Virus/trojan=pc qui rame à mort
13verbatim13
Messages postés
55
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
mon portable rame sans fin....1h pour réussir à poster ce message !
j'ai fais un scan avec Hijackthis dont voici la copie, merci de me dire quoi faire!!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:29, on 17/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\windows\system32\AccelerometerSt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\windows\system32\agrsmsvc.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\windows\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\ThisisJacko\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\windows\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B2CC4BA0-08EB-4AF9-A532-1295DF0C8A07} (WebQuartzX Contrôle) - http://rome:8080/webquartz/ocx/WebQuartz.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = paca.rubis.alize
O17 - HKLM\Software\..\Telephony: DomainName = paca.rubis.alize
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = paca.rubis.alize
O20 - AppInit_DLLs: C:\WINDOWS\system32\APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\windows\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\XSPAET~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
mon portable rame sans fin....1h pour réussir à poster ce message !
j'ai fais un scan avec Hijackthis dont voici la copie, merci de me dire quoi faire!!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:29, on 17/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\windows\system32\AccelerometerSt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\windows\system32\agrsmsvc.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\windows\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\ThisisJacko\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\windows\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B2CC4BA0-08EB-4AF9-A532-1295DF0C8A07} (WebQuartzX Contrôle) - http://rome:8080/webquartz/ocx/WebQuartz.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = paca.rubis.alize
O17 - HKLM\Software\..\Telephony: DomainName = paca.rubis.alize
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = paca.rubis.alize
O20 - AppInit_DLLs: C:\WINDOWS\system32\APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\windows\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\XSPAET~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
A voir également:
- Virus/trojan=pc qui rame à mort
- Pc qui rame - Guide
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Test performance pc - Guide
- Pc qui freeze - Guide
86 réponses
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur "all"
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur "all"
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
▶ Télécharge Zeb-Restoreet enregistre ce fichier sur le bureau.
▶-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
▶-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
▶- Coche la case devant : sites de confiance
▶- Ne coche aucune autre case
▶-Clique sur Restaurer
▶-Redémarre ton PC pour la prise en compte de cette action
ensuite :
▶ clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = paca.rubis.alize
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"RoxioDragToDisc"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride"=1
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\eMule\emule.exe"=-
:Files
C:\infect.htm
C:\error.htm
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
▶-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
▶-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
▶- Coche la case devant : sites de confiance
▶- Ne coche aucune autre case
▶-Clique sur Restaurer
▶-Redémarre ton PC pour la prise en compte de cette action
ensuite :
▶ clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = paca.rubis.alize
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"RoxioDragToDisc"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride"=1
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\eMule\emule.exe"=-
:Files
C:\infect.htm
C:\error.htm
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voici le rapport obtenu:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Unable to set value : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\Domain| /E!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RoxioDragToDisc deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|1 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|1 /E : value set successfully!
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\eMule\emule.exe scheduled to be deleted on reboot.
========== FILES ==========
File move failed. C:\infect.htm scheduled to be moved on reboot.
File move failed. C:\error.htm scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: admin
User: administrateur
User: Administrateur.PACA-P2922
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: HelpAssistant
User: LocalService
User: NetworkService
User: xspaeth-adc
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 683902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,00 mb
OTL by OldTimer - Version 3.1.30.1 log created on 02232010_175907
Files\Folders moved on Reboot...
C:\infect.htm moved successfully.
C:\error.htm moved successfully.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini moved successfully.
C:\windows\System32\CONFIG.TMP moved successfully.
C:\windows\temp\$$$dq3e moved successfully.
C:\windows\temp\$67we.$ moved successfully.
C:\windows\temp\admin.pub moved successfully.
C:\windows\temp\AVP452.tmp moved successfully.
C:\windows\temp\AVP453.tmp moved successfully.
C:\windows\temp\ExchangePerflog_8484fa2168db83cbcfcccd43.dat moved successfully.
C:\windows\temp\msetupd.log moved successfully.
C:\windows\temp\Perflib_Perfdata_2f4.dat moved successfully.
C:\windows\temp\Perflib_Perfdata_410.dat moved successfully.
C:\windows\temp\Perflib_Perfdata_85c.dat moved successfully.
C:\windows\temp\Perflib_Perfdata_88c.dat moved successfully.
C:\windows\temp\Perflib_Perfdata_a14.dat moved successfully.
C:\windows\temp\Perflib_Perfdata_a48.dat moved successfully.
File\Folder C:\windows\temp\Perflib_Perfdata_d00.dat not found!
C:\windows\temp\Perflib_Perfdata_d18.dat moved successfully.
C:\windows\temp\WGAErrLog.txt moved successfully.
C:\windows\temp\xsw2 moved successfully.
Registry entries deleted on Reboot...
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\eMule\emule.exe deleted successfully.
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Unable to set value : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\Domain| /E!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RoxioDragToDisc deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|1 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|1 /E : value set successfully!
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\eMule\emule.exe scheduled to be deleted on reboot.
========== FILES ==========
File move failed. C:\infect.htm scheduled to be moved on reboot.
File move failed. C:\error.htm scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: admin
User: administrateur
User: Administrateur.PACA-P2922
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: HelpAssistant
User: LocalService
User: NetworkService
User: xspaeth-adc
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 683902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,00 mb
OTL by OldTimer - Version 3.1.30.1 log created on 02232010_175907
Files\Folders moved on Reboot...
C:\infect.htm moved successfully.
C:\error.htm moved successfully.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini moved successfully.
C:\windows\System32\CONFIG.TMP moved successfully.
C:\windows\temp\$$$dq3e moved successfully.
C:\windows\temp\$67we.$ moved successfully.
C:\windows\temp\admin.pub moved successfully.
C:\windows\temp\AVP452.tmp moved successfully.
C:\windows\temp\AVP453.tmp moved successfully.
C:\windows\temp\ExchangePerflog_8484fa2168db83cbcfcccd43.dat moved successfully.
C:\windows\temp\msetupd.log moved successfully.
C:\windows\temp\Perflib_Perfdata_2f4.dat moved successfully.
C:\windows\temp\Perflib_Perfdata_410.dat moved successfully.
C:\windows\temp\Perflib_Perfdata_85c.dat moved successfully.
C:\windows\temp\Perflib_Perfdata_88c.dat moved successfully.
C:\windows\temp\Perflib_Perfdata_a14.dat moved successfully.
C:\windows\temp\Perflib_Perfdata_a48.dat moved successfully.
File\Folder C:\windows\temp\Perflib_Perfdata_d00.dat not found!
C:\windows\temp\Perflib_Perfdata_d18.dat moved successfully.
C:\windows\temp\WGAErrLog.txt moved successfully.
C:\windows\temp\xsw2 moved successfully.
Registry entries deleted on Reboot...
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\eMule\emule.exe deleted successfully.
non uniquement le copier/coller dans OTL
Comment aller en Mode sans échec :
▶ Redémarres ton ordi
▶ Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
▶ Tu verras un écran avec options de démarrage apparaître
▶ Choisis la première option : Sans Échec, et valide avec "Entrée"
▶ Choisis ton compte habituel, et non Administrateur (si besoin ... )
Comment aller en Mode sans échec :
▶ Redémarres ton ordi
▶ Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
▶ Tu verras un écran avec options de démarrage apparaître
▶ Choisis la première option : Sans Échec, et valide avec "Entrée"
▶ Choisis ton compte habituel, et non Administrateur (si besoin ... )
dans ce cas je ne comprends pazs l histoire du mot de passe....si tu n'as pas a le rentrer en normal , tu n as pas a le rentrer en mode sans echec ....
puisque le mode ss achec n'est pas accessible, quelle est la suite stp?
tu peux me dire ton avis sur l'état de mon ordi après toutes ces manip?
tu peux me dire ton avis sur l'état de mon ordi après toutes ces manip?
en fait c'est bon ils ont ete supprimés au reboot , j avais pas bien lu ton dernier rapport d'OTL
http://sd-1.archive-host.com/membres/up/829108531491024/Temp_Tools/Remove_Key_Verbatim.exe
execute ceci
http://sd-1.archive-host.com/membres/up/829108531491024/Temp_Tools/Remove_Key_Verbatim.exe
execute ceci
oki, merci....voila le rapport généré
SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters
NV Hostname REG_SZ PACA-P2969
DataBasePath REG_EXPAND_SZ %SystemRoot%\System32\drivers\etc
ForwardBroadcasts REG_DWORD 0 (0x0)
IPEnableRouter REG_DWORD 0 (0x0)
Hostname REG_SZ PACA-P2969
SearchList REG_SZ
UseDomainNameDevolution REG_DWORD 1 (0x1)
DeadGWDetectDefault REG_DWORD 1 (0x1)
DontAddDefaultGatewayDefault REG_DWORD 0 (0x0)
TcpMaxConnectRetransmissions REG_DWORD 5 (0x5)
NV Domain REG_SZ paca.rubis.alize
DhcpNameServer REG_SZ 119.13.1.241 119.13.1.236
DhcpDomain REG_SZ paca.rubis.alize
Domain REG_SZ
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\DNSRegisteredAdapters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\PersistentRoutes
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Winsock
SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters
NV Hostname REG_SZ PACA-P2969
DataBasePath REG_EXPAND_SZ %SystemRoot%\System32\drivers\etc
ForwardBroadcasts REG_DWORD 0 (0x0)
IPEnableRouter REG_DWORD 0 (0x0)
Hostname REG_SZ PACA-P2969
SearchList REG_SZ
UseDomainNameDevolution REG_DWORD 1 (0x1)
DeadGWDetectDefault REG_DWORD 1 (0x1)
DontAddDefaultGatewayDefault REG_DWORD 0 (0x0)
TcpMaxConnectRetransmissions REG_DWORD 5 (0x5)
NV Domain REG_SZ paca.rubis.alize
DhcpNameServer REG_SZ 119.13.1.241 119.13.1.236
DhcpDomain REG_SZ paca.rubis.alize
Domain REG_SZ
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\DNSRegisteredAdapters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\PersistentRoutes
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Winsock
▶ Télécharger Smitfraudfix par S!RI :
▶ Décompresser l'archive
▶ Exécuter le en double cliquant sur Smitfraudfix.cmd
▶ Appuyer sur une touche pour continuer
▶ Arriver à l'invite de commande, saisir la lettre L afin de basculer le fix en langue française
▶Au menu, choisir l’option Recherche,
▶ Poster le rapport ainsi généré.
▶ Décompresser l'archive
▶ Exécuter le en double cliquant sur Smitfraudfix.cmd
▶ Appuyer sur une touche pour continuer
▶ Arriver à l'invite de commande, saisir la lettre L afin de basculer le fix en langue française
▶Au menu, choisir l’option Recherche,
▶ Poster le rapport ainsi généré.
voila :
SmitFraudFix v2.424
Rapport fait à 10:58:27,71, 24/02/2010
Executé à partir de C:\Documents and Settings\xspaeth-adc\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\agrsmsvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\windows\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\AccelerometerSt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\xspaeth-adc
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\XSPAET~1\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\xspaeth-adc\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\XSPAET~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\APSHook.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom NetLink (TM) Gigabit Ethernet - Miniport d'ordonnancement de paquets
DNS Server Search Order: 119.13.1.241
DNS Server Search Order: 119.13.1.236
Description: Réseau local Broadcom 802.11a/b/g - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{832E31D8-44E8-421B-8FE8-E846DB3A4901}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8D76B227-AB3F-4088-BA5D-3306AC748E0A}: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CS1\Services\Tcpip\..\{832E31D8-44E8-421B-8FE8-E846DB3A4901}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8D76B227-AB3F-4088-BA5D-3306AC748E0A}: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=119.13.1.241 119.13.1.236
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.424
Rapport fait à 10:58:27,71, 24/02/2010
Executé à partir de C:\Documents and Settings\xspaeth-adc\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\agrsmsvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\windows\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\AccelerometerSt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\xspaeth-adc
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\XSPAET~1\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\xspaeth-adc\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\XSPAET~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\APSHook.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom NetLink (TM) Gigabit Ethernet - Miniport d'ordonnancement de paquets
DNS Server Search Order: 119.13.1.241
DNS Server Search Order: 119.13.1.236
Description: Réseau local Broadcom 802.11a/b/g - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{832E31D8-44E8-421B-8FE8-E846DB3A4901}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8D76B227-AB3F-4088-BA5D-3306AC748E0A}: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CS1\Services\Tcpip\..\{832E31D8-44E8-421B-8FE8-E846DB3A4901}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8D76B227-AB3F-4088-BA5D-3306AC748E0A}: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=119.13.1.241 119.13.1.236
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
resultat option 5:
SmitFraudFix v2.424
Rapport fait à 12:04:30,05, 24/02/2010
Executé à partir de C:\Documents and Settings\xspaeth-adc\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix
Description: Broadcom NetLink (TM) Gigabit Ethernet - Miniport d'ordonnancement de paquets
DNS Server Search Order: 119.13.1.241
DNS Server Search Order: 119.13.1.236
Description: Réseau local Broadcom 802.11a/b/g - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{832E31D8-44E8-421B-8FE8-E846DB3A4901}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8D76B227-AB3F-4088-BA5D-3306AC748E0A}: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CS1\Services\Tcpip\..\{832E31D8-44E8-421B-8FE8-E846DB3A4901}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8D76B227-AB3F-4088-BA5D-3306AC748E0A}: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=119.13.1.241 119.13.1.236
»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix
Description: Broadcom NetLink (TM) Gigabit Ethernet - Miniport d'ordonnancement de paquets
DNS Server Search Order: 119.13.1.241
DNS Server Search Order: 119.13.1.236
Description: Réseau local Broadcom 802.11a/b/g - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{832E31D8-44E8-421B-8FE8-E846DB3A4901}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8D76B227-AB3F-4088-BA5D-3306AC748E0A}: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CS1\Services\Tcpip\..\{832E31D8-44E8-421B-8FE8-E846DB3A4901}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8D76B227-AB3F-4088-BA5D-3306AC748E0A}: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=119.13.1.241 119.13.1.236
SmitFraudFix v2.424
Rapport fait à 12:04:30,05, 24/02/2010
Executé à partir de C:\Documents and Settings\xspaeth-adc\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix
Description: Broadcom NetLink (TM) Gigabit Ethernet - Miniport d'ordonnancement de paquets
DNS Server Search Order: 119.13.1.241
DNS Server Search Order: 119.13.1.236
Description: Réseau local Broadcom 802.11a/b/g - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{832E31D8-44E8-421B-8FE8-E846DB3A4901}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8D76B227-AB3F-4088-BA5D-3306AC748E0A}: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CS1\Services\Tcpip\..\{832E31D8-44E8-421B-8FE8-E846DB3A4901}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8D76B227-AB3F-4088-BA5D-3306AC748E0A}: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=119.13.1.241 119.13.1.236
»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix
Description: Broadcom NetLink (TM) Gigabit Ethernet - Miniport d'ordonnancement de paquets
DNS Server Search Order: 119.13.1.241
DNS Server Search Order: 119.13.1.236
Description: Réseau local Broadcom 802.11a/b/g - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{832E31D8-44E8-421B-8FE8-E846DB3A4901}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8D76B227-AB3F-4088-BA5D-3306AC748E0A}: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CS1\Services\Tcpip\..\{832E31D8-44E8-421B-8FE8-E846DB3A4901}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8D76B227-AB3F-4088-BA5D-3306AC748E0A}: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=119.13.1.241 119.13.1.236
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=119.13.1.241 119.13.1.236
bon ben c'est bon ces ip de serveurs m'etonnaient mais bon...
on va tout virer :
option 1 :
http://sd-1.archive-host.com/membres/up/829108531491024/Mes_Tools/Kill_Tool.exe
on va tout virer :
option 1 :
http://sd-1.archive-host.com/membres/up/829108531491024/Mes_Tools/Kill_Tool.exe
voila....
List_Tool by g3n-h@ckm@n 1.0.0.0
¤¤¤¤¤¤¤¤¤¤ Files | Folders
Present : C:\Kill'em
Present : C:\Kill'em.txt
Present : C:\Qoobox
Present : C:\_OTL
Present : C:\Documents and Settings\All Users\Bureau\List_Kill'em.lnk
Present : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\List_Kill'em
Present : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\List_Kill'em\Désinstaller List_Kill'em.lnk
Present : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\List_Kill'em\List_Kill'em.lnk
Present : C:\Documents and Settings\HelpAssistant\Bureau\OTL.exe
Present : C:\Documents and Settings\HelpAssistant\Bureau\OTL.Txt
Present : C:\Documents and Settings\HelpAssistant\Bureau\ZHPDiag.Txt
Present : C:\Documents and Settings\HelpAssistant\Local Settings\temp\C3.tmp\List_Kill'em.bat
Present : C:\Documents and Settings\HelpAssistant\Local Settings\temp\C3.tmp\mbr.exe
Present : C:\Documents and Settings\HelpAssistant\Local Settings\temp\C4.tmp\List_Kill'em.bat
Present : C:\Documents and Settings\HelpAssistant\Local Settings\temp\C4.tmp\mbr.exe
Present : C:\Documents and Settings\HelpAssistant\Recent\Kill'em.lnk
Present : C:\Documents and Settings\HelpAssistant\Recent\OTL.lnk
Present : C:\Documents and Settings\HelpAssistant\Recent\ZHPDiag.Txt.lnk
Present : C:\Documents and Settings\xspaeth-adc\Bureau\OTL.exe
Present : C:\Documents and Settings\xspaeth-adc\Bureau\OTL.Txt
Present : C:\Documents and Settings\xspaeth-adc\Local Settings\Temp\C3.tmp\List_Kill'em.bat
Present : C:\Documents and Settings\xspaeth-adc\Local Settings\Temp\C3.tmp\mbr.exe
Present : C:\Documents and Settings\xspaeth-adc\Local Settings\Temp\C4.tmp\List_Kill'em.bat
Present : C:\Documents and Settings\xspaeth-adc\Local Settings\Temp\C4.tmp\mbr.exe
Present : C:\Documents and Settings\xspaeth-adc\Recent\Kill'em.lnk
Present : C:\Documents and Settings\xspaeth-adc\Recent\OTL.lnk
Present : C:\Documents and Settings\xspaeth-adc\Recent\ZHPDiag.Txt.lnk
Present : C:\Kill'em\Quarantine
Present : C:\Kill'em\Save
Present : C:\Kill'em\Quarantine\catchme.dll.Kill'em
Present : C:\Kill'em\Save\default
Present : C:\Kill'em\Save\ERDNT.CON
Present : C:\Kill'em\Save\ERDNT.EXE
Present : C:\Kill'em\Save\ERDNT.INF
Present : C:\Kill'em\Save\ERDNTDOS.LOC
Present : C:\Kill'em\Save\ERDNTWIN.LOC
Present : C:\Kill'em\Save\SAM
Present : C:\Kill'em\Save\SECURITY
Present : C:\Kill'em\Save\software
Present : C:\Kill'em\Save\system
Present : C:\Kill'em\Save\Users
Present : C:\Kill'em\Save\Users\00000001
Present : C:\Kill'em\Save\Users\00000002
Present : C:\Kill'em\Save\Users\00000001\NTUSER.DAT
Present : C:\Kill'em\Save\Users\00000002\UsrClass.dat
Present : C:\Program Files\List_Kill'em
Present : C:\Program Files\ZHPDiag
Present : C:\Program Files\List_Kill'em\List_Kill'em.scr
Present : C:\Program Files\List_Kill'em\unins000.dat
Present : C:\Program Files\List_Kill'em\unins000.exe
Present : C:\Program Files\ZHPDiag\SigCheck.txt
Present : C:\Program Files\ZHPDiag\ZHPADSReport.txt
Present : C:\Program Files\ZHPDiag\ZHPDiag.Txt
Present : C:\Qoobox\Add-Remove Programs.txt
Present : C:\Qoobox\BackEnv
Present : C:\Qoobox\CFScript_used_2010-01-25_20.08.01.txt
Present : C:\Qoobox\ComboFix-quarantined-files.txt
Present : C:\Qoobox\ComboFix2.txt
Present : C:\Qoobox\ComboFix3.txt
Present : C:\Qoobox\ComboFix4.txt
Present : C:\Qoobox\Quarantine
Present : C:\Qoobox\SnapShot@2010-01-25_18.28.24.dat
Present : C:\Qoobox\SnapShot_2010-02-17_20.14.43.dat
Present : C:\Qoobox\BackEnv\appdata.folder.dat
Present : C:\Qoobox\BackEnv\cache.folder.dat
Present : C:\Qoobox\BackEnv\Cookies.folder.dat
Present : C:\Qoobox\BackEnv\desktop.folder.dat
Present : C:\Qoobox\BackEnv\favorites.folder.dat
Present : C:\Qoobox\BackEnv\localappdata.folder.dat
Present : C:\Qoobox\BackEnv\localsettings.folder.dat
Present : C:\Qoobox\BackEnv\mypictures.folder.dat
Present : C:\Qoobox\BackEnv\personal.folder.dat
Present : C:\Qoobox\BackEnv\Profiles.Folder.dat
Present : C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Present : C:\Qoobox\BackEnv\programs.folder.dat
Present : C:\Qoobox\BackEnv\SetPath.bat
Present : C:\Qoobox\BackEnv\startmenu.folder.dat
Present : C:\Qoobox\BackEnv\startup.folder.dat
Present : C:\Qoobox\BackEnv\SysPath.dat
Present : C:\Qoobox\BackEnv\templates.folder.dat
Present : C:\Qoobox\Quarantine\C
Present : C:\Qoobox\Quarantine\catchme.log
Present : C:\Qoobox\Quarantine\catchme.txt
Present : C:\Qoobox\Quarantine\Registry_backups
Present : C:\Qoobox\Quarantine\C\Documents and Settings
Present : C:\Qoobox\Quarantine\C\WINDOWS
Present : C:\Qoobox\Quarantine\C\Documents and Settings\All Users
Present : C:\Qoobox\Quarantine\C\WINDOWS\system32
Present : C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers
Present : C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir_
Present : C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\KGootkit.sys.vir
Present : C:\Qoobox\Quarantine\Registry_backups\ActiveSetup-ccc-core-static.reg.dat
Present : C:\Qoobox\Quarantine\Registry_backups\BHO-{429373D6-8AA4-4441-8CE7-480CAEE16D8C}.reg.dat
Present : C:\Qoobox\Quarantine\Registry_backups\Legacy_KGOOTKIT.reg.dat
Present : C:\Qoobox\Quarantine\Registry_backups\Service_KGootkit.reg.dat
Present : C:\Qoobox\Quarantine\Registry_backups\Service_xrzlzqop.reg.dat
Present : C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
Present : C:\WINDOWS\Prefetch\OTL.EXE-23A0DEFA.pf
Present : C:\_OTL\MovedFiles
Present : C:\_OTL\MovedFiles\02232010_175907
Present : C:\_OTL\MovedFiles\02232010_175907.log
Present : C:\_OTL\MovedFiles\02232010_175907\C_
Present : C:\_OTL\MovedFiles\02232010_175907\C_Documents and Settings
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows
Present : C:\_OTL\MovedFiles\02232010_175907\C_\error.htm
Present : C:\_OTL\MovedFiles\02232010_175907\C_\infect.htm
Present : C:\_OTL\MovedFiles\02232010_175907\C_Documents and Settings\Default User
Present : C:\_OTL\MovedFiles\02232010_175907\C_Documents and Settings\Default User\Local Settings
Present : C:\_OTL\MovedFiles\02232010_175907\C_Documents and Settings\Default User\Local Settings\Temporary Internet Files
Present : C:\_OTL\MovedFiles\02232010_175907\C_Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\System32
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\System32\CONFIG.TMP
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\$$$dq3e
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\$67we.$
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\admin.pub
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\AVP452.tmp
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\AVP453.tmp
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\ExchangePerflog_8484fa2168db83cbcfcccd43.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\msetupd.log
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\Perflib_Perfdata_2f4.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\Perflib_Perfdata_410.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\Perflib_Perfdata_85c.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\Perflib_Perfdata_88c.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\Perflib_Perfdata_a14.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\Perflib_Perfdata_a48.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\Perflib_Perfdata_d18.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\WGAErrLog.txt
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\xsw2
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
List_Tool by g3n-h@ckm@n 1.0.0.0
¤¤¤¤¤¤¤¤¤¤ Files | Folders
Present : C:\Kill'em
Present : C:\Kill'em.txt
Present : C:\Qoobox
Present : C:\_OTL
Present : C:\Documents and Settings\All Users\Bureau\List_Kill'em.lnk
Present : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\List_Kill'em
Present : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\List_Kill'em\Désinstaller List_Kill'em.lnk
Present : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\List_Kill'em\List_Kill'em.lnk
Present : C:\Documents and Settings\HelpAssistant\Bureau\OTL.exe
Present : C:\Documents and Settings\HelpAssistant\Bureau\OTL.Txt
Present : C:\Documents and Settings\HelpAssistant\Bureau\ZHPDiag.Txt
Present : C:\Documents and Settings\HelpAssistant\Local Settings\temp\C3.tmp\List_Kill'em.bat
Present : C:\Documents and Settings\HelpAssistant\Local Settings\temp\C3.tmp\mbr.exe
Present : C:\Documents and Settings\HelpAssistant\Local Settings\temp\C4.tmp\List_Kill'em.bat
Present : C:\Documents and Settings\HelpAssistant\Local Settings\temp\C4.tmp\mbr.exe
Present : C:\Documents and Settings\HelpAssistant\Recent\Kill'em.lnk
Present : C:\Documents and Settings\HelpAssistant\Recent\OTL.lnk
Present : C:\Documents and Settings\HelpAssistant\Recent\ZHPDiag.Txt.lnk
Present : C:\Documents and Settings\xspaeth-adc\Bureau\OTL.exe
Present : C:\Documents and Settings\xspaeth-adc\Bureau\OTL.Txt
Present : C:\Documents and Settings\xspaeth-adc\Local Settings\Temp\C3.tmp\List_Kill'em.bat
Present : C:\Documents and Settings\xspaeth-adc\Local Settings\Temp\C3.tmp\mbr.exe
Present : C:\Documents and Settings\xspaeth-adc\Local Settings\Temp\C4.tmp\List_Kill'em.bat
Present : C:\Documents and Settings\xspaeth-adc\Local Settings\Temp\C4.tmp\mbr.exe
Present : C:\Documents and Settings\xspaeth-adc\Recent\Kill'em.lnk
Present : C:\Documents and Settings\xspaeth-adc\Recent\OTL.lnk
Present : C:\Documents and Settings\xspaeth-adc\Recent\ZHPDiag.Txt.lnk
Present : C:\Kill'em\Quarantine
Present : C:\Kill'em\Save
Present : C:\Kill'em\Quarantine\catchme.dll.Kill'em
Present : C:\Kill'em\Save\default
Present : C:\Kill'em\Save\ERDNT.CON
Present : C:\Kill'em\Save\ERDNT.EXE
Present : C:\Kill'em\Save\ERDNT.INF
Present : C:\Kill'em\Save\ERDNTDOS.LOC
Present : C:\Kill'em\Save\ERDNTWIN.LOC
Present : C:\Kill'em\Save\SAM
Present : C:\Kill'em\Save\SECURITY
Present : C:\Kill'em\Save\software
Present : C:\Kill'em\Save\system
Present : C:\Kill'em\Save\Users
Present : C:\Kill'em\Save\Users\00000001
Present : C:\Kill'em\Save\Users\00000002
Present : C:\Kill'em\Save\Users\00000001\NTUSER.DAT
Present : C:\Kill'em\Save\Users\00000002\UsrClass.dat
Present : C:\Program Files\List_Kill'em
Present : C:\Program Files\ZHPDiag
Present : C:\Program Files\List_Kill'em\List_Kill'em.scr
Present : C:\Program Files\List_Kill'em\unins000.dat
Present : C:\Program Files\List_Kill'em\unins000.exe
Present : C:\Program Files\ZHPDiag\SigCheck.txt
Present : C:\Program Files\ZHPDiag\ZHPADSReport.txt
Present : C:\Program Files\ZHPDiag\ZHPDiag.Txt
Present : C:\Qoobox\Add-Remove Programs.txt
Present : C:\Qoobox\BackEnv
Present : C:\Qoobox\CFScript_used_2010-01-25_20.08.01.txt
Present : C:\Qoobox\ComboFix-quarantined-files.txt
Present : C:\Qoobox\ComboFix2.txt
Present : C:\Qoobox\ComboFix3.txt
Present : C:\Qoobox\ComboFix4.txt
Present : C:\Qoobox\Quarantine
Present : C:\Qoobox\SnapShot@2010-01-25_18.28.24.dat
Present : C:\Qoobox\SnapShot_2010-02-17_20.14.43.dat
Present : C:\Qoobox\BackEnv\appdata.folder.dat
Present : C:\Qoobox\BackEnv\cache.folder.dat
Present : C:\Qoobox\BackEnv\Cookies.folder.dat
Present : C:\Qoobox\BackEnv\desktop.folder.dat
Present : C:\Qoobox\BackEnv\favorites.folder.dat
Present : C:\Qoobox\BackEnv\localappdata.folder.dat
Present : C:\Qoobox\BackEnv\localsettings.folder.dat
Present : C:\Qoobox\BackEnv\mypictures.folder.dat
Present : C:\Qoobox\BackEnv\personal.folder.dat
Present : C:\Qoobox\BackEnv\Profiles.Folder.dat
Present : C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Present : C:\Qoobox\BackEnv\programs.folder.dat
Present : C:\Qoobox\BackEnv\SetPath.bat
Present : C:\Qoobox\BackEnv\startmenu.folder.dat
Present : C:\Qoobox\BackEnv\startup.folder.dat
Present : C:\Qoobox\BackEnv\SysPath.dat
Present : C:\Qoobox\BackEnv\templates.folder.dat
Present : C:\Qoobox\Quarantine\C
Present : C:\Qoobox\Quarantine\catchme.log
Present : C:\Qoobox\Quarantine\catchme.txt
Present : C:\Qoobox\Quarantine\Registry_backups
Present : C:\Qoobox\Quarantine\C\Documents and Settings
Present : C:\Qoobox\Quarantine\C\WINDOWS
Present : C:\Qoobox\Quarantine\C\Documents and Settings\All Users
Present : C:\Qoobox\Quarantine\C\WINDOWS\system32
Present : C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers
Present : C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir_
Present : C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\KGootkit.sys.vir
Present : C:\Qoobox\Quarantine\Registry_backups\ActiveSetup-ccc-core-static.reg.dat
Present : C:\Qoobox\Quarantine\Registry_backups\BHO-{429373D6-8AA4-4441-8CE7-480CAEE16D8C}.reg.dat
Present : C:\Qoobox\Quarantine\Registry_backups\Legacy_KGOOTKIT.reg.dat
Present : C:\Qoobox\Quarantine\Registry_backups\Service_KGootkit.reg.dat
Present : C:\Qoobox\Quarantine\Registry_backups\Service_xrzlzqop.reg.dat
Present : C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
Present : C:\WINDOWS\Prefetch\OTL.EXE-23A0DEFA.pf
Present : C:\_OTL\MovedFiles
Present : C:\_OTL\MovedFiles\02232010_175907
Present : C:\_OTL\MovedFiles\02232010_175907.log
Present : C:\_OTL\MovedFiles\02232010_175907\C_
Present : C:\_OTL\MovedFiles\02232010_175907\C_Documents and Settings
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows
Present : C:\_OTL\MovedFiles\02232010_175907\C_\error.htm
Present : C:\_OTL\MovedFiles\02232010_175907\C_\infect.htm
Present : C:\_OTL\MovedFiles\02232010_175907\C_Documents and Settings\Default User
Present : C:\_OTL\MovedFiles\02232010_175907\C_Documents and Settings\Default User\Local Settings
Present : C:\_OTL\MovedFiles\02232010_175907\C_Documents and Settings\Default User\Local Settings\Temporary Internet Files
Present : C:\_OTL\MovedFiles\02232010_175907\C_Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\System32
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\System32\CONFIG.TMP
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\$$$dq3e
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\$67we.$
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\admin.pub
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\AVP452.tmp
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\AVP453.tmp
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\ExchangePerflog_8484fa2168db83cbcfcccd43.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\msetupd.log
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\Perflib_Perfdata_2f4.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\Perflib_Perfdata_410.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\Perflib_Perfdata_85c.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\Perflib_Perfdata_88c.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\Perflib_Perfdata_a14.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\Perflib_Perfdata_a48.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\Perflib_Perfdata_d18.dat
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\WGAErrLog.txt
Present : C:\_OTL\MovedFiles\02232010_175907\C_windows\temp\xsw2
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
http://www.cijoint.fr/cjlink.php?file=cj201002/cijSLe61Im.doc