A voir également:
- Jai le virus spiderH comment le nettoyer
- Nettoyer ordinateur portable lent - Guide
- Comment nettoyer son mac - Guide
- Nettoyer le disque dur - Guide
- Virus mcafee - Accueil - Piratage
- Nettoyer memoire iphone - Guide
50 réponses
alors mets antivir et colles un rapport avec (c'est tres risqué de ne pas en avoir...)
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
je ne le vois pas dans hijackhtis???
sinon :
fait un scan en ligne avec un des suivants: et colle le rapport
kaspersky en ligne :
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
sinon :
fait un scan en ligne avec un des suivants: et colle le rapport
kaspersky en ligne :
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voici le rapport de kaspersky:
Analyse complète: en cours (événements : 10, objets : 78705, durée : 00:10:40)
29/08/2008 20:26:51 Lancement de la tâche
29/08/2008 20:29:24 Fin de la tâche
Analyse complète: en cours (événements : 10, objets : 78705, durée : 00:10:40)
29/08/2008 20:43:47 Lancement de la tâche
29/08/2008 20:49:42 Détectés: not-a-virus:AdWare.Win32.AskJeeves.d C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2
29/08/2008 20:49:46 Non réparés: not-a-virus:AdWare.Win32.AskJeeves.d C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2 Reporté
29/08/2008 21:11:36 Détectés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir
29/08/2008 21:11:36 Non réparés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir Reporté
29/08/2008 21:24:26 Détectés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir
29/08/2008 21:24:29 Supprimés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir
29/08/2008 21:24:29 Fin de la tâche
Analyse complète: en cours (événements : 10, objets : 78705, durée : 00:10:40)
29/08/2008 21:32:13 Lancement de la tâche
29/08/2008 21:34:03 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
29/08/2008 21:34:06 Détectés: https://securelist.fr/ C:\windows\system32\kaspersky lab\kaspersky online scanner\kavwebscan.dll
29/08/2008 21:42:53 Détectés: Trojan.VBS.Wallpaper C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP177\A0028863.vbs
29/08/2008 21:42:53 Non réparés: Trojan.VBS.Wallpaper C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP177\A0028863.vbs Reporté
29/08/2008 21:42:56 Détectés: not-a-virus:AdWare.Win32.AskJeeves.d C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP178\A0029006.exe/file2
29/08/2008 21:42:56 Non réparés: not-a-virus:AdWare.Win32.AskJeeves.d C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP178\A0029006.exe/file2 Reporté
29/08/2008 21:57:04 Détectés: https://securelist.fr/ C:\program files\Java\jre1.5.0\bin\java.exe
29/08/2008 21:57:15 Détectés: https://securelist.fr/ C:\program files\Java\jre1.6.0_05\bin\java.exe
29/08/2008 22:07:34 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
29/08/2008 22:12:46 Détectés: https://securelist.fr/ C:\savxpsa\savxp\SXS\msxml4.dll
29/08/2008 22:12:46 Détectés: https://securelist.fr/ C:\savxpsa\savxp\System\msxml4.dll
29/08/2008 22:12:47 Détectés: https://securelist.fr/ C:\savxpsa\savxp\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavMain.exe
29/08/2008 22:17:36 Détectés: https://securelist.fr/ C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
29/08/2008 22:21:18 Détectés: https://securelist.fr/ C:\windows\system32\Macromed\Flash\Flash9e.ocx
29/08/2008 22:21:37 Fin de la tâche
Analyse complète: en cours (événements : 10, objets : 78705, durée : 00:10:40)
29/08/2008 23:52:28 Lancement de la tâche
29/08/2008 23:53:47 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
29/08/2008 23:58:11 Détectés: https://securelist.fr/ C:\program files\Java\jre1.5.0\bin\java.exe
29/08/2008 23:58:13 Détectés: https://securelist.fr/ C:\program files\Java\jre1.6.0_05\bin\java.exe
29/08/2008 23:59:00 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
30/08/2008 00:01:09 Détectés: https://securelist.fr/ C:\savxpsa\savxp\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavMain.exe
30/08/2008 00:01:10 Détectés: https://securelist.fr/ C:\savxpsa\savxp\System\msxml4.dll
30/08/2008 00:01:10 Détectés: https://securelist.fr/ C:\savxpsa\savxp\SXS\msxml4.dll
30/08/2008 00:01:33 Détectés: https://securelist.fr/ C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
30/08/2008 00:01:53 Détectés: https://securelist.fr/ C:\windows\system32\Macromed\Flash\Flash9e.ocx
Analyse complète: en cours (événements : 10, objets : 78705, durée : 00:10:40)
29/08/2008 20:26:51 Lancement de la tâche
29/08/2008 20:29:24 Fin de la tâche
Analyse complète: en cours (événements : 10, objets : 78705, durée : 00:10:40)
29/08/2008 20:43:47 Lancement de la tâche
29/08/2008 20:49:42 Détectés: not-a-virus:AdWare.Win32.AskJeeves.d C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2
29/08/2008 20:49:46 Non réparés: not-a-virus:AdWare.Win32.AskJeeves.d C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2 Reporté
29/08/2008 21:11:36 Détectés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir
29/08/2008 21:11:36 Non réparés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir Reporté
29/08/2008 21:24:26 Détectés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir
29/08/2008 21:24:29 Supprimés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir
29/08/2008 21:24:29 Fin de la tâche
Analyse complète: en cours (événements : 10, objets : 78705, durée : 00:10:40)
29/08/2008 21:32:13 Lancement de la tâche
29/08/2008 21:34:03 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
29/08/2008 21:34:06 Détectés: https://securelist.fr/ C:\windows\system32\kaspersky lab\kaspersky online scanner\kavwebscan.dll
29/08/2008 21:42:53 Détectés: Trojan.VBS.Wallpaper C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP177\A0028863.vbs
29/08/2008 21:42:53 Non réparés: Trojan.VBS.Wallpaper C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP177\A0028863.vbs Reporté
29/08/2008 21:42:56 Détectés: not-a-virus:AdWare.Win32.AskJeeves.d C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP178\A0029006.exe/file2
29/08/2008 21:42:56 Non réparés: not-a-virus:AdWare.Win32.AskJeeves.d C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP178\A0029006.exe/file2 Reporté
29/08/2008 21:57:04 Détectés: https://securelist.fr/ C:\program files\Java\jre1.5.0\bin\java.exe
29/08/2008 21:57:15 Détectés: https://securelist.fr/ C:\program files\Java\jre1.6.0_05\bin\java.exe
29/08/2008 22:07:34 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
29/08/2008 22:12:46 Détectés: https://securelist.fr/ C:\savxpsa\savxp\SXS\msxml4.dll
29/08/2008 22:12:46 Détectés: https://securelist.fr/ C:\savxpsa\savxp\System\msxml4.dll
29/08/2008 22:12:47 Détectés: https://securelist.fr/ C:\savxpsa\savxp\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavMain.exe
29/08/2008 22:17:36 Détectés: https://securelist.fr/ C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
29/08/2008 22:21:18 Détectés: https://securelist.fr/ C:\windows\system32\Macromed\Flash\Flash9e.ocx
29/08/2008 22:21:37 Fin de la tâche
Analyse complète: en cours (événements : 10, objets : 78705, durée : 00:10:40)
29/08/2008 23:52:28 Lancement de la tâche
29/08/2008 23:53:47 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
29/08/2008 23:58:11 Détectés: https://securelist.fr/ C:\program files\Java\jre1.5.0\bin\java.exe
29/08/2008 23:58:13 Détectés: https://securelist.fr/ C:\program files\Java\jre1.6.0_05\bin\java.exe
29/08/2008 23:59:00 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
30/08/2008 00:01:09 Détectés: https://securelist.fr/ C:\savxpsa\savxp\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavMain.exe
30/08/2008 00:01:10 Détectés: https://securelist.fr/ C:\savxpsa\savxp\System\msxml4.dll
30/08/2008 00:01:10 Détectés: https://securelist.fr/ C:\savxpsa\savxp\SXS\msxml4.dll
30/08/2008 00:01:33 Détectés: https://securelist.fr/ C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
30/08/2008 00:01:53 Détectés: https://securelist.fr/ C:\windows\system32\Macromed\Flash\Flash9e.ocx
vire ce fichier de ton bureau:
C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2
________________
vire ce qui est dans le dossier quarantine:
C:\QooBox\Quarantine
______________
désactive ta restauration , puis redemarre ton ordi puis réactive la:
https://www.informatruc.com
encore des soucis???
C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2
________________
vire ce qui est dans le dossier quarantine:
C:\QooBox\Quarantine
______________
désactive ta restauration , puis redemarre ton ordi puis réactive la:
https://www.informatruc.com
encore des soucis???
la restauration ne peux se faire que aujourdui et après l'avoir fais et en redamerrant le message réapparait une autre fois:
Hi !!! walid ! dont worry i am a friend! Have a nice day
que dois je faire?
Hi !!! walid ! dont worry i am a friend! Have a nice day
que dois je faire?
tu as restauré!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
bravo tu as remis l'infection!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
j'avais dis de désactiver la restauration !!!!!!!!! car il y avait les virus dedans!!!!!!!!!!!!!!
c'est bon pour tout refaire!!!!!!!!!!!!!!!
bravo tu as remis l'infection!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
j'avais dis de désactiver la restauration !!!!!!!!! car il y avait les virus dedans!!!!!!!!!!!!!!
c'est bon pour tout refaire!!!!!!!!!!!!!!!
le rapport de hijackhtis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:27, on 30/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:27, on 30/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
deuxiemme rapport
ComboFix 08-08-29.02 - walid 2008-08-30 14:00:20.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.597 [GMT 2:00]
Endroit: C:\Documents and Settings\walid\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))))))))
.
2008-08-29 20:20 . 2008-08-29 20:39 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-29 20:20 . 2008-08-29 20:20 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-29 20:19 . 2008-08-29 20:19 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-08-29 20:19 . 2008-08-30 14:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-29 20:19 . 2008-08-30 14:05 2,630,688 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-29 20:19 . 2008-08-30 14:05 319,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-29 20:19 . 2008-08-30 14:05 21,632 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-29 20:19 . 2008-08-30 14:05 2,172 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-29 20:17 . 2008-08-29 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-29 14:17 . 2008-08-29 14:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-29 13:31 . 2008-08-30 00:17 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-08-29 03:25 . 2008-08-29 03:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 03:25 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-29 03:25 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-28 14:43 . 2008-08-28 14:43 <REP> d-------- C:\_OTMoveIt
2008-08-28 14:26 . 2008-08-28 14:26 <REP> d-------- C:\Documents and Settings\Invité
2008-08-28 13:34 . 2008-08-28 13:42 <REP> d-------- C:\Program Files\Navilog1
2008-08-28 13:28 . 2008-08-28 14:04 2,220 --a------ C:\Documents and Settings\Orph.egd
2008-08-28 13:26 . 2008-08-28 14:04 <REP> d-------- C:\ToolBar SD
2008-08-28 12:48 . 2008-08-28 12:48 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 16:52 . 2008-08-25 16:52 <REP> d-------- C:\Documents and Settings\walid\Application Data\Malwarebytes
2008-08-25 16:52 . 2008-08-25 16:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 02:17 . 2008-08-25 02:17 <REP> d-------- C:\Documents and Settings\walid\Application Data\Babylon
2008-08-25 02:17 . 2008-08-25 02:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-08-25 00:52 . 2008-08-27 23:19 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-25 00:50 . 2008-08-25 00:50 <REP> d-------- C:\Documents and Settings\walid\Application Data\DivX
2008-08-25 00:44 . 2008-08-25 00:44 28,672 --a------ C:\WINDOWS\system32\ncmd.exe
2008-08-24 00:59 . 2008-08-24 01:06 <REP> d--h----- C:\LG3G
2008-08-24 00:58 . 2008-08-24 00:58 <REP> d-------- C:\Documents and Settings\walid\Application Data\LG Electronics
2008-08-24 00:54 . 2008-08-24 00:55 <REP> d-------- C:\Program Files\DivX
2008-08-24 00:53 . 2008-08-24 00:53 <REP> d-------- C:\Program Files\LG Electronics
2008-08-24 00:53 . 2007-07-11 10:45 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-08-24 00:53 . 2007-07-11 15:51 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2008-08-24 00:53 . 2007-07-11 10:40 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2008-08-24 00:52 . 2008-08-24 00:52 <REP> d-------- C:\Program Files\LG PC Suite 2
2008-08-24 00:51 . 2008-08-24 00:51 <REP> d-------- C:\Documents and Settings\walid\Application Data\InstallShield
2008-08-21 13:17 . 2008-08-21 13:22 <REP> d-------- C:\Program Files\YouTube Video Downloader
2008-08-16 11:13 . 2008-08-27 23:19 <REP> d-------- C:\Documents and Settings\walid\Application Data\SUPERAntiSpyware.com
2008-08-16 11:13 . 2008-08-16 11:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-06 20:52 . 2008-08-27 23:17 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-07-30 00:47 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-30 00:47 . 2004-08-04 00:54 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-30 00:47 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-30 00:47 . 2004-08-04 00:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll
2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2008-07-21 18:34 . 2008-07-21 18:34 121,872 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2008-07-19 13:48 . 2008-07-19 13:56 <REP> d-------- C:\Documents and Settings\walid\Application Data\VersionTracker Pro
2008-07-19 13:47 . 2008-07-19 13:47 <REP> d-------- C:\Program Files\TechTracker
2008-07-18 17:19 . 2008-07-18 17:19 <REP> d-------- C:\Program Files\CamStudio
2008-07-14 21:29 . 2004-07-30 05:21 119,798 -ra------ C:\WINDOWS\system32\drivers\SPCA561.SYS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 12:08 --------- d-----w C:\Documents and Settings\walid\Application Data\Skype
2008-08-30 11:09 --------- d-----w C:\Documents and Settings\walid\Application Data\skypePM
2008-08-29 03:04 --------- d-----w C:\Documents and Settings\walid\Application Data\WinEdt
2008-08-28 10:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-28 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-23 22:53 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-15 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-24 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-21 08:17 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
2008-07-19 10:02 --------- d-----w C:\Program Files\Java
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-02 11:02 164 ----a-w C:\install.dat
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 22:43 940 ----a-w C:\Documents and Settings\walid\Application Data\filterclsid.dat
2008-03-06 18:16 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-08-28_14.26.21.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-29 11:31:34 102,400 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-08-29 11:31:54 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2006-05-24 23:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2008-01-02 20:15:19 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-30 12:06:43 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-02 20:15:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-08-30 12:06:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-02 20:15:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-30 12:06:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-29 16:29:38 32,784 ----a-w C:\WINDOWS\system32\drivers\klbg.sys
+ 2008-03-13 17:02:46 26,640 ----a-w C:\WINDOWS\system32\drivers\klfltdev.sys
+ 2008-08-29 18:18:55 213,008 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-04-30 16:06:48 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-09-04 23:40 6856704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-01 13:36 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 19:15 106496]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 05:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 05:32 126976]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-12-05 08:22 159744]
"PowerManager"="C:\Program Files\Power Manager\PM.exe" [2005-03-30 16:07 159744]
"OdTray.exe"="C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 16:14 1015871]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-27 18:41 185896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 12:08 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40 49152]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 08:38 88361 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2008-01-10 09:49 106496 C:\WINDOWS\system32\odyEvent.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 14:52]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2005-05-24 14:36]
S3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 12:22]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35320280-ef7f-11dc-a24c-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\n2de.cmd
\Shell\explore\Command - E:\n2de.cmd
\Shell\open\Command - E:\n2de.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35320288-ef7f-11dc-a24c-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6672f410-722d-11dd-a521-0012f0d3a1cd}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wallpaper.vbs
\Shell\Explore\Command - Wscript \Wallpaper.vbs
\Shell\Open\Command - Wscript \Wallpaper.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f870262-1851-11dd-a30a-0012f0d3a1cd}]
\Shell\??\command - taipingtianguov1.1.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b393b590-b5d4-11da-a260-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\3o.exe
\Shell\explore\Command - E:\3o.exe
\Shell\open\Command - E:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfdee880-b5c4-11da-a25f-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\3o.exe
\Shell\explore\Command - E:\3o.exe
\Shell\open\Command - E:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2f1d10-ec8a-11dc-a23c-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\x6.bat
\Shell\explore\Command - E:\x6.bat
\Shell\open\Command - E:\x6.bat
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 14:07:30
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-30 14:11:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-30 12:11:51
ComboFix2.txt 2008-08-28 23:40:49
ComboFix3.txt 2008-08-28 12:26:44
Pre-Run: 68,395,216,896 octets libres
Post-Run: 68,503,949,312 octets libres
241 --- E O F --- 2008-08-15 12:00:50
ComboFix 08-08-29.02 - walid 2008-08-30 14:00:20.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.597 [GMT 2:00]
Endroit: C:\Documents and Settings\walid\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))))))))
.
2008-08-29 20:20 . 2008-08-29 20:39 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-29 20:20 . 2008-08-29 20:20 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-29 20:19 . 2008-08-29 20:19 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-08-29 20:19 . 2008-08-30 14:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-29 20:19 . 2008-08-30 14:05 2,630,688 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-29 20:19 . 2008-08-30 14:05 319,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-29 20:19 . 2008-08-30 14:05 21,632 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-29 20:19 . 2008-08-30 14:05 2,172 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-29 20:17 . 2008-08-29 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-29 14:17 . 2008-08-29 14:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-29 13:31 . 2008-08-30 00:17 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-08-29 03:25 . 2008-08-29 03:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 03:25 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-29 03:25 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-28 14:43 . 2008-08-28 14:43 <REP> d-------- C:\_OTMoveIt
2008-08-28 14:26 . 2008-08-28 14:26 <REP> d-------- C:\Documents and Settings\Invité
2008-08-28 13:34 . 2008-08-28 13:42 <REP> d-------- C:\Program Files\Navilog1
2008-08-28 13:28 . 2008-08-28 14:04 2,220 --a------ C:\Documents and Settings\Orph.egd
2008-08-28 13:26 . 2008-08-28 14:04 <REP> d-------- C:\ToolBar SD
2008-08-28 12:48 . 2008-08-28 12:48 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 16:52 . 2008-08-25 16:52 <REP> d-------- C:\Documents and Settings\walid\Application Data\Malwarebytes
2008-08-25 16:52 . 2008-08-25 16:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 02:17 . 2008-08-25 02:17 <REP> d-------- C:\Documents and Settings\walid\Application Data\Babylon
2008-08-25 02:17 . 2008-08-25 02:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-08-25 00:52 . 2008-08-27 23:19 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-25 00:50 . 2008-08-25 00:50 <REP> d-------- C:\Documents and Settings\walid\Application Data\DivX
2008-08-25 00:44 . 2008-08-25 00:44 28,672 --a------ C:\WINDOWS\system32\ncmd.exe
2008-08-24 00:59 . 2008-08-24 01:06 <REP> d--h----- C:\LG3G
2008-08-24 00:58 . 2008-08-24 00:58 <REP> d-------- C:\Documents and Settings\walid\Application Data\LG Electronics
2008-08-24 00:54 . 2008-08-24 00:55 <REP> d-------- C:\Program Files\DivX
2008-08-24 00:53 . 2008-08-24 00:53 <REP> d-------- C:\Program Files\LG Electronics
2008-08-24 00:53 . 2007-07-11 10:45 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-08-24 00:53 . 2007-07-11 15:51 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2008-08-24 00:53 . 2007-07-11 10:40 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2008-08-24 00:52 . 2008-08-24 00:52 <REP> d-------- C:\Program Files\LG PC Suite 2
2008-08-24 00:51 . 2008-08-24 00:51 <REP> d-------- C:\Documents and Settings\walid\Application Data\InstallShield
2008-08-21 13:17 . 2008-08-21 13:22 <REP> d-------- C:\Program Files\YouTube Video Downloader
2008-08-16 11:13 . 2008-08-27 23:19 <REP> d-------- C:\Documents and Settings\walid\Application Data\SUPERAntiSpyware.com
2008-08-16 11:13 . 2008-08-16 11:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-06 20:52 . 2008-08-27 23:17 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-07-30 00:47 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-30 00:47 . 2004-08-04 00:54 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-30 00:47 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-30 00:47 . 2004-08-04 00:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll
2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2008-07-21 18:34 . 2008-07-21 18:34 121,872 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2008-07-19 13:48 . 2008-07-19 13:56 <REP> d-------- C:\Documents and Settings\walid\Application Data\VersionTracker Pro
2008-07-19 13:47 . 2008-07-19 13:47 <REP> d-------- C:\Program Files\TechTracker
2008-07-18 17:19 . 2008-07-18 17:19 <REP> d-------- C:\Program Files\CamStudio
2008-07-14 21:29 . 2004-07-30 05:21 119,798 -ra------ C:\WINDOWS\system32\drivers\SPCA561.SYS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 12:08 --------- d-----w C:\Documents and Settings\walid\Application Data\Skype
2008-08-30 11:09 --------- d-----w C:\Documents and Settings\walid\Application Data\skypePM
2008-08-29 03:04 --------- d-----w C:\Documents and Settings\walid\Application Data\WinEdt
2008-08-28 10:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-28 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-23 22:53 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-15 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-24 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-21 08:17 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
2008-07-19 10:02 --------- d-----w C:\Program Files\Java
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-02 11:02 164 ----a-w C:\install.dat
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 22:43 940 ----a-w C:\Documents and Settings\walid\Application Data\filterclsid.dat
2008-03-06 18:16 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-08-28_14.26.21.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-29 11:31:34 102,400 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-08-29 11:31:54 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2006-05-24 23:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2008-01-02 20:15:19 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-30 12:06:43 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-02 20:15:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-08-30 12:06:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-02 20:15:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-30 12:06:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-29 16:29:38 32,784 ----a-w C:\WINDOWS\system32\drivers\klbg.sys
+ 2008-03-13 17:02:46 26,640 ----a-w C:\WINDOWS\system32\drivers\klfltdev.sys
+ 2008-08-29 18:18:55 213,008 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-04-30 16:06:48 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-09-04 23:40 6856704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-01 13:36 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 19:15 106496]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 05:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 05:32 126976]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-12-05 08:22 159744]
"PowerManager"="C:\Program Files\Power Manager\PM.exe" [2005-03-30 16:07 159744]
"OdTray.exe"="C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 16:14 1015871]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-27 18:41 185896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 12:08 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40 49152]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 08:38 88361 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2008-01-10 09:49 106496 C:\WINDOWS\system32\odyEvent.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 14:52]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2005-05-24 14:36]
S3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 12:22]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35320280-ef7f-11dc-a24c-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\n2de.cmd
\Shell\explore\Command - E:\n2de.cmd
\Shell\open\Command - E:\n2de.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35320288-ef7f-11dc-a24c-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6672f410-722d-11dd-a521-0012f0d3a1cd}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wallpaper.vbs
\Shell\Explore\Command - Wscript \Wallpaper.vbs
\Shell\Open\Command - Wscript \Wallpaper.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f870262-1851-11dd-a30a-0012f0d3a1cd}]
\Shell\??\command - taipingtianguov1.1.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b393b590-b5d4-11da-a260-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\3o.exe
\Shell\explore\Command - E:\3o.exe
\Shell\open\Command - E:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfdee880-b5c4-11da-a25f-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\3o.exe
\Shell\explore\Command - E:\3o.exe
\Shell\open\Command - E:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2f1d10-ec8a-11dc-a23c-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\x6.bat
\Shell\explore\Command - E:\x6.bat
\Shell\open\Command - E:\x6.bat
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 14:07:30
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-30 14:11:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-30 12:11:51
ComboFix2.txt 2008-08-28 23:40:49
ComboFix3.txt 2008-08-28 12:26:44
Pre-Run: 68,395,216,896 octets libres
Post-Run: 68,503,949,312 octets libres
241 --- E O F --- 2008-08-15 12:00:50
deuxiemme rapport
ComboFix 08-08-29.02 - walid 2008-08-30 14:00:20.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.597 [GMT 2:00]
Endroit: C:\Documents and Settings\walid\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))))))))
.
2008-08-29 20:20 . 2008-08-29 20:39 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-29 20:20 . 2008-08-29 20:20 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-29 20:19 . 2008-08-29 20:19 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-08-29 20:19 . 2008-08-30 14:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-29 20:19 . 2008-08-30 14:05 2,630,688 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-29 20:19 . 2008-08-30 14:05 319,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-29 20:19 . 2008-08-30 14:05 21,632 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-29 20:19 . 2008-08-30 14:05 2,172 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-29 20:17 . 2008-08-29 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-29 14:17 . 2008-08-29 14:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-29 13:31 . 2008-08-30 00:17 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-08-29 03:25 . 2008-08-29 03:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 03:25 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-29 03:25 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-28 14:43 . 2008-08-28 14:43 <REP> d-------- C:\_OTMoveIt
2008-08-28 14:26 . 2008-08-28 14:26 <REP> d-------- C:\Documents and Settings\Invité
2008-08-28 13:34 . 2008-08-28 13:42 <REP> d-------- C:\Program Files\Navilog1
2008-08-28 13:28 . 2008-08-28 14:04 2,220 --a------ C:\Documents and Settings\Orph.egd
2008-08-28 13:26 . 2008-08-28 14:04 <REP> d-------- C:\ToolBar SD
2008-08-28 12:48 . 2008-08-28 12:48 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 16:52 . 2008-08-25 16:52 <REP> d-------- C:\Documents and Settings\walid\Application Data\Malwarebytes
2008-08-25 16:52 . 2008-08-25 16:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 02:17 . 2008-08-25 02:17 <REP> d-------- C:\Documents and Settings\walid\Application Data\Babylon
2008-08-25 02:17 . 2008-08-25 02:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-08-25 00:52 . 2008-08-27 23:19 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-25 00:50 . 2008-08-25 00:50 <REP> d-------- C:\Documents and Settings\walid\Application Data\DivX
2008-08-25 00:44 . 2008-08-25 00:44 28,672 --a------ C:\WINDOWS\system32\ncmd.exe
2008-08-24 00:59 . 2008-08-24 01:06 <REP> d--h----- C:\LG3G
2008-08-24 00:58 . 2008-08-24 00:58 <REP> d-------- C:\Documents and Settings\walid\Application Data\LG Electronics
2008-08-24 00:54 . 2008-08-24 00:55 <REP> d-------- C:\Program Files\DivX
2008-08-24 00:53 . 2008-08-24 00:53 <REP> d-------- C:\Program Files\LG Electronics
2008-08-24 00:53 . 2007-07-11 10:45 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-08-24 00:53 . 2007-07-11 15:51 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2008-08-24 00:53 . 2007-07-11 10:40 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2008-08-24 00:52 . 2008-08-24 00:52 <REP> d-------- C:\Program Files\LG PC Suite 2
2008-08-24 00:51 . 2008-08-24 00:51 <REP> d-------- C:\Documents and Settings\walid\Application Data\InstallShield
2008-08-21 13:17 . 2008-08-21 13:22 <REP> d-------- C:\Program Files\YouTube Video Downloader
2008-08-16 11:13 . 2008-08-27 23:19 <REP> d-------- C:\Documents and Settings\walid\Application Data\SUPERAntiSpyware.com
2008-08-16 11:13 . 2008-08-16 11:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-06 20:52 . 2008-08-27 23:17 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-07-30 00:47 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-30 00:47 . 2004-08-04 00:54 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-30 00:47 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-30 00:47 . 2004-08-04 00:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll
2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2008-07-21 18:34 . 2008-07-21 18:34 121,872 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2008-07-19 13:48 . 2008-07-19 13:56 <REP> d-------- C:\Documents and Settings\walid\Application Data\VersionTracker Pro
2008-07-19 13:47 . 2008-07-19 13:47 <REP> d-------- C:\Program Files\TechTracker
2008-07-18 17:19 . 2008-07-18 17:19 <REP> d-------- C:\Program Files\CamStudio
2008-07-14 21:29 . 2004-07-30 05:21 119,798 -ra------ C:\WINDOWS\system32\drivers\SPCA561.SYS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 12:08 --------- d-----w C:\Documents and Settings\walid\Application Data\Skype
2008-08-30 11:09 --------- d-----w C:\Documents and Settings\walid\Application Data\skypePM
2008-08-29 03:04 --------- d-----w C:\Documents and Settings\walid\Application Data\WinEdt
2008-08-28 10:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-28 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-23 22:53 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-15 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-24 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-21 08:17 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
2008-07-19 10:02 --------- d-----w C:\Program Files\Java
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-02 11:02 164 ----a-w C:\install.dat
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 22:43 940 ----a-w C:\Documents and Settings\walid\Application Data\filterclsid.dat
2008-03-06 18:16 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-08-28_14.26.21.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-29 11:31:34 102,400 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-08-29 11:31:54 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2006-05-24 23:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2008-01-02 20:15:19 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-30 12:06:43 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-02 20:15:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-08-30 12:06:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-02 20:15:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-30 12:06:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-29 16:29:38 32,784 ----a-w C:\WINDOWS\system32\drivers\klbg.sys
+ 2008-03-13 17:02:46 26,640 ----a-w C:\WINDOWS\system32\drivers\klfltdev.sys
+ 2008-08-29 18:18:55 213,008 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-04-30 16:06:48 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-09-04 23:40 6856704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-01 13:36 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 19:15 106496]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 05:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 05:32 126976]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-12-05 08:22 159744]
"PowerManager"="C:\Program Files\Power Manager\PM.exe" [2005-03-30 16:07 159744]
"OdTray.exe"="C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 16:14 1015871]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-27 18:41 185896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 12:08 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40 49152]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 08:38 88361 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2008-01-10 09:49 106496 C:\WINDOWS\system32\odyEvent.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 14:52]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2005-05-24 14:36]
S3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 12:22]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35320280-ef7f-11dc-a24c-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\n2de.cmd
\Shell\explore\Command - E:\n2de.cmd
\Shell\open\Command - E:\n2de.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35320288-ef7f-11dc-a24c-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6672f410-722d-11dd-a521-0012f0d3a1cd}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wallpaper.vbs
\Shell\Explore\Command - Wscript \Wallpaper.vbs
\Shell\Open\Command - Wscript \Wallpaper.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f870262-1851-11dd-a30a-0012f0d3a1cd}]
\Shell\??\command - taipingtianguov1.1.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b393b590-b5d4-11da-a260-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\3o.exe
\Shell\explore\Command - E:\3o.exe
\Shell\open\Command - E:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfdee880-b5c4-11da-a25f-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\3o.exe
\Shell\explore\Command - E:\3o.exe
\Shell\open\Command - E:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2f1d10-ec8a-11dc-a23c-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\x6.bat
\Shell\explore\Command - E:\x6.bat
\Shell\open\Command - E:\x6.bat
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 14:07:30
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-30 14:11:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-30 12:11:51
ComboFix2.txt 2008-08-28 23:40:49
ComboFix3.txt 2008-08-28 12:26:44
Pre-Run: 68,395,216,896 octets libres
Post-Run: 68,503,949,312 octets libres
241 --- E O F --- 2008-08-15 12:00:50
ComboFix 08-08-29.02 - walid 2008-08-30 14:00:20.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.597 [GMT 2:00]
Endroit: C:\Documents and Settings\walid\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))))))))
.
2008-08-29 20:20 . 2008-08-29 20:39 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-29 20:20 . 2008-08-29 20:20 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-29 20:19 . 2008-08-29 20:19 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-08-29 20:19 . 2008-08-30 14:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-29 20:19 . 2008-08-30 14:05 2,630,688 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-29 20:19 . 2008-08-30 14:05 319,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-29 20:19 . 2008-08-30 14:05 21,632 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-29 20:19 . 2008-08-30 14:05 2,172 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-29 20:17 . 2008-08-29 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-29 14:17 . 2008-08-29 14:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-29 13:31 . 2008-08-30 00:17 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-08-29 03:25 . 2008-08-29 03:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 03:25 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-29 03:25 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-28 14:43 . 2008-08-28 14:43 <REP> d-------- C:\_OTMoveIt
2008-08-28 14:26 . 2008-08-28 14:26 <REP> d-------- C:\Documents and Settings\Invité
2008-08-28 13:34 . 2008-08-28 13:42 <REP> d-------- C:\Program Files\Navilog1
2008-08-28 13:28 . 2008-08-28 14:04 2,220 --a------ C:\Documents and Settings\Orph.egd
2008-08-28 13:26 . 2008-08-28 14:04 <REP> d-------- C:\ToolBar SD
2008-08-28 12:48 . 2008-08-28 12:48 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 16:52 . 2008-08-25 16:52 <REP> d-------- C:\Documents and Settings\walid\Application Data\Malwarebytes
2008-08-25 16:52 . 2008-08-25 16:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 02:17 . 2008-08-25 02:17 <REP> d-------- C:\Documents and Settings\walid\Application Data\Babylon
2008-08-25 02:17 . 2008-08-25 02:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-08-25 00:52 . 2008-08-27 23:19 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-25 00:50 . 2008-08-25 00:50 <REP> d-------- C:\Documents and Settings\walid\Application Data\DivX
2008-08-25 00:44 . 2008-08-25 00:44 28,672 --a------ C:\WINDOWS\system32\ncmd.exe
2008-08-24 00:59 . 2008-08-24 01:06 <REP> d--h----- C:\LG3G
2008-08-24 00:58 . 2008-08-24 00:58 <REP> d-------- C:\Documents and Settings\walid\Application Data\LG Electronics
2008-08-24 00:54 . 2008-08-24 00:55 <REP> d-------- C:\Program Files\DivX
2008-08-24 00:53 . 2008-08-24 00:53 <REP> d-------- C:\Program Files\LG Electronics
2008-08-24 00:53 . 2007-07-11 10:45 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-08-24 00:53 . 2007-07-11 15:51 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2008-08-24 00:53 . 2007-07-11 10:40 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2008-08-24 00:52 . 2008-08-24 00:52 <REP> d-------- C:\Program Files\LG PC Suite 2
2008-08-24 00:51 . 2008-08-24 00:51 <REP> d-------- C:\Documents and Settings\walid\Application Data\InstallShield
2008-08-21 13:17 . 2008-08-21 13:22 <REP> d-------- C:\Program Files\YouTube Video Downloader
2008-08-16 11:13 . 2008-08-27 23:19 <REP> d-------- C:\Documents and Settings\walid\Application Data\SUPERAntiSpyware.com
2008-08-16 11:13 . 2008-08-16 11:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-06 20:52 . 2008-08-27 23:17 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-07-30 00:47 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-30 00:47 . 2004-08-04 00:54 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-30 00:47 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-30 00:47 . 2004-08-04 00:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll
2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2008-07-21 18:34 . 2008-07-21 18:34 121,872 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2008-07-19 13:48 . 2008-07-19 13:56 <REP> d-------- C:\Documents and Settings\walid\Application Data\VersionTracker Pro
2008-07-19 13:47 . 2008-07-19 13:47 <REP> d-------- C:\Program Files\TechTracker
2008-07-18 17:19 . 2008-07-18 17:19 <REP> d-------- C:\Program Files\CamStudio
2008-07-14 21:29 . 2004-07-30 05:21 119,798 -ra------ C:\WINDOWS\system32\drivers\SPCA561.SYS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 12:08 --------- d-----w C:\Documents and Settings\walid\Application Data\Skype
2008-08-30 11:09 --------- d-----w C:\Documents and Settings\walid\Application Data\skypePM
2008-08-29 03:04 --------- d-----w C:\Documents and Settings\walid\Application Data\WinEdt
2008-08-28 10:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-28 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-23 22:53 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-15 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-24 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-21 08:17 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
2008-07-19 10:02 --------- d-----w C:\Program Files\Java
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-02 11:02 164 ----a-w C:\install.dat
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 22:43 940 ----a-w C:\Documents and Settings\walid\Application Data\filterclsid.dat
2008-03-06 18:16 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-08-28_14.26.21.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-29 11:31:34 102,400 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-08-29 11:31:54 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2006-05-24 23:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2008-01-02 20:15:19 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-30 12:06:43 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-02 20:15:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-08-30 12:06:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-02 20:15:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-30 12:06:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-29 16:29:38 32,784 ----a-w C:\WINDOWS\system32\drivers\klbg.sys
+ 2008-03-13 17:02:46 26,640 ----a-w C:\WINDOWS\system32\drivers\klfltdev.sys
+ 2008-08-29 18:18:55 213,008 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-04-30 16:06:48 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-09-04 23:40 6856704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-01 13:36 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 19:15 106496]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 05:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 05:32 126976]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-12-05 08:22 159744]
"PowerManager"="C:\Program Files\Power Manager\PM.exe" [2005-03-30 16:07 159744]
"OdTray.exe"="C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 16:14 1015871]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-27 18:41 185896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 12:08 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40 49152]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 08:38 88361 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2008-01-10 09:49 106496 C:\WINDOWS\system32\odyEvent.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 14:52]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2005-05-24 14:36]
S3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 12:22]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35320280-ef7f-11dc-a24c-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\n2de.cmd
\Shell\explore\Command - E:\n2de.cmd
\Shell\open\Command - E:\n2de.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35320288-ef7f-11dc-a24c-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6672f410-722d-11dd-a521-0012f0d3a1cd}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wallpaper.vbs
\Shell\Explore\Command - Wscript \Wallpaper.vbs
\Shell\Open\Command - Wscript \Wallpaper.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f870262-1851-11dd-a30a-0012f0d3a1cd}]
\Shell\??\command - taipingtianguov1.1.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b393b590-b5d4-11da-a260-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\3o.exe
\Shell\explore\Command - E:\3o.exe
\Shell\open\Command - E:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfdee880-b5c4-11da-a25f-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\3o.exe
\Shell\explore\Command - E:\3o.exe
\Shell\open\Command - E:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2f1d10-ec8a-11dc-a23c-0012f0d3a1cd}]
\Shell\AutoRun\command - E:\x6.bat
\Shell\explore\Command - E:\x6.bat
\Shell\open\Command - E:\x6.bat
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 14:07:30
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-30 14:11:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-30 12:11:51
ComboFix2.txt 2008-08-28 23:40:49
ComboFix3.txt 2008-08-28 12:26:44
Pre-Run: 68,395,216,896 octets libres
Post-Run: 68,503,949,312 octets libres
241 --- E O F --- 2008-08-15 12:00:50
voici le rapport de kaspersky
Analyse complète: terminée le 30/08/2008 15:46:03 (événements : 12, objets : 217626, durée : 00:44:52)
29/08/2008 20:26:51 Lancement de la tâche
29/08/2008 20:29:24 Fin de la tâche
Analyse complète: terminée le 30/08/2008 15:46:03 (événements : 12, objets : 217626, durée : 00:44:52)
29/08/2008 20:43:47 Lancement de la tâche
29/08/2008 20:49:42 Détectés: not-a-virus:AdWare.Win32.AskJeeves.d C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2
29/08/2008 20:49:46 Non réparés: not-a-virus:AdWare.Win32.AskJeeves.d C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2 Reporté
29/08/2008 21:11:36 Détectés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir
29/08/2008 21:11:36 Non réparés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir Reporté
29/08/2008 21:24:26 Détectés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir
29/08/2008 21:24:29 Supprimés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir
29/08/2008 21:24:29 Fin de la tâche
Analyse complète: terminée le 30/08/2008 15:46:03 (événements : 12, objets : 217626, durée : 00:44:52)
29/08/2008 21:32:13 Lancement de la tâche
29/08/2008 21:34:03 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
29/08/2008 21:34:06 Détectés: https://securelist.fr/ C:\windows\system32\kaspersky lab\kaspersky online scanner\kavwebscan.dll
29/08/2008 21:42:53 Détectés: Trojan.VBS.Wallpaper C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP177\A0028863.vbs
29/08/2008 21:42:53 Non réparés: Trojan.VBS.Wallpaper C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP177\A0028863.vbs Reporté
29/08/2008 21:42:56 Détectés: not-a-virus:AdWare.Win32.AskJeeves.d C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP178\A0029006.exe/file2
29/08/2008 21:42:56 Non réparés: not-a-virus:AdWare.Win32.AskJeeves.d C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP178\A0029006.exe/file2 Reporté
29/08/2008 21:57:04 Détectés: https://securelist.fr/ C:\program files\Java\jre1.5.0\bin\java.exe
29/08/2008 21:57:15 Détectés: https://securelist.fr/ C:\program files\Java\jre1.6.0_05\bin\java.exe
29/08/2008 22:07:34 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
29/08/2008 22:12:46 Détectés: https://securelist.fr/ C:\savxpsa\savxp\SXS\msxml4.dll
29/08/2008 22:12:46 Détectés: https://securelist.fr/ C:\savxpsa\savxp\System\msxml4.dll
29/08/2008 22:12:47 Détectés: https://securelist.fr/ C:\savxpsa\savxp\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavMain.exe
29/08/2008 22:17:36 Détectés: https://securelist.fr/ C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
29/08/2008 22:21:18 Détectés: https://securelist.fr/ C:\windows\system32\Macromed\Flash\Flash9e.ocx
29/08/2008 22:21:37 Fin de la tâche
Analyse complète: terminée le 30/08/2008 15:46:03 (événements : 12, objets : 217626, durée : 00:44:52)
29/08/2008 23:52:28 Lancement de la tâche
29/08/2008 23:53:47 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
29/08/2008 23:58:11 Détectés: https://securelist.fr/ C:\program files\Java\jre1.5.0\bin\java.exe
29/08/2008 23:58:13 Détectés: https://securelist.fr/ C:\program files\Java\jre1.6.0_05\bin\java.exe
29/08/2008 23:59:00 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
30/08/2008 00:01:09 Détectés: https://securelist.fr/ C:\savxpsa\savxp\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavMain.exe
30/08/2008 00:01:10 Détectés: https://securelist.fr/ C:\savxpsa\savxp\System\msxml4.dll
30/08/2008 00:01:10 Détectés: https://securelist.fr/ C:\savxpsa\savxp\SXS\msxml4.dll
30/08/2008 00:01:33 Détectés: https://securelist.fr/ C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
30/08/2008 00:01:53 Détectés: https://securelist.fr/ C:\windows\system32\Macromed\Flash\Flash9e.ocx
30/08/2008 00:03:35 Fin de la tâche
Analyse complète: terminée le 30/08/2008 15:46:03 (événements : 12, objets : 217626, durée : 00:44:52)
30/08/2008 15:01:11 Lancement de la tâche
30/08/2008 15:01:28 Détectés: https://securelist.fr/ C:\windows\system32\Macromed\Flash\Flash9e.ocx
30/08/2008 15:02:33 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
30/08/2008 15:16:06 Détectés: https://securelist.fr/ C:\program files\Java\jre1.5.0\bin\java.exe
30/08/2008 15:16:14 Détectés: https://securelist.fr/ C:\program files\Java\jre1.6.0_05\bin\java.exe
30/08/2008 15:27:07 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
30/08/2008 15:34:09 Détectés: https://securelist.fr/ C:\savxpsa\savxp\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavMain.exe
30/08/2008 15:34:10 Détectés: https://securelist.fr/ C:\savxpsa\savxp\SXS\msxml4.dll
30/08/2008 15:34:10 Détectés: https://securelist.fr/ C:\savxpsa\savxp\System\msxml4.dll
30/08/2008 15:40:22 Détectés: https://securelist.fr/ C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
30/08/2008 15:45:23 Détectés: https://securelist.fr/ C:\windows\system32\Macromed\Flash\Flash9e.ocx
30/08/2008 15:46:04 Fin de la tâche
Analyse complète: terminée le 30/08/2008 15:46:03 (événements : 12, objets : 217626, durée : 00:44:52)
29/08/2008 20:26:51 Lancement de la tâche
29/08/2008 20:29:24 Fin de la tâche
Analyse complète: terminée le 30/08/2008 15:46:03 (événements : 12, objets : 217626, durée : 00:44:52)
29/08/2008 20:43:47 Lancement de la tâche
29/08/2008 20:49:42 Détectés: not-a-virus:AdWare.Win32.AskJeeves.d C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2
29/08/2008 20:49:46 Non réparés: not-a-virus:AdWare.Win32.AskJeeves.d C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2 Reporté
29/08/2008 21:11:36 Détectés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir
29/08/2008 21:11:36 Non réparés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir Reporté
29/08/2008 21:24:26 Détectés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir
29/08/2008 21:24:29 Supprimés: Trojan.VBS.Wallpaper C:\QooBox\Quarantine\C\WINDOWS\system32\SpiderH.vbs.vir
29/08/2008 21:24:29 Fin de la tâche
Analyse complète: terminée le 30/08/2008 15:46:03 (événements : 12, objets : 217626, durée : 00:44:52)
29/08/2008 21:32:13 Lancement de la tâche
29/08/2008 21:34:03 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
29/08/2008 21:34:06 Détectés: https://securelist.fr/ C:\windows\system32\kaspersky lab\kaspersky online scanner\kavwebscan.dll
29/08/2008 21:42:53 Détectés: Trojan.VBS.Wallpaper C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP177\A0028863.vbs
29/08/2008 21:42:53 Non réparés: Trojan.VBS.Wallpaper C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP177\A0028863.vbs Reporté
29/08/2008 21:42:56 Détectés: not-a-virus:AdWare.Win32.AskJeeves.d C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP178\A0029006.exe/file2
29/08/2008 21:42:56 Non réparés: not-a-virus:AdWare.Win32.AskJeeves.d C:\System Volume Information\_restore{916CC7E4-5413-4416-ACBE-47DE0DAB8990}\RP178\A0029006.exe/file2 Reporté
29/08/2008 21:57:04 Détectés: https://securelist.fr/ C:\program files\Java\jre1.5.0\bin\java.exe
29/08/2008 21:57:15 Détectés: https://securelist.fr/ C:\program files\Java\jre1.6.0_05\bin\java.exe
29/08/2008 22:07:34 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
29/08/2008 22:12:46 Détectés: https://securelist.fr/ C:\savxpsa\savxp\SXS\msxml4.dll
29/08/2008 22:12:46 Détectés: https://securelist.fr/ C:\savxpsa\savxp\System\msxml4.dll
29/08/2008 22:12:47 Détectés: https://securelist.fr/ C:\savxpsa\savxp\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavMain.exe
29/08/2008 22:17:36 Détectés: https://securelist.fr/ C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
29/08/2008 22:21:18 Détectés: https://securelist.fr/ C:\windows\system32\Macromed\Flash\Flash9e.ocx
29/08/2008 22:21:37 Fin de la tâche
Analyse complète: terminée le 30/08/2008 15:46:03 (événements : 12, objets : 217626, durée : 00:44:52)
29/08/2008 23:52:28 Lancement de la tâche
29/08/2008 23:53:47 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
29/08/2008 23:58:11 Détectés: https://securelist.fr/ C:\program files\Java\jre1.5.0\bin\java.exe
29/08/2008 23:58:13 Détectés: https://securelist.fr/ C:\program files\Java\jre1.6.0_05\bin\java.exe
29/08/2008 23:59:00 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
30/08/2008 00:01:09 Détectés: https://securelist.fr/ C:\savxpsa\savxp\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavMain.exe
30/08/2008 00:01:10 Détectés: https://securelist.fr/ C:\savxpsa\savxp\System\msxml4.dll
30/08/2008 00:01:10 Détectés: https://securelist.fr/ C:\savxpsa\savxp\SXS\msxml4.dll
30/08/2008 00:01:33 Détectés: https://securelist.fr/ C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
30/08/2008 00:01:53 Détectés: https://securelist.fr/ C:\windows\system32\Macromed\Flash\Flash9e.ocx
30/08/2008 00:03:35 Fin de la tâche
Analyse complète: terminée le 30/08/2008 15:46:03 (événements : 12, objets : 217626, durée : 00:44:52)
30/08/2008 15:01:11 Lancement de la tâche
30/08/2008 15:01:28 Détectés: https://securelist.fr/ C:\windows\system32\Macromed\Flash\Flash9e.ocx
30/08/2008 15:02:33 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
30/08/2008 15:16:06 Détectés: https://securelist.fr/ C:\program files\Java\jre1.5.0\bin\java.exe
30/08/2008 15:16:14 Détectés: https://securelist.fr/ C:\program files\Java\jre1.6.0_05\bin\java.exe
30/08/2008 15:27:07 Détectés: https://securelist.fr/ C:\program files\real\realplayer\realplay.exe
30/08/2008 15:34:09 Détectés: https://securelist.fr/ C:\savxpsa\savxp\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavMain.exe
30/08/2008 15:34:10 Détectés: https://securelist.fr/ C:\savxpsa\savxp\SXS\msxml4.dll
30/08/2008 15:34:10 Détectés: https://securelist.fr/ C:\savxpsa\savxp\System\msxml4.dll
30/08/2008 15:40:22 Détectés: https://securelist.fr/ C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
30/08/2008 15:45:23 Détectés: https://securelist.fr/ C:\windows\system32\Macromed\Flash\Flash9e.ocx
30/08/2008 15:46:04 Fin de la tâche
vire ce fichier de ton bureau:
C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2
________________
vire ce qui est dans le dossier quarantine:
C:\QooBox\Quarantine
______________
désactive ta restauration , puis redemarre ton ordi puis réactive la:
https://www.informatruc.com
encore des soucis???
C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2
________________
vire ce qui est dans le dossier quarantine:
C:\QooBox\Quarantine
______________
désactive ta restauration , puis redemarre ton ordi puis réactive la:
https://www.informatruc.com
encore des soucis???
le fichier
C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2
que vous m'avez demandé de viré n'exite pas
C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2
que vous m'avez demandé de viré n'exite pas
vire le en le mettant dans la citation otmovit pour voir
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Documents and Settings\walid\Bureau\askBarSetup_fr.exe/file2
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________________
vire ce qui est dans le dossier quarantine:
C:\QooBox\Quarantine
______________
désactive ta restauration , puis redemarre ton ordi puis réactive la:
https://www.informatruc.com
encore des soucis???
C:\QooBox\Quarantine
______________
désactive ta restauration , puis redemarre ton ordi puis réactive la:
https://www.informatruc.com
encore des soucis???
