Infection Rootkit besoin d'un maitre Jedi svp

malorossi -  
dédétraqué Messages postés 4522 Statut Contributeur sécurité -


Bonjour

Antivir me bombarde de messages d'alerte. Le Trojan Rootkit.gen s'attaque à mon system32. Je balance tout en quarantaine mais ce serait trop facile. Malwarebytes a décelé des fichiers corrompus dans HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
et
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

J'ai fait un scan Hijackthis pour commencer. Si une âme chevaleresque se prenait l'envie d'aider un gueu ... Je poste ci dessous le cpte rendu Hijackthis. Merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:26, on 03/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ADS Tech\MediaTV\MediaTVMonitor.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\DOCUME~1\LAURENT\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dartybox.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Moniteur & Configuration.lnk = ?
O4 - Startup: wwwzuc32.exe
O4 - Global Startup: MediaTV Monitor.lnk = C:\Program Files\ADS Tech\MediaTV\MediaTVMonitor.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Club Dice Casino - {907A768D-DD74-476d-8487-FD27DF7AD7FF} - C:\Casino\Club Dice Casino\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Club Dice Casino - {907A768D-DD74-476d-8487-FD27DF7AD7FF} - C:\Casino\Club Dice Casino\casino.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.flashbeer.com.au/player/vivid_ocx.jpeg
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://srv07.admin.over-blog.com/fdata/iu/ImageUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 14327 bytes

56 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Un utilisateur sous Windows XP SP3 est confronté à une alerte Trojan Rootkit.gen et à corruptions détectées par Malwarebytes dans des clés de registre Explorer, avec un rapport HijackThis fourni. Des solutions proposées visent la suppression du démarrage malveillant wwwzuc32.exe via une nouvelle session administrateur et la suppression du raccourci dans le dossier Démarrage, avec des scans complémentaires (Ad-Remover et ComboFix). D'autres interventions évoquées incluent GMER, l'évaluation de l'intégrité du MBR et l'usage d'outils comme Ad-Aware, Avira ou a-squared, tout en soulignant la nécessité de ne pas interrompre les nettoyages. En parallèle, une difficulté supplémentaire est signalée: des problèmes de connexion wifi qui empêchent de terminer un scan en ligne, ce qui limite temporairement les vérifications et le balayage complet.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut malorossi

    Télécharge combofix.exe (de sUBs) sur le bureau :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

    Important Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
    https://forum.pcastuces.com/default.asp
    https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

    ==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n'est pas fini. <==

    Double clique sur combofix.exe, clique sur OUI et valide par Entrée

    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure

    @++ :)
    0
    1. malorossi
       
      je reste connecté sur un autre ordi pendant que je fais le ménage sur l'autre. Tout ca est vraiment très interessant... Bon sinon, ca rame... Il a fallu créer une disquette de redémarrage wndows. Pour le moment, ca mouline la dessus.
      0
    2. malorossi
       
      l'autoscan se lance enfin
      0
  2. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut malorossi

    OK, mais ne touche au PC durant le scan.

    Poste a la suite du sujet, utilise le bouton en bas >>J'ai une réponse

    @++ :)
    0
    1. malorossi Messages postés 10 Statut Membre
       
      le serveur est HS ? impossible de poster mon rapport, ca mouline
      Je teste en postant en commentaire
      0
    2. malorossi Messages postés 10 Statut Membre
       
      bon bah je poste le rapport en commentaire désolé///

      ComboFix 10-05-02.03 - LAURENT 03/05/2010 15:25:00.5.1 - x86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.540 [GMT 2:00]
      Lancé depuis: c:\documents and settings\LAURENT\Bureau\ComboFix.exe
      AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\LAURENT\Application Data\avdrn.dat
      c:\program files\WindowsUpdate
      c:\recycler\S-1-5-21-4189239213-92354496-2938251625-1003
      c:\windows\system32\404Fix.exe
      c:\windows\system32\dumphive.exe
      c:\windows\system32\SrchSTS.exe
      c:\windows\system32\tmp.reg
      c:\windows\system32\VACFix.exe
      c:\windows\system32\VCCLSID.exe
      c:\windows\system32\WS2Fix.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_NDISRD
      -------\Legacy_SYSREST.SYS
      -------\Legacy_tdssserv
      -------\Service_tdssserv


      ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-03 au 2010-05-03 ))))))))))))))))))))))))))))))))))))
      .

      2010-05-03 08:49 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
      2010-05-03 08:49 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
      2010-05-03 08:48 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
      2010-05-03 08:48 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
      2010-04-25 16:59 . 2010-04-25 17:00 -------- d-----w- c:\program files\AltBinz
      2010-04-07 17:39 . 2010-04-07 17:39 32 --shatr- c:\documents and settings\LAURENT\Local Settings\Application Data\t56.dat
      2010-04-07 17:39 . 2010-04-07 17:39 -------- dc----w- c:\documents and settings\All Users\Application Data\Axure
      2010-04-07 17:39 . 2010-04-07 17:39 -------- d-----w- c:\documents and settings\LAURENT\Application Data\Axure
      2010-04-07 17:39 . 2010-04-07 17:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{54DE34B1-F379-4CA2-8CE4-E2F22D17CD4E}
      2010-04-07 17:38 . 2010-04-07 17:38 -------- d-----w- c:\program files\Axure
      2010-04-05 18:25 . 2010-04-05 18:25 -------- d-----w- c:\windows\Globalization
      2010-04-05 18:19 . 2010-04-05 18:19 -------- d-----w- c:\program files\Fichiers communs\muvee Technologies
      2010-04-05 18:09 . 2010-04-05 18:19 -------- d-----w- c:\program files\Fichiers communs\Nokia
      2010-04-05 18:04 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
      2010-04-05 18:03 . 2010-04-05 18:04 -------- d-----w- c:\program files\PC Connectivity Solution
      2010-04-05 17:58 . 2010-04-05 17:58 -------- dc----w- c:\documents and settings\All Users\Application Data\OviInstallerCache

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-05-03 09:18 . 2008-08-26 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-05-03 08:47 . 2010-05-03 08:46 16 ----a-w- c:\documents and settings\LocalService\Application Data\qvjsge.dat
      2010-04-30 08:03 . 2010-04-30 08:03 443912 ----a-w- c:\documents and settings\LAURENT\Application Data\Real\Update\setup3.10\setup.exe
      2010-04-30 08:02 . 2009-11-11 09:12 181096 ----a-w- c:\documents and settings\LAURENT\Application Data\Mozilla\Firefox\Profiles\hkjrfh5f.default\FlashGot.exe
      2010-04-29 13:39 . 2008-08-26 13:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-04-29 13:39 . 2008-08-26 13:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
      2010-04-25 15:58 . 2010-01-03 18:00 -------- d-----w- c:\program files\Fichiers communs\AOL
      2010-04-25 15:56 . 2007-08-27 14:09 -------- d-----w- c:\program files\Ref Hotkey
      2010-04-20 14:58 . 2005-11-18 11:04 86274 ----a-w- c:\windows\system32\perfc00C.dat
      2010-04-20 14:58 . 2005-11-18 11:04 514630 ----a-w- c:\windows\system32\perfh00C.dat
      2010-04-20 14:58 . 2008-12-26 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
      2010-04-07 09:35 . 2006-02-25 18:34 78736 ----a-w- c:\documents and settings\LAURENT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2010-04-05 18:38 . 2007-08-28 13:55 -------- d-----w- c:\documents and settings\LAURENT\Application Data\Nokia
      2010-04-05 18:26 . 2010-04-05 17:59 12212040 -c--a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
      2010-04-05 18:26 . 2010-04-05 17:59 13930312 -c--a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
      2010-04-05 18:26 . 2010-04-05 17:59 77824 -c--a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
      2010-04-05 18:26 . 2010-04-05 17:59 61440 -c--a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
      2010-04-05 18:26 . 2010-04-05 17:59 58880 -c--a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
      2010-04-05 18:26 . 2010-04-05 17:59 50000 -c--a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
      2010-04-05 18:19 . 2007-08-28 13:53 -------- d-----w- c:\program files\Nokia
      2010-04-05 18:04 . 2007-08-28 13:53 -------- d-----w- c:\program files\DIFX
      2010-04-05 17:56 . 2010-04-05 17:58 98366952 -c--a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_11_update.exe
      2010-03-23 18:33 . 2010-03-23 11:57 -------- dc----w- c:\documents and settings\All Users\Application Data\InternetFax
      2010-03-23 11:59 . 2010-03-23 11:57 -------- dc----w- c:\documents and settings\All Users\Application Data\tpfmon
      2010-03-23 11:57 . 2010-03-23 11:57 -------- d-----w- c:\program files\Alliance MCA
      2010-03-12 18:47 . 2009-02-15 09:57 -------- d-----w- c:\documents and settings\LAURENT\Application Data\dvdcss
      2010-03-10 06:16 . 2005-11-18 11:04 420352 ----a-w- c:\windows\system32\vbscript.dll
      2010-02-25 06:17 . 2005-11-18 11:04 916480 ----a-w- c:\windows\system32\wininet.dll
      2010-02-24 13:11 . 2005-11-18 11:03 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
      2010-02-17 12:07 . 2005-11-18 11:03 2192000 ----a-w- c:\windows\system32\ntoskrnl.exe
      2010-02-16 19:07 . 2004-08-04 00:48 2068864 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2010-02-16 17:00 . 2009-11-27 16:24 152576 ----a-w- c:\documents and settings\LAURENT\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
      2010-02-16 17:00 . 2009-11-22 17:25 79488 ----a-w- c:\documents and settings\LAURENT\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
      2010-02-12 10:03 . 2010-03-12 07:57 293376 ------w- c:\windows\system32\browserchoice.exe
      2010-02-12 04:34 . 2005-11-18 11:03 100864 ----a-w- c:\windows\system32\6to4svc.dll
      2010-02-11 12:02 . 2005-11-18 11:04 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
      2010-02-05 13:59 . 2007-09-03 17:10 1100 ----a-w- c:\windows\system32\d3d8caps.dat
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
      2008-10-02 15:44 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

      [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
      [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

      [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
      [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2006-10-28 981504]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 68856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NokiaMServer"="c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer" [X]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-10 5566464]
      "AlcWzrd"="ALCWZRD.EXE" [2005-03-10 2803712]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
      "WD Button Manager"="WDBtnMgr.exe" [2007-06-07 364544]
      "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]
      "SMSERIAL"="sm56hlpr.exe" [2005-08-01 544768]
      "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
      "nwiz"="nwiz.exe" [2005-03-10 1495040]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-16 198160]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      c:\documents and settings\LAURENT\Menu D'marrer\Programmes\D'marrage\
      Moniteur & Configuration.lnk - c:\program files\802.11 Wireless LAN\WlanMonitor.exe [2003-10-1 450560]
      wwwzuc32.exe [2008-4-14 34304]

      c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
      MediaTV Monitor.lnk - c:\program files\ADS Tech\MediaTV\MediaTVMonitor.exe [2006-5-26 135168]
      WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2007-6-7 98304]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Documents and Settings\\LAURENT\\Application Data\\SopCast\\adv\\SopAdver.exe"=
      "c:\\Program Files\\SopCast\\SopCast.exe"=
      "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
      "c:\\Program Files\\TVAnts\\Tvants.exe"=
      "c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\GlobalSCAPE\\CuteFTP\\Cutftp32.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "c:\\Program Files\\NiouzeFire\\NiouzeFire.exe"=
      "c:\\Program Files\\NewsBinGN\\NewsbinGN.exe"=

      R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/05/2006 19:36 717296]
      R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [08/03/2006 18:54 159616]
      R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [08/03/2006 18:54 5248]
      R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [03/04/2007 09:56 33824]
      S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\p0630vid.sys [24/08/2007 11:15 91830]
      S3 PTV339;Mini DualTV USB;c:\windows\system32\drivers\ptv339.sys [26/05/2006 22:42 278144]
      .
      Contenu du dossier 'Tâches planifiées'

      2010-05-03 c:\windows\Tasks\User_Feed_Synchronization-{09120D53-70C5-4805-AF4D-53E5B30B471B}.job
      - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

      2010-05-02 c:\windows\Tasks\User_Feed_Synchronization-{D548D294-46D9-4191-8837-254135D6D296}.job
      - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.google.fr/
      uDefault_Search_URL = hxxp://www.google.com/ie
      uInternet Connection Wizard,ShellNext = hxxp://www.dartybox.com/
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
      IE: {{4C826F10-D34B-4ba8-B609-1FB8C6482A05} - c:\casino\Europa Casino\casino.exe
      IE: {{907A768D-DD74-476d-8487-FD27DF7AD7FF} - c:\casino\Club Dice Casino\casino.exe
      DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      FF - ProfilePath - c:\documents and settings\LAURENT\Application Data\Mozilla\Firefox\Profiles\hkjrfh5f.default\
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
      FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
      FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
      FF - plugin: c:\documents and settings\LAURENT\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
      FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
      FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npExentCtl.dll
      FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

      ---- PARAMETRES FIREFOX ----
      FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
      c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
      c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      HKLM-Run-PinnacleDriverCheck - c:\windows\system32\PSDrvCheck.exe
      AddRemove-HijackThis - c:\docume~1\LAURENT\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-05-03 16:36
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************

      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

      device: opened successfully
      user: MBR read successfully
      called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86FD91F8]<<
      kernel: MBR read successfully
      detected MBR rootkit hooks:
      \Driver\Disk -> CLASSPNP.SYS @ 0xf76eff28
      \Driver\ACPI -> ACPI.sys @ 0xf7412cb8
      \Driver\atapi -> 0x86c65f00
      \Driver\iaStor -> 0x86f6b1f8
      IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
      \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
      NDIS: Intel(R) PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf724ebb0
      PacketIndicateHandler -> NDIS.sys @ 0xf723da0d
      SendHandler -> NDIS.sys @ 0xf7251b40
      Warning: possible MBR rootkit infection !
      user & kernel MBR OK

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_USERS\S-1-5-21-4051219880-139728346-3592256728-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
      "??"=hex:9c,41,79,f2,bf,12,7e,80,f3,a0,34,45,dd,93,92,35,9b,8c,06,5b,98,40,e9,
      6e,3c,01,80,1b,b7,84,8b,d4,a1,21,39,ee,ac,4b,f6,71,88,2f,ca,26,dc,1c,6e,01,\
      "??"=hex:be,f6,18,84,3c,cd,dc,99,14,3d,e7,a8,98,db,c9,0e
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'explorer.exe'(1800)
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      c:\windows\system32\eappprxy.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\program files\Lavasoft\Ad-Aware\aawservice.exe
      c:\windows\system32\brss01a.exe
      c:\program files\Avira\AntiVir Desktop\sched.exe
      c:\program files\a-squared Free\a2service.exe
      c:\program files\Avira\AntiVir Desktop\avguard.exe
      c:\program files\AskBarDis\bar\bin\AskService.exe
      c:\program files\ewido anti-spyware 4.0\guard.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      c:\program files\CDBurnerXP\NMSAccessU.exe
      c:\windows\system32\nvsvc32.exe
      c:\windows\system32\PnkBstrA.exe
      c:\windows\system32\PnkBstrB.exe
      c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      c:\program files\TVersity\Media Server\MediaServer.exe
      c:\program files\Canon\CAL\CALMAIN.exe
      c:\program files\Windows Media Player\WMPNetwk.exe
      c:\windows\system32\WDBtnMgr.exe
      c:\windows\sm56hlpr.exe
      c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe
      c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
      .
      **************************************************************************
      .
      Heure de fin: 2010-05-03 16:52:10 - La machine a redémarré
      ComboFix-quarantined-files.txt 2010-05-03 14:51

      Avant-CF: 14 874 357 760 octets libres
      Après-CF: 15 324 831 744 octets libres

      WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

      - - End Of File - - 73AD093BADD9C288B16AEF939C66F52D
      0
  3. malorossi Messages postés 10 Statut Membre
     
    J'essaye en vai nde poster le rapport mais ca bloque? Je vais essayer de le poster en 2 parties. Part 1

    ComboFix 10-05-02.03 - LAURENT 03/05/2010 15:25:00.5.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.540 [GMT 2:00]
    Lancé depuis: c:\documents and settings\LAURENT\Bureau\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\LAURENT\Application Data\avdrn.dat
    c:\program files\WindowsUpdate
    c:\recycler\S-1-5-21-4189239213-92354496-2938251625-1003
    c:\windows\system32\404Fix.exe
    c:\windows\system32\dumphive.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NDISRD
    -------\Legacy_SYSREST.SYS
    -------\Legacy_tdssserv
    -------\Service_tdssserv

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-03 au 2010-05-03 ))))))))))))))))))))))))))))))))))))
    .

    2010-05-03 08:49 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
    2010-05-03 08:49 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
    2010-05-03 08:48 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
    2010-05-03 08:48 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
    2010-04-25 16:59 . 2010-04-25 17:00 -------- d-----w- c:\program files\AltBinz
    2010-04-07 17:39 . 2010-04-07 17:39 32 --shatr- c:\documents and settings\LAURENT\Local Settings\Application Data\t56.dat
    2010-04-07 17:39 . 2010-04-07 17:39 -------- dc----w- c:\documents and settings\All Users\Application Data\Axure
    2010-04-07 17:39 . 2010-04-07 17:39 -------- d-----w- c:\documents and settings\LAURENT\Application Data\Axure
    2010-04-07 17:39 . 2010-04-07 17:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{54DE34B1-F379-4CA2-8CE4-E2F22D17CD4E}
    2010-04-07 17:38 . 2010-04-07 17:38 -------- d-----w- c:\program files\Axure
    2010-04-05 18:25 . 2010-04-05 18:25 -------- d-----w- c:\windows\Globalization
    2010-04-05 18:19 . 2010-04-05 18:19 -------- d-----w- c:\program files\Fichiers communs\muvee Technologies
    2010-04-05 18:09 . 2010-04-05 18:19 -------- d-----w- c:\program files\Fichiers communs\Nokia
    2010-04-05 18:04 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
    2010-04-05 18:03 . 2010-04-05 18:04 -------- d-----w- c:\program files\PC Connectivity Solution
    2010-04-05 17:58 . 2010-04-05 17:58 -------- dc----w- c:\documents and settings\All Users\Application Data\OviInstallerCache

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-03 09:18 . 2008-08-26 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-03 08:47 . 2010-05-03 08:46 16 ----a-w- c:\documents and settings\LocalService\Application Data\qvjsge.dat
    2010-04-30 08:03 . 2010-04-30 08:03 443912 ----a-w- c:\documents and settings\LAURENT\Application Data\Real\Update\setup3.10\setup.exe
    2010-04-30 08:02 . 2009-11-11 09:12 181096 ----a-w- c:\documents and settings\LAURENT\Application Data\Mozilla\Firefox\Profiles\hkjrfh5f.default\FlashGot.exe
    2010-04-29 13:39 . 2008-08-26 13:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 13:39 . 2008-08-26 13:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-25 15:58 . 2010-01-03 18:00 -------- d-----w- c:\program files\Fichiers communs\AOL
    2010-04-25 15:56 . 2007-08-27 14:09 -------- d-----w- c:\program files\Ref Hotkey
    2010-04-20 14:58 . 2005-11-18 11:04 86274 ----a-w- c:\windows\system32\perfc00C.dat
    2010-04-20 14:58 . 2005-11-18 11:04 514630 ----a-w- c:\windows\system32\perfh00C.dat
    2010-04-20 14:58 . 2008-12-26 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-04-07 09:35 . 2006-02-25 18:34 78736 ----a-w- c:\documents and settings\LAURENT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-05 18:38 . 2007-08-28 13:55 -------- d-----w- c:\documents and settings\LAURENT\Application Data\Nokia
    2010-04-05 18:26 . 2010-04-05 17:59 12212040 -c--a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
    2010-04-05 18:26 . 2010-04-05 17:59 13930312 -c--a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
    2010-04-05 18:26 . 2010-04-05 17:59 77824 -c--a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
    2010-04-05 18:26 . 2010-04-05 17:59 61440 -c--a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
    2010-04-05 18:26 . 2010-04-05 17:59 58880 -c--a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
    2010-04-05 18:26 . 2010-04-05 17:59 50000 -c--a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
    2010-04-05 18:19 . 2007-08-28 13:53 -------- d-----w- c:\program files\Nokia
    2010-04-05 18:04 . 2007-08-28 13:53 -------- d-----w- c:\program files\DIFX
    2010-04-05 17:56 . 2010-04-05 17:58 98366952 -c--a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_11_update.exe
    2010-03-23 18:33 . 2010-03-23 11:57 -------- dc----w- c:\documents and settings\All Users\Application Data\InternetFax
    2010-03-23 11:59 . 2010-03-23 11:57 -------- dc----w- c:\documents and settings\All Users\Application Data\tpfmon
    2010-03-23 11:57 . 2010-03-23 11:57 -------- d-----w- c:\program files\Alliance MCA
    2010-03-12 18:47 . 2009-02-15 09:57 -------- d-----w- c:\documents and settings\LAURENT\Application Data\dvdcss
    2010-03-10 06:16 . 2005-11-18 11:04 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:17 . 2005-11-18 11:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2005-11-18 11:03 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-17 12:07 . 2005-11-18 11:03 2192000 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 19:07 . 2004-08-04 00:48 2068864 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-16 17:00 . 2009-11-27 16:24 152576 ----a-w- c:\documents and settings\LAURENT\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2010-02-16 17:00 . 2009-11-22 17:25 79488 ----a-w- c:\documents and settings\LAURENT\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-02-12 10:03 . 2010-03-12 07:57 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-02-12 04:34 . 2005-11-18 11:03 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2005-11-18 11:04 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2010-02-05 13:59 . 2007-09-03 17:10 1100 ----a-w- c:\windows\system32\d3d8caps.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-10-02 15:44 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2006-10-28 981504]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaMServer"="c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer" [X]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-10 5566464]
    "AlcWzrd"="ALCWZRD.EXE" [2005-03-10 2803712]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
    "WD Button Manager"="WDBtnMgr.exe" [2007-06-07 364544]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]
    "SMSERIAL"="sm56hlpr.exe" [2005-08-01 544768]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
    "nwiz"="nwiz.exe" [2005-03-10 1495040]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-16 198160]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\LAURENT\Menu D'marrer\Programmes\D'marrage\
    Moniteur & Configuration.lnk - c:\program files\802.11 Wireless LAN\WlanMonitor.exe [2003-10-1 450560]
    wwwzuc32.exe [2008-4-14 34304]

    c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
    MediaTV Monitor.lnk - c:\program files\ADS Tech\MediaTV\MediaTVMonitor.exe [2006-5-26 135168]
    WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2007-6-7 98304]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Documents and Settings\\LAURENT\\Application Data\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\TVAnts\\Tvants.exe"=
    "c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\GlobalSCAPE\\CuteFTP\\Cutftp32.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\NiouzeFire\\NiouzeFire.exe"=
    "c:\\Program Files\\NewsBinGN\\NewsbinGN.exe"=
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. malorossi Messages postés 10 Statut Membre
     
    Rapport combofix partie 2

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/05/2006 19:36 717296]
    R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [08/03/2006 18:54 159616]
    R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [08/03/2006 18:54 5248]
    R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [03/04/2007 09:56 33824]
    S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\p0630vid.sys [24/08/2007 11:15 91830]
    S3 PTV339;Mini DualTV USB;c:\windows\system32\drivers\ptv339.sys [26/05/2006 22:42 278144]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-05-03 c:\windows\Tasks\User_Feed_Synchronization-{09120D53-70C5-4805-AF4D-53E5B30B471B}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

    2010-05-02 c:\windows\Tasks\User_Feed_Synchronization-{D548D294-46D9-4191-8837-254135D6D296}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.dartybox.com/
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {{4C826F10-D34B-4ba8-B609-1FB8C6482A05} - c:\casino\Europa Casino\casino.exe
    IE: {{907A768D-DD74-476d-8487-FD27DF7AD7FF} - c:\casino\Club Dice Casino\casino.exe
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\LAURENT\Application Data\Mozilla\Firefox\Profiles\hkjrfh5f.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
    FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\documents and settings\LAURENT\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npExentCtl.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-PinnacleDriverCheck - c:\windows\system32\PSDrvCheck.exe
    AddRemove-HijackThis - c:\docume~1\LAURENT\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-03 16:36
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86FD91F8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf76eff28
    \Driver\ACPI -> ACPI.sys @ 0xf7412cb8
    \Driver\atapi -> 0x86c65f00
    \Driver\iaStor -> 0x86f6b1f8
    IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
    NDIS: Intel(R) PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf724ebb0
    PacketIndicateHandler -> NDIS.sys @ 0xf723da0d
    SendHandler -> NDIS.sys @ 0xf7251b40
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-4051219880-139728346-3592256728-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:9c,41,79,f2,bf,12,7e,80,f3,a0,34,45,dd,93,92,35,9b,8c,06,5b,98,40,e9,
    6e,3c,01,80,1b,b7,84,8b,d4,a1,21,39,ee,ac,4b,f6,71,88,2f,ca,26,dc,1c,6e,01,\
    "??"=hex:be,f6,18,84,3c,cd,dc,99,14,3d,e7,a8,98,db,c9,0e
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(1800)
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\eappprxy.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\windows\system32\brss01a.exe
    c:\program files\Avira\AntiVir Desktop\sched.exe
    c:\program files\a-squared Free\a2service.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\AskBarDis\bar\bin\AskService.exe
    c:\program files\ewido anti-spyware 4.0\guard.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    c:\program files\TVersity\Media Server\MediaServer.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\windows\system32\WDBtnMgr.exe
    c:\windows\sm56hlpr.exe
    c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe
    c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
    .
    **************************************************************************
    .
    Heure de fin: 2010-05-03 16:52:10 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-05-03 14:51

    Avant-CF: 14 874 357 760 octets libres
    Après-CF: 15 324 831 744 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

    - - End Of File - - 73AD093BADD9C288B16AEF939C66F52D
    0
  6. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut malorossi

    Télécharge Gmer et enregistre-le sur ton bureau.
    http://www2.gmer.net/download.php

    - Déconnecte toi d'internet si possible et ferme tous les programmes, puis lance l'outil.
    - Clique sur le bouton "Scan" sur la droite.

    - Lorsque le scan est terminé, clic sur "Copy".
    - Ouvre le bloc-note et clic sur le Menu Edition / Coller
    - Le rapport doit alors apparaître.

    - Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

    @++ :)
    0
  7. malorossi Messages postés 10 Statut Membre
     
    impossible de lancer le .exe. Ca plante au bout de quelques secondes et affiche une fenetre d'erreur windows. je passe en mode sans échec?
    0
  8. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut malorossi

    Oui fais le en mode sans échec

    @++ :)
    0
  9. malorossi Messages postés 10 Statut Membre
     
    arf ! meme en mode sans echec, le .exe plante... :(
    0
  10. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut malorossi

    Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.
    http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

    - Quitte les applications en cours afin de ne pas interrompre le scan.
    - Faire un double clique sur OTL.exe présent sur le bureau pour lancer le programme
    - Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche "Rapport minimal". Fais de même avec "Tous les utilisateurs".
    - Coche également les cases à côté de "Recherche LOP" et "Recherche Purity".

    Ne modifie pas les autres paramètres!

    Copie la liste qui se trouve en gras ci-dessous, et colle-la dans la zone sous " Personnalisation "

    netsvcs
    %SYSTEMDRIVE%\*.*
    %SYSTEMDRIVE%\*.exe
    %PROGRAMFILES%\*.*
    %PROGRAMFILES%\*.
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    c:\$recycle.bin\*.* /s


    - Clique sur le bouton Analyse.
    - Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).

    Utilise cjoint.com pour poster en lien tes rapports :
    https://www.cjoint.com/

    - Clique sur Parcourir pour aller chercher le rapport
    - Clique sur Ouvrir ensuite sur Créer le lien Cjoint

    - Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.

    @++ :)
    0
  11. malorossi Messages postés 10 Statut Membre
     
    parfait, merci. Scan en cours
    0
  12. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut malorossi

    Télécharge load_tdsskiller de Loup Blanc sur ton Bureau :
    http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

    Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

    - Lance load_tdsskiller en double-cliquant dessus : l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller, puis va lancer le scan

    - A la fin du scan, appuie sur une touche pour continuer, comme l'indique le message dans la fenêtre noire d'invite de commande
    - Le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (le fichier est également présent ici : C:\tdsskiller\report.txt)
    - Fais redémarrer ton PC

    @++ :)
    0
  13. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut malorossi

    Télécharge AD-Remover sur ton Bureau. (Merci à C_XX)
    http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

    Miroir:
    https://www.androidworld.fr/

    /!\ Ferme toutes applications en cours /!\

    /!\ Désactive provisoirement et seulement le temps de l'utilisation de AD-Remover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    - Double-clique sur l'icône Ad-remover située sur ton Bureau.
    (Vista/7 - Faire un clique droit sur l'icône AD-Remover située sur ton Bureau et choisir exécuter en tant qu'administrateur.)
    - Sur la page, clique sur le bouton « Scanner »
    - Confirme lancement du scan
    - Laisse travailler l'outil.
    - Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    @++ :)
    0
  14. malorossi
     
    ca fait 2 bonnes heures que le scan est bloqué à 30% avec mon CPU qui plafonne à 100%. je relance?
    0
  15. malorossi
     
    précision : dans la fenêtre AD R, est affiché " Scan supplémentaire..."
    0
  16. malorossi Messages postés 10 Statut Membre
     
    je viens de relancer le scan. Je te tiens au courant
    0
  17. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut malorossi

    Arrête le

    Double clic sur OTL.exe pour le lancer.

    ? Copie la liste qui se trouve en gras ci-dessous, et colle-la dans la zone sous " Personnalisation "

    :services
    ASKService

    :OTL
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKU\S-1-5-21-4051219880-139728346-3592256728-1007\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O4 - Startup: C:\Documents and Settings\LAURENT\Menu Démarrer\Programmes\Démarrage\wwwzuc32.exe ()
    O9 - Extra Button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe File not found
    O9 - Extra 'Tools' menuitem : Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe File not found
    O9 - Extra Button: Club Dice Casino - {907A768D-DD74-476d-8487-FD27DF7AD7FF} - C:\Casino\Club Dice Casino\casino.exe File not found
    O9 - Extra 'Tools' menuitem : Club Dice Casino - {907A768D-DD74-476d-8487-FD27DF7AD7FF} - C:\Casino\Club Dice Casino\casino.exe File not found
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

    :Files
    C:\WINDOWS\System32\netwbix32.dll
    C:\Documents and Settings\LAURENT\Application Data\EoRezo
    C:\Program Files\AskBarDis
    C:\Program Files\eoRezo
    C:\Documents and Settings\LAURENT\Menu Démarrer\Programmes\Démarrage\wwwzuc32.exe

    :Commands
    [Emptytemp]
    [Start explorer]


    ? Clique sur " Correction " pour lancer la suppression.

    ? Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur Oui.

    ? Au redémarrage , autorise OTL a s'exécuter.

    ? Poste le rapport généré par OTL.

    @++ :)
    0
    1. nzegu
       
      A propos de Démarrer\Programmes\Démarrage\wwwzuc32.exe
      Si besoin de le supprimer: créer nouvelle session windows/administrateur
      redémarrer sous cette nouvelle session et supprimer dans C:\Documents and Settings\(nom de session)\Menu Démarrer\Programmes\Démarrage
      0
  18. malorossi
     
    et voilà le travail =>

    All processes killed
    ========== SERVICES/DRIVERS ==========
    Service ASKService stopped successfully!
    Service ASKService deleted successfully!
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
    C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
    File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-4051219880-139728346-3592256728-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
    File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
    File move failed. C:\Documents and Settings\LAURENT\Menu Démarrer\Programmes\Démarrage\wwwzuc32.exe scheduled to be moved on reboot.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4C826F10-D34B-4ba8-B609-1FB8C6482A05}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C826F10-D34B-4ba8-B609-1FB8C6482A05}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4C826F10-D34B-4ba8-B609-1FB8C6482A05}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C826F10-D34B-4ba8-B609-1FB8C6482A05}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{907A768D-DD74-476d-8487-FD27DF7AD7FF}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{907A768D-DD74-476d-8487-FD27DF7AD7FF}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{907A768D-DD74-476d-8487-FD27DF7AD7FF}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{907A768D-DD74-476d-8487-FD27DF7AD7FF}\ not found.
    Starting removal of ActiveX control {6A060448-60F9-11D5-A6CD-0002B31F7455}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    ========== FILES ==========
    C:\WINDOWS\System32\netwbix32.dll moved successfully.
    C:\Documents and Settings\LAURENT\Application Data\EoRezo\db folder moved successfully.
    C:\Documents and Settings\LAURENT\Application Data\EoRezo folder moved successfully.
    C:\Program Files\AskBarDis\bar\Settings folder moved successfully.
    C:\Program Files\AskBarDis\bar\History folder moved successfully.
    C:\Program Files\AskBarDis\bar\Cache folder moved successfully.
    C:\Program Files\AskBarDis\bar\bin folder moved successfully.
    C:\Program Files\AskBarDis\bar folder moved successfully.
    C:\Program Files\AskBarDis folder moved successfully.
    C:\Program Files\eoRezo\EoAdv folder moved successfully.
    C:\Program Files\eoRezo folder moved successfully.
    File move failed. C:\Documents and Settings\LAURENT\Menu Démarrer\Programmes\Démarrage\wwwzuc32.exe scheduled to be moved on reboot.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: KARINE
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 348 bytes

    User: LAURENT
    ->Temp folder emptied: 349327 bytes
    ->Temporary Internet Files folder emptied: 6166066 bytes
    ->Java cache emptied: 12118713 bytes
    ->FireFox cache emptied: 86083722 bytes
    ->Flash cache emptied: 98994 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 721030 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 3614208 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 17048 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 206274 bytes
    RecycleBin emptied: 308485 bytes

    Total Files Cleaned = 105,00 mb

    OTL by OldTimer - Version 3.2.4.1 log created on 05042010_190950

    Files\Folders moved on Reboot...
    C:\Documents and Settings\LAURENT\Menu Démarrer\Programmes\Démarrage\wwwzuc32.exe moved successfully.
    File\Folder C:\Documents and Settings\LAURENT\Local Settings\Temp\~DF7E97.tmp not found!
    File\Folder C:\Documents and Settings\LAURENT\Local Settings\Temp\~DF7FE5.tmp not found!
    File\Folder C:\Documents and Settings\LAURENT\Local Settings\Temp\~DF816B.tmp not found!
    File\Folder C:\Documents and Settings\LAURENT\Local Settings\Temp\~DF81A1.tmp not found!
    File\Folder C:\Documents and Settings\LAURENT\Local Settings\Temp\~DF845D.tmp not found!
    File\Folder C:\Documents and Settings\LAURENT\Local Settings\Temp\~DF8494.tmp not found!
    C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\JIJ8JQ03\favicon[1].ico moved successfully.
    C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\JIJ8JQ03\favicon[2].ico moved successfully.
    C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\J37I688G\affich-17602466-infection-rootkit-besoin-d-un-maitre-jedi-svp[3].htm moved successfully.
    C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...
    0
  • 1
  • 2
  • 3