Securyty tool

Résolu
rexxx83 Messages postés 91 Date d'inscription   Statut Membre Dernière intervention   -  
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
Je suis sur l'ordi a ma conjointe, mon laptop est completement gelé..un virus security tool..cheval de troie.. Je ne sais pas quoi faire??

Merci
A voir également:

68 réponses

Précédent
Réponse 21 / 68
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut rexxx83


Tu es bien du Canada?


@++ :)
0
Réponse 22 / 68
rexxx83 Messages postés 91 Date d'inscription   Statut Membre Dernière intervention  
 
Canada quebec oui!!!
0
Réponse 23 / 68
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut rexxx83


OK ce que je pensais, nouvelle infection et pas encore pris en charge par les outils, je te prépare une procédure de désinfection, de retour dans pas long.


@++ :)

P.S Moi je suis de Trois-Rivières
0
Réponse 24 / 68
rexxx83 Messages postés 91 Date d'inscription   Statut Membre Dernière intervention  
 
Merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 68
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut rexxx83


Important Désactive TeaTimer le résident de Spybot, il va gêner la désinfection en empêchant la modification des BHO


- Démarre Spybot clique sur Mode coche Mode avancé
- A gauche clique sur Outils ==> Résident

- Décoche la case devant Résident "TeaTimer", voir la capture :

http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg

- Quitte Spybot


-----


Double clique sur le raccourci d'HijackThis sur ton Bureau, clique sur Do a scan system only coche la case devant la(les) ligne(s) suivante(s) si présente(s)
Si pas de raccourci sur le bureau, il ce trouve ici :
C:\Program Files\Trend Micro\HijackThis\Francis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\Francis\LOCALS~1\Temp\Xrx.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\DOCUME~1\Francis\LOCALS~1\Temp\1QPk4.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DD1E996-9883-436B-81A1-D5692AE8550A}: NameServer = 93.188.164.59,93.188.166.79
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D29CAFA-ACEF-4DED-A2A5-045EE0CC770C}: NameServer = 93.188.164.59,93.188.166.79
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.59,93.188.166.79
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.164.59,93.188.166.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.59,93.188.166.79
O20 - Winlogon Notify: ljJAsTND - C:\WINDOWS\


- Ferme les fenêtres en cours sauf HijackThis, clique sur Fix checked

- Quitte HijackThis


-----


Clique sur démarrer/Exécuter et tape regedit
Presse : CTRL et F
Tout cocher sauf nom entier
Ecrire ou copier/coller : 93.188.164.59
Clique : Suivant
Si trouvé ==> clic-droit et supprimer
relancer la recherche jusqu'à l'annonce de FIN
Après fais la même chose avec : 93.188.166.79

-----


Télécharge OTM (de Old_Timer) sur le bureau :

http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/


Double-clique sur OTM.exe sur le bureau

- Copie le texte qui se trouve en gras ci-dessous et colle le dans le cadre de gauche de OTM nommé Paste Instructions for Items to be Moved

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\46571831]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\89732029]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJAsTND]


:files
C:\WINDOWS\msa.exe
C:\WINDOWS\Temp\_ex-08.exe
C:\DOCUME~1\Francis\LOCALS~1\Temp\Xrx.exe
C:\DOCUME~1\Francis\LOCALS~1\Temp\1QPk4.exe
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\WINDOWS\system32\tmp.txt
C:\WINDOWS\system32\sshnas21.dll
C:\Documents and Settings\Francis\Application Data\SystemProc

:commands
[purity]
[emptytemp]
[reboot]

- Clique sur MoveIt! pour lancer la suppression.
- Ferme OTM

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTMoveIt qui se trouve dans C:\_OTM\MovedFiles.

Poste aussi un nouveau rapport RSIT


@++ :)
0
Réponse 26 / 68
rexxx83 Messages postés 91 Date d'inscription   Statut Membre Dernière intervention  
 
Compliqué en maudit lol :

ll processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\46571831\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\89732029\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJAsTND\ not found.
========== FILES ==========
C:\WINDOWS\msa.exe moved successfully.
C:\WINDOWS\Temp\_ex-08.exe moved successfully.
C:\DOCUME~1\Francis\LOCALS~1\Temp\Xrx.exe moved successfully.
File/Folder C:\DOCUME~1\Francis\LOCALS~1\Temp\1QPk4.exe not found.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\WINDOWS\system32\tmp.txt moved successfully.
C:\WINDOWS\system32\sshnas21.dll moved successfully.
C:\Documents and Settings\Francis\Application Data\SystemProc folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Francis
->Temp folder emptied: 1198910 bytes
->Temporary Internet Files folder emptied: 803522484 bytes
->Google Chrome cache emptied: 593984 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 360448 bytes
->Temporary Internet Files folder emptied: 3170070 bytes

User: Recouvrement
->Temp folder emptied: 1677556 bytes
->Temporary Internet Files folder emptied: 37107670 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 10282650 bytes
%systemroot%\System32 .tmp files removed: 4528640 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80896 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23961782 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 4976994 bytes

Total Files Cleaned = 850,00 mb


OTM by OldTimer - Version 3.1.9.0 log created on 02252010_230944

Files moved on Reboot...
File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_5cc.dat not found!
File C:\WINDOWS\temp\41.tmp not found!

Registry entries deleted on Reboot...



ETTTTTT



Logfile of random's system information tool 1.06 (written by random/random)
Run by Francis at 2010-02-25 23:20:07
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 157 GB (88%) free of 178 GB
Total RAM: 2038 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:11, on 2010-02-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\AGI\core\4.1\AGCoreService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TODDSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\afaria\Bin\XCDiffCache.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe
C:\Program files\Interface Suite\IAGConsole\iagschedcheck.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Dynamics CRM\Client\res\Web\bin\Microsoft.Crm.Application.Hoster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\afaria\Bin\XCGSTask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Francis\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Francis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webi.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [Afaria Client File Differencing] C:\Program Files\afaria\Bin\XCDiffCache.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DiamondView] "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background
O4 - HKCU\..\Run: [iagconsole] C:\Program files\Interface Suite\IAGConsole\iagschedcheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DSF-DFS Updates Installation] C:\Nodesys\Maj\ExemajLauncher.exe
O4 - HKCU\..\Run: [MSCRMStartup] "C:\Program Files\Microsoft Dynamics CRM\Client\res\Web\bin\Microsoft.Crm.Application.Hoster.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DiamondView] "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Afaria Client Generic Scheduler.lnk = C:\Program Files\afaria\Bin\XCGSTask.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://www.avdlext.com/iNotes6W.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://www.avdlext.com/dwa7W.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sflcuivreetor.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.1\AGCoreService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Service Google Update (gupdate1c9accf499f54da) (gupdate1c9accf499f54da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\System32\TODDSrv.exe
0
Réponse 27 / 68
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut rexxx83


Bon boulot, essai de nouveau pour le téléchargement de MBAM et ne pas oublier de le mettre à jour.


@++ :)
0
Réponse 28 / 68
rexxx83 Messages postés 91 Date d'inscription   Statut Membre Dernière intervention  
 
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3794
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2010-02-25 23:30:56
mbam-log-2010-02-25 (23-30-56).txt

Type de recherche: Examen rapide
Eléments examinés: 135760
Temps écoulé: 5 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\02810718 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\02810718\02810718.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully.
0
Réponse 29 / 68
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut rexxx83


Désactive ton antivirus le temps de la manipulation ainsi que ton pare feu si présent(car il est détecté a tort comme infection)

▶ Télécharge List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "créer une icône sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le, ne le poste pas, mais ne le supprime pas pour l instant, le scan n'est pas fini.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

Demain pour la suite, moi je vais au pieu


@++ :)
0
Réponse 30 / 68
rexxx83 Messages postés 91 Date d'inscription   Statut Membre Dernière intervention  
 
ist'em by g3n-h@ckm@n 1.2.8.0

User : Francis (Administrateurs)
Update on 25/02/2010 by g3n-h@ckm@n ::::: 13.00
Start at: 00:00:33 | 2010-02-26
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 173,63 Go (153,09 Go free) | NTFS
D:\ -> Disque fixe local | 5,33 Go (4,64 Go free) | NTFS
E:\ -> Disque CD-ROM | 85,59 Mo (0 Mo free) [Communication] | CDFS
F:\ -> Disque amovible | 491,71 Mo (480,68 Mo free) | FAT

Boot: Normal


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\afaria\Bin\XCDiffCache.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe
C:\Program files\Interface Suite\IAGConsole\iagschedcheck.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\afaria\Bin\XCGSTask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AGI\core\4.1\AGCoreService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TODDSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Francis\Local Settings\temp\162.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TOSCDSPD REG_SZ C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
LtMoh REG_SZ C:\Program Files\ltmoh\Ltmoh.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
DiamondView REG_SZ "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background
iagconsole REG_SZ C:\Program files\Interface Suite\IAGConsole\iagschedcheck.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
DSF-DFS Updates Installation REG_SZ C:\Nodesys\Maj\ExemajLauncher.exe
MSCRMStartup REG_SZ "C:\Program Files\Microsoft Dynamics CRM\Client\res\Web\bin\Microsoft.Crm.Application.Hoster.exe"
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray REG_SZ C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\System32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\System32\igfxpers.exe
IAAnotif REG_SZ "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
RTHDCPL REG_SZ RTHDCPL.EXE
TCtryIOHook REG_SZ TCtrlIOHook.exe
TFncKy REG_SZ TFncKy.exe
TDispVol REG_SZ TDispVol.exe
HWSetup REG_SZ C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
TPSMain REG_SZ TPSMain.exe
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
TPNF REG_SZ C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
CeEKEY REG_SZ C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
DDWMon REG_SZ C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
Afaria Client File Differencing REG_SZ C:\Program Files\afaria\Bin\XCDiffCache.exe
Camera Assistant Software REG_SZ "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
DWQueuedReporting REG_SZ "C:\Program Files\Fichiers communs\Microsoft Shared\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
AvgUninstallURL REG_SZ cmd.exe /c start http://www.avg.fr/fr.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQ"&"inst=NwA5AC0AMQAxADgANw"&"prod=90"&"ver=9.0.733

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableRegistryTools REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ FRANCIS-PC
DefaultUserName REG_SZ Francis
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Francis
AltDefaultDomainName REG_SZ FRANCIS-PC
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
System REG_SZ

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\afaria\Bin\XcListener.exe REG_SZ C:\Program Files\afaria\Bin\XcListener.exe:*:Enabled:Afaria Client Listener
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\mIRC\mirc.exe REG_SZ C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\WINDOWS\LMI160.tmp\lmi_rescue.exe REG_SZ C:\WINDOWS\LMI160.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
C:\WINDOWS\LMI51.tmp\lmi_rescue.exe REG_SZ C:\WINDOWS\LMI51.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
C:\WINDOWS\LMI55.tmp\lmi_rescue.exe REG_SZ C:\WINDOWS\LMI55.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
C:\Program Files\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe REG_SZ C:\Program Files\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe:*:Enabled:Microsoft CRM Web Service Hoster
C:\WINDOWS\LMI48.tmp\lmi_rescue.exe REG_SZ C:\WINDOWS\LMI48.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
C:\WINDOWS\LMI1B2.tmp\lmi_rescue.exe REG_SZ C:\WINDOWS\LMI1B2.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
C:\WINDOWS\LMI1D3.tmp\lmi_rescue.exe REG_SZ C:\WINDOWS\LMI1D3.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
C:\WINDOWS\LMICD.tmp\lmi_rescue.exe REG_SZ C:\WINDOWS\LMICD.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
C:\WINDOWS\LMI6D.tmp\lmi_rescue.exe REG_SZ C:\WINDOWS\LMI6D.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\CabBuilder
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0742B9EF-8C83-41CA-BFBA-830A59E23533}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3BFFE033-BF43-11D5-A271-00A024A51325}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5C051655-FCD5-4969-9182-770EA5AA5565}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E008A543-CEFB-4559-912F-C27C2B89F13B}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7DD1E996-9883-436B-81A1-D5692AE8550A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7DD1E996-9883-436B-81A1-D5692AE8550A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7DD1E996-9883-436B-81A1-D5692AE8550A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.webi.ca/

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Francis\Local Settings\temp\162.tmp
## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Francis\Local Settings\temp\162.tmp
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\system32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Francis\Local Settings\temp\162.tmp
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
##
86912,95b858761a00e1d4f81f79a0da019aca,5e41dae055bcb8ee8ad23d3c77d69df09c6b1e301c889aec6f02193d7dec352b,C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C


E:\Autorun.inf :
----------------
[autorun]
open=demarrer_start.exe
icon=MISC\icon.ico
=======
Drive :
=======

Défragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
174 Go total, 153 Go libre (88%), 7% fragmenté (fragmentation du fichier 14%)

Il ne vous est pas nécessaire de défragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users\Application Data\AGI
Present !! : C:\Documents and Settings\LocalService\Application Data\agi
Present !! : C:\Program Files\AGI
Present !! : C:\Program Files\INSTALL.LOG
Present !! : C:\Program Files\Kiwee Toolbar
Present !! : C:\Program Files\WinPCap
Present !! : C:\WINDOWS\System32\404Fix.exe
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\drivers\npf.sys
Present !! : C:\WINDOWS\System32\dumphive.exe"
Present !! : C:\WINDOWS\System32\IEDFix.exe
Present !! : C:\WINDOWS\System32\Packet.dll
Present !! : C:\WINDOWS\System32\Process.exe
Present !! : C:\WINDOWS\System32\pthreadVC.dll
Present !! : C:\WINDOWS\System32\SrchSTS.exe
Present !! : C:\WINDOWS\System32\tmp.reg"
Present !! : C:\WINDOWS\System32\VACFix.exe
Present !! : C:\WINDOWS\System32\VCCLSID.exe
Present !! : C:\WINDOWS\System32\WanPacket.dll
Present !! : C:\WINDOWS\System32\wpcap.dll
Present !! : C:\WINDOWS\System32\WS2Fix.exe
Present !! : C:\Documents and Settings\Francis\Local Settings\Application Data\Kiwee Toolbar
Present !! : C:\Documents and Settings\Francis\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\Francis\Local Settings\Temp\mm1.mht
Present !! : C:\Documents and Settings\Francis\LOCAL Settings\Temp\setup.exe

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : "HKCU\software\microsoft\internet explorer\searchscopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Present !! : HKCR\CLSID\{E03BAFDC-EB9D-4C35-A7A2-AB6C62FF0A68}
Present !! : HKCR\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
Present !! : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Present !! : HKCR\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d}
Present !! : HKCR\Typelib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}
Present !! : HKCR\urlsearchhook.toolbarurlsearchhook
Present !! : HKCR\urlsearchhook.toolbarurlsearchhook.1
Present !! : HKCU\Software\AGI
Present !! : HKLM\Software\Classes\CLSID\{E03BAFDC-EB9D-4C35-A7A2-AB6C62FF0A68}
Present !! : HKLM\Software\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
Present !! : HKLM\Software\Classes\Typelib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_SSHNAS
Present !! : HKLM\SYSTEM\ControlSet001\Services\npf
Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_SSHNAS
Present !! : HKLM\SYSTEM\ControlSet003\Services\npf
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SSHNAS
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\npf

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 01:12:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00004b05

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89CF7A9A]<<
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

Adobe
afaria
AGI
Alwil Software
Apoint2K
AVG
Business Objects
Camera Assistant Software for Toshiba
Canada Life
CCleaner
Common Files
ComPlus Applications
CPP_ILLUST
DIFX
Empire
Excellence
Fichiers communs
GaleForce Solutions Inc
Google
GWL
HP
illustrate inc
INSTALL.LOG
InstallShield Installation Information
Insync26
Intel
Interface Suite
Internet Explorer
Kiwee Toolbar
List_Kill'em
Log Parser 2.2
ltmoh
Malwarebytes' Anti-Malware
Manulife Financial
MarkoSim
McAfee
McAfee.com
Messenger
Microsoft
Microsoft Dynamics CRM
microsoft frontpage
Microsoft Office
Microsoft SQL Server
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSECache
MSN
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
NetMeeting
Outlook Express
Picasa2
RBC Illustrations
Realtek
Reference Assemblies
Services en ligne
Spybot - Search & Destroy
Standard Life
Survivance
TOSHIBA
Trend Micro
TuxPaint
UnifiedToolbar
Uninstall Information
UNWISE.EXE
Vortex
Windows Live
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinPcap
xerox
Yahoo!
ZoomExpressKeyview

============
Drive C:
============

$AVG
3eb028de21ef49e5b7569f5049e83a
70cf8104d2eae504dd
Admin
AIG
aigwin
AUTOEXEC.BAT
boot.ini
Bootfont.bin
c99911e44e58cf06d007
Canada Life
ComboFix
ComboFix.txt
ComboFix123
complife
Concepts
Config.Msi
CONFIG.SYS
Desjardins
DesjardinsTechno
Documents and Settings
FDP
GWL
InstallLog.txt
InsyncData
Intel
IO.SYS
Kill'em
Killfix
List'em.txt
MLI
MSDOS.SYS
MSOCache
MStar
Nodesys
NTDETECT.COM
ntldr
pagefile.sys
patchlog.txt
pfw
Profils
Profil_rep
Program Files
projciel
projciel.renouv
Qoobox
RECYCLER
repres
rkill.log
rsit
SavedCases
SavedPDFs
System Volume Information
Temp
TRANSWIN
users
uvie
VundoFix Backups
WINDOWS
WORT
WUTemp
_OTM

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials





¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 1:23:32,21
0
Réponse 31 / 68
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut rexxx83


▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse


@++ :)
0
Réponse 32 / 68
rexxx83 Messages postés 91 Date d'inscription   Statut Membre Dernière intervention  
 
Tres long comme scann... mais en vain lol



Kill'em by g3n-h@ckm@n 1.2.8.0

User : Francis (Administrateurs)
Update on 25/02/2010 by g3n-h@ckm@n ::::: 13.00
Start at: 20:01:02 | 2010-02-26
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 173,63 Go (153,13 Go free) | NTFS
D:\ -> Disque fixe local | 5,33 Go (4,64 Go free) | NTFS
E:\ -> Disque CD-ROM | 85,59 Mo (0 Mo free) [Communication] | CDFS


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\afaria\Bin\XCDiffCache.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe
C:\Program files\Interface Suite\IAGConsole\iagschedcheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\afaria\Bin\XCGSTask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AGI\core\4.1\AGCoreService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TODDSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Francis\Local Settings\temp\1D7.tmp\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\AGI
Quarantined & Deleted !! : C:\Documents and Settings\LocalService\Application Data\agi
Quarantined & Deleted !! : C:\Program Files\AGI
Quarantined & Deleted !! : C:\Program Files\INSTALL.LOG
Quarantined & Deleted !! : C:\Program Files\Kiwee Toolbar
Quarantined & Deleted !! : C:\Program Files\WinPCap

Quarantined & Deleted !! : C:\WINDOWS\system32\404Fix.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\system32\drivers\npf.sys
Quarantined & Deleted !! : C:\WINDOWS\system32\dumphive.exe
Quarantined & Deleted !! : C:\WINDOWS\system32\IEDFix.exe
Quarantined & Deleted !! : C:\WINDOWS\system32\Packet.dll
Quarantined & Deleted !! : C:\WINDOWS\system32\Process.exe
Quarantined & Deleted !! : C:\WINDOWS\system32\pthreadVC.dll
Quarantined & Deleted !! : C:\WINDOWS\system32\SrchSTS.exe
Quarantined & Deleted !! : C:\WINDOWS\system32\tmp.reg
Quarantined & Deleted !! : C:\WINDOWS\system32\VACFix.exe
Quarantined & Deleted !! : C:\WINDOWS\system32\VCCLSID.exe
Quarantined & Deleted !! : C:\WINDOWS\system32\WanPacket.dll
Quarantined & Deleted !! : C:\WINDOWS\system32\wpcap.dll
Quarantined & Deleted !! : C:\WINDOWS\system32\WS2Fix.exe
Quarantined & Deleted !! : C:\Documents and Settings\Francis\Local Settings\Application Data\Kiwee Toolbar
Quarantined & Deleted !! : C:\Documents and Settings\Francis\Local Settings\Temp\dw.log
Quarantined & Deleted !! : C:\Documents and Settings\Francis\Local Settings\Temp\mm1.mht
Quarantined & Deleted !! : C:\Documents and Settings\Francis\LOCAL Settings\Temp\setup.exe
Quarantined & Deleted !! : C:\Documents and Settings\Francis\LOCAL Settings\Temp\dwa7res_fr.dll

==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Deleted : HKCR\CLSID\{E03BAFDC-EB9D-4C35-A7A2-AB6C62FF0A68}
Deleted : HKCR\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
Deleted : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Deleted : HKCR\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d}
Deleted : HKCR\Typelib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}
Deleted : HKCR\urlsearchhook.toolbarurlsearchhook
Deleted : HKCR\urlsearchhook.toolbarurlsearchhook.1
Deleted : HKCU\Software\AGI
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
Deleted : HKLM\SYSTEM\ControlSet001\Services\npf
Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NPF
Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_SSHNAS
Deleted : HKLM\SYSTEM\ControlSet003\Services\npf
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SSHNAS
========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 33 / 68
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut rexxx83


OK c'est bon, on va maintenant vérifier les périphériques externes, cette infection peut si loger et réinfecté le PC.


Télécharge et installe UsbFix par El Desaparecido , C_XX & Chimay8
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir.

• Double clic sur le raccourci UsbFix présent sur ton bureau .

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

• Laisse travailler l'outil.

• Ensuite poste le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note2 : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html


@++ :)
0
Réponse 34 / 68
rexxx83 Messages postés 91 Date d'inscription   Statut Membre Dernière intervention  
 
############################## | UsbFix V6.097 |

User : Francis (Administrateurs) # FRANCIS-PC
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 10:58:08 | 2010-02-27
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 173,63 Go (153,03 Go free) # NTFS
D:\ -> Disque fixe local # 5,33 Go (4,64 Go free) # NTFS
E:\ -> Disque CD-ROM # 85,59 Mo (0 Mo free) [Communication] # CDFS
F:\ -> Disque amovible # 962,46 Mo (66,36 Mo free) [PHILIPS] # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AGI\core\4.1\AGCoreService.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\afaria\Bin\XCDiffCache.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe
C:\Program files\Interface Suite\IAGConsole\iagschedcheck.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Microsoft Dynamics CRM\Client\res\Web\bin\Microsoft.Crm.Application.Hoster.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\afaria\Bin\XCGSTask.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TODDSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Elements infectieux |

E:\autorun.inf

################## | Registre |


################## | Mountpoints2 |


################## | Vaccin |


################## | ! Fin du rapport # UsbFix V6.097 ! |
0
Réponse 35 / 68
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut rexxx83


(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, caméra, Carte SD, etc...) susceptible d avoir été infectés sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

• Ton bureau disparaîtra et le pc redémarrera.

• Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

• Ensuite poste le rapport UsbFix.txt qui apparaîtra avec le bureau.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )


Refais un scan avec RSIT et poste le contenu du rapport log.txt pour une dernière vérification.
Le rapport est dans le dossier ici C:\rsit


@++ :)
0
Réponse 36 / 68
rexxx83 Messages postés 91 Date d'inscription   Statut Membre Dernière intervention  
 
Salut, voici le rapport..dsl c'est mon lecteur mp3 loll..


############################# | UsbFix V6.097 |

User : Francis (Administrateurs) # FRANCIS-PC
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:34:01 | 2010-02-27
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 173,63 Go (152,98 Go free) # NTFS
D:\ -> Disque fixe local # 5,33 Go (4,64 Go free) # NTFS
E:\ -> Disque CD-ROM # 85,59 Mo (0 Mo free) [Communication] # CDFS
F:\ -> Disque amovible # 962,46 Mo (66,36 Mo free) [PHILIPS] # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AGI\core\4.1\AGCoreService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TODDSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe

################## | Elements infectieux |

Supprimé ! C:\Recycler\S-1-5-21-1343024091-362288127-725345543-1003
Supprimé ! C:\Recycler\S-1-5-21-1343024091-362288127-725345543-1006
Supprimé ! D:\$Recycle.Bin\S-1-5-21-2443393564-881460065-3360647951-1000
Supprimé ! D:\Recycler\S-1-5-21-1343024091-362288127-725345543-1003
Supprimé ! D:\Recycler\S-1-5-21-1343024091-362288127-725345543-1006
(!) Non supprimé ! E:\autorun.inf

################## | Registre |


################## | Mountpoints2 |


################## | Listing des fichiers présent |

[2010-02-26 22:13|--a------|4] C:\AUTOEXEC.BAT
[2010-02-25 09:33|-rahs----|212] C:\boot.ini
[2002-08-30 07:00|-rahs----|4952] C:\Bootfont.bin
[2009-05-23 20:16|--a------|7678] C:\ComboFix.txt
[2008-06-25 16:31|--a------|0] C:\CONFIG.SYS
[2010-01-18 14:41|--a------|41] C:\InstallLog.txt
[2008-06-25 16:31|-rahs----|0] C:\IO.SYS
[2010-02-26 22:13|--a------|7145] C:\Kill'em.txt
[2010-02-26 01:23|--a------|29963] C:\List'em.txt
[2008-06-25 16:31|-rahs----|0] C:\MSDOS.SYS
[2008-06-25 18:21|-rahs----|47564] C:\NTDETECT.COM
[2008-06-25 18:21|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[2010-01-13 21:17|--a------|9100] C:\patchlog.txt
[2010-02-22 23:11|--a------|270] C:\rkill.log
[2010-02-27 11:46|--a------|3411] C:\UsbFix.txt
[2008-06-25 17:32|--a------|324222504] D:\windowsxp-kb936929-sp3-x86-fra.exe
[2008-12-04 00:00|-r-h-----|61] E:\autorun.inf
[2008-12-04 00:00|-r-------|2588877] E:\demarrer_start.exe
[2008-08-08 17:16|--a------|3424174] F:\01 Oh Timbaland.wma
[2008-06-25 21:04|--a------|5751490] F:\01 Say (All I Need).mp3
[2008-08-08 17:19|--a------|4497994] F:\03 Be Yourself.wma
[2008-08-08 18:52|--a------|2898394] F:\04 The Way I Are.wma
[2008-08-08 18:52|--a------|3924310] F:\07 Middle of Nowhere.wma
[2008-08-08 18:52|--a------|5503872] F:\10 Scream.wma
[2008-08-18 19:10|--a------|6171983] F:\50 Cent - Best Friends.mp3
[2008-08-14 18:54|--a------|8644579] F:\50 Cent feat. Lil' Kim - Magic Stick.mp3
[2007-03-28 20:43|--a------|6692817] F:\Akon - Konvicted - 10 - Keep On Calling (Ft. P. Money).mp3
[2008-08-14 18:56|--a------|4428536] F:\Alliyah- Girl if You Only Knew.mp3
[2006-01-17 20:25|--a------|4511597] F:\ashlee_simpson-l.o.v.e..mp3
[2008-09-18 19:56|--a------|4987602] F:\Aviation - You Were My Everything.mp3
[2008-08-08 18:52|--a------|5381354] F:\Avenged Sevenfold - Seize the days.wma
[2006-12-05 09:54|--a------|3993565] F:\Avril Lavigne - Keep holding on.mp3
[2007-06-28 18:59|--a------|6737920] F:\Avril lavigne - When youre gone.mp3
[2007-08-21 17:50|--a------|5210146] F:\backstreet boys - inconsolable.mp3
[2007-03-15 16:36|--a------|3340712] F:\Beyonce ft Shakira - Beautiful Liar.mp3
[2006-01-17 20:43|--a------|5960162] F:\Beyonce feat. Jay-Z - Crazy In Love.mp3
[2008-08-08 18:52|--a------|5462882] F:\Black Eyed Peas - Bebot.mp3
[2008-08-14 18:45|--a------|4741833] F:\Black Eyed Peas - Shut Up.mp3
[2006-01-17 20:25|--a------|3676190] F:\Black Eyes-where is the love.mp3
[2006-01-17 20:25|--a------|4486269] F:\blaque - I'm good.mp3
[2006-09-08 14:38|--a------|4723191] F:\Bob Sinclair feat Steve Edwards - World, Hold On (Children of The Sky).mp3
[2008-09-30 20:31|--a------|2763684] F:\Boxcar Racers - There Is.mp3
[2009-02-02 17:32|--a------|4208849] F:\Soul Asylum - Runaway Train(1).mp3
[2006-01-17 20:25|--a------|3461537] F:\Britney Spears - I'm Slave 4 U.mp3
[2006-01-17 20:25|--a------|4290538] F:\Britney Spears - My Perogative.mp3
[2008-09-30 20:13|--a------|5352470] F:\Britney Spears - Womanizer(1).mp3
[2006-01-17 20:25|--a------|4363162] F:\britney spears - she'll never be me.mp3
[2006-09-17 20:10|--a------|3432448] F:\Cassie - Long Way To Go (remix) [feat. Lil' Wayne].mp3
[2006-09-17 20:28|--a------|6205275] F:\Cassie ft Ray J -Me and You(Remix).mp3
[2007-12-15 13:20|--a------|5087232] F:\Chris Brown - With you.mp3
[2008-09-27 19:50|--a------|4407583] F:\Christina Aguilera - Keeps Getting Better.mp3
[2008-08-09 19:54|--a------|4100975] F:\Christina Aguilera-Can't Hold Us Down.mp3
[2009-01-19 21:48|--a------|5160960] F:\Taylor Swift - Our Song.mp3
[2009-01-20 20:17|--a------|3788426] F:\Toto - Hold The Line.mp3
[2009-02-02 17:29|--a------|4112362] F:\Flo-Rida - Right Round.mp3
[2006-01-17 20:25|--a------|4030464] F:\Ciara feat Missy Elliot - 1 2 Step.mp3
[2008-09-18 20:28|--a------|5518689] F:\Collie Buddz - Mamacita.mp3
[2008-08-18 19:10|--a------|2097520] F:\DAMIAN MARLEY Ft. Stephen Marley - Could You Be Loved Remix.mp3
[2008-08-18 19:13|--a------|3162741] F:\David Guetta - Love is Gone (Radio Edit).mp3
[2006-01-17 20:25|--a------|3994280] F:\Diana KIng-L L Lies.MP3
[2006-10-11 16:02|--a------|6214208] F:\Eminem feat. Akon - Smack that.mp3
[2008-08-09 20:05|--a------|3814016] F:\Eve - Gangsta Lovin (Ft. Alicia Keys).mp3
[2008-09-30 20:22|--a------|2473735] F:\Faber Drive - Sleepless Nights.mp3
[2008-08-09 20:05|--a------|4714062] F:\Faber Drive - Tongue Tied.mp3
[2007-09-06 14:44|--a------|6137371] F:\Fabolous ft. Neyo-You Make Me Better.mp3
[2009-02-02 17:54|--a------|4177802] F:\ziggy marley feat the fugees - electric avenue.mp3
[2007-06-28 19:06|--a------|6840872] F:\Fergie - Big Girls Dont Cry.mp3
[2007-12-04 10:15|--a------|3735387] F:\Flo Rida ft. T-Pain - Low.mp3
[2008-08-20 20:41|--a------|5269766] F:\Flo Rida Ft. Will.I.Am & Fergie - In The Ayer.mp3
[2006-01-17 20:25|--a------|4047097] F:\Gage - Trop Fresh.mp3
[2009-02-02 18:04|--a------|6892226] F:\Hedley Old School.mp3
[2008-08-14 18:44|--a------|5200094] F:\George Michael - Fast Love.mp3
[2009-02-08 18:25|--a------|3245539] F:\Britney Spears - Rock Boy.mp3
[2008-08-14 18:44|--a------|4002110] F:\Gwen Stefani - Hollaback Girl.mp3
[2009-01-19 22:04|--a------|3663977] F:\katy perry- Thinking Of You.mp3
[2008-08-14 18:44|--a------|5515183] F:\Hedley - Gunnin'.mp3
[2008-08-08 17:20|--a------|3907587] F:\Hedley - I'm So Into You.mp3
[2008-08-14 18:44|--a------|3803665] F:\Hedley - For the Nights I Can't Remember.mp3
[2006-01-17 20:43|--a------|5020821] F:\Honey Soundtrack-Ooh Wee.mp3
[2008-08-14 18:45|--a------|4468362] F:\Ja rule Mezmorize.mp3
[2009-04-13 12:58|--a------|6905482] F:\Eminem-We_Made_You.mp3
[2007-12-15 12:57|--a------|5709659] F:\Janet Jackson - Feedback New Single 2008(4).mp3
[2008-08-14 18:51|--a------|4460049] F:\Jennifer Lopez - Brave.mp3
[2008-08-14 18:47|--a------|6260887] F:\Jennifer Lopez ft Ja Rule - Im Real Remix(1)(1).mp3
[2008-04-28 19:51|--a------|4067448] F:\Jesse Mccartney - Leaving.mp3
[2006-01-17 20:25|--a------|4353752] F:\jonas - edge of seventeen.mp3
[2008-09-18 19:56|--a------|3105157] F:\Jude Harrison ft Shay - Waste My Time.mp3
[2008-08-14 18:47|--a------|6974414] F:\Justin Timberlake - Cry Me A River.mp3
[2008-08-14 18:47|--a------|5525632] F:\Justin Timberlake Ft. T.I. & Timbaland - My Love.mp3
[2008-08-14 18:47|--a------|3234986] F:\Justin Timberlake - Rock Your Body.mp3
[2009-04-13 13:14|--a------|3675104] F:\Flipsyde - When It Was Good.mp3
[2008-09-18 20:10|--a------|5063505] F:\Kat Deluna Run The Show (Ft.Shaka Dee).mp3
[2008-08-18 19:08|--a------|2146161] F:\Katy Perry - I Kissed A Girl.mp3
[2008-08-08 18:53|--a------|4513905] F:\kellis milshake.wma
[2008-08-14 18:51|--a------|3514496] F:\Kelly Clarkson - Because Of You.mp3
[2008-08-14 18:51|--a------|5911184] F:\Kelly Clarkson - Behind These Hazel Eyes.mp3
[2006-09-06 09:54|--a------|4920280] F:\Kevin Little ft Sean Paul - Turn Me On (Remix).mp3
[2008-08-18 18:58|--a------|4720768] F:\kevin_rudolf_ft._lil_wayne-let_it_rock-www.hear-it-first.net.mp3
[2009-02-08 18:19|--a------|8357297] F:\Kelly Clarkson - My Life Would Suck Without You.mp3
[2009-02-02 17:30|--a------|4646039] F:\Kevin Rudolf Ft. Rick Ross - Welcome to The World - HotNewHipHop.com(1).mp3
[2008-04-26 15:39|--a------|3716460] F:\Kylie Minogue ft. Mims - All I See.mp3
[2008-08-14 18:52|--a------|3839093] F:\Kylie Minogue - Love At First Sight.mp3
[2008-08-18 19:05|--a------|2978991] F:\Lady GaGa - Just Dance.mp3
[2006-10-11 20:12|--a------|3528876] F:\La la la la.wma
[2006-01-17 20:26|--a------|3458466] F:\Leann_Rimes-Life_Goes_On.mp3
[2008-08-14 19:04|--a------|5572087] F:\Lil Kim & Sisqo-How Many Licks.mp3
[2008-08-20 20:41|--a------|4098866] F:\Lil Mama - Lip Gloss.mp3
[2008-08-18 19:12|--a------|7538147] F:\LilWayne - Lollipop.mp3
[2006-01-17 20:26|--a------|3155680] F:\Lindsey Lohan - rumors.mp3
[2009-04-13 10:46|--a------|7201103] F:\T.I Feat. Justin Timberlake - Dead & Gone.mp3
[2008-08-14 19:15|--a------|4339809] F:\Ludacris - Move Bitch.mp3
[2006-01-17 20:43|--a------|4961266] F:\Madison Avenue - Dont Call Me Baby.mp3
[2007-12-28 14:23|--a------|5077263] F:\Lumidee Feat Tony Sunshine-She's Like The Wind.mp3
[2008-08-19 18:10|--a------|6913152] F:\Madonna - Give it to me.mp3
[2008-04-25 18:12|--a------|4997130] F:\Mariah Carey - Touch my body.mp3
[2008-05-30 20:16|--a------|4844072] F:\Maroon 5 ft Rihanna - If I Never See Your Face Again.mp3
[2008-08-14 19:15|--a------|3860409] F:\mary j blige - family affair.mp3
[2006-01-17 20:26|--a------|3658859] F:\Mentake_moving on.mp3
[2008-08-18 19:12|--a------|4933843] F:\Metro Station - Shake It.mp3
[2006-01-17 20:44|--a------|5539003] F:\Michelle Branch - Are You Happy Now.mp3
[2006-01-17 20:26|--a------|3870720] F:\Miss-Teeq - Scandalous.mp3
[2008-08-14 19:15|--a------|4636141] F:\Missy Elliot - 4 My People.mp3
[2008-08-14 19:16|--a------|5515528] F:\Missy Elliot feat ciara - Lose Control.mp3
[2008-08-14 19:17|--a------|4102825] F:\Mystical - Shake that ass.mp3
[2008-08-08 17:10|--a------|4891348] F:\Nas Ft Keri Hilson - Hero.mp3
[2006-01-17 20:44|--a------|6533712] F:\Nas ft Amerie - Rule.mp3
[2005-09-25 22:29|--a------|3053364] F:\Nasty girl.wma
[2008-08-14 19:19|--a------|4632850] F:\Nelly - Dilema .mp3
[2006-01-17 20:44|--a------|10009032] F:\Nelly - ErrTime.mp3
[2008-08-14 19:19|--a------|2829836] F:\Nelly - Hot In Here.mp3
[2007-07-04 18:57|--a------|8906292] F:\Nelly Fortado - All Good Things.mp3
[2008-08-08 13:50|--a------|4697302] F:\Nelly ft. Akon & Ashanti - Body On Me.mp3
[2006-09-26 21:27|--a------|5519151] F:\Nelly Furtado - Maneater(1).mp3
[2007-07-06 14:06|--a------|5597021] F:\Ne-yo - Because Of You.mp3
[2008-01-23 19:11|--a------|6334464] F:\Ne-Yo - Go On Girl.mp3
[2008-08-08 18:53|--a------|4399592] F:\NeYo - So Sick.mp3
[2008-05-30 20:19|--a------|5613243] F:\Neyo-Closer.mp3
[2008-08-14 19:21|--a------|6782848] F:\Nicole Scherzinger - Baby Love (feat. Will.i.am).mp3
[2007-08-20 20:22|--a------|7532544] F:\nicole scherzinger ft. t.i. - whatever you like.mp3
[2008-08-18 19:41|--a------|3795114] F:\One Tree Hill - Bethany Joy Lenz - Don't Walk Away.mp3
[2006-01-17 20:26|--a------|3674344] F:\One Tree Hill- The Wreckers - The Good Kind.mp3
[2008-08-14 19:26|--a------|3036193] F:\Paramore - Crushcrushcrush.mp3
[2008-09-18 20:02|--a------|6094308] F:\Pitbull Ft Lil John - The Anthem.mp3
[2008-09-18 20:14|--a------|7340408] F:\Pittsburgh Slim - Girls Kiss Girls.mp3
[2006-05-18 18:04|--a------|5416022] F:\Pussycat Dolls - Buttons.mp3
[2008-08-14 19:26|--a------|6138269] F:\Pussycat Dolls f. Busta Rhymes - Don't Cha.mp3
[2008-08-14 19:27|--a------|3745847] F:\Rihanna - Unfaithful.mp3
[2007-09-29 10:34|--a------|4475507] F:\Rihanna ft. NeYo - Hate That I Love You.mp3
[2008-08-08 18:53|--a------|4773848] F:\Sean Paul - Everblazing.mp3
[2008-08-14 19:36|--a------|4764032] F:\sean paul - temperature.mp3
[2008-09-18 20:10|--a------|3028576] F:\sean paul - watch them roll (tremor riddim).mp3
[2008-08-14 19:36|--a------|2607608] F:\Sean Paul ft Rihanna - Break it off - Rizmo 2006.mp3
[2006-10-11 20:11|--a------|3409356] F:\Shake Baby Shake.wma
[2006-01-17 20:26|--a------|3613119] F:\Shawn Desman - Sexy.mp3
[2006-01-17 20:26|--a------|3141486] F:\Sheryl Crow - The First Cut Is The Deepest (1).mp3
[2008-09-21 19:37|--a------|5427328] F:\Simple Plan - Save You.mp3
[2008-08-14 19:36|--a------|6666026] F:\Simple Plan - Perfect.mp3
[2006-08-24 18:18|--a------|4277815] F:\Sir Pathetik - desole.wma
[2008-02-12 20:59|--a------|3834291] F:\Step up 2 soundtrack - cassie - is it you.mp3
[2008-08-14 19:36|--a------|4675952] F:\STEP UP 2 THE STREETS Sophia Fresh Feat. Jay Lyriq - Lives In Da Club.mp3
[2006-10-11 20:14|--a------|4730052] F:\Sugar on me.wma
[2008-09-30 20:23|--a------|6084902] F:\T.I. Whatever You Like.mp3
[2006-04-25 18:32|--a------|3693966] F:\Teddy Geiger - For You I Will.mp3
[2006-12-05 20:39|--a------|4305722] F:\That's the way love goes - Janet Jackson.wma
[2008-09-18 20:14|--a------|3689464] F:\The Cheetah Girls 2 - Dance With Me.mp3
[2008-08-20 20:41|--a------|6957321] F:\The Frey-How To Save A Life.mp3
[2008-08-08 18:54|--a------|7317475] F:\The Red Jumpsuit Apparatus - Your Guardian Angel.mp3
[2007-03-22 23:13|--a------|3763209] F:\Timberland Ft. Nelly Fertado & Justin Timberlake - Give It To Me.mp3
[2006-10-11 16:13|--a------|6885042] F:\Trick Trick Eminem- Welcome_To_Detroit_City.mp3
[2008-08-14 19:38|--a------|4925568] F:\Tyler Hilton and Bethany Joy L - When The Stars Go Blue.mp3
[2006-01-17 20:44|--a------|5167670] F:\Usher - Burn.mp3
[2008-08-08 18:54|--a------|5394284] F:\Usher - Caught Up.mp3
[2008-04-13 17:19|--a------|6435362] F:\Usher ft. Young Jeezy - Make Love In This Club.mp3
[2008-08-14 19:42|--a------|5975141] F:\Usher ft. Ludacris- Yeah.mp3
[2006-01-17 20:26|--a------|3098260] F:\Will Smith - Switch.mp3
[2008-09-18 20:10|--a------|8300213] F:\Yelle - À Cause des Garçons (Sta Remix).mp3
[2008-08-08 18:54|--a------|4123211] F:\Yellowcard - Only One.mp3
[2008-08-08 18:54|--a------|5509885] F:\Young Jeezy Ft. R.Kelly - Go Gettas.mp3
[2008-08-14 19:04|--a------|5566558] F:\06-lassemblee-turn_your_head_around.mp3
[2008-01-17 19:33|--a------|3443530] F:\Ashlee Simpson - Outta My Head (ay ya ya)(2).mp3
[2007-07-06 15:01|--a------|5471679] F:\Baby Bash feat. Akon - I'm Back.mp3
[2008-08-08 19:34|--a------|3377015] F:\Britney Spears - Blackout - 02 - Piece Of Me.mp3
[2006-01-17 20:43|--a------|5308416] F:\Eminem - Lose Yourself - No Skips Guaranteed - Please Distri.mp3
[2008-03-26 20:34|--a------|5180029] F:\Flo Rida feat. Timbaland - Elevator.mp3
[2008-11-03 14:05|--a------|9876416] F:\Danity Kane - Damaged.mp3
[2008-11-03 15:05|--a------|5959515] F:\Danity Kane - Right Now (Produced by Timbaland).mp3
[2008-11-17 09:28|--a------|6871190] F:\DAY26 - Got Me Going.mp3
[2008-11-16 14:35|--a------|9676934] F:\Donnie Klang ft. P. Diddy - Take You There.mp3
[2008-11-12 18:09|--a------|3701073] F:\Kate Ryan - Ella Elle L'a.mp3
[2008-11-12 18:04|--a------|5283968] F:\Katty Perry - Hot N Cold.mp3
[2008-11-12 18:09|--a------|5161719] F:\Lady Gaga - Poker Face.mp3
[2008-11-12 18:08|--a------|4711647] F:\New Kids On The Block Ft. NeYo - Single.mp3
[2008-11-15 18:14|--a------|9111596] F:\PCD [feat. Missy Elliott] - Whatcha Think About That.mp3
[2008-11-13 13:47|--a------|7238446] F:\Rihanna ft Justin Timberlake - Rehab .mp3
[2008-11-12 18:02|--a------|5785896] F:\T.I. ft Rihanna - Live Your Life.mp3
[2008-12-20 21:18|--a------|5762708] F:\Britney Spears - Circus.mp3
[2008-12-20 21:01|--a------|8368704] F:\Danity Kane - Is Anybody Listening(1).mp3
[2008-12-20 21:05|--a------|5031791] F:\Danity Kane ft. Day 26 & Donnie Klang - Ain't Going.mp3
[2008-12-03 12:04|--a------|5761606] F:\Madonna - Hard Candy - 05 - Miles Away.mp3
[2008-12-20 21:12|--a------|10978825] F:\P. Diddy ft Nicole -Come to me.mp3
[2008-12-20 21:19|--a------|10219814] F:\Pink - Sober.mp3
[2008-12-20 21:01|--a------|5933454] F:\Akon_-_Right_Now_(Na_Na_Na).mp3
[2009-04-16 19:33|--a------|5617017] F:\Ciara & Justin Timberlake - Love And Sex And Magic.mp3
[2008-08-08 18:52|--a------|3956140] F:\05 Bounce.wma

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_FRANCIS-PC.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.097 ! |



ettttt



Logfile of random's system information tool 1.06 (written by random/random)
Run by Francis at 2010-02-27 11:49:51
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 157 GB (88%) free of 178 GB
Total RAM: 2038 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:55, on 2010-02-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AGI\core\4.1\AGCoreService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TODDSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Francis\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Francis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [Afaria Client File Differencing] C:\Program Files\afaria\Bin\XCDiffCache.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DiamondView] "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background
O4 - HKCU\..\Run: [iagconsole] C:\Program files\Interface Suite\IAGConsole\iagschedcheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DSF-DFS Updates Installation] C:\Nodesys\Maj\ExemajLauncher.exe
O4 - HKCU\..\Run: [MSCRMStartup] "C:\Program Files\Microsoft Dynamics CRM\Client\res\Web\bin\Microsoft.Crm.Application.Hoster.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DiamondView] "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Afaria Client Generic Scheduler.lnk = C:\Program Files\afaria\Bin\XCGSTask.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://www.avdlext.com/iNotes6W.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://www.avdlext.com/dwa7W.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sflcuivreetor.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.1\AGCoreService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Service Google Update (gupdate1c9accf499f54da) (gupdate1c9accf499f54da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\System32\TODDSrv.exe
0
Réponse 37 / 68
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut rexxx83


As-tu utilisé où utilises-tu encore le logiciel LogMeIn?


@++ :)
0
Réponse 38 / 68
rexxx83 Messages postés 91 Date d'inscription   Statut Membre Dernière intervention  
 
Oui!!!!!
0
Réponse 39 / 68
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut rexxx83


Double clique sur le raccourci d'HijackThis sur ton Bureau, clique sur Do a scan system only coche la case devant la(les) ligne(s) suivante(s) si présente(s)
Si pas de raccourci sur le bureau, il ce trouve ici :
C:\Program Files\Trend Micro\HijackThis\Francis.exe

R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -


- Ferme les fenêtres en cours sauf HijackThis, clique sur Fix checked

- Quitte HijackThis


-----


On va vérifier si rien de caché :
Faire un scan avec Nod32 en ligne (il faut utiliser Internet Explorer) ici :

https://www.eset.com/int/home/online-scanner/

(coche toutes les cases à chaque fois, sauf les deux dernières a la fin du scan, sinon le rapport est supprimer)
A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt


@++ :)
0
Réponse 40 / 68
rexxx83 Messages postés 91 Date d'inscription   Statut Membre Dernière intervention  
 
Il est tres le ce scan la..45 minutest et que 17% effectuer
0