].gif 807 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\speciale_20ans[1].jpg 10614 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\sprt-carousel[1].png 1166 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\sprt_buttons_forms[1].png 4131 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\sprt_gastoggle[1].png 4041 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\sprt_home_top_promo[1].gif 473 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\square_yellow[1].gif 49 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\mainlogo[1].gif 2138 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\mazda3_afs_160x600_fr[1].swf 40500 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\menujs[1] 103 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\menu_billets[1].gif 464 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\menu_dons[1].gif 536 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\menu_english[1].gif 323 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\menu_english_f2[1].gif 360 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\menu_en_f2[1].gif 405 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\menu_fr_f2[1].gif 441 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\menu_haut[1].js 6014 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\menu_plan_f2[1].gif 280 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\menu_site_f2[1].gif 511 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\menu_spacer[1].gif 179 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\Michel.gregoire_BIT[1].jpg 21912 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\icon-btnDwn[1].png 316 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\icon-dirs-end_sm[1].gif 309 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\icon-dirs-start_sm[1].gif 317 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\icon-help[1].png 708 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\icon_lgc[1].gif 207 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\ic[1].js 17278 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\v=ap[1].png 10640 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\v=ap[2].png 4714 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\v=ap[3].png 4428 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\v=ap[4].png 3418 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\v=ap[5].png 2845 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\VCGCABCG8CACA0SGV5NCAHEFLWZCAMO2Q4CCA467C7GCAGFZIK5CADMRAIECAR6DOUBCA1DZ2HJCAZBWTSWCA5FV555CADM7ZYMCA2UKENBCAXWN5CCCACAZM4TCARZ5BXKCAZLWKNCCALF0A2TCADG6N0B 45 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\videoByTag[1].aspx 4244 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\VideoReMaker[1].gif 5599 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\videos[1].xml 7118 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\VideotoFlash[1].gif 5113 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\votre_opinion_140x15[1].jpg 4381 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\votre_opinion_140x15[2].jpg 4440 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\votre_opinion_280x15[1].jpg 5746 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\images_logo_lg[1].gif 9969 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\index[1].htm 91467 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\JBYCA0VZ852CA1TKWF1CALVPQCGCA5MUS3FCA5MCA1TCAVTCK37CAR5ZOCFCAMX8OSVCARVCXMACA6WM2MOCAYYRIWKCAV4HP4SCA909NUQCAZLOMC4CAQU6CD7CAOLKLR8CAJ0R3P5CA7JIT3FCANHXC00 426 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\mail[1].gif 1010 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\Microsoft.Live.Messenger.Services.Chat[1].js 32338 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\namethumb_FRANCORB[1].gif 458 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\new[1].gif 122 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=22[1].txt 299 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q547698548_7816[1].jpg 2309 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q684836769_812[1].jpg 2093 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\test_domain[1].js 54 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\toolbarmap[1].png 3286 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\search 3244 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\SearchIcon[1].gif 442 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\search[10] 536 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\search[11] 542 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\search[1] 476 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\search[2] 550 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\search[3] 443 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\search[4] 421 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\search[5] 33 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\search[6] 37 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\search[7] 39 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\search[8] 512 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\search[9] 4775 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\imgad[1].jpg 30693 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\imgres[1].htm 3654 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\imgres[2].htm 3657 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\imstp_animation_butterflies_fr_0209083[1].gif 34325 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\imstp_animation_butterflies_fr_020908[1].gif 34325 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\imstp_animation_butterflies_fr_020908[2].gif 34325 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\imstp_animation_butterflies_fr_020908[3].gif 34325 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\InboxLight[1].htm 53018 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\InboxLight[2].htm 56037 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\image[10].jpg 6716 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\image[11].jpg 7264 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\image[1].jpg 6280 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\image[2].jpg 7246 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\image[3].jpg 8539 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\image[4].jpg 6688 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\image[5].jpg 4453 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\image[6].jpg 6318 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\image[7].jpg 5991 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\image[8].jpg 6416 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\image[9].jpg 4144 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\image_LNHCAN[1].jpg 12346 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\pipe[1].gif 43 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\PleinGazNascar_Bouton[1].jpg 5841 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\poker770[1].jpg 3221 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\printer[1].png 573 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\ProfilePhoto_UserTileSmall,Thumbnail[1].gif 42 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\promo_yourway[1].jpg 4762 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=0[1].txt 25 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=10[1].txt 310 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=14[1].txt 315 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=18[1].txt 302 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=1[1].txt 110 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\MsgrConfig[1].asmx 34530 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\msn-workopolis-icon[1].png 380 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\multicore[1].gif 1853 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\mvp_connect[1].htm 947 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\mvp_connect[2].htm 911 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\mws-compressed-5525[1].js 87203 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\mymsn[1].js 5489 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\mymsn[2].js 5517 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\mywebsearch[1].css 115 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\mz0copy[1].gif 1068 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=26[1].txt 300 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=30[1].txt 302 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=34[1].txt 306 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=38[1].txt 305 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=3[1].txt 110 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=42[1].txt 319 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=46[1].txt 330 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=50[1].txt 110 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=51.txt 25 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=51[10].txt 25 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=51[11].txt 25 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=51[1].txt 25 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=51[2].txt 25 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=51[3].txt 25 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=51[4].txt 25 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=51[5].txt 25 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=51[6].txt 25 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=51[7].txt 25 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=51[8].txt 25 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=51[9].txt 25 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_100000145896874=7[1].txt 337 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\p_547698548=0[1].txt 25 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q1180467626_910[1].jpg 2878 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q1231797407_1715[1].jpg 2561 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q502699733_6338[1].jpg 2685 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q531900587_477[1].jpg 3222 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q540807055_6665[1].jpg 2217 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q544521354_4819[1].jpg 2810 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\q545650766_3688[1].jpg 2039 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\jeux[1].css 507 bytes
C:\Documents and Settings\frank martin\Local Settings\Temporary Internet Files\Content.IE5\UC72D1FM\jp[1].gif 363 bytes
C:\D
0
Réponse 18 / 20
Utilisateur anonyme
 
▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse
0
tank5727
 
Kill'em by g3n-h@ckm@n 1.2.4.0

User : frank martin (Administrateurs)
Update on 05/02/2010 by g3n-h@ckm@n ::::: 18.40
Start at: 22:38:25 | 2010-02-05
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Athlon(tm) XP 3200+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! Antivirus 5.0.83886476 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 149,04 Go (108,91 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM | 659,02 Mo (0 Mo free) [class of 2009] | CDFS
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\frank martin\Local Settings\temp\D.tmp\ERUNT.EXE
C:\Documents and Settings\frank martin\Local Settings\temp\D.tmp\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\blackra1n.exe
Quarantined & Deleted !! : C:\WINDOWS\002913_.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP1a3e.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP272f.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP27fa.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP2838.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp
Quarantined & Deleted !! : C:\WINDOWS\Lgaciresoxiwuvur.bin
Quarantined & Deleted !! : C:\WINDOWS\mbr.exe

Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\SET84.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET8D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET8F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET9B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETAC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETAE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETBD.tmp

==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\ImageOle.GifAnimator
Deleted : HKCR\ImageOle.GifAnimator.1
Deleted : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
Deleted : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Deleted : HKCR\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d}
Deleted : HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Deleted : HKLM\SOFTWARE\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}
Deleted : "HKLM\software\Poker 770"
Deleted : HKLM\SYSTEM\ControlSet001\Services\tdssserv
Deleted : HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_tdssserv
Deleted : HKLM\SYSTEM\ControlSet004\Services\tdssserv
========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

merci
0
Réponse 19 / 20
Utilisateur anonyme
 
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



▶ Télécharge :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0
tank5727
 
Malwarebytes' Anti-Malware 1.44
Database version: 3686
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-02-06 10:45:16
mbam-log-2010-02-06 (10-45-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 233008
Time elapsed: 1 hour(s), 22 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\frank martin\Mes documents\Ma musique\iTunes\iTunes Music\Ajouter automatiquement à iTunes\Non ajouté\2010-02-02 01.28.48\QuickTime_Update_KB673901.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP450\A0083684.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP450\A0083689.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP450\A0083692.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP450\A0083696.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP450\A0083700.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP450\A0083701.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP450\A0083704.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP450\A0083706.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP450\A0083707.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP450\A0083708.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP450\A0083710.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP450\A0083711.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP450\A0083794.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP305\A0056399.dll (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP305\A0056402.dll (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP601\A0254156.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP601\A0254162.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP603\A0255159.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP603\A0255168.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP603\A0255173.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP603\A0255191.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{242FFA9D-F1ED-4309-963E-A713EA2A65D4}\RP603\A0255198.exe (Rogue.Installer) -> Quarantined and deleted successfully.
0
Réponse 20 / 20
Utilisateur anonyme
 
hello

Pour nettoyer les outils utilsés et mieux sécuriser ton pc
--------------------------------------------------------------------------------

▶---> Télécharge ToolsCleaner2sur ton Bureau.
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
___________________________________________________

Tu peux supprimer ToolCleaner

___________________________________________________

▶ Télécharge :ATF Cleaner par Atribune

Double-clique (clic droit "en tant qu'administrateur" pour Vista) ATF-Cleaner.exe afin de lancer le programme.
Sous l'onglet Main, choisis : Select All
Clique sur le bouton Empty Selected
Si tu utilises le navigateur Firefox :
Clique Firefox au haut et choisis : Select All
Clique le bouton Empty Selected a
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invité.
Si tu utilises le navigateur Opera :
Clique Opera au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invité.
Clique Exit, du menu prinicipal, afin de fermer le programme.
Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

__________________________________________________

Tu peux garder ATF pour d'eventuels netttoyages un peu plus poussés
__________________________________________________

▶ Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :

* Lance-le.(clic droit "en tant qu'administrateur" pour Vista) Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse
* Veille a ce que dans les options le reglage soit au demarrage de windows et réglé sur "effacement securisé" 35 passes (guttman)
__________________________________________________

Attention : ne pas toucher au PC pendant qu'il travaille !

▶ Nettoyage et Défragmentation de tes Disques

*Nettoyage :

Clic droit sur "poste de travail"(ordinateur pour vista) ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général"
Cliques sur le bouton "nettoyage de disque", OK
tu le fais pour chacun de tes disques
________________________________________________

*Vérifications des erreurs :

Clic droit sur "poste de travail"(ordinateur pour vista) ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil"
"Vérifier maintenant", une boîte s'ouvre, cocher les cases :
-réparer automatiquement les erreurs...
-rechercher et tenter une récupération...

--->Démarrer, ok
Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal
tu le fais pour chacun de tes disques
________________________________________________

ensuite toujours dans le même onglet tu choisis :

*Défragmentation :
"défragmenter maintenant", OK
une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK
tu le fais pour chacun de tes disques
_______________________________________________

Note : si tu as un utilitaire pour défragmenter , utilises le à la place

pour ce faire Defraggler est proposé
_________________________________________________

▶ Peux-tu vérifier ta Console Java ? :

et installer la nouvelle version si besoin est (dans ce cas désinstalle avant l'ancienne version).

voici pour desinstaller :

JavaRa

Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur le répertoire JavaRa.
* Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
* Choisis Français puis clique sur Select.
* Clique sur Recherche de mises à jour.
* Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher.
* Autorise le processus à se connecter s'il le demande, clique sur Installer et suis les instructions d'installation qui prennent quelques minutes.
* L'installation est terminée, reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions.
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK.
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
* Ferme l'application.

Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.

_________________________________________________

▶ Mets à jour Adobe Reader si ce n'est pas le cas (désinstalle avant la version antérieure)
__________________________________________________

▶ Je te conseille si tu n en as pas , afin de mieux securiser ton pc , d'installer un parefeu :

Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

https://www.commentcamarche.net/telecharger/securite/16545-online-armor-personal-firewall/
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/securite/24863-zonealarm/
___________________________________________________

▶ Tu peux aussi vider ta corbeille,quoi que Ccleaner le fasse tout seul
_____________________________________________________

▶ Si nous avons utilisé MalwareByte's Anti-Malware , vide sa quarantaine :

* Lance le programme puis clique sur <Quarantaine>.
* Sélectionne tous les éléments puis clique sur <supprimer>.
* Quitte le programme.
______________________________________________________

si tu as installé Antivir :

Configuration
________________________________________________________

▶ Idem pour ton antivirus : vide sa quarantaine si ce n'est pas déjà fait
______________________________________________________

▶ Désactive et réactive la restauration de système, pour cela : suis les instructions du lien :

Lien XP

Lien Vista

Sitôt fait , recrées un point de restoration dit "sain" pour parer à quelques eventuels problêmes dans le futur
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Quelques conseils et recommandations pour l'avenir :

▶ Passe un coup de MalwareByte's Anti-Malware de temps en temps (1 fois par semaine , suivant l'utilisation que tu fais de ton PC.
▶ Utilise aussi tes autres logiciels de protection (scannes antivirus, antispywares...). N'oublie pas de faire les mises à jour avant de les utiliser.
* Pense aussi à faire une défragmentation de tes disques durs de temps en temps (garde suffisamment d'espace sur C:\ (1/3 de libre pour être à l'aise))
_____________

▶ Pour bien protéger ton PC :
[1 seul Antivirus] + [1 seul Pare feu] + [Un bon Antispyware] + [Mises à Jour récentes Windows et Logiciels de Protection] + [Utilisation de Firefox -ou autres- (Internet Explorer présente des failles de sécurité qui mettent longtemps avant d'être corrigées mais il faut absolument le conserver pour les mises à jour Windows et Windows live Messenger)]

Je te conseille d'installer cette extension pour Firefox pour securiser ton surf : WOT
Je te conseille d'installer cette extension pour Internet Explorer pour securiser ton surf : WOT

PS : En fait la meilleure des protections c'est toi même : ce que tu fais avec ton PC : où tu surfes, télécharges...ect....
Les virus utilisent les failles de ton PC pour infecter un système

dans le souhait de vouloir desinstaller un antivirus au profit d'un autre , voici quelques liens :

Desinstaller Avast
Desinstaller BitDefender
Desinstaller Norton
Desinstaller Kaspersky
Desinstaller AVG

ou tout en un :

Désinstallation Antivirus , Parefeu , Antispyware
_____________

Si tu as Vista n'oublie pas de réactiver le controle des comptes des utilisateurs(UAC)
___________

Si tu as Spybot S&D et que nous avons desactive le "Tea-timer" tu peux le réactiver
___________

si nous avons affiché les fichiers cachés , n'oublies pas de les remettre en attribut "caché"

▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Décoche Afficher les fichiers et dossiers cachés
* - coche Masquer les extensions des fichiers dont le type est connu
* - coche Masquer les fichiers protégés du système d'exploitation (recommandé)

▶ clique sur Appliquer, puis OK.
____________


Voila,

Bonne lecture, à bientot , une fois tout ceci fait,

tu peux mettre le topic en resolu

Bonne continuation et surtout , prudence et bon surf :)

0

Discussions similaires

Câbles PCIe non détectés
adn.bsr -
epango -

17 réponses
La lecture des vidéos ne fonctionne pas sur mon iptv smarter
Gi -
glandu -

1 réponse
Problème de 400 Bad Request
Superwoman26 -
DASILVAMENDONCA -

67 réponses
503 Service Unavailable
TIT0M87 -
elgazar -

1 réponse
No compatible source was found for this media.
LaurenceV61 -
UHU1 -

2 réponses