Virus trojan
klou34
Messages postés
22
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
je me retrouve avec pas mal de virus dans mon ordi mais je n'arrive pas a m'en defaire avec avast j'ai essaye de les supprimer dans windows\system32\rnxlikad.dll je ne letrouve pas
quand a c:\windows\system32\craatzv.dll ce virus est present mais lorsque je le supprime dans system 32 il reapparait
Merci de votre aide
je me retrouve avec pas mal de virus dans mon ordi mais je n'arrive pas a m'en defaire avec avast j'ai essaye de les supprimer dans windows\system32\rnxlikad.dll je ne letrouve pas
quand a c:\windows\system32\craatzv.dll ce virus est present mais lorsque je le supprime dans system 32 il reapparait
Merci de votre aide
A voir également:
- Virus trojan
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Artemis virus - Forum Virus
- Trojan sms-par google ✓ - Forum Virus
- Virus informatique - Guide
47 réponses
Bonsoir klou34
Pour voir cela:
Télécharge RSIT (de random/random) sur le bureau :
- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur "Continue" dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .
Les rapports sont dans le dossier ici C:\rsit
a+
Pour voir cela:
Télécharge RSIT (de random/random) sur le bureau :
- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur "Continue" dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .
Les rapports sont dans le dossier ici C:\rsit
a+
Ok,
Télécharges AD-REMOVER
ou
AD-REMOVER
(de Cyrildu17 / C_XX) sur ton Bureau.
Déconnectes-toi et ferme toutes applications en cours
Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
Double-clique sur l'icône [AD-Remover située sur ton Bureau.
Au menu principal, choisis l'option L.
Postes le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note : "Process.exe", une composante de l'outil, est détecté par certains ant
a+
Télécharges AD-REMOVER
ou
AD-REMOVER
(de Cyrildu17 / C_XX) sur ton Bureau.
Déconnectes-toi et ferme toutes applications en cours
Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
Double-clique sur l'icône [AD-Remover située sur ton Bureau.
Au menu principal, choisis l'option L.
Postes le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note : "Process.exe", une composante de l'outil, est détecté par certains ant
a+
bonjour archet
voici le rapport de ad remover
.
======= RAPPORT D'AD-REMOVER 2.0.0.0,A | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 13/03/10 à 21:50
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:37:52 le 14/03/2010 | Mode normal | Option: SCAN
Exécuté de: C:\Ad-Remover\ADR.exe
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2
Nom du PC: PASCAL-507FF084 | Utilisateur actuel: pascal (Administrateur)
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
C:\Documents and Settings\All Users\Bureau\Everest Poker.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Casino
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker
C:\Documents and Settings\pascal\Application Data\Mozilla\FireFox\Profiles\xwwed93o.default\extensions\toolbar@ask.com
C:\Documents and Settings\pascal\Application Data\Mozilla\FireFox\Profiles\xwwed93o.default\searchplugins\askcom.xml
C:\Documents and Settings\pascal\Bureau\SweetImSetup.exe
C:\Documents and Settings\pascal\Menu Démarrer\Programmes\Ask Search Assistant
C:\log_lobby.txt
C:\log_lobby_dumper.txt
C:\Program Files\Ask Search Assistant
C:\Program Files\Ask.com
C:\Program Files\Everest Poker
C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
.
HKCU\Software\AppDataLow\AskBarDis
HKCU\Software\AppDataLow\AskHomePage
HKCU\Software\AppDataLow\AskToolbarInfo
HKCU\Software\Ask.com
HKCU\Software\AskToolbar
HKCU\Software\Grand Virtual
HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Ask.com\GenericAskToolbar.dll
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.5.8 (fr) *
.
browser.download.lastDir: D:\\floriane
browser.search.defaultenginename: Ask.com
browser.search.defaulturl: hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
browser.search.selectedEngine: Google
browser.startup.homepage: hxxp://www.mcmetal.fr/
browser.startup.homepage_override.mstone: rv:1.9.1.8
extensions.enabledItems: toolbar@ask.com:3.5.1.110,anycolor.pavlos256@gmail.com:0.3.0,{3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20091119W,illimitux@illimitux.net:3.5,{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
keyword.URL: hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=fr_FR&q=
browser.search.defaultenginename: Google
browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
browser.search.selectedEngine: Google
extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
.
INFECTÉ: C:\Documents and Settings\pascal\Application Data\mozilla\firefox\profiles\xwwed93o.default\prefs.js
.
* Internet Explorer Version 6.0.2900.2180 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Do404Search: 0x01000000
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.fr/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: hxxp://fr.ask.com?o=15161&l=dis
Use Custom Search URL: 1
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Blank: res://mshtml.dll/blank.htm
.
============== SUSPECT(S) ==============
.
C:\Documents and Settings\pascal\Bureau\cerebral\SAV\patch\cdrom\safedisc.exe
.
========================================
.
C:\DOCUME~1\pascal\LOCALS~1\Temp: 31 Fichier(s), 15 Dossier(s)
C:\WINDOWS\temp: 39 Fichier(s), 12 Dossier(s)
Temporary Internet Files: 9 Fichier(s), 5 Dossier(s)
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 0 Fichier(s)
.
C:\Ad-Report-SCAN[1].txt - 6306 Octet(s)
.
Fin à: 11:44:13, 14/03/2010
.
============== E.O.F - SCAN[1] ==============
voici le rapport de ad remover
.
======= RAPPORT D'AD-REMOVER 2.0.0.0,A | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 13/03/10 à 21:50
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:37:52 le 14/03/2010 | Mode normal | Option: SCAN
Exécuté de: C:\Ad-Remover\ADR.exe
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2
Nom du PC: PASCAL-507FF084 | Utilisateur actuel: pascal (Administrateur)
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
C:\Documents and Settings\All Users\Bureau\Everest Poker.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Casino
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker
C:\Documents and Settings\pascal\Application Data\Mozilla\FireFox\Profiles\xwwed93o.default\extensions\toolbar@ask.com
C:\Documents and Settings\pascal\Application Data\Mozilla\FireFox\Profiles\xwwed93o.default\searchplugins\askcom.xml
C:\Documents and Settings\pascal\Bureau\SweetImSetup.exe
C:\Documents and Settings\pascal\Menu Démarrer\Programmes\Ask Search Assistant
C:\log_lobby.txt
C:\log_lobby_dumper.txt
C:\Program Files\Ask Search Assistant
C:\Program Files\Ask.com
C:\Program Files\Everest Poker
C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
.
HKCU\Software\AppDataLow\AskBarDis
HKCU\Software\AppDataLow\AskHomePage
HKCU\Software\AppDataLow\AskToolbarInfo
HKCU\Software\Ask.com
HKCU\Software\AskToolbar
HKCU\Software\Grand Virtual
HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Ask.com\GenericAskToolbar.dll
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.5.8 (fr) *
.
browser.download.lastDir: D:\\floriane
browser.search.defaultenginename: Ask.com
browser.search.defaulturl: hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
browser.search.selectedEngine: Google
browser.startup.homepage: hxxp://www.mcmetal.fr/
browser.startup.homepage_override.mstone: rv:1.9.1.8
extensions.enabledItems: toolbar@ask.com:3.5.1.110,anycolor.pavlos256@gmail.com:0.3.0,{3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20091119W,illimitux@illimitux.net:3.5,{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
keyword.URL: hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=fr_FR&q=
browser.search.defaultenginename: Google
browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
browser.search.selectedEngine: Google
extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
.
INFECTÉ: C:\Documents and Settings\pascal\Application Data\mozilla\firefox\profiles\xwwed93o.default\prefs.js
.
* Internet Explorer Version 6.0.2900.2180 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Do404Search: 0x01000000
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.fr/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: hxxp://fr.ask.com?o=15161&l=dis
Use Custom Search URL: 1
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Blank: res://mshtml.dll/blank.htm
.
============== SUSPECT(S) ==============
.
C:\Documents and Settings\pascal\Bureau\cerebral\SAV\patch\cdrom\safedisc.exe
.
========================================
.
C:\DOCUME~1\pascal\LOCALS~1\Temp: 31 Fichier(s), 15 Dossier(s)
C:\WINDOWS\temp: 39 Fichier(s), 12 Dossier(s)
Temporary Internet Files: 9 Fichier(s), 5 Dossier(s)
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 0 Fichier(s)
.
C:\Ad-Report-SCAN[1].txt - 6306 Octet(s)
.
Fin à: 11:44:13, 14/03/2010
.
============== E.O.F - SCAN[1] ==============
avast n'arrete pas de m avertir que un virus est dans mon ordi je le mets en quarantaine mais en vain
==> C'est du a cette nouvelle version de Ad remover, donc pas grave !
--> Relances Ad remover et choisis "désinstaller", et Avast va se calmer.....
Ensuite:
Fais un scan avec cet antispyware :
Malwarebytes + tutoriel
Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case :
"Executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
A la fin du scan, clique sur Afficher les résultats
Si des elements on ete trouvés :
> click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir;
sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.
a+
voici lee rapport malware
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3865
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
14/03/2010 13:40:42
mbam-log-2010-03-14 (13-40-42).txt
Type de recherche: Examen rapide
Eléments examinés: 111874
Temps écoulé: 5 minute(s), 50 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3865
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
14/03/2010 13:40:42
mbam-log-2010-03-14 (13-40-42).txt
Type de recherche: Examen rapide
Eléments examinés: 111874
Temps écoulé: 5 minute(s), 50 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
re bonjour
et merci
je te joins le rapport si tu peux m'eclairer car je n'y comprend rien
merci
Logfile of random's system information tool 1.06 (written by random/random)
Run by pascal at 2010-03-13 20:50:05
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 37 GB (33%) free of 111 GB
Total RAM: 1014 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:07, on 13/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\pascal\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\pascal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.ask.com/?o=15161&l=dis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D0DCB98B-D851-41BA-A4EF-A2D72C1D7663} - c:\windows\system32\craatzv.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVIDIA Monitoring] C:\DOCUME~1\pascal\LOCALS~1\Temp\67.jpg
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\DOCUME~1\pascal\LOCALS~1\Temp\E_SE894.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
et merci
je te joins le rapport si tu peux m'eclairer car je n'y comprend rien
merci
Logfile of random's system information tool 1.06 (written by random/random)
Run by pascal at 2010-03-13 20:50:05
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 37 GB (33%) free of 111 GB
Total RAM: 1014 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:07, on 13/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\pascal\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\pascal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.ask.com/?o=15161&l=dis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D0DCB98B-D851-41BA-A4EF-A2D72C1D7663} - c:\windows\system32\craatzv.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVIDIA Monitoring] C:\DOCUME~1\pascal\LOCALS~1\Temp\67.jpg
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\DOCUME~1\pascal\LOCALS~1\Temp\E_SE894.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Ok....
Ton scan montre plusieurs infections ........
Il faudra passer plusieurs outils de désinfection :
Donc soit patient !!!!
Pour l'infection liée à tes supports amovibles :
• Télécharge USBFIX
Auteur :" El Desaparecido "
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 2 " (suppression) et tape sur [entrée]
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Ton scan montre plusieurs infections ........
Il faudra passer plusieurs outils de désinfection :
Donc soit patient !!!!
Pour l'infection liée à tes supports amovibles :
• Télécharge USBFIX
Auteur :" El Desaparecido "
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 2 " (suppression) et tape sur [entrée]
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
merci
voici le rapport j'espere que c'est bon!
############################## | UsbFix V6.099 |
User : pascal (Administrateurs) # PASCAL-507FF084
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 22:27:30 | 13/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) D CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100313-1] 4.8.1368 [ Enabled | Updated ]
C:\ -> Disque fixe local # 108,62 Go (36,29 Go free) # NTFS
D:\ -> Disque fixe local # 37,24 Go (10,45 Go free) [Sauvegarder] # NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
I:\ -> Disque amovible
################## | Elements infectieux |
Supprimé ! C:\DOCUME~1\pascal\LOCALS~1\Temp\10.exe
Supprimé ! C:\DOCUME~1\pascal\LOCALS~1\Temp\56.exe
Supprimé ! C:\a.txt
Supprimé ! C:\Recycler\S-1-5-21-839522115-1383384898-725345543-1003
Supprimé ! D:\Recycler\S-1-5-21-1199173202-1714854030-1723158581-1006
Supprimé ! D:\Recycler\S-1-5-21-1214440339-1647877149-725345543-1003
Supprimé ! D:\Recycler\S-1-5-21-1644491937-1229272821-839522115-1003
Supprimé ! D:\Recycler\S-1-5-21-1644491937-1229272821-839522115-500
Supprimé ! D:\Recycler\S-1-5-21-839522115-1383384898-725345543-1003
################## | Registre |
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{cefb5a52-e5b3-11dd-bc95-001372e6dab5}\Shell\Autoplay\Command
################## | Listing des fichiers présent |
[28/11/2007 14:37|--a--c---|0] C:\AUTOEXEC.BAT
[19/09/2008 16:56|--a--c---|74] C:\CMLoader.log
[28/11/2007 14:37|--a--c---|0] C:\CONFIG.SYS
[13/03/2010 22:22|--ah-c---|5045] C:\ffastun.ffa
[13/03/2010 22:22|--ah-c---|1138688] C:\ffastun.ffl
[13/03/2010 22:22|--ah-c---|380928] C:\ffastun.ffo
[13/03/2010 22:22|--ah-c---|4288512] C:\ffastun0.ffx
[28/11/2007 14:37|-rahsc---|0] C:\IO.SYS
[13/01/2009 20:13|--a--c---|0] C:\log_lobby.txt
[13/01/2009 20:13|--a--c---|0] C:\log_lobby_dumper.txt
[28/11/2007 14:37|-rahsc---|0] C:\MSDOS.SYS
[29/02/2004 16:44|--a--c---|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[13/03/2010 22:32|--a--c---|2240] C:\UsbFix.txt
[19/11/2006 15:51|--a------|5728634] D:\ Cristina Aguilera - Beautiful.mp3
[11/12/2006 03:39|--a------|95671664] D:\(Album) amine.mp3
[17/11/2006 23:55|--a------|5009785] D:\-Kamini- Marly Gomont.mp3
[30/12/2006 17:43|--a------|3974943] D:\01 - Tina Arena - Aimer Jusqu'… L'impossible 2005.mp3
[04/01/2007 21:22|--a------|13422009] D:\02_danzel_-_put_your_hands_up_in_the_air_(natural_born_grooves_remix)-hb.mp3
[30/11/2006 15:19|--a------|4470780] D:\03 Au Arbres Citoyens.mp3
[18/11/2006 13:31|--a------|8752272] D:\05-Black Eyed Peas-My Humps.mp3
[30/12/2006 11:52|--a------|5801161] D:\05-the_pussycat_dolls-buttons.mp3
[01/12/2006 12:43|--a------|6923959] D:\07 C'est Toi.mp3
[11/01/2007 18:11|--a------|5891680] D:\08 Joe Dassin - Ca ne va pas changer le monde.mp3
[13/01/2007 19:07|--a------|7696934] D:\11 - Sean Paul - Temperature.mp3
[01/12/2006 12:10|--a------|6289917] D:\12 La.mp3
[30/11/2006 09:58|--a------|3639353] D:\14 Dans Et Sur Mes Bras.mp3
[13/01/2007 18:19|--a------|5887251] D:\15 - David Vendetta - Love To Love You Baby.mp3
[12/08/2007 17:04|--ahs----|3171] D:\AlbumArtSmall.jpg
[12/08/2007 17:04|--ahs----|10020] D:\AlbumArt_{9A44231D-0C5E-4CC3-B9DC-B78B397E52A9}_Large.jpg
[12/08/2007 17:04|--ahs----|2537] D:\AlbumArt_{9A44231D-0C5E-4CC3-B9DC-B78B397E52A9}_Small.jpg
[12/08/2007 17:04|--ahs----|12219] D:\AlbumArt_{B32F0CA5-471F-4532-9B1A-8ED383653023}_Large.jpg
[12/08/2007 17:04|--ahs----|3171] D:\AlbumArt_{B32F0CA5-471F-4532-9B1A-8ED383653023}_Small.jpg
[18/12/2006 17:01|--a------|4214582] D:\Anais - 02 - Mon coeur mon amour.mp3
[29/11/2006 10:11|--a------|4605202] D:\Anais - 06 - La vie est dure.mp3
[29/12/2006 23:40|--a------|4599105] D:\Anais - 10 - B-B Baise moi.mp3
[25/11/2006 12:50|--a------|6225500] D:\AYO - Down on my knees.mp3
[19/01/2007 03:45|--a------|6181116] D:\Benabar 09-saturne.mp3
[13/01/2007 21:01|--a------|7243778] D:\Benabar - La Berceuse.mp3
[13/01/2007 21:00|--a------|5512173] D:\Benabar - Maritie et Gilbert Carpentier.mp3
[05/01/2007 05:54|--a------|87338735] D:\Benabar-Concert Live RTL 2002 (full album).mp3
[30/12/2006 06:02|--a------|10576682] D:\Benny Benassi - Who's Your Dady (David Guetta Remix).mp3
[12/08/2007 17:35|--a------|4754763] D:\Black Eyes Pears - Clap Your Hands.mp3
[15/12/2006 14:40|--a------|3706144] D:\Black Eyes Pears - Where is the love.mp3
[01/01/2007 15:26|--a------|140089983] D:\Booba - Le Rˆgne Au Rap (Nouvelle Album) 2005.rar
[31/12/2006 05:54|--a------|85609890] D:\Booba-Ouest_Side-FR-2006-OGV.share.by.rkoper[link].rar
[28/11/2007 15:21|-rahs----|211] D:\boot.ini
[30/08/2002 13:00|-rahs----|4952] D:\Bootfont.bin
[13/01/2007 18:41|--a------|4783772] D:\Cascada - Every Time We Touch.mp3
[13/01/2007 18:27|--a------|5234688] D:\Cascada - Miracle.mp3
[19/11/2006 20:50|--a------|5286016] D:\Cassie - Long Way 2 Go.mp3
[05/01/2007 08:57|--a------|151509964] D:\CHANSONS DES FILMS - WALT DISNEY.rar
[17/11/2006 23:21|--a------|868536] D:\coupet9bo.gif
[12/08/2007 17:04|--ahs----|289] D:\desktop.ini
[13/01/2007 18:09|--a------|5803074] D:\Diam's - Confessions Nocturnes avec Vitaa (Dans ma bulle 11).mp3
[30/12/2006 01:35|--a------|2729819] D:\diras que estoy loco.mp3
[30/12/2006 17:21|--a------|7242315] D:\Emmanuel Moir - Mon Essentielle.mp3
[30/12/2006 17:35|--a------|3305265] D:\Emmanuel Moire - Le sourire.mp3
[13/01/2007 17:56|--a------|5061904] D:\Faf la Rage - Pas le Temps (Prison Break).mp3
[18/11/2006 11:32|--a------|5629390] D:\Fatal Bazooka - Fous Ta Cagoule (Michael Youn) Complete by Bajir.mp3
[18/11/2006 11:05|--a------|5629390] D:\Fatal Bazooka - Fout ta cagoule.mp3
[12/08/2007 17:04|--ahs----|12219] D:\Folder.jpg
[26/09/2007 13:19|--a------|4415] D:\fournisseur.rtf
[21/11/2006 17:42|--a------|4141184] D:\house music - techno - dance rave - dj kosmonova - take me away club mix.mp3
[12/08/2007 17:35|--a------|6385399] D:\Ilona - C'est les vacances.mp3
[06/01/2007 11:29|--a------|61365487] D:\Ilona Mitrecey Laissez nous respirer.rar
[20/11/2006 07:48|--a------|382090271] D:\Int‚grale Coluche - Super D‚capant - 7CD - 128K - Zbouby - Spartateur - MP3.rar
[11/01/2007 10:39|--a------|3280600] D:\jo dassin - Les petits pains au chocolat.mp3
[18/01/2007 17:14|--a------|6841075] D:\Joe Dassin - A Toi.mp3
[12/01/2007 12:43|--a------|6729699] D:\Joe Dassin - Et si tu n'existais pas.mp3
[11/01/2007 10:02|--a------|3363752] D:\Joe Dassin - Et si tu n'‚xistais pas.mp3
[12/01/2007 07:29|--a------|3771454] D:\joe dassin - il etait une fois nous deux.mp3
[11/01/2007 19:58|--a------|3403904] D:\Joe Dassin - L'Am‚rique.mp3
[11/01/2007 11:06|--a------|3453325] D:\Joe Dassin - La Fleur Aux Dents.mp3
[11/01/2007 10:50|--a------|6808337] D:\Joe Dassin - Le dernier slow.mp3
[11/01/2007 10:59|--a------|6748730] D:\Joe Dassin - Le petit pain au chocolat.mp3
[11/01/2007 19:32|--a------|3956864] D:\Joe Dassin - Les Champs-Elys‚es.mp3
[12/01/2007 07:22|--a------|3885184] D:\Joe Dassin - Les Daltons.mp3
[11/01/2007 04:34|--a------|41961217] D:\Joe Dassin - Les Indispensables - Vol 2 Full Album Good Zip.mp3
[11/01/2007 09:06|--a------|6593535] D:\Joe Dassin - Marie-Jeanne.mp3
[11/01/2007 10:59|--a------|3752984] D:\Joe Dassin - On s'est aimǸ comme on se quitte.mp3
[11/01/2007 10:17|--a------|7800918] D:\Joe Dassin - Salut les amoureux.mp3
[11/01/2007 10:00|--a------|3778560] D:\Joe Dassin - Souviens-toi.mp3
[30/12/2006 17:25|--a------|9175168] D:\Laam - petite soeur.mp3
[13/01/2007 17:58|--a------|3450834] D:\Leslie - L'envers de la terre.mp3
[21/11/2006 22:07|--a------|6078416] D:\Lord Kossity - Seconde chance.mp3
[13/01/2007 18:27|--a------|8156589] D:\lorie-partie pour zouker.mp3
[21/10/2006 18:50|--a------|1877254] D:\L‚na je t'adore ELODIE.bmp
[13/01/2007 13:13|--a------|5633814] D:\M.Pokora-Ce soir je lui dis tout.wma
[19/11/2007 12:35|--a------|20480] D:\Menu.doc
[30/12/2006 00:41|---------|4144484] D:\Michel Sardou - Femme Des Ann‚es 80.mp3
[30/12/2006 01:39|--a------|3402996] D:\Michel Sardou - La maladie d'amour (1).mp3
[30/12/2006 03:16|--a------|3776389] D:\Michel Sardou - Le France.mp3
[30/12/2006 01:25|--a------|4866055] D:\Michel Sardou et Garou - La RiviŠre de notre enfance.mp3
[18/11/2006 15:05|--a------|1862814] D:\mon cheval d'amour 2.bmp
[18/11/2006 15:13|--a------|1862814] D:\mon cheval d'amour..bmp
[15/10/2006 13:37|--a------|55113] D:\montage de l‚na.JPG
[15/10/2006 16:59|--a------|107237] D:\Montage L‚na 2.JPG
[22/10/2006 10:38|--a------|106903] D:\Montage L‚na3.JPG
[30/12/2006 17:43|--a------|6548832] D:\MP3 Emmanuel Moire - Etre … la hauteur (le roi soleil).mp3
[02/12/2006 12:24|--a------|109269120] D:\Muse-Black holes and revelations (NOUVEL ALBUM ENTIER).mp3
[12/11/2007 10:11|--a------|19968] D:\nouveau abonnes grande motte.doc
[03/08/2004 21:38|-rahs----|47564] D:\NTDETECT.COM
[03/08/2004 21:59|-rahs----|251712] D:\ntldr
[22/10/2006 16:15|--a------|1877254] D:\PAPA A LA MER.bmp
[05/01/2007 15:00|--a------|4750057] D:\Philippe Catherine - au louxor, j'adore.mp3
[31/12/2006 17:48|--a------|4792407] D:\Pierre Vassiliu - Lena.mp3
[21/11/2006 18:20|--a------|3917824] D:\Rave Techno House Robert Miles - Children 2000 (Trance Remix.mp3
[19/11/2006 15:29|--a------|7217480] D:\Renaud-Les Bobos.mp3
[30/12/2006 05:46|--a------|10265958] D:\Rihana - Sos.mp3
[22/10/2006 16:07|--a------|1877254] D:\Sans titre.bmp
[11/12/2006 12:17|--a------|262173763] D:\SCRABBLE.Interactif.Edition.2007.FRENCH-ReVOLVeR.rar
[30/12/2006 00:26|--a------|5288357] D:\Sean Paul Ft. Rihana - Break It Off (Remix).mp3
[26/09/2007 13:24|--a------|8518] D:\seri 2007.rtf
[19/11/2006 20:00|---------|3168019] D:\Soprano - Je T'aime A La Haine Inedit Exclu Total Stallag 13.mp3
[19/11/2006 16:17|--a------|5311222] D:\Soprano- Moi J'ai Pas.mp3
[21/11/2006 18:25|--a------|3446373] D:\Techno Fatboy Slim- Kung Fu Fighting (Dance Remix).mp3
[12/12/2006 20:59|--a------|4773612] D:\The Black Eyes Pears - Sharap.MP3
[30/12/2006 15:51|--a------|6138269] D:\The Pussycat Dolls - Don'T Cha.mp3
[30/12/2006 16:47|--a------|3823184] D:\Tina arena - aller plus haut.mp3
[13/01/2007 17:35|--a------|6231491] D:\Tina Arena - Je m'appelle Bagdad (1).mp3
[30/12/2006 17:19|--a------|6226883] D:\Tina Arena - Je m'appelle Bagdad.mp3
[12/11/2007 09:55|--a------|52736] D:\tournee grande motte.doc
[13/10/2006 19:13|--a------|248297] D:\vlcsnap-257716.png
[27/01/2007 14:43|--a------|2568320] D:\Walt Disney - Aladin - Ce reve bleu.mp3
[27/01/2007 16:40|--a------|2831383] D:\Walt Disney - Le Roi Lion - L'amour brille sous les ‚toiles.mp3
[01/12/2006 09:26|--a------|3641771] D:\Yannick Noah - Charango - 14 - Dans et sur mes bras.mp3
[04/12/2006 07:28|--a------|49402651] D:\Yannick Noah - Pokhara - Album (Complet Cover) Zip.mp3
[20/12/2006 11:53|--a------|3557295] D:\Zina feat L'emeute - Parle moi de lui.mp3
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PASCAL-507FF084.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.099 ! |
voici le rapport j'espere que c'est bon!
############################## | UsbFix V6.099 |
User : pascal (Administrateurs) # PASCAL-507FF084
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 22:27:30 | 13/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) D CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100313-1] 4.8.1368 [ Enabled | Updated ]
C:\ -> Disque fixe local # 108,62 Go (36,29 Go free) # NTFS
D:\ -> Disque fixe local # 37,24 Go (10,45 Go free) [Sauvegarder] # NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
I:\ -> Disque amovible
################## | Elements infectieux |
Supprimé ! C:\DOCUME~1\pascal\LOCALS~1\Temp\10.exe
Supprimé ! C:\DOCUME~1\pascal\LOCALS~1\Temp\56.exe
Supprimé ! C:\a.txt
Supprimé ! C:\Recycler\S-1-5-21-839522115-1383384898-725345543-1003
Supprimé ! D:\Recycler\S-1-5-21-1199173202-1714854030-1723158581-1006
Supprimé ! D:\Recycler\S-1-5-21-1214440339-1647877149-725345543-1003
Supprimé ! D:\Recycler\S-1-5-21-1644491937-1229272821-839522115-1003
Supprimé ! D:\Recycler\S-1-5-21-1644491937-1229272821-839522115-500
Supprimé ! D:\Recycler\S-1-5-21-839522115-1383384898-725345543-1003
################## | Registre |
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{cefb5a52-e5b3-11dd-bc95-001372e6dab5}\Shell\Autoplay\Command
################## | Listing des fichiers présent |
[28/11/2007 14:37|--a--c---|0] C:\AUTOEXEC.BAT
[19/09/2008 16:56|--a--c---|74] C:\CMLoader.log
[28/11/2007 14:37|--a--c---|0] C:\CONFIG.SYS
[13/03/2010 22:22|--ah-c---|5045] C:\ffastun.ffa
[13/03/2010 22:22|--ah-c---|1138688] C:\ffastun.ffl
[13/03/2010 22:22|--ah-c---|380928] C:\ffastun.ffo
[13/03/2010 22:22|--ah-c---|4288512] C:\ffastun0.ffx
[28/11/2007 14:37|-rahsc---|0] C:\IO.SYS
[13/01/2009 20:13|--a--c---|0] C:\log_lobby.txt
[13/01/2009 20:13|--a--c---|0] C:\log_lobby_dumper.txt
[28/11/2007 14:37|-rahsc---|0] C:\MSDOS.SYS
[29/02/2004 16:44|--a--c---|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[13/03/2010 22:32|--a--c---|2240] C:\UsbFix.txt
[19/11/2006 15:51|--a------|5728634] D:\ Cristina Aguilera - Beautiful.mp3
[11/12/2006 03:39|--a------|95671664] D:\(Album) amine.mp3
[17/11/2006 23:55|--a------|5009785] D:\-Kamini- Marly Gomont.mp3
[30/12/2006 17:43|--a------|3974943] D:\01 - Tina Arena - Aimer Jusqu'… L'impossible 2005.mp3
[04/01/2007 21:22|--a------|13422009] D:\02_danzel_-_put_your_hands_up_in_the_air_(natural_born_grooves_remix)-hb.mp3
[30/11/2006 15:19|--a------|4470780] D:\03 Au Arbres Citoyens.mp3
[18/11/2006 13:31|--a------|8752272] D:\05-Black Eyed Peas-My Humps.mp3
[30/12/2006 11:52|--a------|5801161] D:\05-the_pussycat_dolls-buttons.mp3
[01/12/2006 12:43|--a------|6923959] D:\07 C'est Toi.mp3
[11/01/2007 18:11|--a------|5891680] D:\08 Joe Dassin - Ca ne va pas changer le monde.mp3
[13/01/2007 19:07|--a------|7696934] D:\11 - Sean Paul - Temperature.mp3
[01/12/2006 12:10|--a------|6289917] D:\12 La.mp3
[30/11/2006 09:58|--a------|3639353] D:\14 Dans Et Sur Mes Bras.mp3
[13/01/2007 18:19|--a------|5887251] D:\15 - David Vendetta - Love To Love You Baby.mp3
[12/08/2007 17:04|--ahs----|3171] D:\AlbumArtSmall.jpg
[12/08/2007 17:04|--ahs----|10020] D:\AlbumArt_{9A44231D-0C5E-4CC3-B9DC-B78B397E52A9}_Large.jpg
[12/08/2007 17:04|--ahs----|2537] D:\AlbumArt_{9A44231D-0C5E-4CC3-B9DC-B78B397E52A9}_Small.jpg
[12/08/2007 17:04|--ahs----|12219] D:\AlbumArt_{B32F0CA5-471F-4532-9B1A-8ED383653023}_Large.jpg
[12/08/2007 17:04|--ahs----|3171] D:\AlbumArt_{B32F0CA5-471F-4532-9B1A-8ED383653023}_Small.jpg
[18/12/2006 17:01|--a------|4214582] D:\Anais - 02 - Mon coeur mon amour.mp3
[29/11/2006 10:11|--a------|4605202] D:\Anais - 06 - La vie est dure.mp3
[29/12/2006 23:40|--a------|4599105] D:\Anais - 10 - B-B Baise moi.mp3
[25/11/2006 12:50|--a------|6225500] D:\AYO - Down on my knees.mp3
[19/01/2007 03:45|--a------|6181116] D:\Benabar 09-saturne.mp3
[13/01/2007 21:01|--a------|7243778] D:\Benabar - La Berceuse.mp3
[13/01/2007 21:00|--a------|5512173] D:\Benabar - Maritie et Gilbert Carpentier.mp3
[05/01/2007 05:54|--a------|87338735] D:\Benabar-Concert Live RTL 2002 (full album).mp3
[30/12/2006 06:02|--a------|10576682] D:\Benny Benassi - Who's Your Dady (David Guetta Remix).mp3
[12/08/2007 17:35|--a------|4754763] D:\Black Eyes Pears - Clap Your Hands.mp3
[15/12/2006 14:40|--a------|3706144] D:\Black Eyes Pears - Where is the love.mp3
[01/01/2007 15:26|--a------|140089983] D:\Booba - Le Rˆgne Au Rap (Nouvelle Album) 2005.rar
[31/12/2006 05:54|--a------|85609890] D:\Booba-Ouest_Side-FR-2006-OGV.share.by.rkoper[link].rar
[28/11/2007 15:21|-rahs----|211] D:\boot.ini
[30/08/2002 13:00|-rahs----|4952] D:\Bootfont.bin
[13/01/2007 18:41|--a------|4783772] D:\Cascada - Every Time We Touch.mp3
[13/01/2007 18:27|--a------|5234688] D:\Cascada - Miracle.mp3
[19/11/2006 20:50|--a------|5286016] D:\Cassie - Long Way 2 Go.mp3
[05/01/2007 08:57|--a------|151509964] D:\CHANSONS DES FILMS - WALT DISNEY.rar
[17/11/2006 23:21|--a------|868536] D:\coupet9bo.gif
[12/08/2007 17:04|--ahs----|289] D:\desktop.ini
[13/01/2007 18:09|--a------|5803074] D:\Diam's - Confessions Nocturnes avec Vitaa (Dans ma bulle 11).mp3
[30/12/2006 01:35|--a------|2729819] D:\diras que estoy loco.mp3
[30/12/2006 17:21|--a------|7242315] D:\Emmanuel Moir - Mon Essentielle.mp3
[30/12/2006 17:35|--a------|3305265] D:\Emmanuel Moire - Le sourire.mp3
[13/01/2007 17:56|--a------|5061904] D:\Faf la Rage - Pas le Temps (Prison Break).mp3
[18/11/2006 11:32|--a------|5629390] D:\Fatal Bazooka - Fous Ta Cagoule (Michael Youn) Complete by Bajir.mp3
[18/11/2006 11:05|--a------|5629390] D:\Fatal Bazooka - Fout ta cagoule.mp3
[12/08/2007 17:04|--ahs----|12219] D:\Folder.jpg
[26/09/2007 13:19|--a------|4415] D:\fournisseur.rtf
[21/11/2006 17:42|--a------|4141184] D:\house music - techno - dance rave - dj kosmonova - take me away club mix.mp3
[12/08/2007 17:35|--a------|6385399] D:\Ilona - C'est les vacances.mp3
[06/01/2007 11:29|--a------|61365487] D:\Ilona Mitrecey Laissez nous respirer.rar
[20/11/2006 07:48|--a------|382090271] D:\Int‚grale Coluche - Super D‚capant - 7CD - 128K - Zbouby - Spartateur - MP3.rar
[11/01/2007 10:39|--a------|3280600] D:\jo dassin - Les petits pains au chocolat.mp3
[18/01/2007 17:14|--a------|6841075] D:\Joe Dassin - A Toi.mp3
[12/01/2007 12:43|--a------|6729699] D:\Joe Dassin - Et si tu n'existais pas.mp3
[11/01/2007 10:02|--a------|3363752] D:\Joe Dassin - Et si tu n'‚xistais pas.mp3
[12/01/2007 07:29|--a------|3771454] D:\joe dassin - il etait une fois nous deux.mp3
[11/01/2007 19:58|--a------|3403904] D:\Joe Dassin - L'Am‚rique.mp3
[11/01/2007 11:06|--a------|3453325] D:\Joe Dassin - La Fleur Aux Dents.mp3
[11/01/2007 10:50|--a------|6808337] D:\Joe Dassin - Le dernier slow.mp3
[11/01/2007 10:59|--a------|6748730] D:\Joe Dassin - Le petit pain au chocolat.mp3
[11/01/2007 19:32|--a------|3956864] D:\Joe Dassin - Les Champs-Elys‚es.mp3
[12/01/2007 07:22|--a------|3885184] D:\Joe Dassin - Les Daltons.mp3
[11/01/2007 04:34|--a------|41961217] D:\Joe Dassin - Les Indispensables - Vol 2 Full Album Good Zip.mp3
[11/01/2007 09:06|--a------|6593535] D:\Joe Dassin - Marie-Jeanne.mp3
[11/01/2007 10:59|--a------|3752984] D:\Joe Dassin - On s'est aimǸ comme on se quitte.mp3
[11/01/2007 10:17|--a------|7800918] D:\Joe Dassin - Salut les amoureux.mp3
[11/01/2007 10:00|--a------|3778560] D:\Joe Dassin - Souviens-toi.mp3
[30/12/2006 17:25|--a------|9175168] D:\Laam - petite soeur.mp3
[13/01/2007 17:58|--a------|3450834] D:\Leslie - L'envers de la terre.mp3
[21/11/2006 22:07|--a------|6078416] D:\Lord Kossity - Seconde chance.mp3
[13/01/2007 18:27|--a------|8156589] D:\lorie-partie pour zouker.mp3
[21/10/2006 18:50|--a------|1877254] D:\L‚na je t'adore ELODIE.bmp
[13/01/2007 13:13|--a------|5633814] D:\M.Pokora-Ce soir je lui dis tout.wma
[19/11/2007 12:35|--a------|20480] D:\Menu.doc
[30/12/2006 00:41|---------|4144484] D:\Michel Sardou - Femme Des Ann‚es 80.mp3
[30/12/2006 01:39|--a------|3402996] D:\Michel Sardou - La maladie d'amour (1).mp3
[30/12/2006 03:16|--a------|3776389] D:\Michel Sardou - Le France.mp3
[30/12/2006 01:25|--a------|4866055] D:\Michel Sardou et Garou - La RiviŠre de notre enfance.mp3
[18/11/2006 15:05|--a------|1862814] D:\mon cheval d'amour 2.bmp
[18/11/2006 15:13|--a------|1862814] D:\mon cheval d'amour..bmp
[15/10/2006 13:37|--a------|55113] D:\montage de l‚na.JPG
[15/10/2006 16:59|--a------|107237] D:\Montage L‚na 2.JPG
[22/10/2006 10:38|--a------|106903] D:\Montage L‚na3.JPG
[30/12/2006 17:43|--a------|6548832] D:\MP3 Emmanuel Moire - Etre … la hauteur (le roi soleil).mp3
[02/12/2006 12:24|--a------|109269120] D:\Muse-Black holes and revelations (NOUVEL ALBUM ENTIER).mp3
[12/11/2007 10:11|--a------|19968] D:\nouveau abonnes grande motte.doc
[03/08/2004 21:38|-rahs----|47564] D:\NTDETECT.COM
[03/08/2004 21:59|-rahs----|251712] D:\ntldr
[22/10/2006 16:15|--a------|1877254] D:\PAPA A LA MER.bmp
[05/01/2007 15:00|--a------|4750057] D:\Philippe Catherine - au louxor, j'adore.mp3
[31/12/2006 17:48|--a------|4792407] D:\Pierre Vassiliu - Lena.mp3
[21/11/2006 18:20|--a------|3917824] D:\Rave Techno House Robert Miles - Children 2000 (Trance Remix.mp3
[19/11/2006 15:29|--a------|7217480] D:\Renaud-Les Bobos.mp3
[30/12/2006 05:46|--a------|10265958] D:\Rihana - Sos.mp3
[22/10/2006 16:07|--a------|1877254] D:\Sans titre.bmp
[11/12/2006 12:17|--a------|262173763] D:\SCRABBLE.Interactif.Edition.2007.FRENCH-ReVOLVeR.rar
[30/12/2006 00:26|--a------|5288357] D:\Sean Paul Ft. Rihana - Break It Off (Remix).mp3
[26/09/2007 13:24|--a------|8518] D:\seri 2007.rtf
[19/11/2006 20:00|---------|3168019] D:\Soprano - Je T'aime A La Haine Inedit Exclu Total Stallag 13.mp3
[19/11/2006 16:17|--a------|5311222] D:\Soprano- Moi J'ai Pas.mp3
[21/11/2006 18:25|--a------|3446373] D:\Techno Fatboy Slim- Kung Fu Fighting (Dance Remix).mp3
[12/12/2006 20:59|--a------|4773612] D:\The Black Eyes Pears - Sharap.MP3
[30/12/2006 15:51|--a------|6138269] D:\The Pussycat Dolls - Don'T Cha.mp3
[30/12/2006 16:47|--a------|3823184] D:\Tina arena - aller plus haut.mp3
[13/01/2007 17:35|--a------|6231491] D:\Tina Arena - Je m'appelle Bagdad (1).mp3
[30/12/2006 17:19|--a------|6226883] D:\Tina Arena - Je m'appelle Bagdad.mp3
[12/11/2007 09:55|--a------|52736] D:\tournee grande motte.doc
[13/10/2006 19:13|--a------|248297] D:\vlcsnap-257716.png
[27/01/2007 14:43|--a------|2568320] D:\Walt Disney - Aladin - Ce reve bleu.mp3
[27/01/2007 16:40|--a------|2831383] D:\Walt Disney - Le Roi Lion - L'amour brille sous les ‚toiles.mp3
[01/12/2006 09:26|--a------|3641771] D:\Yannick Noah - Charango - 14 - Dans et sur mes bras.mp3
[04/12/2006 07:28|--a------|49402651] D:\Yannick Noah - Pokhara - Album (Complet Cover) Zip.mp3
[20/12/2006 11:53|--a------|3557295] D:\Zina feat L'emeute - Parle moi de lui.mp3
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PASCAL-507FF084.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.099 ! |
Ok,
Tu as lancé Ad Remover avec l'option "S"...Recommences avec l'option "L".
a+
Tu as lancé Ad Remover avec l'option "S"...Recommences avec l'option "L".
a+
voici le rapport j'espere que celui ci est le bon
par contre avast n'arrete pas de m avertir que un virus est dans mon ordi je le mets en quarantaine mais en vain
.
======= RAPPORT D'AD-REMOVER 2.0.0.0,A | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 14/03/10 à 12:00
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 12:42:15 le 14/03/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2
Nom du PC: PASCAL-507FF084 | Utilisateur actuel: pascal (Administrateur)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
C:\Documents and Settings\All Users\Bureau\Everest Poker.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Casino
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker
C:\Documents and Settings\pascal\Application Data\Mozilla\FireFox\Profiles\xwwed93o.default\extensions\toolbar@ask.com
C:\Documents and Settings\pascal\Application Data\Mozilla\FireFox\Profiles\xwwed93o.default\searchplugins\askcom.xml
C:\Documents and Settings\pascal\Bureau\SweetImSetup.exe
C:\Documents and Settings\pascal\Menu Démarrer\Programmes\Ask Search Assistant
[b]ERREUR SUPPRESSION !!/b : C:\log_lobby.txt
[b]ERREUR SUPPRESSION !!/b : C:\log_lobby_dumper.txt
C:\Program Files\Ask Search Assistant
C:\Program Files\Ask.com
C:\Program Files\Everest Poker
C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\AppDataLow\AskBarDis
HKCU\Software\AppDataLow\AskHomePage
HKCU\Software\AppDataLow\AskToolbarInfo
HKCU\Software\Ask.com
HKCU\Software\AskToolbar
HKCU\Software\Grand Virtual
HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Ask.com\GenericAskToolbar.dll
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.5.8 (fr) *
.
C:\Documents and Settings\pascal\..\xwwed93o.default\prefs.js - browser.download.lastDir: D:\\floriane
C:\Documents and Settings\pascal\..\xwwed93o.default\prefs.js - browser.search.defaultenginename: Ask.com
C:\Documents and Settings\pascal\..\xwwed93o.default\prefs.js - browser.search.defaulturl: hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
C:\Documents and Settings\pascal\..\xwwed93o.default\prefs.js - browser.search.selectedEngine: Google
C:\Documents and Settings\pascal\..\xwwed93o.default\prefs.js - browser.startup.homepage: hxxp://www.mcmetal.fr/
C:\Documents and Settings\pascal\..\xwwed93o.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.8
C:\Documents and Settings\pascal\..\xwwed93o.default\prefs.js - keyword.URL: hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=fr_FR&q=
C:\Documents and Settings\LocalService\..\huqid7r9.default\prefs.js - browser.search.defaultenginename: Google
C:\Documents and Settings\LocalService\..\huqid7r9.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
C:\Documents and Settings\LocalService\..\huqid7r9.default\prefs.js - browser.search.selectedEngine: Google
.
DÉSINFECTÉ: C:\Documents and Settings\pascal\Application Data\mozilla\firefox\profiles\xwwed93o.default\prefs.js
.
* Internet Explorer Version 6.0.2900.2180 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
============== SUSPECT(S) ==============
.
C:\Documents and Settings\pascal\Bureau\cerebral\SAV\patch\cdrom\safedisc.exe
.
========================================
.
C:\DOCUME~1\pascal\LOCALS~1\Temp: 2 Fichier(s), 15 Dossier(s)
C:\WINDOWS\temp: 4 Fichier(s), 19 Dossier(s)
Temporary Internet Files: 2 Fichier(s), 5 Dossier(s)
.
C:\Ad-Remover\Quarantine: 5 Fichier(s)
C:\Ad-Remover\Backup: 13 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 6491 Octet(s)
.
Fin à: 12:48:45, 14/03/2010
.
============== E.O.F - CLEAN[1] ==============
par contre avast n'arrete pas de m avertir que un virus est dans mon ordi je le mets en quarantaine mais en vain
.
======= RAPPORT D'AD-REMOVER 2.0.0.0,A | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 14/03/10 à 12:00
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 12:42:15 le 14/03/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2
Nom du PC: PASCAL-507FF084 | Utilisateur actuel: pascal (Administrateur)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
C:\Documents and Settings\All Users\Bureau\Everest Poker.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Casino
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker
C:\Documents and Settings\pascal\Application Data\Mozilla\FireFox\Profiles\xwwed93o.default\extensions\toolbar@ask.com
C:\Documents and Settings\pascal\Application Data\Mozilla\FireFox\Profiles\xwwed93o.default\searchplugins\askcom.xml
C:\Documents and Settings\pascal\Bureau\SweetImSetup.exe
C:\Documents and Settings\pascal\Menu Démarrer\Programmes\Ask Search Assistant
[b]ERREUR SUPPRESSION !!/b : C:\log_lobby.txt
[b]ERREUR SUPPRESSION !!/b : C:\log_lobby_dumper.txt
C:\Program Files\Ask Search Assistant
C:\Program Files\Ask.com
C:\Program Files\Everest Poker
C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\AppDataLow\AskBarDis
HKCU\Software\AppDataLow\AskHomePage
HKCU\Software\AppDataLow\AskToolbarInfo
HKCU\Software\Ask.com
HKCU\Software\AskToolbar
HKCU\Software\Grand Virtual
HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Ask.com\GenericAskToolbar.dll
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.5.8 (fr) *
.
C:\Documents and Settings\pascal\..\xwwed93o.default\prefs.js - browser.download.lastDir: D:\\floriane
C:\Documents and Settings\pascal\..\xwwed93o.default\prefs.js - browser.search.defaultenginename: Ask.com
C:\Documents and Settings\pascal\..\xwwed93o.default\prefs.js - browser.search.defaulturl: hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
C:\Documents and Settings\pascal\..\xwwed93o.default\prefs.js - browser.search.selectedEngine: Google
C:\Documents and Settings\pascal\..\xwwed93o.default\prefs.js - browser.startup.homepage: hxxp://www.mcmetal.fr/
C:\Documents and Settings\pascal\..\xwwed93o.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.8
C:\Documents and Settings\pascal\..\xwwed93o.default\prefs.js - keyword.URL: hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=fr_FR&q=
C:\Documents and Settings\LocalService\..\huqid7r9.default\prefs.js - browser.search.defaultenginename: Google
C:\Documents and Settings\LocalService\..\huqid7r9.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
C:\Documents and Settings\LocalService\..\huqid7r9.default\prefs.js - browser.search.selectedEngine: Google
.
DÉSINFECTÉ: C:\Documents and Settings\pascal\Application Data\mozilla\firefox\profiles\xwwed93o.default\prefs.js
.
* Internet Explorer Version 6.0.2900.2180 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
============== SUSPECT(S) ==============
.
C:\Documents and Settings\pascal\Bureau\cerebral\SAV\patch\cdrom\safedisc.exe
.
========================================
.
C:\DOCUME~1\pascal\LOCALS~1\Temp: 2 Fichier(s), 15 Dossier(s)
C:\WINDOWS\temp: 4 Fichier(s), 19 Dossier(s)
Temporary Internet Files: 2 Fichier(s), 5 Dossier(s)
.
C:\Ad-Remover\Quarantine: 5 Fichier(s)
C:\Ad-Remover\Backup: 13 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 6491 Octet(s)
.
Fin à: 12:48:45, 14/03/2010
.
============== E.O.F - CLEAN[1] ==============
je comprend pas j execute ad remover il s'ouvre et me demande ce que je veux :scanner nettoyer desinstaller quitter que dois je faire ? merci
Effectivemment... C_XX l'auteur du fix vient de mettre en ligne sa nouvelle version de ad remover .
==> Choisis : Nettoyer
a+
==> Choisis : Nettoyer
a+
voici rsit et merci encore de ta patience
ALogfile of random's system information tool 1.06 (written by random/random)
Run by pascal at 2010-03-14 13:51:45
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 37 GB (33%) free of 111 GB
Total RAM: 1014 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:50, on 14/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\pascal\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\pascal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D0DCB98B-D851-41BA-A4EF-A2D72C1D7663} - c:\windows\system32\craatzv.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVIDIA Monitoring] C:\DOCUME~1\pascal\LOCALS~1\Temp\67.jpg
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\DOCUME~1\pascal\LOCALS~1\Temp\E_SE894.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
ALogfile of random's system information tool 1.06 (written by random/random)
Run by pascal at 2010-03-14 13:51:45
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 37 GB (33%) free of 111 GB
Total RAM: 1014 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:50, on 14/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\pascal\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\pascal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D0DCB98B-D851-41BA-A4EF-A2D72C1D7663} - c:\windows\system32\craatzv.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVIDIA Monitoring] C:\DOCUME~1\pascal\LOCALS~1\Temp\67.jpg
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\DOCUME~1\pascal\LOCALS~1\Temp\E_SE894.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
Desactives ton antivirus le temps de la manip ainsi que ton parefeu si présent
Télécharges List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
dezippes-le , (clic droit/ extraire.....)
Il ne necessite pas d'installation
double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
laisses travailler l'outil
colles le contenu dans ta prochaine réponse , un fois la fenetre refermée :
C:\List'em.txt
a+
Télécharges List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
dezippes-le , (clic droit/ extraire.....)
Il ne necessite pas d'installation
double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
laisses travailler l'outil
colles le contenu dans ta prochaine réponse , un fois la fenetre refermée :
C:\List'em.txt
a+
voici le rapport list&kill
List'em by g3n-h@ckm@n 1.3.2.1
User : pascal (Administrateurs)
Update on 10/03/2010 by g3n-h@ckm@n ::::: 17.30
Start at: 15:08:43 | 14/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
Intel(R) Pentium(R) D CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100313-2] 4.8.1368 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local | 108,62 Go (36,23 Go free) | NTFS
D:\ -> Disque fixe local | 37,24 Go (11,84 Go free) [Sauvegarder] | NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\FxEx.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
DellSupport REG_SZ "C:\Program Files\Dell Support\DSAgnt.exe" /startup
Shareaza REG_SZ "C:\Program Files\Shareaza\Shareaza.exe" -tray
EPSON Stylus DX7000F Series REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\DOCUME~1\pascal\LOCALS~1\Temp\E_SE894.tmp" /EF "HKCU"
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SigmatelSysTrayApp REG_SZ stsystra.exe
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
NeroFilterCheck REG_SZ C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
DAEMON Tools-1033 REG_SZ "C:\Program Files\D-Tools\daemon.exe" -lang 1033
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
NVIDIA Monitoring REG_SZ C:\DOCUME~1\pascal\LOCALS~1\Temp\67.jpg
ISUSPM Startup REG_SZ C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\avp6_post_uninstall
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Malwarebytes' Anti-Malware REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoDriveAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ PASCAL-507FF084
DefaultUserName REG_SZ pascal
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ pascal
AltDefaultDomainName REG_SZ PASCAL-507FF084
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbssreg]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0EEDB912-C5FA-486F-8334-57288578C627}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{D0DCB98B-D851-41BA-A4EF-A2D72C1D7663}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer=80.10.246.2,80.10.246.129
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x4 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\dllcache\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\dllcache\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
109 Go total, 36,31 Go libre (33%), 29% fragment‚ (fragmentation du fichier 58%)
Vous devriez d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Documents and Settings\All Users\Documents\Settings\cbss.dll
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\Documents and Settings\pascal\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\pascal\Application Data\wklnhst.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg"
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 15:36:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86500CA1]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x860df008
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 15:37:08,60
List'em by g3n-h@ckm@n 1.3.2.1
User : pascal (Administrateurs)
Update on 10/03/2010 by g3n-h@ckm@n ::::: 17.30
Start at: 15:08:43 | 14/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
Intel(R) Pentium(R) D CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100313-2] 4.8.1368 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local | 108,62 Go (36,23 Go free) | NTFS
D:\ -> Disque fixe local | 37,24 Go (11,84 Go free) [Sauvegarder] | NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\FxEx.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
DellSupport REG_SZ "C:\Program Files\Dell Support\DSAgnt.exe" /startup
Shareaza REG_SZ "C:\Program Files\Shareaza\Shareaza.exe" -tray
EPSON Stylus DX7000F Series REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\DOCUME~1\pascal\LOCALS~1\Temp\E_SE894.tmp" /EF "HKCU"
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SigmatelSysTrayApp REG_SZ stsystra.exe
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
NeroFilterCheck REG_SZ C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
DAEMON Tools-1033 REG_SZ "C:\Program Files\D-Tools\daemon.exe" -lang 1033
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
NVIDIA Monitoring REG_SZ C:\DOCUME~1\pascal\LOCALS~1\Temp\67.jpg
ISUSPM Startup REG_SZ C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\avp6_post_uninstall
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Malwarebytes' Anti-Malware REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoDriveAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ PASCAL-507FF084
DefaultUserName REG_SZ pascal
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ pascal
AltDefaultDomainName REG_SZ PASCAL-507FF084
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbssreg]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0EEDB912-C5FA-486F-8334-57288578C627}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{D0DCB98B-D851-41BA-A4EF-A2D72C1D7663}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer=80.10.246.2,80.10.246.129
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x4 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\dllcache\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\dllcache\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
109 Go total, 36,31 Go libre (33%), 29% fragment‚ (fragmentation du fichier 58%)
Vous devriez d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Documents and Settings\All Users\Documents\Settings\cbss.dll
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\Documents and Settings\pascal\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\pascal\Application Data\wklnhst.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg"
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 15:36:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86500CA1]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x860df008
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 15:37:08,60
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option 6 = Restore MBR
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
a+
mais cette fois-ci :
▶ choisis l'option 6 = Restore MBR
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
a+
c bizarre j espere que c'est bon car je n'ai pas de raccourci sur le bureau
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
voici le rapport qu'en penses tu?
Kill'em by g3n-h@ckm@n 1.3.2.1
User : pascal (Administrateurs)
Update on 10/03/2010 by g3n-h@ckm@n ::::: 17.30
Start at: 17:28:26 | 14/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
Intel(R) Pentium(R) D CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100314-0] 4.8.1368 [ Enabled | Updated ]
C:\ -> Disque fixe local | 108,62 Go (36,24 Go free) | NTFS
D:\ -> Disque fixe local | 37,24 Go (11,84 Go free) [Sauvegarder] | NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Documents and Settings\All Users\Documents\Settings\cbss.dll
Quarantined & Deleted !! : C:\Documents and Settings\pascal\Application Data\wklnhst.dat
Quarantined & Deleted !! : C:\Documents and Settings\pascal\LOCAL Settings\Temp\catchme.dll
==============
host file OK !
==============
========
Registry
========
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg"
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
========
Services
=========
Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = "Start"
wuauserv : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Kill'em by g3n-h@ckm@n 1.3.2.1
User : pascal (Administrateurs)
Update on 10/03/2010 by g3n-h@ckm@n ::::: 17.30
Start at: 17:28:26 | 14/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
Intel(R) Pentium(R) D CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100314-0] 4.8.1368 [ Enabled | Updated ]
C:\ -> Disque fixe local | 108,62 Go (36,24 Go free) | NTFS
D:\ -> Disque fixe local | 37,24 Go (11,84 Go free) [Sauvegarder] | NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Documents and Settings\All Users\Documents\Settings\cbss.dll
Quarantined & Deleted !! : C:\Documents and Settings\pascal\Application Data\wklnhst.dat
Quarantined & Deleted !! : C:\Documents and Settings\pascal\LOCAL Settings\Temp\catchme.dll
==============
host file OK !
==============
========
Registry
========
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg"
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
========
Services
=========
Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = "Start"
wuauserv : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
dois je les laisser??
Oui c'est préférable....
Vas dans C:\Program Files\trend micro\pascal.exe
et double clic sur pascal.exe, cela va lancer Hijackthis
Au menu principal choisis "Do a system scan only"
et fixes (coches) les lignes suivantes :
Tuto si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
O2 - BHO: (no name) - {D0DCB98B-D851-41BA-A4EF-A2D72C1D7663} - c:\windows\system32\craatzv.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
Appuies ensuite sur "FIX CHECKED " et redémarres le pc.
*******************************
Mets à jour :
SP2 ==> SP3
IE6 ==> IE8
*******************************
Refais ensuite un RSIT pour vérif....
a+
voici le rapport rsit je n'ai pas telecharger internet explorer 8 car je me sers de mozilla firefox
Ca a l'air d'aller mieux merci encore
Logfile of random's system information tool 1.06 (written by random/random)
Run by pascal at 2010-03-14 20:09:59
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 36 GB (33%) free of 111 GB
Total RAM: 1014 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:04, on 14/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\pascal\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\pascal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVIDIA Monitoring] C:\DOCUME~1\pascal\LOCALS~1\Temp\67.jpg
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\DOCUME~1\pascal\LOCALS~1\Temp\E_SE894.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer = 80.10.246.2,80.10.246.129
O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
Ca a l'air d'aller mieux merci encore
Logfile of random's system information tool 1.06 (written by random/random)
Run by pascal at 2010-03-14 20:09:59
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 36 GB (33%) free of 111 GB
Total RAM: 1014 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:04, on 14/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\pascal\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\pascal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVIDIA Monitoring] C:\DOCUME~1\pascal\LOCALS~1\Temp\67.jpg
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\DOCUME~1\pascal\LOCALS~1\Temp\E_SE894.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer = 80.10.246.2,80.10.246.129
O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
Voici le rapport rsit je n'ai pas telecharger internet explorer 8 car je me sers de mozilla firefox Ca a l'air d'aller mieux merci encore
Pour IE8 ==> Ok tu ne l'utilises pas...mais ton système d'exploitation (Windows XP PRO)
lui , l'utilise pour toutes les mises à jour, il est donc important,pour la stabilité de ton système
qu'IE soit à jour.....
D'autre part, ton rapport montre encore une infection qui semble se recréer......
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
a+
voici le rapport combofix
AComboFix 10-03-14.03 - pascal 14/03/2010 22:57:43.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1014.639 [GMT 1:00]
Lancé depuis: c:\documents and settings\pascal\Mes documents\Téléchargements\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100314-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users.\documents\settings\cbss.dll
c:\documents and settings\All Users\Documents\Settings\cbss.dll
c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK
c:\windows\system32\drivers\lpfcauld.sys
Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :p
Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :p
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-14 au 2010-03-14 ))))))))))))))))))))))))))))))))))))
.
2010-03-14 18:52 . 2010-03-14 18:52 -------- d-----w- c:\windows\ServicePackFiles
2010-03-14 16:26 . 2010-03-14 16:28 -------- dc----w- C:\Kill'em
2010-03-14 14:08 . 2010-03-14 17:02 -------- d-----w- c:\program files\List_Kill'em
2010-03-14 12:29 . 2010-03-14 12:29 -------- dc----w- c:\documents and settings\pascal\Application Data\Malwarebytes
2010-03-14 12:29 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 12:29 . 2010-03-14 12:29 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-14 12:29 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 12:29 . 2010-03-14 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 11:27 . 2010-03-14 11:48 -------- dc----w- C:\Ad-Remover
2010-03-13 21:32 . 2010-03-13 21:32 5979 -c--a-w- C:\UsbFix_Upload_Me_PASCAL-507FF084.zip
2010-03-13 21:23 . 2010-03-13 21:32 -------- dc----w- C:\UsbFix
2010-03-13 19:45 . 2010-03-14 19:10 -------- d-----w- c:\program files\trend micro
2010-03-13 19:45 . 2010-03-13 19:46 -------- dc----w- C:\rsit
2010-03-12 19:49 . 2010-03-12 19:49 -------- dcs---w- c:\documents and settings\LocalService\UserData
2010-03-12 00:16 . 2010-03-12 00:16 -------- dcs---w- c:\documents and settings\NetworkService\UserData
2010-03-11 08:55 . 2010-03-11 08:55 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-11 08:55 . 2010-03-12 15:35 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-11 08:55 . 2010-03-11 08:55 1924976 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-11 08:55 . 2010-03-12 15:17 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-06 16:57 . 1995-09-05 23:00 92208 ----a-w- c:\windows\system\WING.DLL
2010-03-06 16:57 . 1995-09-05 23:00 6736 ----a-w- c:\windows\system\WINGDIB.DRV
2010-03-06 16:57 . 1995-09-05 23:00 188960 ----a-w- c:\windows\system\WINGDE.DLL
2010-03-06 16:57 . 1995-09-05 23:00 12800 ----a-w- c:\windows\system\WING32.DLL
2010-03-06 16:52 . 1994-09-21 00:00 92208 ----a-w- c:\windows\system32\WING.DLL
2010-03-06 16:52 . 1994-09-21 00:00 6736 ----a-w- c:\windows\system32\WINGDIB.DRV
2010-03-06 16:52 . 1994-09-21 00:00 12800 ----a-w- c:\windows\system32\WING32.DLL
2010-03-06 16:52 . 1994-08-24 00:00 188960 ----a-w- c:\windows\system32\WINGDE.DLL
2010-03-06 16:52 . 2010-03-06 16:52 -------- dc----w- C:\Maxis
2010-03-06 16:52 . 1996-09-26 17:20 83944 ----a-w- c:\windows\system32\SNDMIX16.DLL
2010-03-06 16:52 . 1996-01-12 12:06 283648 ----a-w- c:\windows\unin040c.exe
2010-02-21 16:55 . 2010-02-21 16:55 -------- d-----w- c:\program files\Micro Application
2010-02-19 20:22 . 2010-02-19 20:22 -------- d-----w- c:\program files\iPod
2010-02-19 20:22 . 2010-02-19 20:23 -------- dc----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-19 20:22 . 2010-02-19 20:23 -------- d-----w- c:\program files\iTunes
2010-02-19 20:21 . 2010-02-19 20:21 -------- d-----w- c:\program files\Bonjour
2010-02-19 20:20 . 2010-02-19 20:21 -------- d-----w- c:\program files\QuickTime
2010-02-19 20:18 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-02-19 10:32 . 2010-02-19 10:32 -------- dc----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-02-19 10:32 . 2007-06-15 14:03 29656 ----a-w- c:\windows\system32\Lanceur2.exe
2010-02-19 10:32 . 2010-02-19 10:32 -------- d-----w- c:\program files\SoftwarePassport
2010-02-19 10:32 . 2007-02-25 23:42 53248 ----a-w- c:\windows\system32\ArmAccess.dll
2010-02-19 10:32 . 1999-03-03 20:00 908800 ----a-w- c:\windows\system32\CP3245MT.DLL
2010-02-19 10:32 . 2003-01-30 13:04 1500160 ----a-w- c:\windows\system32\CC3260MT.DLL
2010-02-19 10:31 . 2010-02-19 10:31 -------- d-----w- c:\program files\Mindscape
2010-02-19 10:31 . 1998-02-09 19:00 29952 ----a-w- c:\windows\system32\BORLNDMM.DLL
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 22:09 . 2007-12-08 09:25 -------- dc----w- c:\documents and settings\pascal\Application Data\OpenOffice.org2
2010-03-14 21:10 . 2008-01-04 11:47 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-14 19:09 . 2002-08-30 12:00 48616 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-14 19:09 . 2002-08-30 12:00 367658 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-10 08:26 . 2007-12-04 14:33 -------- d-----w- c:\program files\Shareaza
2010-03-07 22:08 . 2007-11-28 13:47 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-03 18:12 . 2008-08-30 09:52 -------- dc----w- c:\documents and settings\pascal\Application Data\LimeWire
2010-02-26 01:18 . 2009-11-25 16:59 79488 -c--a-w- c:\documents and settings\pascal\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-21 16:55 . 2007-11-28 15:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-19 20:30 . 2007-11-28 17:00 -------- dc----w- c:\documents and settings\pascal\Application Data\Apple Computer
2010-02-19 20:28 . 2007-11-28 16:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-19 20:22 . 2007-11-28 16:59 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-02-19 19:53 . 2007-11-28 16:59 -------- d-----w- c:\program files\Apple Software Update
2010-02-17 13:40 . 2007-12-08 09:27 1 -c--a-w- c:\documents and settings\pascal\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-22 18:51 . 2010-01-22 18:51 72488 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-18 17:30 . 2010-01-18 17:30 291558 -c--a-w- c:\documents and settings\pascal\Application Data\MSNInstaller\msnauins.exe
2010-01-18 17:30 . 2010-01-18 17:29 -------- dc----w- c:\documents and settings\pascal\Application Data\MSNInstaller
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2010-02-06 4853760]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-27 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
c:\documents and settings\pascal\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [21/09/2008 11:17 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [21/09/2008 11:17 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26/05/2008 15:42 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26/05/2008 15:42 20560]
S2 gpjgevpq;GEAR ASPI Filter Monitor;c:\windows\System32\svchost.exe -k netsvcs [19/08/2004 15:10 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gpjgevpq
.
Contenu du dossier 'Tâches planifiées'
2010-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
TCP: {FD2B982D-40E2-4607-8162-E0FB5D11CB18} = 80.10.246.2,80.10.246.129
FF - ProfilePath - c:\documents and settings\pascal\Application Data\Mozilla\Firefox\Profiles\xwwed93o.default\
FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)
FF - prefs.js: browser.startup.homepage - hxxp://www.mcmetal.fr/
FF - component: c:\documents and settings\pascal\Application Data\Mozilla\Firefox\Profiles\xwwed93o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{D0DCB98B-D851-41BA-A4EF-A2D72C1D7663} - (no file)
Notify-cbssreg - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 23:07
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86AD8B38]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7502fc3
\Driver\ACPI -> ACPI.sys @ 0xf736ecb8
\Driver\atapi -> 0x86ad8b38
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(1208)
c:\windows\system32\msi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.BIN
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-03-14 23:12:22 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-14 22:12
Avant-CF: 37 874 233 344 octets libres
Après-CF: 37 854 937 088 octets libres
Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - A8284BD60ED540D22AA7AE987FF982A2
AComboFix 10-03-14.03 - pascal 14/03/2010 22:57:43.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1014.639 [GMT 1:00]
Lancé depuis: c:\documents and settings\pascal\Mes documents\Téléchargements\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100314-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users.\documents\settings\cbss.dll
c:\documents and settings\All Users\Documents\Settings\cbss.dll
c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK
c:\windows\system32\drivers\lpfcauld.sys
Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :p
Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :p
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-14 au 2010-03-14 ))))))))))))))))))))))))))))))))))))
.
2010-03-14 18:52 . 2010-03-14 18:52 -------- d-----w- c:\windows\ServicePackFiles
2010-03-14 16:26 . 2010-03-14 16:28 -------- dc----w- C:\Kill'em
2010-03-14 14:08 . 2010-03-14 17:02 -------- d-----w- c:\program files\List_Kill'em
2010-03-14 12:29 . 2010-03-14 12:29 -------- dc----w- c:\documents and settings\pascal\Application Data\Malwarebytes
2010-03-14 12:29 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 12:29 . 2010-03-14 12:29 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-14 12:29 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 12:29 . 2010-03-14 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 11:27 . 2010-03-14 11:48 -------- dc----w- C:\Ad-Remover
2010-03-13 21:32 . 2010-03-13 21:32 5979 -c--a-w- C:\UsbFix_Upload_Me_PASCAL-507FF084.zip
2010-03-13 21:23 . 2010-03-13 21:32 -------- dc----w- C:\UsbFix
2010-03-13 19:45 . 2010-03-14 19:10 -------- d-----w- c:\program files\trend micro
2010-03-13 19:45 . 2010-03-13 19:46 -------- dc----w- C:\rsit
2010-03-12 19:49 . 2010-03-12 19:49 -------- dcs---w- c:\documents and settings\LocalService\UserData
2010-03-12 00:16 . 2010-03-12 00:16 -------- dcs---w- c:\documents and settings\NetworkService\UserData
2010-03-11 08:55 . 2010-03-11 08:55 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-11 08:55 . 2010-03-12 15:35 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-11 08:55 . 2010-03-11 08:55 1924976 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-11 08:55 . 2010-03-12 15:17 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-06 16:57 . 1995-09-05 23:00 92208 ----a-w- c:\windows\system\WING.DLL
2010-03-06 16:57 . 1995-09-05 23:00 6736 ----a-w- c:\windows\system\WINGDIB.DRV
2010-03-06 16:57 . 1995-09-05 23:00 188960 ----a-w- c:\windows\system\WINGDE.DLL
2010-03-06 16:57 . 1995-09-05 23:00 12800 ----a-w- c:\windows\system\WING32.DLL
2010-03-06 16:52 . 1994-09-21 00:00 92208 ----a-w- c:\windows\system32\WING.DLL
2010-03-06 16:52 . 1994-09-21 00:00 6736 ----a-w- c:\windows\system32\WINGDIB.DRV
2010-03-06 16:52 . 1994-09-21 00:00 12800 ----a-w- c:\windows\system32\WING32.DLL
2010-03-06 16:52 . 1994-08-24 00:00 188960 ----a-w- c:\windows\system32\WINGDE.DLL
2010-03-06 16:52 . 2010-03-06 16:52 -------- dc----w- C:\Maxis
2010-03-06 16:52 . 1996-09-26 17:20 83944 ----a-w- c:\windows\system32\SNDMIX16.DLL
2010-03-06 16:52 . 1996-01-12 12:06 283648 ----a-w- c:\windows\unin040c.exe
2010-02-21 16:55 . 2010-02-21 16:55 -------- d-----w- c:\program files\Micro Application
2010-02-19 20:22 . 2010-02-19 20:22 -------- d-----w- c:\program files\iPod
2010-02-19 20:22 . 2010-02-19 20:23 -------- dc----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-19 20:22 . 2010-02-19 20:23 -------- d-----w- c:\program files\iTunes
2010-02-19 20:21 . 2010-02-19 20:21 -------- d-----w- c:\program files\Bonjour
2010-02-19 20:20 . 2010-02-19 20:21 -------- d-----w- c:\program files\QuickTime
2010-02-19 20:18 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-02-19 10:32 . 2010-02-19 10:32 -------- dc----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-02-19 10:32 . 2007-06-15 14:03 29656 ----a-w- c:\windows\system32\Lanceur2.exe
2010-02-19 10:32 . 2010-02-19 10:32 -------- d-----w- c:\program files\SoftwarePassport
2010-02-19 10:32 . 2007-02-25 23:42 53248 ----a-w- c:\windows\system32\ArmAccess.dll
2010-02-19 10:32 . 1999-03-03 20:00 908800 ----a-w- c:\windows\system32\CP3245MT.DLL
2010-02-19 10:32 . 2003-01-30 13:04 1500160 ----a-w- c:\windows\system32\CC3260MT.DLL
2010-02-19 10:31 . 2010-02-19 10:31 -------- d-----w- c:\program files\Mindscape
2010-02-19 10:31 . 1998-02-09 19:00 29952 ----a-w- c:\windows\system32\BORLNDMM.DLL
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 22:09 . 2007-12-08 09:25 -------- dc----w- c:\documents and settings\pascal\Application Data\OpenOffice.org2
2010-03-14 21:10 . 2008-01-04 11:47 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-14 19:09 . 2002-08-30 12:00 48616 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-14 19:09 . 2002-08-30 12:00 367658 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-10 08:26 . 2007-12-04 14:33 -------- d-----w- c:\program files\Shareaza
2010-03-07 22:08 . 2007-11-28 13:47 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-03 18:12 . 2008-08-30 09:52 -------- dc----w- c:\documents and settings\pascal\Application Data\LimeWire
2010-02-26 01:18 . 2009-11-25 16:59 79488 -c--a-w- c:\documents and settings\pascal\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-21 16:55 . 2007-11-28 15:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-19 20:30 . 2007-11-28 17:00 -------- dc----w- c:\documents and settings\pascal\Application Data\Apple Computer
2010-02-19 20:28 . 2007-11-28 16:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-19 20:22 . 2007-11-28 16:59 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-02-19 19:53 . 2007-11-28 16:59 -------- d-----w- c:\program files\Apple Software Update
2010-02-17 13:40 . 2007-12-08 09:27 1 -c--a-w- c:\documents and settings\pascal\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-22 18:51 . 2010-01-22 18:51 72488 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-18 17:30 . 2010-01-18 17:30 291558 -c--a-w- c:\documents and settings\pascal\Application Data\MSNInstaller\msnauins.exe
2010-01-18 17:30 . 2010-01-18 17:29 -------- dc----w- c:\documents and settings\pascal\Application Data\MSNInstaller
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2010-02-06 4853760]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-27 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
c:\documents and settings\pascal\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [21/09/2008 11:17 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [21/09/2008 11:17 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26/05/2008 15:42 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26/05/2008 15:42 20560]
S2 gpjgevpq;GEAR ASPI Filter Monitor;c:\windows\System32\svchost.exe -k netsvcs [19/08/2004 15:10 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gpjgevpq
.
Contenu du dossier 'Tâches planifiées'
2010-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
TCP: {FD2B982D-40E2-4607-8162-E0FB5D11CB18} = 80.10.246.2,80.10.246.129
FF - ProfilePath - c:\documents and settings\pascal\Application Data\Mozilla\Firefox\Profiles\xwwed93o.default\
FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)
FF - prefs.js: browser.startup.homepage - hxxp://www.mcmetal.fr/
FF - component: c:\documents and settings\pascal\Application Data\Mozilla\Firefox\Profiles\xwwed93o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{D0DCB98B-D851-41BA-A4EF-A2D72C1D7663} - (no file)
Notify-cbssreg - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 23:07
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86AD8B38]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7502fc3
\Driver\ACPI -> ACPI.sys @ 0xf736ecb8
\Driver\atapi -> 0x86ad8b38
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(1208)
c:\windows\system32\msi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.BIN
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-03-14 23:12:22 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-14 22:12
Avant-CF: 37 874 233 344 octets libres
Après-CF: 37 854 937 088 octets libres
Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - A8284BD60ED540D22AA7AE987FF982A2
voici le rapport malware ! desole
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3865
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
15/03/2010 19:34:16
mbam-log-2010-03-15 (19-34-16).txt
Type de recherche: Examen rapide
Eléments examinés: 111009
Temps écoulé: 5 minute(s), 1 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3865
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
15/03/2010 19:34:16
mbam-log-2010-03-15 (19-34-16).txt
Type de recherche: Examen rapide
Eléments examinés: 111009
Temps écoulé: 5 minute(s), 1 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
voici rsitt
Logfile of random's system information tool 1.06 (written by random/random)
Run by pascal at 2010-03-15 19:45:40
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 36 GB (32%) free of 111 GB
Total RAM: 1014 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:48, on 15/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\pascal\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\pascal.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by pascal at 2010-03-15 19:45:40
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 36 GB (32%) free of 111 GB
Total RAM: 1014 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:48, on 15/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\pascal\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\pascal.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
rsit
Logfile of random's system information tool 1.06 (written by random/random)
Run by pascal at 2010-03-15 20:35:52
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 36 GB (32%) free of 111 GB
Total RAM: 1014 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:56, on 15/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\pascal\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\pascal.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by pascal at 2010-03-15 20:35:52
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 36 GB (32%) free of 111 GB
Total RAM: 1014 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:56, on 15/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\pascal\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\pascal.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
---> Télécharge OTM (OldTimer) sur ton Bureau :
http: http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
:commands
[emptytemp]
[Reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre:
Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
a+
http: http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
:commands
[emptytemp]
[Reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre:
Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
a+
