Virus DSC01497.zip genant

Question

Bonjour,
J'ai choper un vieux virus (-_-)' qui ne sert pas a grand chose a part faire ramer mon PC alors j'ai lancé une analyse HJT. Celui ci se rapproche du fameux "msn photos.zip" mais la il s'appelle "DSC01497.zip" et envoie des messages assez etrange et je n'arrive pas a savoir si c'est régulier. Donc je vous demande de m'éclairer un peu, ça ressemble à ça :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:12:53, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\system32\dllcache\spoolms.exe
C:\WINDOWS\system32\dllcache\spoolms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\system32\msjava32.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B1169986-0DD2-7849-18C7-A70C1503BFF7} - C:\DOCUME~1\ENZOFA~1\APPLIC~1\SIZESA~1\EGGS BIAS.exe (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {EAD56C20-900C-7C11-4EFE-BCEAD1D6273B} - C:\DOCUME~1\ENZOFA~1\APPLIC~1\SIZESA~1\Basecast.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [33rU35T] spmga11n.exe
O4 - HKLM\..\Run: [new live bait pop] C:\Documents and Settings\All Users\Application Data\pilemanagernewlive\Store Jugs.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MusicStart] D:\ENZO\MusicStart.exe
O4 - HKLM\..\Run: [Elseheartthatthis] C:\Documents and Settings\All Users\Application Data\Soap close else heart\RoamCopy.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\Hide info.exe
O4 - HKLM\..\Run: [spoolms] C:\WINDOWS\system32\dllcache\spoolms.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [I008RRfsV] sissynth.exe
O4 - HKCU\..\Run: [open fork] C:\DOCUME~1\ENZOFA~1\APPLIC~1\STORES~1\Bib logo hole.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\ENZO FAB\Application Data\hidires\hidr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: Interface Chat Wanadoo - http://chat9.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab
O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegrees.com/td_netd.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28177.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: haematobia - {3c767c6b-602d-4b9b-829d-a3dc5b2d89dd} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe


________________________________________________________________________________________________________


Voila merci si il manque un truc faites moi signe ;) . A++  Merci

Megan Fox · Answer

Salut Nzo30,

Tu as plusieurs infections présente sur ton PC.

1.Télécharge MSNFix.zip (de !aur3n7) sur ton bureau:
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit >> Extraire ici) et place les fichiers dans C:\MSNFix (très important).

Double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
Copie/colle le rapport sur le forum.


---------------------------------------------------------------------


2.  * Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

* Installe le à la racine de C

* double clic sur l'exe pour le décompresser et lancer le fix.
Utilisation ----- option 1 - Recherche :
* Double clique sur smitfraudfix.cmd
* Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection
. * Poste le rapport ici
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.



---------------------------------------------------------------------


Télécharge ceci: (by Moe) :

http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.


A+

Nzo30 · Answer

Okay j'installe tout ces logiciels tout de suite. Merci beaucoup Megan Fox, c'est sympa ;). Dès que j'ai terminé je post et si il n'y pas de soucis, les problemes (parce qu'apparemment il y en a plusieurs) seront normalement résolus ^^' . A++

Nzo30 · Answer

Donc voila, la première analyse donne cela : 

-SmitFraudFix

SmitFraudFix v2.274

Rapport fait à 22:51:23,73, 09/01/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\hjpprpu.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ENZO FAB


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ENZO FAB\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ENZOFA~1\Favoris

C:\DOCUME~1\ENZOFA~1\Favoris\Online Security Test.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}"="haematobia"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS 900-Based PCI Fast Ethernet Adapter
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A9674B02-0ACB-4CD8-8E57-1F3EE65F4BD8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A9674B02-0ACB-4CD8-8E57-1F3EE65F4BD8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A9674B02-0ACB-4CD8-8E57-1F3EE65F4BD8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

-Lopxsetup : 


Rapport Lopxp fait le 09/01/2008 à 22:59:37
Exécuté dans : C:\Program Files\Lopxp


Liste des processus actifs :

PID : 372 C:\WINDOWS\System32\smss.exe
PID : 420 C:\WINDOWS\system32\csrss.exe
PID : 444 C:\WINDOWS\system32\winlogon.exe
PID : 488 C:\WINDOWS\system32\services.exe
PID : 500 C:\WINDOWS\system32\lsass.exe
PID : 656 C:\WINDOWS\system32\svchost.exe
PID : 704 C:\WINDOWS\system32\svchost.exe
PID : 744 C:\WINDOWS\System32\svchost.exe
PID : 788 C:\WINDOWS\System32\svchost.exe
PID : 904 C:\WINDOWS\System32\svchost.exe
PID : 916 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID : 972 C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID : 1168 C:\WINDOWS\system32\spoolsv.exe
PID : 1332 C:\WINDOWS\System32\FTRTSVC.exe
PID : 1356 C:\WINDOWS\System32
vsvc32.exe
PID : 1404 C:\WINDOWS\System32\svchost.exe
PID : 1820 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PID : 1836 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PID : 204 C:\WINDOWS\System32\alg.exe
PID : 2036 C:\Program Files\AlienGUIse\wbload.exe
PID : 492 C:\WINDOWS\Explorer.EXE
PID : 1756 C:\WINDOWS\mHotkey.exe
PID : 808 C:\Program Files\Logitech\Video\LogiTray.exe
PID : 1452 C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
PID : 1604 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
PID : 888 C:\Program Files\QuickTime\qttask.exe
PID : 840 C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
PID : 1268 C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
PID : 1636 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
PID : 1192 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PID : 1668 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
PID : 1780 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PID : 1716 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
PID : 2056 C:\WINDOWS\SOUNDMAN.EXE
PID : 2068 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
PID : 2176 C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
PID : 2188 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PID : 2260 C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
PID : 2296 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
PID : 2304 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID : 2332 C:\WINDOWS\system32\ctfmon.exe
PID : 2420 C:\WINDOWS\System32\LVComS.exe
PID : 2484 C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
PID : 2544 C:\Program Files\Logitech\Video\LowLight.exe
PID : 2576 C:\PROGRA~1\Wanadoo\ComComp.exe
PID : 2632 C:\PROGRA~1\Wanadoo\Toaster.exe
PID : 2640 C:\PROGRA~1\Wanadoo\Inactivity.exe
PID : 2648 C:\PROGRA~1\Wanadoo\PollingModule.exe
PID : 2768 C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
PID : 2792 C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
PID : 2852 C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
PID : 2968 C:\PROGRA~1\Wanadoo\Watch.exe
PID : 3076 C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
PID : 3196 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PID : 3896 C:\WINDOWS\System32\WISPTIS.EXE
PID : 1728 C:\Program Files\Windows Live\Messenger\usnsvc.exe
PID : 392 C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
PID : 2112 C:\Program Files\eMule\emule.exe
PID : 3496 C:\Program Files\Mozilla Firefox\firefox.exe
PID : 3988 C:\WINDOWS\system32\cmd.exe
PID : 764 C:\Program Files\Lopxp	ools\pv.exe



___________________________________________________________________________

[Tâches planifiées]



C:\WINDOWS	asks\B19C1D7395FF91CB.job

Cr : 07/01/2008 à 06:03
Mo : 09/01/2008 à 22:00

___________________________________________________________________________

[Listing des dossiers Application Data]


cr: Date Création | mo: Date Modification -=- Nom Long -= Nom Court (8.3)


+- C:\Documents and Settings\All Users\Application Data

cr: 04/02/2005 19:08:25 | mo: 04/02/2005 19:12:14 -=- Adobe ----= Adobe
cr: 18/01/2007 20:13:28 | mo: 18/01/2007 20:13:28 -=- CanonBJ --= CanonBJ
cr: 09/10/2003 11:18:14 | mo: 09/10/2003 11:18:14 -=- CYBERL~1 -= CyberLink
cr: 27/05/2006 13:50:46 | mo: 27/05/2006 13:50:46 -=- DVDSHR~1 -= DVD Shrink
cr: 23/12/2007 12:07:57 | mo: 07/01/2008 06:03:17 -=- FLAGAC~1 -= flag ace stupid data
cr: 27/10/2006 14:25:50 | mo: 27/10/2006 14:25:50 -=- Google ---= Google
cr: 18/01/2007 20:19:31 | mo: 18/01/2007 20:19:31 -=- INSTAL~1 -= InstallShield
cr: 21/05/2005 22:27:22 | mo: 15/01/2006 17:20:48 -=- MESSEN~1 -= Messenger Plus!
cr: 11/09/2003 15:25:38 | mo: 22/08/2007 19:49:02 -=- MICROS~1 -= Microsoft
cr: 06/01/2004 17:24:04 | mo: 06/01/2004 17:24:04 -=- MSN6 -----= MSN6
cr: 06/02/2004 14:52:03 | mo: 06/02/2004 14:52:03 -=- MSSCAN~1 -= MSScanAppDataDir
cr: 20/03/2005 15:47:08 | mo: 28/03/2005 13:02:15 -=- NFSUND~1 -= NFS Underground
cr: 26/07/2004 07:54:13 | mo: 11/12/2005 12:08:49 -=- PILEMA~1 -= pilemanagernewlive
cr: 22/02/2005 20:57:29 | mo: 22/02/2005 20:57:29 -=- PIXELS~1 -= pixelStorm
cr: 12/05/2004 19:13:22 | mo: 15/05/2005 22:56:34 -=- QUICKT~1 -= QuickTime
cr: 11/09/2003 14:38:09 | mo: 11/09/2003 14:38:09 -=- SBSI -----= SBSI
cr: 18/01/2007 20:19:10 | mo: 18/01/2007 20:19:33 -=- ScanSoft -= ScanSoft
cr: 20/04/2007 19:10:36 | mo: 20/04/2007 19:11:00 -=- Skype ----= Skype
cr: 06/05/2005 12:50:01 | mo: 07/01/2008 06:03:16 -=- SOAPCL~1 -= Soap close else heart
cr: 20/09/2006 20:36:25 | mo: 20/09/2006 20:36:25 -=- SONYCO~1 -= Sony Corporation
cr: 02/01/2007 21:49:32 | mo: 02/01/2007 21:50:18 -=- SONYER~1 -= Sony Ericsson
cr: 06/02/2004 14:08:25 | mo: 03/02/2005 19:57:02 -=- Symantec -= Symantec
cr: 02/01/2007 21:49:00 | mo: 02/01/2007 21:50:12 -=- Teleca ---= Teleca
cr: 11/12/2005 13:41:09 | mo: 11/12/2005 13:41:09 -=- WINDOW~1 -= Windows Genuine Advantage
cr: 06/07/2007 10:11:50 | mo: 06/07/2007 10:13:56 -=- WINDOW~2 -= WindowsLiveInstaller
cr: 06/07/2007 10:11:40 | mo: 06/07/2007 10:11:40 -=- WLINST~1 -= WLInstaller
cr: 11/04/2005 21:37:29 | mo: 11/04/2005 21:39:03 -=- {8D624~1 -= {8D62440A-B5C4-4E8A-BDBD-1C702EFBC24C}

+- C:\Documents and Settings\ENZO FAB\Application Data

cr: 27/12/2003 21:14:01 | mo: 02/01/2007 23:23:56 -=- Adobe ----= Adobe
cr: 04/02/2005 19:15:07 | mo: 14/07/2006 12:53:32 -=- AdobeUM --= AdobeUM
cr: 27/12/2003 21:14:01 | mo: 21/02/2004 12:09:05 -=- Ahead ----= Ahead
cr: 18/01/2004 14:52:24 | mo: 16/02/2004 14:10:12 -=- ArcSoft --= ArcSoft
cr: 02/10/2006 19:07:08 | mo: 02/10/2006 19:07:08 -=- Ashampoo -= Ashampoo
cr: 20/12/2004 13:19:10 | mo: 20/12/2004 13:19:10 -=- Axialis --= Axialis
cr: 03/10/2006 14:50:08 | mo: 03/09/2007 10:17:47 -=- BITTOR~1 -= BitTorrent
cr: 18/01/2007 22:54:28 | mo: 17/11/2007 20:47:52 -=- Canon ----= Canon
cr: 27/12/2003 21:14:01 | mo: 09/10/2003 13:00:58 -=- CYBERL~1 -= CyberLink
cr: 18/04/2004 13:48:19 | mo: 18/04/2004 13:48:19 -=- FotoWire -= FotoWire
cr: 23/12/2005 13:50:01 | mo: 28/10/2006 21:18:41 -=- Google ---= Google
cr: 27/12/2003 21:14:01 | mo: 09/10/2003 13:02:46 -=- Help -----= Help
cr: 20/02/2007 10:27:22 | mo: 19/05/2007 10:34:15 -=- hidires --= hidires
cr: 27/12/2003 21:14:01 | mo: 08/03/2004 20:06:18 -=- IDENTI~1 -= Identities
cr: 27/12/2003 21:14:01 | mo: 11/09/2003 16:10:16 -=- INTERT~1 -= InterTrust
cr: 29/04/2005 16:39:05 | mo: 29/04/2005 16:39:05 -=- LEADER~1 -= Leadertech
cr: 03/06/2006 18:27:44 | mo: 16/12/2007 06:04:09 -=- LimeWire -= LimeWire
cr: 27/12/2003 21:14:01 | mo: 11/09/2003 17:27:42 -=- MACROM~1 -= Macromedia
cr: 27/12/2003 21:14:00 | mo: 01/09/2006 10:30:55 -=- MICROS~1 -= Microsoft
cr: 10/07/2007 17:23:11 | mo: 10/07/2007 17:23:11 -=- Mozilla --= Mozilla
cr: 06/01/2004 17:24:04 | mo: 08/03/2004 20:29:47 -=- MSN6 -----= MSN6
cr: 11/02/2006 21:05:14 | mo: 11/02/2006 21:05:14 -=- MUSICM~1 -= Musicmatch
cr: 04/01/2008 22:59:00 | mo: 06/01/2008 12:25:33 -=- OPENOF~1.ORG -= OpenOffice.org2
cr: 20/06/2004 21:10:30 | mo: 27/07/2005 19:21:14 -=- PEERNE~1 -= PeerNetworking
cr: 18/12/2007 18:03:18 | mo: 18/12/2007 18:09:50 -=- Real -----= Real
cr: 18/01/2007 20:19:26 | mo: 18/01/2007 20:19:26 -=- ScanSoft -= ScanSoft
cr: 11/04/2005 21:36:30 | mo: 11/04/2005 21:36:30 -=- SEVENZ~1 -= Seven Zip
cr: 20/04/2007 19:11:17 | mo: 31/05/2007 18:12:29 -=- Skype ----= Skype
cr: 20/09/2006 20:29:28 | mo: 20/09/2006 21:01:19 -=- SONYCO~1 -= Sony Corporation
cr: 16/10/2004 13:15:06 | mo: 07/01/2008 06:03:31 -=- STORES~1 -= Store Scr Audio
cr: 23/03/2006 19:42:22 | mo: 23/03/2006 19:42:22 -=- Sun ------= Sun
cr: 06/02/2004 14:08:45 | mo: 06/02/2004 14:08:45 -=- Symantec -= Symantec
cr: 20/04/2007 19:28:36 | mo: 20/04/2007 19:28:37 -=- TEAMSP~1 -= teamspeak2
cr: 02/01/2007 21:56:48 | mo: 02/01/2007 21:58:41 -=- Teleca ---= Teleca
cr: 01/12/2007 18:09:50 | mo: 01/12/2007 18:09:50 -=- vlc ------= vlc

+- C:\Documents and Settings\ENZO FAB\Local Settings\Application Data

cr: 04/02/2005 19:13:51 | mo: 04/02/2005 19:14:48 -=- Adobe ----= Adobe
cr: 27/12/2003 21:14:00 | mo: 21/05/2007 16:46:42 -=- APPLIC~1 -= ApplicationHistory
cr: 01/07/2006 13:01:17 | mo: 27/10/2006 17:10:37 -=- Google ---= Google
cr: 27/12/2003 21:14:00 | mo: 09/10/2003 13:02:46 -=- Help -----= Help
cr: 30/01/2004 20:04:49 | mo: 08/03/2004 20:06:18 -=- IDENTI~1 -= Identities
cr: 27/12/2003 21:14:00 | mo: 23/12/2007 02:07:11 -=- MICROS~1 -= Microsoft
cr: 10/07/2007 17:23:11 | mo: 10/07/2007 17:23:11 -=- Mozilla --= Mozilla
cr: 11/02/2006 21:05:06 | mo: 11/02/2006 21:19:49 -=- MUSICM~1 -= Musicmatch
cr: 03/09/2007 21:50:30 | mo: 03/09/2007 21:50:31 -=- PCHealth -= PCHealth
cr: 27/12/2003 21:14:00 | mo: 14/02/2007 15:05:40 -=- WMTOOL~1 -= WMTools Downloaded Files

+- C:\Documents and Settings\PASCAL\Application Data

cr: 30/01/2004 15:16:53 | mo: 11/09/2003 16:10:16 -=- Adobe ----= Adobe
cr: 30/01/2004 15:16:53 | mo: 23/10/2003 17:02:54 -=- Ahead ----= Ahead
cr: 07/05/2004 12:26:34 | mo: 07/05/2004 12:29:55 -=- ArcSoft --= ArcSoft
cr: 30/01/2004 15:16:53 | mo: 09/10/2003 13:00:58 -=- CYBERL~1 -= CyberLink
cr: 30/01/2004 15:16:53 | mo: 09/10/2003 13:02:46 -=- Help -----= Help
cr: 30/01/2004 15:16:53 | mo: 11/09/2003 14:33:33 -=- IDENTI~1 -= Identities
cr: 30/01/2004 15:16:53 | mo: 11/09/2003 16:10:16 -=- INTERT~1 -= InterTrust
cr: 01/03/2006 11:16:56 | mo: 03/03/2006 22:28:46 -=- LABATA~1 -= La Bataille pour la Terre du Milieu
cr: 30/01/2004 15:16:53 | mo: 11/09/2003 17:27:42 -=- MACROM~1 -= Macromedia
cr: 30/01/2004 15:16:53 | mo: 11/12/2005 13:33:20 -=- MICROS~1 -= Microsoft
cr: 07/01/2007 21:56:18 | mo: 07/01/2007 21:57:47 -=- Teleca ---= Teleca

+- C:\Documents and Settings\PASCAL\Local Settings\Application Data

cr: 30/01/2004 15:16:53 | mo: 11/12/2005 13:52:24 -=- APPLIC~1 -= ApplicationHistory
cr: 30/01/2004 15:16:53 | mo: 09/10/2003 13:02:46 -=- Help -----= Help
cr: 12/09/2004 19:46:47 | mo: 12/09/2004 19:46:47 -=- IDENTI~1 -= Identities
cr: 30/01/2004 15:16:53 | mo: 07/01/2007 21:55:28 -=- MICROS~1 -= Microsoft
cr: 27/02/2006 11:32:02 | mo: 27/02/2006 11:32:02 -=- MUSICM~1 -= Musicmatch
cr: 30/01/2004 15:16:53 | mo: 11/09/2003 18:04:48 -=- WMTOOL~1 -= WMTools Downloaded Files

+- C:\Documents and Settings\VERO\Application Data

cr: 02/08/2004 09:36:40 | mo: 11/09/2003 16:10:16 -=- Adobe ----= Adobe
cr: 02/08/2004 09:36:40 | mo: 23/10/2003 17:02:54 -=- Ahead ----= Ahead
cr: 02/08/2004 09:36:40 | mo: 09/10/2003 13:00:58 -=- CYBERL~1 -= CyberLink
cr: 02/08/2004 09:36:40 | mo: 09/10/2003 13:02:46 -=- Help -----= Help
cr: 02/08/2004 09:36:40 | mo: 11/09/2003 14:33:33 -=- IDENTI~1 -= Identities
cr: 02/08/2004 09:36:40 | mo: 11/09/2003 16:10:16 -=- INTERT~1 -= InterTrust
cr: 02/08/2004 09:36:40 | mo: 11/09/2003 17:27:42 -=- MACROM~1 -= Macromedia
cr: 02/08/2004 09:36:39 | mo: 09/10/2003 13:25:44 -=- MICROS~1 -= Microsoft

+- C:\Documents and Settings\VERO\Local Settings\Application Data

cr: 02/08/2004 09:36:39 | mo: 23/10/2003 18:06:34 -=- APPLIC~1 -= ApplicationHistory
cr: 02/08/2004 09:36:39 | mo: 09/10/2003 13:02:46 -=- Help -----= Help
cr: 02/08/2004 09:36:39 | mo: 11/09/2003 18:04:45 -=- MICROS~1 -= Microsoft
cr: 02/08/2004 09:36:39 | mo: 11/09/2003 18:04:48 -=- WMTOOL~1 -= WMTools Downloaded Files

___________________________________________________________________________

[Listing du dossier Program Files]

+- C:\Program Files

cr: 11/09/2003 16:10:16 | mo: 02/01/2007 21:24:09 -=- Adobe ----= Adobe
cr: 18/07/2004 12:00:45 | mo: 18/07/2004 12:00:45 -=- AGD ------= AGD
cr: 30/12/2003 16:01:50 | mo: 30/12/2003 16:01:50 -=- Agfa -----= Agfa
cr: 23/10/2003 16:51:58 | mo: 22/02/2004 00:23:17 -=- Ahead ----= Ahead
cr: 05/05/2007 16:07:39 | mo: 03/01/2008 23:23:08 -=- ALIENG~1 -= AlienGUIse
cr: 12/05/2007 15:31:16 | mo: 12/05/2007 15:31:16 -=- ALWILS~1 -= Alwil Software
cr: 25/07/2004 21:15:33 | mo: 25/07/2004 21:15:33 -=- ANTE -----= ANTE
cr: 18/01/2004 14:50:38 | mo: 18/01/2007 20:16:30 -=- ArcSoft --= ArcSoft
cr: 12/10/2006 19:27:36 | mo: 12/10/2006 19:27:38 -=- Audacity -= Audacity
cr: 21/04/2004 08:19:28 | mo: 07/02/2005 18:03:21 -=- AUTOUP~1 -= AutoUpdate
cr: 20/12/2004 13:18:59 | mo: 20/12/2004 13:18:59 -=- Axialis --= Axialis
cr: 03/10/2006 14:49:16 | mo: 12/09/2007 18:46:28 -=- BITTOR~1 -= BitTorrent
cr: 11/04/2005 21:38:05 | mo: 06/05/2005 10:13:42 -=- BLAZEM~1 -= Blaze Media Pro
cr: 13/07/2004 06:10:24 | mo: 13/07/2004 06:10:24 -=- BLUESA~1 -= blue save size
cr: 09/10/2003 12:41:59 | mo: 06/02/2004 14:05:41 -=- CA -------= CA
cr: 11/01/2004 20:56:57 | mo: 18/01/2007 20:26:44 -=- Canon ----= Canon
cr: 18/01/2007 20:12:37 | mo: 18/01/2007 20:12:37 -=- CanonBJ --= CanonBJ
cr: 23/12/2007 12:06:35 | mo: 23/12/2007 12:06:35 -=- CIRCLE~1 -= Circle Developement
cr: 09/10/2003 11:39:45 | mo: 09/10/2003 11:39:45 -=- COMMON~1 -= Common Files
cr: 11/09/2003 14:31:08 | mo: 11/09/2003 14:31:08 -=- COMPLU~1 -= ComPlus Applications
cr: 30/12/2003 11:00:35 | mo: 30/12/2003 11:12:50 -=- CREATU~1 -= Creatures 2
cr: 27/07/2004 21:20:24 | mo: 27/07/2004 21:21:25 -=- CRYPTU~1 -= Cryptus 2004 Pro
cr: 09/10/2003 11:18:10 | mo: 09/10/2003 11:18:12 -=- CYBERL~1 -= CyberLink
cr: 09/02/2004 15:35:15 | mo: 09/02/2004 15:35:15 -=- Datel ----= Datel
cr: 18/01/2004 14:52:09 | mo: 18/01/2004 14:52:09 -=- directx --= directx
cr: 02/01/2007 21:37:46 | mo: 02/01/2007 21:37:53 -=- DISC2P~1 -= Disc2Phone
cr: 12/02/2004 20:45:37 | mo: 23/10/2005 00:22:35 -=- DivX -----= DivX
cr: 02/02/2007 20:12:56 | mo: 16/12/2007 02:31:55 -=- Dofus ----= Dofus
cr: 20/03/2005 15:37:59 | mo: 01/09/2006 23:45:45 -=- EAGAME~1 -= EA GAMES
cr: 08/03/2004 20:21:23 | mo: 01/03/2006 09:07:26 -=- ELABOR~1 -= Elaborate Bytes
cr: 06/02/2004 15:01:30 | mo: 09/01/2008 19:41:55 -=- eMule ----= eMule
cr: 11/09/2003 15:26:09 | mo: 03/01/2008 23:20:47 -=- FICHIE~1 -= Fichiers communs
cr: 25/06/2004 14:44:22 | mo: 11/12/2005 15:51:48 -=- FILEZI~1 -= FileZilla
cr: 23/06/2004 13:42:35 | mo: 01/12/2004 13:07:13 -=- FUNWEB~1 -= FunWebProducts
cr: 02/05/2006 20:22:25 | mo: 30/06/2007 18:58:51 -=- GAMESP~1 -= GameSpy Arcade
cr: 06/02/2004 14:57:50 | mo: 02/02/2007 17:07:30 -=- Google ---= Google
cr: 16/05/2005 14:20:42 | mo: 06/12/2005 17:38:31 -=- GSM ------= GSM
cr: 12/01/2007 17:42:42 | mo: 13/01/2007 09:57:13 -=- GUILDW~1 -= GUILD WARS
cr: 04/04/2006 21:44:20 | mo: 04/04/2006 21:44:25 -=- GUITAR~1 -= Guitar Pro 5
cr: 11/09/2003 16:09:19 | mo: 05/11/2007 00:39:33 -=- INSTAL~1 -= InstallShield Installation Information
cr: 11/09/2003 14:31:23 | mo: 14/02/2007 15:10:15 -=- INTERN~1 -= Internet Explorer
cr: 22/08/2007 15:30:00 | mo: 22/08/2007 15:30:00 -=- Inventel -= Inventel
cr: 23/03/2006 19:41:07 | mo: 26/11/2007 17:13:08 -=- Java -----= Java
cr: 16/08/2006 12:45:16 | mo: 02/09/2007 21:16:18 -=- LimeWire -= LimeWire
cr: 18/04/2004 13:45:52 | mo: 18/04/2004 13:48:17 -=- Logitech -= Logitech
cr: 09/01/2008 22:55:07 | mo: 09/01/2008 22:59:52 -=- Lopxp ----= Lopxp
cr: 09/10/2003 11:17:15 | mo: 09/10/2003 11:18:53 -=- MEDION~1 -= Medion Power Cinema
cr: 11/09/2003 14:30:27 | mo: 06/01/2008 15:51:24 -=- MESSEN~1 -= Messenger
cr: 21/04/2004 08:17:24 | mo: 22/06/2004 19:29:51 -=- MESSEN~2 -= Messenger Plus! 2
cr: 22/06/2004 19:29:37 | mo: 24/11/2006 17:45:09 -=- MESSEN~3 -= Messenger Plus! 3
cr: 10/07/2007 17:36:16 | mo: 23/12/2007 12:06:35 -=- MESSEN~4 -= Messenger Plus! Live
cr: 03/01/2008 21:08:49 | mo: 03/01/2008 22:01:35 -=- MEFD9D~1 -= MessengerDiscovery
cr: 11/09/2003 14:33:36 | mo: 11/09/2003 14:33:36 -=- MICROS~1 -= microsoft frontpage
cr: 06/02/2004 14:48:19 | mo: 06/02/2004 14:49:05 -=- MICROS~3 -= Microsoft Office
cr: 06/05/2006 08:55:07 | mo: 06/05/2006 08:55:07 -=- MICROS~4 -= Microsoft Visual Studio
cr: 11/09/2003 17:58:28 | mo: 11/09/2003 18:00:03 -=- MICROS~2 -= Microsoft Works
cr: 06/02/2004 14:48:20 | mo: 06/02/2004 14:48:20 -=- MICROS~1.NET -= Microsoft.NET
cr: 11/09/2003 14:31:28 | mo: 06/05/2005 10:40:49 -=- MOVIEM~1 -= Movie Maker
cr: 10/07/2007 17:22:59 | mo: 09/01/2008 22:43:36 -=- MOZILL~1 -= Mozilla Firefox
cr: 11/09/2003 14:30:11 | mo: 08/03/2004 20:35:13 -=- MSN ------= MSN
cr: 30/07/2004 23:34:52 | mo: 30/07/2004 23:36:22 -=- MSNAPP~1 -= MSN Apps
cr: 11/09/2003 14:30:24 | mo: 11/09/2003 14:30:24 -=- MSNGAM~1 -= MSN Gaming Zone
cr: 03/01/2008 21:09:25 | mo: 03/01/2008 21:09:25 -=- MSNMES~1 -= MSN Messenger
cr: 19/11/2006 03:22:38 | mo: 19/11/2006 03:22:38 -=- MSXML4~1.0 -= MSXML 4.0
cr: 11/09/2003 16:19:32 | mo: 06/05/2005 10:12:06 -=- MUSICM~1 -= MUSICMATCH
cr: 11/09/2003 14:31:26 | mo: 06/05/2005 10:35:45 -=- NETMEE~1 -= NetMeeting
cr: 17/12/2005 16:07:51 | mo: 17/12/2005 16:08:02 -=- NewR&V ---= NewR&V
cr: 23/10/2003 17:21:34 | mo: 23/10/2003 17:21:37 -=- OFFICE~1 -= OfficeUpdate11
cr: 04/01/2008 14:27:37 | mo: 04/01/2008 14:28:50 -=- OPENOF~1.3 -= OpenOffice.org 2.3
cr: 11/09/2003 14:31:25 | mo: 17/12/2006 00:34:14 -=- OUTLOO~1 -= Outlook Express
cr: 10/02/2004 18:43:21 | mo: 15/05/2005 22:56:18 -=- QUICKT~1 -= QuickTime
cr: 18/12/2007 18:04:54 | mo: 18/12/2007 18:04:54 -=- Real -----= Real
cr: 12/04/2007 18:36:21 | mo: 12/04/2007 18:36:29 -=- REALTE~1 -= Realtek AC97
cr: 18/04/2004 19:35:52 | mo: 18/04/2004 19:41:58 -=- REGCLE~1 -= RegCleaner
cr: 05/11/2007 00:39:34 | mo: 05/11/2007 00:39:34 -=- SAGEM ----= SAGEM
cr: 27/07/2004 21:24:45 | mo: 27/07/2004 21:24:48 -=- SBOXFR~1 -= SBox FreeWare
cr: 18/01/2007 20:18:23 | mo: 18/01/2007 20:18:23 -=- ScanSoft -= ScanSoft
cr: 22/09/2007 21:49:39 | mo: 22/09/2007 21:49:39 -=- SECURI~1 -= Securitoo
cr: 11/09/2003 14:30:32 | mo: 11/09/2003 14:31:53 -=- SERVIC~1 -= Services en ligne
cr: 11/12/2004 23:55:22 | mo: 11/12/2004 23:55:23 -=- SigmaTel -= SigmaTel
cr: 11/09/2003 16:07:37 | mo: 11/09/2003 16:07:37 -=- SiSLan ---= SiSLan
cr: 20/04/2007 19:10:30 | mo: 20/04/2007 19:11:05 -=- Skype ----= Skype
cr: 08/03/2004 20:20:02 | mo: 08/03/2004 20:20:02 -=- SlySoft --= SlySoft
cr: 20/09/2006 20:30:39 | mo: 20/09/2006 20:45:09 -=- Sony -----= Sony
cr: 20/09/2006 20:44:32 | mo: 20/09/2006 20:44:32 -=- SONYCO~1 -= Sony Corporation
cr: 02/01/2007 21:49:00 | mo: 02/01/2007 21:49:00 -=- SONYER~1 -= Sony Ericsson
cr: 07/01/2008 06:02:14 | mo: 07/01/2008 06:02:14 -=- STORES~1 -= Store Scr Audio
cr: 06/02/2004 14:08:34 | mo: 03/02/2005 19:57:12 -=- Symantec -= Symantec
cr: 20/04/2007 19:28:14 | mo: 20/04/2007 19:28:36 -=- TEAMSP~1 -= Teamspeak2_RC2
cr: 15/08/2004 17:36:25 | mo: 15/08/2004 17:36:25 -=- TGTSoft --= TGTSoft
cr: 11/01/2006 20:35:46 | mo: 11/01/2006 20:35:46 -=- Thomson --= Thomson
cr: 06/01/2008 03:07:29 | mo: 06/01/2008 03:07:29 -=- TRENDM~1 -= Trend Micro
cr: 28/11/2007 19:50:38 | mo: 28/11/2007 19:50:51 -=- TVAnts ---= TVAnts
cr: 02/04/2004 17:16:11 | mo: 02/04/2004 17:16:11 -=- UBISOF~1 -= Ubi Soft
cr: 11/09/2003 14:36:54 | mo: 03/07/2004 09:18:29 -=- UNINST~1 -= Uninstall Information
cr: 11/03/2005 17:31:04 | mo: 01/07/2005 12:54:52 -=- VDJ3 -----= VDJ3
cr: 17/07/2004 09:40:21 | mo: 17/07/2004 09:40:22 -=- VIBRAT~1 -= VibrateGameDeviceDriver
cr: 01/12/2007 18:08:16 | mo: 01/12/2007 18:08:16 -=- VideoLAN -= VideoLAN
cr: 18/07/2004 13:31:25 | mo: 04/02/2005 08:42:38 -=- VIRTUA~1 -= Virtual Creatures
cr: 11/03/2005 07:43:43 | mo: 14/03/2005 21:59:37 -=- VIRTUA~2 -= VirtualDJ
cr: 31/08/2007 18:26:50 | mo: 09/01/2008 17:49:30 -=- Wanadoo --= Wanadoo
cr: 21/02/2004 15:15:57 | mo: 21/02/2004 15:15:57 -=- WinASPI --= WinASPI
cr: 11/09/2003 16:14:33 | mo: 11/09/2003 16:14:33 -=- WINDOW~4 -= Windows Journal Viewer
cr: 06/07/2007 10:11:44 | mo: 06/07/2007 10:14:15 -=- WI1F86~1 -= Windows Live
cr: 19/02/2004 19:59:52 | mo: 19/02/2004 19:59:52 -=- WI15DA~1 -= Windows Media Components
cr: 26/01/2007 17:57:42 | mo: 26/01/2007 17:57:44 -=- WI4DF6~1 -= Windows Media Connect 2
cr: 11/09/2003 14:30:32 | mo: 26/01/2007 18:07:30 -=- WINDOW~2 -= Windows Media Player
cr: 11/09/2003 14:30:11 | mo: 06/05/2005 10:35:36 -=- WINDOW~1 -= Windows NT
cr: 11/09/2003 14:30:32 | mo: 15/08/2004 15:31:44 -=- WINDOW~3 -= WindowsUpdate
cr: 06/02/2004 15:05:39 | mo: 31/12/2005 10:42:24 -=- WinRAR ---= WinRAR
cr: 11/09/2003 14:33:36 | mo: 11/09/2003 14:33:36 -=- xerox ----= xerox

___________________________________________________________________________

[Recherche programmes connus, liés à CiD]


C:\Program Files\Messenger Plus! 2
C:\Program Files\Messenger Plus! Live


___________________________________________________________________________

[Clés registre de démarrage]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   new live bait pop	REG_SZ         	C:\Documents and Settings\All Users\Application Data\pilemanagernewlive\Store Jugs.exe
   Elseheartthatthis	REG_SZ         	C:\Documents and Settings\All Users\Application Data\Soap close else heart\RoamCopy.exe
   Stupid Data Dart Wave	REG_SZ         	C:\Documents and Settings\All Users\Application Data\flag ace stupid data\Logo dart.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   open fork	REG_SZ         	C:\DOCUME~1\ENZOFA~1\APPLIC~1\STORES~1\Bib logo hole.exe


___________________________________________________________________________

[Popups autorisés]


[-] Internet Explorer :

dns-look-up.com
www.dns-look-up.com
www.jeux.com
www.divxovore.com
www.web-tricheur.net
thekiller3001.skyblog.com
empereur83.skyblog.com
theskygooder.skyblog.com
mini-marg30.skyblog.com
lololodugard.skyblog.com
clement-10.skyblog.com
camsenforce.skyblog.com
cleliadu30.skyblog.com
baby41801.skyblog.com
meganounou0007.skyblog.com
wallagen.skyblog.com
*.hotmail.msn.com
searchweb2.com
www.searchweb2.com
www.carrefour.fr
host-domain-lookup.com
www.host-domain-lookup.com
mysearchnow.com
www.mysearchnow.com

[-] Mozilla Firefox

host	popup	1	live.msgd2.com
host	popup	1	www.meteofrance.com

[-] Suite Mozilla / SeaMonkey


___________________________________________________________________________

[Suggestion nettoyage registre] 


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"new live bait pop"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Elseheartthatthis"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stupid Data Dart Wave"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"open fork"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow]
"dns-look-up.com"=-
"www.dns-look-up.com"=-
"mysearchnow.com"=-
"www.mysearchnow.com"=-


- Fin du rapport -


______________________________________________________________________________________________________


Voila, j'ai tout copier/coller. Merci de me repondre encore. Si il y a un soucis, dîtes-le moi. J'espere des réponses au plus vite. Meme si pour moi ce n'est pas toujours le cas ^^' . A++

Megan Fox · Answer

Salut Nzo30,

On a trouvé déjà quelques infections, on va pouvoir déjà avancer.

1.
* Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter. Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
* Relance le programme Smitfraudfix,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

2.
Tu as une infection Lop également, as-tu accepté les sponsors lors de l'installation de Messenger Plus! 2  ou Messenger Plus! Live.
Si oui fait cette étape
Tu vas dans Démarrer, panneau de configuration, Ajout/supression de programmes.
Tu cliques sur supprimmer pour Messenger Plus! 2.
S'il te propose de désinstaller le sponsor, tu acceptes. Sinon tu quittes.
Tu fais la même chose avec Messenger Plus! live. 
Si tu n'as pas cette possibilité, on fera un nettoyage manuellement.
Si tu as réussi, remet un rapport Lopxp dans ta prochaine réponse.

3. Tu ne m'as pas donné de rapport pour MsnFix.
Est-ce que tu as fait passer l'outil?


En résumé:
Il faut que tu me donnes, le rapport de smitfraudfix option2, un nouveau rapport de lopxp si tu as réussi a supprimer les sponsors et le rapport MsnFix.


A+

missflo · Answer

Salut...

S'il vous plaît j'aurais besoin d'aide...
Il y a quelques heures j'ai eu la bonne idée d'accepter ce super cadeau de la part d'un de mes amis..
Bref maintenant j'essaie de m'en débarrasser !
J'ai téléchargé MSNFix et je l'ai extrait dans C: mais quand j'essaie de faire tourner le programme, je choisis la langue puis R et il ne se passe rien... A part un underscore qui clignote.. 

Est ce que l'opération dure longtemps ? 

Merci d'avance ! xx

missflo · Answer

J'ai fait tourner Hijackthis, voilà le résultat.. Je ne suis pas capable d'interpréter ces résultats..
Please help     :'-((((((


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:07:01, on 03/02/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32	askeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Flo\Documents\Mes fichiers reçus\DSC01497\img091307-www.photoshop.com
C:\Users\Flo\Documents\Mes fichiers reçus\DSC01497\img091307-www.photoshop.com
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\AnVir Virus Destroyer\AnVir.exe
C:\Windows\system32\cmd.exe
C:\MSNFix\incl\swreg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Flo\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AnVir Virus Destroyer] "C:\Program Files\AnVir Virus Destroyer\AnVir.exe" Minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D77CC52-D146-4D11-9AC8-C38C96F02C38}: NameServer = 212.95.68.238
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D77CC52-D146-4D11-9AC8-C38C96F02C38}: NameServer = 212.95.68.238
O17 - HKLM\System\CS2\Services\Tcpip\..\{1D77CC52-D146-4D11-9AC8-C38C96F02C38}: NameServer = 212.95.68.238
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

mayelle · Answer

hannnnnnnnnnnnnnnnnnn

je me suis faite avoir comme un bleu !!

un ami vien me parler et me fait " tiens, j'tenvoi les photo de mes vacances" puis paF  DSC01497.zip dans les dents...
j'ai dwl et paf depuis c'est le bordel avec msn !!!
tout mes contacts sont poullu par ce truc...

je viens de dwl msnfix et j'ai eut ca comme rapport...





MSNFix 1.666  
 
C:\Program Files\MSNFix 
Fix exécuté le 21/02/2008 -  0:08:15,85 By Kiki 
mode normal    
    
************************ Recherche les fichiers présents      
    
... C:\WINDOWS\system32\dllcache\spoolms.exe 
... C:\WINDOWS\DSC01497.zip 
 
************************ Recherche les dossiers présents       
 
Aucun dossier trouvé 
 
 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\WINDOWS\system32\dllcache\spoolms.exe  
.. OK ... C:\WINDOWS\DSC01497.zip 
 
 
 
************************ Nettoyage du registre 
 
 
 
************************ Fichiers suspects 
 
Aucun Fichier trouvé 
 
  
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 21022008_ 0093467.zip
 


------------------------------------------------------------------------  
Auteur : !aur3n7                     Contact: https://www.ionos.fr/     
------------------------------------------------------------------------   
 
---------------------------------------------   END   --------------------------------------------- 
 
est ce qu'il est parti?????????????????????

missflo · Answer

Je dirais que oui... Moi j'ai eu plus de mal sous vista mais j'ai réussi à m'en débarrasser aussi ^^

Tsume · Answer

Salut !! Moi aussi j'ai accepté ce truc.... mais je ne l'ai pas dézipé, donc est ce que je risque d'avoir un problème avec ou pas ???

C'est peut-être une question bête, mais c'est toujours bon à savoir....

timsoul · Answer

HELP ME PLEASE

timsoul · Answer

apres avoir nettoyé en safe mode, voila le nouveau rapport:
SmitFraudFix v2.300

Scan done at 22:19:06,01, 03/03/2008
Run from J:\lea\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1519102C-A040-441B-A643-AE1CAD41603F}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1519102C-A040-441B-A643-AE1CAD41603F}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1519102C-A040-441B-A643-AE1CAD41603F}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

liam · Answer

voila, j'ai aussi se virus. c'est juste pour savoir si avast suffit pour m'en débarrasser ou si je doit faire autre chose

totti · Answer

bonjour je viens de choper ce virus mais avec msn fix je n'arrive pas a le mettre en route . faut t-il se mettre en mode sans echec pr que cela fonctionne ? si oui que faire apres 
merci de me repondre

technocom7 · Answer

SmitFraudFix v2.301

Scan done at 20:43:07,06, 12/03/2008
Run from C:\Users\Administrateur\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Toshiba TEMPO\TempoSVC.exe
C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Administrateur


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Administrateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ADMINI~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E31004D1-A431-41B8-826F-E902F9D95C81}"="Windows DreamScene"

[HKEY_CLASSES_ROOT\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\InProcServer32]
@="%SystemRoot%\System32\DreamScene.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\InProcServer32]
@="%SystemRoot%\System32\DreamScene.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Atheros AR5008X Wireless Network Adapter
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{395EC312-B0E4-4987-8B42-41D2A371BC30}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{395EC312-B0E4-4987-8B42-41D2A371BC30}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{395EC312-B0E4-4987-8B42-41D2A371BC30}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Virus DSC01497.zip genant

14 réponses

Discussions similaires

Newsletters