Sujet Précédent Sujet Suivant

Logiciel espion au secour !

lauri24 -  
 lauri24 -
Bonjour,
g un pb avec mon ordi un ami m'a dit que j'avais un logiciel collé a mon pare feu; pouvez vous m'aidez ?
g utiliser Navilog 1 voila ce que ça a donné si vous avez une autre solution dite la moi ? comme reformatez le disc dur

Search Navipromo version 3.6.5 commencé le 15/09/2008 à 20:02:57,12

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "salomé"

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\salomé\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\AJAGUIN\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\salomé\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\AJAGUIN\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\salomé\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\AJAGUIN\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\salomé\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\AJAGUIN\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\salomé\locals~1\applic~1" :

* Dans "C:\DOCUME~1\AJAGUIN\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 15/09/2008 à 20:07:07,68 ***

53 réponses

Précédent
Réponse 21 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

sur ton Bureau, fais un clic droit sur Fix.reg.

Choisis Modifier.

Le Bloc Note s'ouvre.

Clique sur Edition puis Sélectionner tout.

Clique sur Edition puis Copier.

Ouvre une réponse et fais Ctrl V (pour coller).

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
Réponse 22 / 53
lauri24
 
re

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox]

-----------\\ ToolBar S&D 1.2.0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : salomé ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080918-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total : 22 Go Free : 1 Go
D:\ (Local Disk) - NTFS - Total : 126 Go Free : 40 Go
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total : 465 Go Free : 0 Go
G:\ (USB) - FAT32 - Total : 982 Mo Free : 0 Go
H:\ (Local Disk) - FAT32 - Total : 465 Go Free : 250 Go

"C:\ToolBar SD" ( MAJ : 14-09-2008|23:30 )
Option : [1] ( 17/09/2008|23:38 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\PopSwatr
C:\Program Files\AskTBar\SrchAstt
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-18-12-20-05.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-20-15-48-40.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-20-15-50-42.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-20-15-52-56.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-20-17-36-40.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-20-17-46-40.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-21-15-01-49.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-15-26-37
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-15-26-37.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-28-17-53-07
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-28-17-53-07.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-29-17-57-08
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-29-17-57-08.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-30-19-54-18
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-30-19-54-18.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-00-10-08
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-00-10-08.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-00-18-24
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-00-18-24.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-00-44-45
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-00-44-45.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-01-42-13
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-01-42-13.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-01-44-35
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-01-44-35.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-01-47-24
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-01-47-24.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-10-42-34
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-10-42-34.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-10-49-30
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-10-49-30.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-08-17-45-42
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-08-17-45-42.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-08-17-46-38
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-08-17-46-38.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\Azada16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\caribbean_hideaway16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cradle_of_persia16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cradle_rome16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\death_nile16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deep_quest16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dr_daisy_pet_vet16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\family_restaurant16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\farm_frenzy16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\fashion_craze16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\pirate_poker16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\pirate_stories_kit_ellis16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\seasonmatch16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\solitaire_cruise16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\supercow16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\Turbo_Subs16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-French.ini
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\GamesBar\OBGet.exe
C:\Program Files\GamesBar\uninst.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
C:\DOCUME~1\SALOM~1\Cookies\salomé@mysearch[1].txt
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\sc.html
C:\WINDOWS\iun6002.exe

-----------\\ Extensions

(AJAGUIN) - {40a1f5d7-afc2-498f-b264-02668d616ff6} => megamanager
(AJAGUIN) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(AJAGUIN) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload

(salom‚) - {40a1f5d7-afc2-498f-b264-02668d616ff6} => megamanager
(salom‚) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(salom‚) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"

--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 17/09/2008|23:40 - Option : [1]

-----------\\ Fin du rapport a 23:40:12,04
0
Réponse 23 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

Télécharge sur ton bureau RogueRemover de RubbeR DuckY : https://www.malwarebytes.com/for-home/products/
Choisis un serveur à partir des "Download Locations" pour télécharger RogueRemover

* Créé le dossier C:\RogueRemover pour cela :
-- Ouvre le poste de travail
-- Ouvre le disque C
-- Clic sur le menu Fichier puis Nouveau puis Nouveau Dossier
-- Nomme-le RogueRemover
Décompresse RogueRemover.zip dans C:\RogueRemover
- Rends-toi dans le dossier C:\RogueRemover et double-clic sur le fichier RogueRemover.exe.
* Clic sur le bouton Scan et laisse toi guider.
* Lorsque le scan est terminé.
* Clic sur le bouton Save Log Files en bas, un fichier texte de type RRLogs1236.txt sera créé dans le dossier C:\RogueRemover.
Poste le contenu de ce rapport.

Fais redémarrer l'ordi et poste un nouveau rapport RSIT
0
Réponse 24 / 53
lauri24
 
-----------\\ ToolBar S&D 1.2.0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : salomé ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080918-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total : 22 Go Free : 1 Go
D:\ (Local Disk) - NTFS - Total : 126 Go Free : 39 Go
E:\ (CD or DVD) - UDF - Total : 7 Go Free : 0 Go

"C:\ToolBar SD" ( MAJ : 14-09-2008|23:30 )
Option : [2] ( 18/09/2008| 0:25 )

-----------\\ SUPPRESSION

Echec ! - C:\Program Files\AskTBar\bar
Supprime! - C:\Program Files\AskTBar\PopSwatr
Echec ! - C:\Program Files\AskTBar\SrchAstt
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-18-12-20-05.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-20-15-48-40.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-20-15-50-42.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-20-15-52-56.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-20-17-36-40.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-20-17-46-40.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-21-15-01-49.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-15-26-37
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-15-26-37.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-28-17-53-07
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-28-17-53-07.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-29-17-57-08
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-29-17-57-08.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-30-19-54-18
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-30-19-54-18.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-00-10-08
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-00-10-08.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-00-18-24
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-00-18-24.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-00-44-45
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-00-44-45.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-01-42-13
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-01-42-13.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-01-44-35
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-01-44-35.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-01-47-24
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-01-47-24.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-10-42-34
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-10-42-34.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-10-49-30
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-03-10-49-30.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-08-17-45-42
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-08-17-45-42.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-08-17-46-38
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-08-17-46-38.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\Azada16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\caribbean_hideaway16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cradle_of_persia16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cradle_rome16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\death_nile16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deep_quest16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dr_daisy_pet_vet16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\family_restaurant16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\farm_frenzy16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\fashion_craze16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\pirate_poker16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\pirate_stories_kit_ellis16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\seasonmatch16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\solitaire_cruise16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\supercow16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\Turbo_Subs16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
Supprime! - C:\Program Files\GamesBar\Localization-French.ini
Supprime! - C:\Program Files\GamesBar\oberontb.dll
Supprime! - C:\Program Files\GamesBar\OBGet.exe
Supprime! - C:\Program Files\GamesBar\uninst.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
Supprime! - C:\DOCUME~1\SALOM~1\Cookies\salomé@mysearch[1].txt
Supprime! - C:\Program Files\PCHealthCenter\0.gif
Supprime! - C:\Program Files\PCHealthCenter\1.gif
Supprime! - C:\Program Files\PCHealthCenter\1.ico
Supprime! - C:\Program Files\PCHealthCenter\2.gif
Supprime! - C:\Program Files\PCHealthCenter\2.ico
Supprime! - C:\Program Files\PCHealthCenter\3.gif
Supprime! - C:\Program Files\PCHealthCenter\sc.html
Supprime! - C:\WINDOWS\iun6002.exe
Echec ! - C:\Program Files\AskTBar
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
Supprime! - C:\Program Files\GamesBar
Supprime! - C:\Program Files\PCHealthCenter

-----------\\ DEUXIEME PASSAGE

Echec ! - C:\Program Files\AskTBar\bar
Echec ! - C:\Program Files\AskTBar\SrchAstt
Echec ! - C:\Program Files\AskTBar

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\SrchAstt

-----------\\ Extensions

(AJAGUIN) - {40a1f5d7-afc2-498f-b264-02668d616ff6} => megamanager
(AJAGUIN) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(AJAGUIN) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload

(salom‚) - {40a1f5d7-afc2-498f-b264-02668d616ff6} => megamanager
(salom‚) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(salom‚) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 17/09/2008|23:40 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 18/09/2008| 0:29 - Option : [2]

-----------\\ Fin du rapport a 0:29:06,59

et dans Rogue remover aucun bouton save log files
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

OK, fais redémarrer l'ordi et poste un nouveau rapport RSIT, qu'on voit où on en est.
0
Réponse 26 / 53
lauri24
 
bonjour,

Logfile of random's system information tool 1.02 (written by random/random)
Run by salomé at 2008-09-18 15:55:06
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 371 MB (2%) free of 23 GB
Total RAM: 1790 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:11, on 18/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SecureExpertCleaner\sec.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SecureExpertCleaner\Reminder.exe
C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\mes raccourcis bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\salomé.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\MegaIEMn.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SecureExpertCleaner] C:\Program Files\SecureExpertCleaner\sec.exe
O4 - HKLM\..\Run: [Reminder] C:\Program Files\SecureExpertCleaner\Reminder.exe
O4 - HKLM\..\Run: [ToniArts EasyCleaner] "C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe" -s -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download Link Using Mega Manager... - D:\Program Files\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - D:\autre\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - D:\autre\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe (file missing)
0
Réponse 27 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Télécharge Lop S&D ici :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double-clique dessus pour lancer l'installation

Puis double-clique [b]sur le raccourci Lop S&D/b présent sur ton bureau

Séléctionne la langue souhaitée , puis choisis [b]l'Option 1/b ( Recherche )

Patiente jusqu'à la fin du scan

Poste le rapport généré ( C:lopR.txt )
0
Réponse 28 / 53
lauri24
 
bonjour,

--------------------\\ Lop S&D 4.2.4-2 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : salomé ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080919-0] 4.8.1229 (Activated)

"C:\Lop SD" ( MAJ : 08-09-2008|21:40 )
Option : [1] ( 19/09/2008|11:57 )

--------------------\\ Listing des dossiers dans APPLIC~1

[13/08/2008|17:09] C:\DOCUME~1\AJAGUIN\APPLIC~1\32 Math Corn
[22/01/2008|18:16] C:\DOCUME~1\AJAGUIN\APPLIC~1\Adobe
[04/04/2008|17:36] C:\DOCUME~1\AJAGUIN\APPLIC~1\Ahead
[12/09/2008|09:23] C:\DOCUME~1\AJAGUIN\APPLIC~1\Apple Computer
[17/11/2007|08:37] C:\DOCUME~1\AJAGUIN\APPLIC~1\ATI
[18/06/2008|13:51] C:\DOCUME~1\AJAGUIN\APPLIC~1\AVS4YOU
[26/04/2008|04:25] C:\DOCUME~1\AJAGUIN\APPLIC~1\BitTorrent
[09/05/2008|19:54] C:\DOCUME~1\AJAGUIN\APPLIC~1\cerasus.media
[11/09/2008|16:38] C:\DOCUME~1\AJAGUIN\APPLIC~1\Comptabilit‚
[17/11/2007|22:21] C:\DOCUME~1\AJAGUIN\APPLIC~1\DivX
[06/09/2008|18:45] C:\DOCUME~1\AJAGUIN\APPLIC~1\dvdcss
[17/07/2008|18:17] C:\DOCUME~1\AJAGUIN\APPLIC~1\EBP
[25/01/2008|20:11] C:\DOCUME~1\AJAGUIN\APPLIC~1\EoRezo
[13/09/2008|12:56] C:\DOCUME~1\AJAGUIN\APPLIC~1\Gamelab
[16/12/2007|15:41] C:\DOCUME~1\AJAGUIN\APPLIC~1\Google
[13/01/2008|19:23] C:\DOCUME~1\AJAGUIN\APPLIC~1\gtk-2.0
[17/11/2007|19:51] C:\DOCUME~1\AJAGUIN\APPLIC~1\Help
[08/01/2008|21:25] C:\DOCUME~1\AJAGUIN\APPLIC~1\Home Sweet Home
[20/08/2008|21:51] C:\DOCUME~1\AJAGUIN\APPLIC~1\Identities
[15/04/2008|00:44] C:\DOCUME~1\AJAGUIN\APPLIC~1\InstallShield
[25/01/2008|20:05] C:\DOCUME~1\AJAGUIN\APPLIC~1\ItsLabel
[15/07/2008|13:46] C:\DOCUME~1\AJAGUIN\APPLIC~1\JAM Software
[15/07/2008|12:50] C:\DOCUME~1\AJAGUIN\APPLIC~1\LimeWire
[15/09/2008|18:52] C:\DOCUME~1\AJAGUIN\APPLIC~1\Logs
[17/11/2007|14:57] C:\DOCUME~1\AJAGUIN\APPLIC~1\Macromedia
[08/04/2008|22:37] C:\DOCUME~1\AJAGUIN\APPLIC~1\Malwarebytes
[03/12/2007|14:30] C:\DOCUME~1\AJAGUIN\APPLIC~1\Media Player Classic
[15/04/2008|00:46] C:\DOCUME~1\AJAGUIN\APPLIC~1\Megaupload
[15/09/2008|19:08] C:\DOCUME~1\AJAGUIN\APPLIC~1\MegauploadToolbar
[29/08/2008|16:17] C:\DOCUME~1\AJAGUIN\APPLIC~1\Microsoft
[25/08/2008|17:37] C:\DOCUME~1\AJAGUIN\APPLIC~1\Mozilla
[17/11/2007|15:09] C:\DOCUME~1\AJAGUIN\APPLIC~1\MSNInstaller
[17/11/2007|15:25] C:\DOCUME~1\AJAGUIN\APPLIC~1\OpenOffice.org2
[19/03/2008|12:25] C:\DOCUME~1\AJAGUIN\APPLIC~1\PlayFirst
[16/05/2008|18:19] C:\DOCUME~1\AJAGUIN\APPLIC~1\Real
[24/12/2007|08:36] C:\DOCUME~1\AJAGUIN\APPLIC~1\SAMSUNG
[05/12/2007|12:49] C:\DOCUME~1\AJAGUIN\APPLIC~1\Sun
[19/03/2008|12:33] C:\DOCUME~1\AJAGUIN\APPLIC~1\ViquaSoft
[03/12/2007|19:17] C:\DOCUME~1\AJAGUIN\APPLIC~1\vlc
[14/09/2008|15:52] C:\DOCUME~1\AJAGUIN\APPLIC~1\Vso
[27/11/2007|13:50] C:\DOCUME~1\AJAGUIN\APPLIC~1\WinRAR
[20/08/2008|21:51] C:\DOCUME~1\AJAGUIN\APPLIC~1\Zylom

[19/02/2008|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\1Click DVD Copy
[31/08/2008|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[10/12/2007|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[16/07/2008|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[16/07/2008|23:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[18/06/2008|13:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[11/09/2008|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[08/09/2008|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD X Studios
[17/07/2008|18:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EBP
[13/09/2008|16:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
[10/01/2008|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
[18/02/2008|18:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Go Go Gourmet
[19/11/2007|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[15/09/2008|12:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[13/09/2008|16:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[20/03/2008|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[11/08/2008|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch
[08/04/2008|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[13/09/2008|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/08/2008|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[09/01/2008|20:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania
[04/12/2007|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[19/03/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[14/05/2008|00:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[08/01/2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[15/09/2008|13:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SEC
[15/09/2008|13:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\services
[29/01/2008|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
[15/09/2008|13:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software Licensors
[08/04/2008|08:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[22/03/2008|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[14/09/2008|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[26/11/2007|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/04/2008|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[20/08/2008|21:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[01/12/2007|02:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[18/11/2007|13:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[01/12/2007|02:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[15/09/2008|22:38] C:\DOCUME~1\SALOM~1\APPLIC~1\Adobe
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\Ahead
[15/09/2008|17:13] C:\DOCUME~1\SALOM~1\APPLIC~1\Apple Computer
[15/09/2008|17:18] C:\DOCUME~1\SALOM~1\APPLIC~1\ATI
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\Comptabilit‚
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\DivX
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\EBP
[15/09/2008|22:02] C:\DOCUME~1\SALOM~1\APPLIC~1\Google
[15/09/2008|17:18] C:\DOCUME~1\SALOM~1\APPLIC~1\Identities
[15/09/2008|19:19] C:\DOCUME~1\SALOM~1\APPLIC~1\Logs
[13/07/2008|19:12] C:\DOCUME~1\SALOM~1\APPLIC~1\Macromedia
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\Malwarebytes
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\Media Player Classic
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\Megaupload
[19/09/2008|11:56] C:\DOCUME~1\SALOM~1\APPLIC~1\MEGAUPLOADTOOLBAR
[15/09/2008|17:18] C:\DOCUME~1\SALOM~1\APPLIC~1\Microsoft
[25/08/2008|17:37] C:\DOCUME~1\SALOM~1\APPLIC~1\Mozilla
[15/09/2008|17:18] C:\DOCUME~1\SALOM~1\APPLIC~1\MSNInstaller
[15/09/2008|17:18] C:\DOCUME~1\SALOM~1\APPLIC~1\OpenOffice.org2
[15/09/2008|22:04] C:\DOCUME~1\SALOM~1\APPLIC~1\Real
[15/09/2008|22:08] C:\DOCUME~1\SALOM~1\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[19/09/2008 08:52][--a--c---] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[19/09/2008 07:56][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 15:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[26/06/2008|10:56] C:\Program Files\32 Math Corn
[31/08/2008|11:24] C:\Program Files\Adobe
[17/09/2008|18:27] C:\Program Files\Ahead
[20/03/2008|23:49] C:\Program Files\Alwil Software
[11/08/2008|16:14] C:\Program Files\Apple Software Update
[18/09/2008|00:25] C:\Program Files\AskTBar
[17/11/2007|08:29] C:\Program Files\ATI Technologies
[27/03/2008|20:49] C:\Program Files\BitDownload
[27/03/2008|12:19] C:\Program Files\BitTorrent
[16/07/2008|23:53] C:\Program Files\Bonjour
[21/03/2008|15:44] C:\Program Files\CCleaner
[13/01/2008|21:42] C:\Program Files\CD Audio Reader Filter
[17/11/2007|10:10] C:\Program Files\CodecInstaller
[17/11/2007|08:03] C:\Program Files\ComPlus Applications
[17/11/2007|08:54] C:\Program Files\CONEXANT
[13/01/2008|19:30] C:\Program Files\DirectVobSub
[15/09/2008|17:47] C:\Program Files\DivX
[11/09/2008|16:32] C:\Program Files\DVD Shrink
[08/09/2008|17:01] C:\Program Files\DVD X Studios
[17/08/2008|18:42] C:\Program Files\FDRLab
[13/09/2008|12:55] C:\Program Files\Fichiers communs
[28/07/2008|22:20] C:\Program Files\FlashGet
[19/11/2007|11:24] C:\Program Files\Google
[13/01/2008|19:33] C:\Program Files\Haali
[10/12/2007|17:04] C:\Program Files\Hp
[15/09/2008|14:44] C:\Program Files\InstallShield Installation Information
[27/08/2008|18:49] C:\Program Files\Internet Explorer
[16/07/2008|23:54] C:\Program Files\iPod
[16/07/2008|23:54] C:\Program Files\iTunes
[15/07/2008|13:46] C:\Program Files\JAM Software
[05/12/2007|10:22] C:\Program Files\Java
[28/11/2007|14:10] C:\Program Files\KC Softwares
[14/05/2008|00:28] C:\Program Files\K-Lite Codec Pack
[10/05/2008|10:34] C:\Program Files\LeConjugueur
[18/11/2007|17:02] C:\Program Files\Look 312P
[24/01/2008|20:45] C:\Program Files\Macrogaming
[15/09/2008|22:20] C:\Program Files\MagicDVDRipper
[13/05/2008|23:59] C:\Program Files\Mediatwins software
[15/04/2008|00:45] C:\Program Files\MegauploadToolbar
[13/08/2008|15:27] C:\Program Files\Messenger
[05/12/2007|13:00] C:\Program Files\Micro Application
[17/11/2007|22:40] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[17/11/2007|08:07] C:\Program Files\microsoft frontpage
[21/11/2007|10:38] C:\Program Files\Microsoft Office
[17/11/2007|14:23] C:\Program Files\Microsoft SQL Server Compact Edition
[21/11/2007|10:38] C:\Program Files\Microsoft Works
[21/11/2007|10:37] C:\Program Files\Microsoft.NET
[17/11/2007|08:04] C:\Program Files\Movie Maker
[18/09/2008|20:56] C:\Program Files\Mozilla Firefox
[03/04/2008|22:22] C:\Program Files\MSN
[17/11/2007|08:03] C:\Program Files\MSN Gaming Zone
[10/12/2007|02:00] C:\Program Files\MSXML 4.0
[15/09/2008|20:10] C:\Program Files\Navilog1
[10/12/2007|13:28] C:\Program Files\Nero
[17/11/2007|08:05] C:\Program Files\NetMeeting
[17/11/2007|08:03] C:\Program Files\Online Services
[06/02/2008|12:22] C:\Program Files\OpenOffice.org 2.0
[13/01/2008|21:42] C:\Program Files\OpenSource Flash Video Splitter
[08/01/2008|20:07] C:\Program Files\orange
[21/08/2008|14:56] C:\Program Files\Outlook Express
[16/06/2008|19:51] C:\Program Files\PhotoFiltre
[07/01/2008|02:10] C:\Program Files\Picasa2
[17/08/2008|18:32] C:\Program Files\Power Video Downloader
[28/07/2008|22:20] C:\Program Files\QuickTime
[02/06/2008|08:46] C:\Program Files\ratDVD
[13/01/2008|21:42] C:\Program Files\RealMedia
[18/09/2008|00:41] C:\Program Files\RogueRemover FREE
[12/09/2008|09:10] C:\Program Files\Safari
[24/12/2007|08:16] C:\Program Files\Samsung
[14/09/2008|15:47] C:\Program Files\SAV
[18/03/2008|18:46] C:\Program Files\SdLL
[15/09/2008|18:52] C:\Program Files\SecureExpertCleaner
[17/11/2007|13:48] C:\Program Files\Securitoo
[17/11/2007|08:06] C:\Program Files\Services en ligne
[13/01/2008|21:42] C:\Program Files\SHOUTcast Source
[11/09/2008|18:50] C:\Program Files\SlySoft
[23/11/2007|21:11] C:\Program Files\SuperCopier2
[22/03/2008|10:25] C:\Program Files\Symantec
[17/06/2008|23:08] C:\Program Files\THQ
[15/09/2008|18:56] C:\Program Files\TimeAdjuster
[15/09/2008|14:44] C:\Program Files\ToniArts
[14/09/2008|12:39] C:\Program Files\Transcend Utility
[14/09/2008|17:16] C:\Program Files\Trend Micro
[17/11/2007|08:13] C:\Program Files\Uninstall Information
[19/03/2008|10:38] C:\Program Files\URUSoft
[28/07/2008|22:20] C:\Program Files\vanBasco's Karaoke Player
[03/12/2007|19:14] C:\Program Files\VideoLAN
[09/04/2008|17:54] C:\Program Files\Windows Live
[17/11/2007|14:24] C:\Program Files\Windows Live Favorites
[28/07/2008|22:20] C:\Program Files\Windows Live Toolbar
[28/07/2008|22:20] C:\Program Files\Windows Media Connect 2
[28/08/2008|18:45] C:\Program Files\Windows Media Player
[17/11/2007|08:02] C:\Program Files\Windows NT
[17/11/2007|08:06] C:\Program Files\WindowsUpdate
[27/11/2007|13:50] C:\Program Files\WinRAR
[17/11/2007|08:07] C:\Program Files\xerox
[04/09/2008|19:00] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[31/08/2008|11:24] C:\Program Files\Fichiers communs\Adobe
[17/09/2008|18:27] C:\Program Files\Fichiers communs\Ahead
[16/07/2008|23:51] C:\Program Files\Fichiers communs\Apple
[18/06/2008|14:08] C:\Program Files\Fichiers communs\AVSMedia
[21/11/2007|10:38] C:\Program Files\Fichiers communs\DESIGNER
[17/07/2008|18:16] C:\Program Files\Fichiers communs\EBP
[10/12/2007|17:14] C:\Program Files\Fichiers communs\Hewlett-Packard
[17/11/2007|08:34] C:\Program Files\Fichiers communs\InstallShield
[05/12/2007|09:56] C:\Program Files\Fichiers communs\Java
[18/11/2007|17:02] C:\Program Files\Fichiers communs\Look312P
[07/08/2008|07:30] C:\Program Files\Fichiers communs\Microsoft Shared
[17/11/2007|08:04] C:\Program Files\Fichiers communs\MSSoap
[13/09/2008|12:55] C:\Program Files\Fichiers communs\Oberon Media
[17/11/2007|10:53] C:\Program Files\Fichiers communs\ODBC
[17/11/2007|08:04] C:\Program Files\Fichiers communs\Services
[17/11/2007|10:53] C:\Program Files\Fichiers communs\SpeechEngines
[22/03/2008|10:26] C:\Program Files\Fichiers communs\Symantec Shared
[21/08/2008|14:56] C:\Program Files\Fichiers communs\System
[17/11/2007|14:14] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 45 Processes )

IEXPLORE.EXE ~ [PID:3016]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch
C:\Program Files\BitDownload
C:\DOCUME~1\SALOM~1\Cookies\salomé@advertising[1].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

-> 8068 [ 70 ## added by CiD ]

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 11:58:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner

Aucune autre infection trouvée !

[F:97][D:5]-> C:\DOCUME~1\SALOM~1\LOCALS~1\Temp
[F:54][D:0]-> C:\DOCUME~1\SALOM~1\Cookies
[F:1764][D:4]-> C:\DOCUME~1\SALOM~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 19/09/2008|12:00 - Option : [1]

--------------------\\ Fin du rapport a 12:00:05
0
Réponse 29 / 53
lauri24
 
--------------------\\ Lop S&D 4.2.4-2 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : salomé ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080919-0] 4.8.1229 (Activated)

"C:\Lop SD" ( MAJ : 08-09-2008|21:40 )
Option : [2] ( 19/09/2008|22:12 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\SALOM~1\Cookies\salomé@advertising[1].txt
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch
Supprime! - C:\Program Files\BitDownload
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[13/08/2008|17:09] C:\DOCUME~1\AJAGUIN\APPLIC~1\32 Math Corn
[22/01/2008|18:16] C:\DOCUME~1\AJAGUIN\APPLIC~1\Adobe
[04/04/2008|17:36] C:\DOCUME~1\AJAGUIN\APPLIC~1\Ahead
[12/09/2008|09:23] C:\DOCUME~1\AJAGUIN\APPLIC~1\Apple Computer
[17/11/2007|08:37] C:\DOCUME~1\AJAGUIN\APPLIC~1\ATI
[18/06/2008|13:51] C:\DOCUME~1\AJAGUIN\APPLIC~1\AVS4YOU
[26/04/2008|04:25] C:\DOCUME~1\AJAGUIN\APPLIC~1\BitTorrent
[09/05/2008|19:54] C:\DOCUME~1\AJAGUIN\APPLIC~1\cerasus.media
[11/09/2008|16:38] C:\DOCUME~1\AJAGUIN\APPLIC~1\Comptabilit‚
[17/11/2007|22:21] C:\DOCUME~1\AJAGUIN\APPLIC~1\DivX
[06/09/2008|18:45] C:\DOCUME~1\AJAGUIN\APPLIC~1\dvdcss
[17/07/2008|18:17] C:\DOCUME~1\AJAGUIN\APPLIC~1\EBP
[25/01/2008|20:11] C:\DOCUME~1\AJAGUIN\APPLIC~1\EoRezo
[13/09/2008|12:56] C:\DOCUME~1\AJAGUIN\APPLIC~1\Gamelab
[16/12/2007|15:41] C:\DOCUME~1\AJAGUIN\APPLIC~1\Google
[13/01/2008|19:23] C:\DOCUME~1\AJAGUIN\APPLIC~1\gtk-2.0
[17/11/2007|19:51] C:\DOCUME~1\AJAGUIN\APPLIC~1\Help
[08/01/2008|21:25] C:\DOCUME~1\AJAGUIN\APPLIC~1\Home Sweet Home
[20/08/2008|21:51] C:\DOCUME~1\AJAGUIN\APPLIC~1\Identities
[15/04/2008|00:44] C:\DOCUME~1\AJAGUIN\APPLIC~1\InstallShield
[25/01/2008|20:05] C:\DOCUME~1\AJAGUIN\APPLIC~1\ItsLabel
[15/07/2008|13:46] C:\DOCUME~1\AJAGUIN\APPLIC~1\JAM Software
[15/07/2008|12:50] C:\DOCUME~1\AJAGUIN\APPLIC~1\LimeWire
[15/09/2008|18:52] C:\DOCUME~1\AJAGUIN\APPLIC~1\Logs
[17/11/2007|14:57] C:\DOCUME~1\AJAGUIN\APPLIC~1\Macromedia
[08/04/2008|22:37] C:\DOCUME~1\AJAGUIN\APPLIC~1\Malwarebytes
[03/12/2007|14:30] C:\DOCUME~1\AJAGUIN\APPLIC~1\Media Player Classic
[15/04/2008|00:46] C:\DOCUME~1\AJAGUIN\APPLIC~1\Megaupload
[15/09/2008|19:08] C:\DOCUME~1\AJAGUIN\APPLIC~1\MegauploadToolbar
[29/08/2008|16:17] C:\DOCUME~1\AJAGUIN\APPLIC~1\Microsoft
[25/08/2008|17:37] C:\DOCUME~1\AJAGUIN\APPLIC~1\Mozilla
[17/11/2007|15:09] C:\DOCUME~1\AJAGUIN\APPLIC~1\MSNInstaller
[17/11/2007|15:25] C:\DOCUME~1\AJAGUIN\APPLIC~1\OpenOffice.org2
[19/03/2008|12:25] C:\DOCUME~1\AJAGUIN\APPLIC~1\PlayFirst
[16/05/2008|18:19] C:\DOCUME~1\AJAGUIN\APPLIC~1\Real
[24/12/2007|08:36] C:\DOCUME~1\AJAGUIN\APPLIC~1\SAMSUNG
[05/12/2007|12:49] C:\DOCUME~1\AJAGUIN\APPLIC~1\Sun
[19/03/2008|12:33] C:\DOCUME~1\AJAGUIN\APPLIC~1\ViquaSoft
[03/12/2007|19:17] C:\DOCUME~1\AJAGUIN\APPLIC~1\vlc
[14/09/2008|15:52] C:\DOCUME~1\AJAGUIN\APPLIC~1\Vso
[27/11/2007|13:50] C:\DOCUME~1\AJAGUIN\APPLIC~1\WinRAR
[20/08/2008|21:51] C:\DOCUME~1\AJAGUIN\APPLIC~1\Zylom

[19/02/2008|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\1Click DVD Copy
[31/08/2008|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[10/12/2007|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[16/07/2008|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[16/07/2008|23:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[18/06/2008|13:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[11/09/2008|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[08/09/2008|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD X Studios
[17/07/2008|18:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EBP
[13/09/2008|16:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
[10/01/2008|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
[18/02/2008|18:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Go Go Gourmet
[19/11/2007|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[15/09/2008|12:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[13/09/2008|16:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[20/03/2008|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[08/04/2008|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[13/09/2008|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/08/2008|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[09/01/2008|20:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania
[04/12/2007|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[19/03/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[14/05/2008|00:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[08/01/2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[15/09/2008|13:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SEC
[15/09/2008|13:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\services
[29/01/2008|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
[15/09/2008|13:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software Licensors
[08/04/2008|08:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[22/03/2008|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[14/09/2008|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[26/11/2007|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/04/2008|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[20/08/2008|21:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[01/12/2007|02:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[18/11/2007|13:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[01/12/2007|02:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[15/09/2008|22:38] C:\DOCUME~1\SALOM~1\APPLIC~1\Adobe
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\Ahead
[15/09/2008|17:13] C:\DOCUME~1\SALOM~1\APPLIC~1\Apple Computer
[15/09/2008|17:18] C:\DOCUME~1\SALOM~1\APPLIC~1\ATI
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\Comptabilit‚
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\DivX
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\EBP
[15/09/2008|22:02] C:\DOCUME~1\SALOM~1\APPLIC~1\Google
[15/09/2008|17:18] C:\DOCUME~1\SALOM~1\APPLIC~1\Identities
[15/09/2008|19:19] C:\DOCUME~1\SALOM~1\APPLIC~1\Logs
[13/07/2008|19:12] C:\DOCUME~1\SALOM~1\APPLIC~1\Macromedia
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\Malwarebytes
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\Media Player Classic
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\Megaupload
[19/09/2008|22:11] C:\DOCUME~1\SALOM~1\APPLIC~1\MEGAUPLOADTOOLBAR
[15/09/2008|17:18] C:\DOCUME~1\SALOM~1\APPLIC~1\Microsoft
[25/08/2008|17:37] C:\DOCUME~1\SALOM~1\APPLIC~1\Mozilla
[15/09/2008|17:18] C:\DOCUME~1\SALOM~1\APPLIC~1\MSNInstaller
[15/09/2008|17:18] C:\DOCUME~1\SALOM~1\APPLIC~1\OpenOffice.org2
[15/09/2008|22:04] C:\DOCUME~1\SALOM~1\APPLIC~1\Real
[15/09/2008|22:08] C:\DOCUME~1\SALOM~1\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[19/09/2008 08:52][--a--c---] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[19/09/2008 07:56][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 15:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[26/06/2008|10:56] C:\Program Files\32 Math Corn
[31/08/2008|11:24] C:\Program Files\Adobe
[17/09/2008|18:27] C:\Program Files\Ahead
[20/03/2008|23:49] C:\Program Files\Alwil Software
[11/08/2008|16:14] C:\Program Files\Apple Software Update
[18/09/2008|00:25] C:\Program Files\AskTBar
[17/11/2007|08:29] C:\Program Files\ATI Technologies
[27/03/2008|12:19] C:\Program Files\BitTorrent
[16/07/2008|23:53] C:\Program Files\Bonjour
[21/03/2008|15:44] C:\Program Files\CCleaner
[13/01/2008|21:42] C:\Program Files\CD Audio Reader Filter
[17/11/2007|10:10] C:\Program Files\CodecInstaller
[17/11/2007|08:03] C:\Program Files\ComPlus Applications
[17/11/2007|08:54] C:\Program Files\CONEXANT
[13/01/2008|19:30] C:\Program Files\DirectVobSub
[15/09/2008|17:47] C:\Program Files\DivX
[11/09/2008|16:32] C:\Program Files\DVD Shrink
[08/09/2008|17:01] C:\Program Files\DVD X Studios
[17/08/2008|18:42] C:\Program Files\FDRLab
[13/09/2008|12:55] C:\Program Files\Fichiers communs
[28/07/2008|22:20] C:\Program Files\FlashGet
[19/11/2007|11:24] C:\Program Files\Google
[13/01/2008|19:33] C:\Program Files\Haali
[10/12/2007|17:04] C:\Program Files\Hp
[15/09/2008|14:44] C:\Program Files\InstallShield Installation Information
[27/08/2008|18:49] C:\Program Files\Internet Explorer
[16/07/2008|23:54] C:\Program Files\iPod
[16/07/2008|23:54] C:\Program Files\iTunes
[15/07/2008|13:46] C:\Program Files\JAM Software
[05/12/2007|10:22] C:\Program Files\Java
[28/11/2007|14:10] C:\Program Files\KC Softwares
[14/05/2008|00:28] C:\Program Files\K-Lite Codec Pack
[10/05/2008|10:34] C:\Program Files\LeConjugueur
[18/11/2007|17:02] C:\Program Files\Look 312P
[24/01/2008|20:45] C:\Program Files\Macrogaming
[15/09/2008|22:20] C:\Program Files\MagicDVDRipper
[13/05/2008|23:59] C:\Program Files\Mediatwins software
[15/04/2008|00:45] C:\Program Files\MegauploadToolbar
[13/08/2008|15:27] C:\Program Files\Messenger
[05/12/2007|13:00] C:\Program Files\Micro Application
[17/11/2007|22:40] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[17/11/2007|08:07] C:\Program Files\microsoft frontpage
[21/11/2007|10:38] C:\Program Files\Microsoft Office
[17/11/2007|14:23] C:\Program Files\Microsoft SQL Server Compact Edition
[21/11/2007|10:38] C:\Program Files\Microsoft Works
[21/11/2007|10:37] C:\Program Files\Microsoft.NET
[17/11/2007|08:04] C:\Program Files\Movie Maker
[19/09/2008|16:42] C:\Program Files\Mozilla Firefox
[03/04/2008|22:22] C:\Program Files\MSN
[17/11/2007|08:03] C:\Program Files\MSN Gaming Zone
[10/12/2007|02:00] C:\Program Files\MSXML 4.0
[15/09/2008|20:10] C:\Program Files\Navilog1
[10/12/2007|13:28] C:\Program Files\Nero
[17/11/2007|08:05] C:\Program Files\NetMeeting
[17/11/2007|08:03] C:\Program Files\Online Services
[06/02/2008|12:22] C:\Program Files\OpenOffice.org 2.0
[13/01/2008|21:42] C:\Program Files\OpenSource Flash Video Splitter
[08/01/2008|20:07] C:\Program Files\orange
[21/08/2008|14:56] C:\Program Files\Outlook Express
[16/06/2008|19:51] C:\Program Files\PhotoFiltre
[07/01/2008|02:10] C:\Program Files\Picasa2
[17/08/2008|18:32] C:\Program Files\Power Video Downloader
[28/07/2008|22:20] C:\Program Files\QuickTime
[02/06/2008|08:46] C:\Program Files\ratDVD
[13/01/2008|21:42] C:\Program Files\RealMedia
[18/09/2008|00:41] C:\Program Files\RogueRemover FREE
[12/09/2008|09:10] C:\Program Files\Safari
[24/12/2007|08:16] C:\Program Files\Samsung
[14/09/2008|15:47] C:\Program Files\SAV
[18/03/2008|18:46] C:\Program Files\SdLL
[15/09/2008|18:52] C:\Program Files\SecureExpertCleaner
[17/11/2007|13:48] C:\Program Files\Securitoo
[17/11/2007|08:06] C:\Program Files\Services en ligne
[13/01/2008|21:42] C:\Program Files\SHOUTcast Source
[11/09/2008|18:50] C:\Program Files\SlySoft
[23/11/2007|21:11] C:\Program Files\SuperCopier2
[22/03/2008|10:25] C:\Program Files\Symantec
[17/06/2008|23:08] C:\Program Files\THQ
[15/09/2008|18:56] C:\Program Files\TimeAdjuster
[15/09/2008|14:44] C:\Program Files\ToniArts
[14/09/2008|12:39] C:\Program Files\Transcend Utility
[14/09/2008|17:16] C:\Program Files\Trend Micro
[17/11/2007|08:13] C:\Program Files\Uninstall Information
[19/03/2008|10:38] C:\Program Files\URUSoft
[28/07/2008|22:20] C:\Program Files\vanBasco's Karaoke Player
[03/12/2007|19:14] C:\Program Files\VideoLAN
[09/04/2008|17:54] C:\Program Files\Windows Live
[17/11/2007|14:24] C:\Program Files\Windows Live Favorites
[28/07/2008|22:20] C:\Program Files\Windows Live Toolbar
[28/07/2008|22:20] C:\Program Files\Windows Media Connect 2
[28/08/2008|18:45] C:\Program Files\Windows Media Player
[17/11/2007|08:02] C:\Program Files\Windows NT
[17/11/2007|08:06] C:\Program Files\WindowsUpdate
[27/11/2007|13:50] C:\Program Files\WinRAR
[17/11/2007|08:07] C:\Program Files\xerox
[04/09/2008|19:00] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[31/08/2008|11:24] C:\Program Files\Fichiers communs\Adobe
[17/09/2008|18:27] C:\Program Files\Fichiers communs\Ahead
[16/07/2008|23:51] C:\Program Files\Fichiers communs\Apple
[18/06/2008|14:08] C:\Program Files\Fichiers communs\AVSMedia
[21/11/2007|10:38] C:\Program Files\Fichiers communs\DESIGNER
[17/07/2008|18:16] C:\Program Files\Fichiers communs\EBP
[10/12/2007|17:14] C:\Program Files\Fichiers communs\Hewlett-Packard
[17/11/2007|08:34] C:\Program Files\Fichiers communs\InstallShield
[05/12/2007|09:56] C:\Program Files\Fichiers communs\Java
[18/11/2007|17:02] C:\Program Files\Fichiers communs\Look312P
[07/08/2008|07:30] C:\Program Files\Fichiers communs\Microsoft Shared
[17/11/2007|08:04] C:\Program Files\Fichiers communs\MSSoap
[13/09/2008|12:55] C:\Program Files\Fichiers communs\Oberon Media
[17/11/2007|10:53] C:\Program Files\Fichiers communs\ODBC
[17/11/2007|08:04] C:\Program Files\Fichiers communs\Services
[17/11/2007|10:53] C:\Program Files\Fichiers communs\SpeechEngines
[22/03/2008|10:26] C:\Program Files\Fichiers communs\Symantec Shared
[21/08/2008|14:56] C:\Program Files\Fichiers communs\System
[17/11/2007|14:14] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 46 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 22:14:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner

Aucune autre infection trouvée !

[F:102][D:5]-> C:\DOCUME~1\SALOM~1\LOCALS~1\Temp
[F:55][D:0]-> C:\DOCUME~1\SALOM~1\Cookies
[F:338][D:4]-> C:\DOCUME~1\SALOM~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 19/09/2008|12:00 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 19/09/2008|22:15 - Option : [2]

--------------------\\ Fin du rapport a 22:15:30
0
Réponse 30 / 53
lauri24
 
bonjour,

ComboFix 08-09-16.01 - salomé 2008-09-20 10:25:56.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1356 [GMT 3:00]
Lancé depuis: C:\Documents and Settings\salomé\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\AJAGUIN\Application Data\inst.exe
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\_000013_.tmp.dll
C:\WINDOWS\system32\_000014_.tmp.dll
C:\WINDOWS\system32\_000015_.tmp.dll
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\real.txt
C:\WINDOWS\system32\rtl60.bpl

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4

((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))
.

2008-09-19 11:56 . 2008-09-19 22:15 <REP> d----c--- C:\Lop SD
2008-09-18 00:41 . 2008-09-18 00:41 <REP> d----c--- C:\Program Files\RogueRemover FREE
2008-09-18 00:36 . 2008-09-18 00:41 <REP> d----c--- C:\rogue remover
2008-09-17 23:39 . 2008-09-18 00:28 2,330 --a--c--- C:\Documents and Settings\Orph.egd
2008-09-17 23:38 . 2008-09-18 00:29 <REP> d----c--- C:\ToolBar SD
2008-09-17 18:27 . 2004-07-26 16:16 1,568,768 -----c--- C:\WINDOWS\system32\ImagX7.dll
2008-09-17 18:27 . 2004-07-26 16:16 476,320 -----c--- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-17 18:27 . 2004-07-26 16:16 471,040 -----c--- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-17 18:27 . 2004-07-09 08:43 364,544 -----c--- C:\WINDOWS\system32\TwnLib4.dll
2008-09-17 18:27 . 2004-07-26 16:16 262,144 -----c--- C:\WINDOWS\system32\ImagXR7.dll
2008-09-17 18:27 . 2005-09-01 11:03 127,488 -----c--- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-09-17 18:27 . 2005-09-01 11:03 5,888 -----c--- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-09-17 18:16 . 2008-09-18 00:25 <REP> d----c--- C:\Program Files\AskTBar
2008-09-16 16:32 . 2008-09-16 16:32 <REP> d----c--- C:\rsit
2008-09-15 22:20 . 2008-09-15 22:20 <REP> d----c--- C:\Program Files\MagicDVDRipper
2008-09-15 20:01 . 2008-09-15 20:10 <REP> d----c--- C:\Program Files\Navilog1
2008-09-15 19:07 . 2008-09-15 19:50 11,935 --a--c--- C:\Documents and Settings\AJAGUIN\base.dat
2008-09-15 18:56 . 2008-09-15 18:56 <REP> d----c--- C:\Program Files\TimeAdjuster
2008-09-15 18:52 . 2008-09-15 18:52 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Logs
2008-09-15 14:44 . 2008-09-15 14:44 <REP> d----c--- C:\Program Files\ToniArts
2008-09-15 13:18 . 2008-09-20 10:21 <REP> d----c--- C:\Program Files\SecureExpertCleaner
2008-09-15 13:18 . 2008-09-15 13:20 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\SEC
2008-09-15 13:11 . 2008-09-15 13:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Software Licensors
2008-09-15 13:11 . 2008-09-15 13:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\services
2008-09-15 12:59 . 2008-09-15 12:59 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-14 20:54 . 2008-09-14 20:54 118 --a--c--- C:\WINDOWS\system32\MRT.INI
2008-09-14 19:04 . 2008-09-10 00:04 38,528 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-14 19:04 . 2008-09-10 00:03 17,200 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys
2008-09-14 17:16 . 2008-09-14 17:16 <REP> d----c--- C:\Program Files\Trend Micro
2008-09-14 15:47 . 2008-09-14 15:47 <REP> d----c--- C:\Program Files\SAV
2008-09-14 12:39 . 2008-09-14 12:39 <REP> d----c--- C:\Program Files\Transcend Utility
2008-09-13 16:47 . 2008-09-13 16:47 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\JollyBear
2008-09-13 16:24 . 2008-09-13 16:24 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-09-13 12:55 . 2008-09-13 12:55 <REP> d----c--- C:\Program Files\Fichiers communs\Oberon Media
2008-09-12 09:10 . 2008-09-12 09:10 <REP> d----c--- C:\Program Files\Safari
2008-09-11 16:31 . 2008-09-11 16:32 <REP> d----c--- C:\Program Files\DVD Shrink
2008-09-10 06:45 . 2008-09-11 16:38 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Comptabilit‚
2008-09-10 06:45 . 2008-09-11 16:38 1,536 --a--c--- C:\MKDEWE.TRN
2008-09-10 06:44 . 1998-02-03 12:48 818,688 --a--c--- C:\WINDOWS\system32\VCF132.OCX
2008-09-10 06:44 . 1996-10-07 19:22 320,512 --a--c--- C:\WINDOWS\system32\W32MKDE.EXE
2008-09-10 06:44 . 1996-09-24 16:40 110,080 --a--c--- C:\WINDOWS\system32\W32MKRC.DLL
2008-09-10 06:44 . 1998-03-13 17:02 68,096 --a--c--- C:\WINDOWS\system32\Wbtrv32.dll
2008-09-10 06:44 . 1998-02-10 21:59 43,008 --a--c--- C:\WINDOWS\system32\W32BTICM.DLL
2008-09-08 17:01 . 2008-09-08 17:01 <REP> d----c--- C:\Program Files\DVD X Studios
2008-09-08 17:01 . 2008-09-08 17:01 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\DVD X Studios
2008-09-03 16:20 . 2008-09-03 16:20 <REP> d----c--- C:\SYSTEM.SAV
2008-08-31 23:32 . 2008-08-31 23:32 14 --a--c--- C:\WINDOWS\system32\SystemInfo32.sys
2008-08-27 16:32 . 2008-06-23 19:28 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-27 16:32 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-27 16:32 . 2007-03-08 08:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-27 16:32 . 2008-06-23 19:28 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-27 16:32 . 2008-06-23 19:28 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-27 16:32 . 2008-06-23 19:28 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-27 16:32 . 2008-06-23 19:28 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-27 16:32 . 2008-06-23 19:28 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-27 16:32 . 2008-06-23 12:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-22 21:11 . 2008-09-17 18:27 <REP> d----c--- C:\Program Files\Fichiers communs\Ahead
2008-08-22 02:29 . 2008-09-18 15:56 <REP> d----c--- C:\WINDOWS\system32\CatRoot_bak
2008-08-22 02:07 . 2008-06-14 20:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-21 15:00 . 2003-04-24 15:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-08-21 14:59 . 2003-04-24 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-21 14:58 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\WindowsShell.Manifest
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-21 14:57 . 2008-08-21 14:57 488 -rah-c--- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-21 14:56 . 2003-04-24 15:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-08-21 14:49 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\drivers\RTL8139.sys
2008-08-20 21:51 . 2008-09-04 19:00 <REP> d----c--- C:\Program Files\Zylom Games
2008-08-20 21:51 . 2008-08-20 21:51 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Zylom
2008-08-20 21:51 . 2008-08-20 21:51 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Zylom

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 15:27 --------- dc----w C:\Program Files\Ahead
2008-09-15 16:08 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\MegauploadToolbar
2008-09-15 14:47 --------- dc----w C:\Program Files\DivX
2008-09-15 11:44 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-09-14 14:52 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-14 12:52 47,360 -c--a-w C:\Documents and Settings\AJAGUIN\Application Data\pcouffin.sys
2008-09-14 12:52 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Vso
2008-09-14 09:32 47,360 -c--a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-13 09:56 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Gamelab
2008-09-12 06:23 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Apple Computer
2008-09-11 16:00 --------- dc----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-11 15:50 --------- dc----w C:\Program Files\SlySoft
2008-09-11 13:38 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Comptabilité
2008-09-06 15:45 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\dvdcss
2008-08-31 08:24 --------- dc----w C:\Program Files\Fichiers communs\Adobe
2008-08-17 15:42 --------- dc----w C:\Program Files\FDRLab
2008-08-17 15:32 --------- dc----w C:\Program Files\Power Video Downloader
2008-08-13 14:09 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\32 Math Corn
2008-08-13 12:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-11 13:14 --------- dc----w C:\Program Files\Apple Software Update
2008-07-28 19:20 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-07-28 19:20 --------- dc----w C:\Program Files\Windows Live Toolbar
2008-07-28 19:20 --------- dc----w C:\Program Files\vanBasco's Karaoke Player
2008-07-28 19:20 --------- dc----w C:\Program Files\QuickTime
2008-07-28 19:20 --------- dc----w C:\Program Files\FlashGet
2008-07-18 18:39 587,264 -c--a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-04 07:11 3,532 -c--a-w C:\drmHeader.bin
2008-04-24 09:34 1,710 -c--a-w C:\Documents and Settings\AJAGUIN\afrnsj.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\lnxfrx.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\krdjwh.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\fbjafd.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\cdszkz.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\byyxdt.exe
2008-04-24 09:32 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\gjckmu.exe
2008-04-24 09:17 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\ivanqf.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SecureExpertCleaner"="C:\Program Files\SecureExpertCleaner\sec.exe" [2008-08-18 1556480]
"Reminder"="C:\Program Files\SecureExpertCleaner\Reminder.exe" [2008-08-14 480768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= mtkjpeg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\autre\\Nouveau dossier\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56967:TCP"= 56967:TCP:Pando P2P TCP Listening Port
"56967:UDP"= 56967:UDP:Pando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 cel90xbe;cel90xbe;C:\DOCUME~1\AJAGUIN\LOCALS~1\Temp\cel90xbe.sys [ ]
.
Contenu du dossier 'Tƒches planifi‚es'
.
.
------- Examen suppl‚mentaire -------
.
FireFox -: Profile - C:\Documents and Settings\salomé\Application Data\Mozilla\Firefox\Profiles\264oujqh.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 10:30:21
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\SALOM~1\LOCALS~1\Temp\mc21.tmp"
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-09-20 10:35:14 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-20 07:35:08

Avant-CF: 1,516,937,216 octets libres
AprŠs-CF: 1,482,866,688 octets libres

227
0
Réponse 31 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\Documents and Settings\AJAGUIN\afrnsj.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

Fais de même avec : C:\Documents and Settings\AJAGUIN\lnxfrx.exe
0
Réponse 32 / 53
lauri24
 
Fichier afrnsj.exe reçu le 2008.09.21 10:59:00 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 0/36 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 5.
L'heure estimée de démarrage est entre 56 et 81 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.21 -
Authentium 5.1.0.4 2008.09.21 -
Avast 4.8.1195.0 2008.09.20 -
AVG 8.0.0.161 2008.09.20 -
BitDefender 7.2 2008.09.21 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.21 -
DrWeb 4.44.0.09170 2008.09.21 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6096 2008.09.20 -
Ewido 4.0 2008.09.21 -
F-Prot 4.4.4.56 2008.09.21 -
F-Secure 8.0.14332.0 2008.09.21 -
Fortinet 3.113.0.0 2008.09.21 -
GData 19 2008.09.21 -
Ikarus T3.1.1.34.0 2008.09.21 -
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.21 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.21 -
NOD32v2 3458 2008.09.21 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.20 -
PCTools 4.4.2.0 2008.09.20 -
Prevx1 V2 2008.09.21 -
Rising 20.62.62.00 2008.09.21 -
Sophos 4.33.0 2008.09.21 -
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.21 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.20 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.20 -
Webwasher-Gateway 6.6.2 2008.09.21 -
Information additionnelle
File size: 1710 bytes
MD5...: 6aecbfe7ad504da829f246fc8c3883a6
SHA1..: 2ae1422ba5fc7b11ca9f8e19d19f8a169baea14f
SHA256: a2129de7ed55d600f8f3cc52fa109f6bab4a9756651dd44fbae06b125252db29
SHA512: d8ceb2bf8b440802761bcee2923df9f788883a12eac396fd4f56f4d117bd73d9
617751200af3986096246eae45e98f6f65408b720d8f5b0133cebf454ebfcca8
PEiD..: -
TrID..: File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
PEInfo: -

Fichier lnxfrx.exe reçu le 2008.09.21 11:00:22 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 0/36 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 2.
L'heure estimée de démarrage est entre 43 et 62 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.21 -
Authentium 5.1.0.4 2008.09.21 -
Avast 4.8.1195.0 2008.09.20 -
AVG 8.0.0.161 2008.09.20 -
BitDefender 7.2 2008.09.21 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.21 -
DrWeb 4.44.0.09170 2008.09.21 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6095 2008.09.19 -
Ewido 4.0 2008.09.21 -
F-Prot 4.4.4.56 2008.09.21 -
F-Secure 8.0.14332.0 2008.09.21 -
Fortinet 3.113.0.0 2008.09.21 -
GData 19 2008.09.21 -
Ikarus T3.1.1.34.0 2008.09.21 -
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.21 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.21 -
NOD32v2 3458 2008.09.21 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.20 -
PCTools 4.4.2.0 2008.09.20 -
Prevx1 V2 2008.09.21 -
Rising 20.62.62.00 2008.09.21 -
Sophos 4.33.0 2008.09.21 -
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.21 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.20 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.20 -
Webwasher-Gateway 6.6.2 2008.09.21 -
Information additionnelle
File size: 1220 bytes
MD5...: 9f0a45457b4b272dd095729d02ce6bb2
SHA1..: 6e90f657cd053dd11aec003fb51e7f5ae00b6816
SHA256: 9be9e814e197aa522262616dc53f226f068c6b611ae47250b54daa0dd3d787e1
SHA512: a5680fed31548b12f03696d4ef6c857427d6b5c5f712b702131fdd61cc842e65
65caf855cf3d909840ca4888d72a477f965134b3c9cd347f9ea7de728a0e9ca4
PEiD..: -
TrID..: File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
PEInfo: -
0
Réponse 33 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Driver::
cel90xbe

Folder::
%CommonAppData%\SEC
%CommonPrograms%\SecureExpertCleaner
%ProgramFiles%\SecureExpertCleaner
C:\DOCUME~1\AJAGUIN\APPLIC~1\32 Math Corn
C:\Program Files\32 Math Corn

Registry::
[- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
[- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3P_USEC_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider]
[- HKEY_LOCAL_MACHINE\SOFTWARE\SEC]
[- HKEY_CURRENT_USER\Software\SEC]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
0
Réponse 34 / 53
lauri24
 
re,

ComboFix 08-09-16.01 - salomé 2008-09-20 22:05:26.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1330 [GMT 3:00]
Lancé depuis: D:\mes raccourcis bureau\antivirus\ComboFix.exe
Command switches used :: C:\Documents and Settings\salomé\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CEL90XBE
-------\Service_cel90xbe

((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))
.

2008-09-20 10:53 . 2008-09-20 10:53 <REP> d----c--- C:\Program Files\7-Zip
2008-09-20 10:35 . 2008-09-20 10:35 <REP> d----c--- C:\Documents and Settings\salomé
2008-09-20 10:35 . <REP> C:\Documents and Settings\salomÚ\Local Settings
2008-09-20 10:35 . <REP> C:\Documents and Settings\salomÚ\Local Settings
2008-09-19 11:56 . 2008-09-19 22:15 <REP> d----c--- C:\Lop SD
2008-09-18 00:41 . 2008-09-18 00:41 <REP> d----c--- C:\Program Files\RogueRemover FREE
2008-09-18 00:36 . 2008-09-18 00:41 <REP> d----c--- C:\rogue remover
2008-09-17 23:39 . 2008-09-18 00:28 2,330 --a--c--- C:\Documents and Settings\Orph.egd
2008-09-17 23:38 . 2008-09-18 00:29 <REP> d----c--- C:\ToolBar SD
2008-09-17 18:27 . 2004-07-26 16:16 1,568,768 -----c--- C:\WINDOWS\system32\ImagX7.dll
2008-09-17 18:27 . 2004-07-26 16:16 476,320 -----c--- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-17 18:27 . 2004-07-26 16:16 471,040 -----c--- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-17 18:27 . 2004-07-09 08:43 364,544 -----c--- C:\WINDOWS\system32\TwnLib4.dll
2008-09-17 18:27 . 2004-07-26 16:16 262,144 -----c--- C:\WINDOWS\system32\ImagXR7.dll
2008-09-17 18:27 . 2005-09-01 11:03 127,488 -----c--- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-09-17 18:27 . 2005-09-01 11:03 5,888 -----c--- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-09-17 18:16 . 2008-09-18 00:25 <REP> d----c--- C:\Program Files\AskTBar
2008-09-16 16:32 . 2008-09-16 16:32 <REP> d----c--- C:\rsit
2008-09-15 22:20 . 2008-09-15 22:20 <REP> d----c--- C:\Program Files\MagicDVDRipper
2008-09-15 20:01 . 2008-09-15 20:10 <REP> d----c--- C:\Program Files\Navilog1
2008-09-15 19:07 . 2008-09-15 19:50 11,935 --a--c--- C:\Documents and Settings\AJAGUIN\base.dat
2008-09-15 18:56 . 2008-09-15 18:56 <REP> d----c--- C:\Program Files\TimeAdjuster
2008-09-15 18:52 . 2008-09-15 18:52 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Logs
2008-09-15 14:44 . 2008-09-15 14:44 <REP> d----c--- C:\Program Files\ToniArts
2008-09-15 13:18 . 2008-09-20 10:21 <REP> d----c--- C:\Program Files\SecureExpertCleaner
2008-09-15 13:18 . 2008-09-15 13:20 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\SEC
2008-09-15 13:11 . 2008-09-15 13:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Software Licensors
2008-09-15 13:11 . 2008-09-15 13:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\services
2008-09-15 12:59 . 2008-09-15 12:59 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-14 20:54 . 2008-09-14 20:54 118 --a--c--- C:\WINDOWS\system32\MRT.INI
2008-09-14 19:04 . 2008-09-10 00:04 38,528 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-14 19:04 . 2008-09-10 00:03 17,200 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys
2008-09-14 17:16 . 2008-09-14 17:16 <REP> d----c--- C:\Program Files\Trend Micro
2008-09-14 15:47 . 2008-09-14 15:47 <REP> d----c--- C:\Program Files\SAV
2008-09-14 12:39 . 2008-09-14 12:39 <REP> d----c--- C:\Program Files\Transcend Utility
2008-09-13 16:47 . 2008-09-13 16:47 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\JollyBear
2008-09-13 16:24 . 2008-09-13 16:24 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-09-13 12:55 . 2008-09-13 12:55 <REP> d----c--- C:\Program Files\Fichiers communs\Oberon Media
2008-09-12 09:10 . 2008-09-12 09:10 <REP> d----c--- C:\Program Files\Safari
2008-09-11 16:31 . 2008-09-11 16:32 <REP> d----c--- C:\Program Files\DVD Shrink
2008-09-10 06:45 . 2008-09-11 16:38 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Comptabilit‚
2008-09-10 06:45 . 2008-09-11 16:38 1,536 --a--c--- C:\MKDEWE.TRN
2008-09-10 06:44 . 1998-02-03 12:48 818,688 --a--c--- C:\WINDOWS\system32\VCF132.OCX
2008-09-10 06:44 . 1996-10-07 19:22 320,512 --a--c--- C:\WINDOWS\system32\W32MKDE.EXE
2008-09-10 06:44 . 1996-09-24 16:40 110,080 --a--c--- C:\WINDOWS\system32\W32MKRC.DLL
2008-09-10 06:44 . 1998-03-13 17:02 68,096 --a--c--- C:\WINDOWS\system32\Wbtrv32.dll
2008-09-10 06:44 . 1998-02-10 21:59 43,008 --a--c--- C:\WINDOWS\system32\W32BTICM.DLL
2008-09-08 17:01 . 2008-09-08 17:01 <REP> d----c--- C:\Program Files\DVD X Studios
2008-09-08 17:01 . 2008-09-08 17:01 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\DVD X Studios
2008-09-03 16:20 . 2008-09-03 16:20 <REP> d----c--- C:\SYSTEM.SAV
2008-08-31 23:32 . 2008-08-31 23:32 14 --a--c--- C:\WINDOWS\system32\SystemInfo32.sys
2008-08-27 16:32 . 2008-06-23 19:28 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-27 16:32 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-27 16:32 . 2007-03-08 08:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-27 16:32 . 2008-06-23 19:28 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-27 16:32 . 2008-06-23 19:28 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-27 16:32 . 2008-06-23 19:28 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-27 16:32 . 2008-06-23 19:28 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-27 16:32 . 2008-06-23 19:28 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-27 16:32 . 2008-06-23 12:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-22 21:11 . 2008-09-17 18:27 <REP> d----c--- C:\Program Files\Fichiers communs\Ahead
2008-08-22 02:29 . 2008-09-18 15:56 <REP> d----c--- C:\WINDOWS\system32\CatRoot_bak
2008-08-22 02:07 . 2008-06-14 20:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-21 15:00 . 2003-04-24 15:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-08-21 14:59 . 2003-04-24 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-21 14:58 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\WindowsShell.Manifest
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-21 14:57 . 2008-08-21 14:57 488 -rah-c--- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-21 14:56 . 2003-04-24 15:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-08-21 14:49 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\drivers\RTL8139.sys
2008-08-20 21:51 . 2008-09-04 19:00 <REP> d----c--- C:\Program Files\Zylom Games
2008-08-20 21:51 . 2008-08-20 21:51 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Zylom
2008-08-20 21:51 . 2008-08-20 21:51 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Zylom

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 15:27 --------- dc----w C:\Program Files\Ahead
2008-09-15 16:08 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\MegauploadToolbar
2008-09-15 14:47 --------- dc----w C:\Program Files\DivX
2008-09-15 11:44 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-09-14 14:52 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-14 12:52 47,360 -c--a-w C:\Documents and Settings\AJAGUIN\Application Data\pcouffin.sys
2008-09-14 12:52 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Vso
2008-09-14 09:32 47,360 -c--a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-13 09:56 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Gamelab
2008-09-12 06:23 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Apple Computer
2008-09-11 16:00 --------- dc----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-11 15:50 --------- dc----w C:\Program Files\SlySoft
2008-09-11 13:38 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Comptabilité
2008-09-06 15:45 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\dvdcss
2008-08-31 08:24 --------- dc----w C:\Program Files\Fichiers communs\Adobe
2008-08-17 15:42 --------- dc----w C:\Program Files\FDRLab
2008-08-17 15:32 --------- dc----w C:\Program Files\Power Video Downloader
2008-08-13 14:09 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\32 Math Corn
2008-08-13 12:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-11 13:14 --------- dc----w C:\Program Files\Apple Software Update
2008-07-28 19:20 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-07-28 19:20 --------- dc----w C:\Program Files\Windows Live Toolbar
2008-07-28 19:20 --------- dc----w C:\Program Files\vanBasco's Karaoke Player
2008-07-28 19:20 --------- dc----w C:\Program Files\QuickTime
2008-07-28 19:20 --------- dc----w C:\Program Files\FlashGet
2008-07-18 18:39 587,264 -c--a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-04 07:11 3,532 -c--a-w C:\drmHeader.bin
2008-04-24 09:34 1,710 -c--a-w C:\Documents and Settings\AJAGUIN\afrnsj.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\lnxfrx.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\krdjwh.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\fbjafd.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\cdszkz.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\byyxdt.exe
2008-04-24 09:32 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\gjckmu.exe
2008-04-24 09:17 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\ivanqf.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-20_10.34.40.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-20 19:10:36 16,384 -c--atw C:\WINDOWS\Temp\Perflib_Perfdata_508.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SecureExpertCleaner"="C:\Program Files\SecureExpertCleaner\sec.exe" [2008-08-18 1556480]
"Reminder"="C:\Program Files\SecureExpertCleaner\Reminder.exe" [2008-08-14 480768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= mtkjpeg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\autre\\Nouveau dossier\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56967:TCP"= 56967:TCP:Pando P2P TCP Listening Port
"56967:UDP"= 56967:UDP:Pando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.
Contenu du dossier 'Tƒches planifi‚es'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 22:11:00
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\SALOM~1\LOCALS~1\Temp\mc21.tmp"
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-09-20 22:15:55 - La machine a red‚marr‚ [salom‚]
ComboFix-quarantined-files.txt 2008-09-20 19:15:49
ComboFix2.txt 2008-09-20 07:35:15

Avant-CF: 3,787,665,408 octets libres
AprŠs-CF: 3,819,950,080 octets libres

217

et ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:11, on 20/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SecureExpertCleaner\sec.exe
C:\Program Files\SecureExpertCleaner\Reminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\MegaIEMn.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SecureExpertCleaner] C:\Program Files\SecureExpertCleaner\sec.exe
O4 - HKLM\..\Run: [Reminder] C:\Program Files\SecureExpertCleaner\Reminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download Link Using Mega Manager... - D:\Program Files\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - D:\autre\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - D:\autre\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe (file missing)
0
Réponse 35 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

pas mal d'infections (rogue, lop, toolbars infectés, ...)

Ouvre l'explorateur Windows,

Cherche chacun de ces fichiers :

C:\Documents and Settings\AJAGUIN\afrnsj.exe
C:\Documents and Settings\AJAGUIN\lnxfrx.exe
C:\Documents and Settings\AJAGUIN\krdjwh.exe
C:\Documents and Settings\AJAGUIN\fbjafd.exe
C:\Documents and Settings\AJAGUIN\cdszkz.exe
C:\Documents and Settings\AJAGUIN\byyxdt.exe
C:\Documents and Settings\AJAGUIN\gjckmu.exe
C:\Documents and Settings\AJAGUIN\ivanqf.exe

Fais un clic droit et Renommer.

Ajoute .vir à la fin du nom :

C:\Documents and Settings\AJAGUIN\afrnsj.exe doit devenir :

C:\Documents and Settings\AJAGUIN\afrnsj.exe.vir

Relance HijackThis.

Choisis Do a scan only

Coche la case devant les lignes suivantes

O4 - HKLM\..\Run: [SecureExpertCleaner] C:\Program Files\SecureExpertCleaner\sec.exe
O4 - HKLM\..\Run: [Reminder] C:\Program Files\SecureExpertCleaner\Reminder.exe

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

Ferme Hijackthis.

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Folder::
%CommonAppData%\SEC
%CommonPrograms%\SecureExpertCleaner
%ProgramFiles%\SecureExpertCleaner
C:\DOCUME~1\AJAGUIN\APPLIC~1\32 Math Corn
C:\Program Files\32 Math Corn

Registry::
[- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
[- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3P_USEC_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider]
[- HKEY_LOCAL_MACHINE\SOFTWARE\SEC]
[- HKEY_CURRENT_USER\Software\SEC]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
0
Réponse 36 / 53
lauri24
 
re,
je n'arrive pas à renommer les fichiers, le message qui suit se met à chq fois;

impossible de renommer " afrnsj.exe " cette resource est utilisée par une autre personne ou un autre programme.
Fermez les programme susceptible d'utiliser le fichier et essayer à nouveaux
0
Réponse 37 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

fais le reste.

Ensuite,

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton Bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : afrnsj
- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient(e)
0
Réponse 38 / 53
lauri24
 
je n'arrive pas à télécharger OAV

sinon...

ComboFix 08-09-16.01 - salomé 2008-09-21 16:48:08.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1333 [GMT 3:00]
Lancé depuis: D:\mes raccourcis bureau\antivirus\ComboFix.exe
Command switches used :: C:\Documents and Settings\salomé\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-21 au 2008-09-21 ))))))))))))))))))))))))))))))))))))
.

2008-09-20 22:28 . 2008-09-20 22:28 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\vlc
2008-09-20 10:53 . 2008-09-20 10:53 <REP> d----c--- C:\Program Files\7-Zip
2008-09-20 10:35 . 2008-09-20 10:35 <REP> d----c--- C:\Documents and Settings\salomÚ
2008-09-19 11:56 . 2008-09-19 22:15 <REP> d----c--- C:\Lop SD
2008-09-18 00:41 . 2008-09-18 00:41 <REP> d----c--- C:\Program Files\RogueRemover FREE
2008-09-18 00:36 . 2008-09-18 00:41 <REP> d----c--- C:\rogue remover
2008-09-17 23:39 . 2008-09-18 00:28 2,330 --a--c--- C:\Documents and Settings\Orph.egd
2008-09-17 23:38 . 2008-09-18 00:29 <REP> d----c--- C:\ToolBar SD
2008-09-17 18:27 . 2004-07-26 16:16 1,568,768 -----c--- C:\WINDOWS\system32\ImagX7.dll
2008-09-17 18:27 . 2004-07-26 16:16 476,320 -----c--- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-17 18:27 . 2004-07-26 16:16 471,040 -----c--- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-17 18:27 . 2004-07-09 08:43 364,544 -----c--- C:\WINDOWS\system32\TwnLib4.dll
2008-09-17 18:27 . 2004-07-26 16:16 262,144 -----c--- C:\WINDOWS\system32\ImagXR7.dll
2008-09-17 18:27 . 2005-09-01 11:03 127,488 -----c--- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-09-17 18:27 . 2005-09-01 11:03 5,888 -----c--- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-09-17 18:16 . 2008-09-18 00:25 <REP> d----c--- C:\Program Files\AskTBar
2008-09-16 16:32 . 2008-09-16 16:32 <REP> d----c--- C:\rsit
2008-09-15 22:20 . 2008-09-15 22:20 <REP> d----c--- C:\Program Files\MagicDVDRipper
2008-09-15 20:42 . 2008-09-20 17:52 <REP> d----c--- C:\Documents and Settings\salomé\Contacts
2008-09-15 20:42 . 2008-09-20 17:52 <REP> d----c--- C:\Documents and Settings\salomé\Contacts
2008-09-15 20:01 . 2008-09-15 20:10 <REP> d----c--- C:\Program Files\Navilog1
2008-09-15 19:19 . 2008-09-21 07:24 <REP> d----c--- C:\Documents and Settings\salomé\Download
2008-09-15 19:19 . 2008-09-21 07:24 <REP> d----c--- C:\Documents and Settings\salomé\Download
2008-09-15 19:19 . 2008-09-15 19:19 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\Logs
2008-09-15 19:10 . 2008-09-21 07:16 23,262 --a--c--- C:\Documents and Settings\salomé\base.dat
2008-09-15 19:10 . 2008-09-21 07:16 23,262 --a--c--- C:\Documents and Settings\salomé\base.dat
2008-09-15 19:07 . 2008-09-15 19:50 11,935 --a--c--- C:\Documents and Settings\AJAGUIN\base.dat
2008-09-15 18:56 . 2008-09-15 18:56 <REP> d----c--- C:\Program Files\TimeAdjuster
2008-09-15 18:52 . 2008-09-15 18:52 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Logs
2008-09-15 17:13 . 2008-09-15 17:13 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\Apple Computer
2008-09-15 14:44 . 2008-09-15 14:44 <REP> d----c--- C:\Program Files\ToniArts
2008-09-15 13:18 . 2008-09-20 10:21 <REP> d----c--- C:\Program Files\SecureExpertCleaner
2008-09-15 13:18 . 2008-09-15 13:20 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\SEC
2008-09-15 13:11 . 2008-09-15 13:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Software Licensors
2008-09-15 13:11 . 2008-09-15 13:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\services
2008-09-15 12:59 . 2008-09-15 12:59 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-14 20:54 . 2008-09-14 20:54 118 --a--c--- C:\WINDOWS\system32\MRT.INI
2008-09-14 19:04 . 2008-09-10 00:04 38,528 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-14 19:04 . 2008-09-10 00:03 17,200 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys
2008-09-14 17:16 . 2008-09-14 17:16 <REP> d----c--- C:\Program Files\Trend Micro
2008-09-14 15:47 . 2008-09-14 15:47 <REP> d----c--- C:\Program Files\SAV
2008-09-14 12:39 . 2008-09-14 12:39 <REP> d----c--- C:\Program Files\Transcend Utility
2008-09-13 16:47 . 2008-09-13 16:47 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\JollyBear
2008-09-13 16:24 . 2008-09-13 16:24 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-09-13 12:55 . 2008-09-13 12:55 <REP> d----c--- C:\Program Files\Fichiers communs\Oberon Media
2008-09-12 09:10 . 2008-09-12 09:10 <REP> d----c--- C:\Program Files\Safari
2008-09-11 16:31 . 2008-09-11 16:32 <REP> d----c--- C:\Program Files\DVD Shrink
2008-09-10 06:45 . 2008-09-15 17:17 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\Comptabilité
2008-09-10 06:45 . 2008-09-11 16:38 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Comptabilité
2008-09-10 06:45 . 2008-09-11 16:38 1,536 --a--c--- C:\MKDEWE.TRN
2008-09-10 06:44 . 1998-02-03 12:48 818,688 --a--c--- C:\WINDOWS\system32\VCF132.OCX
2008-09-10 06:44 . 1996-10-07 19:22 320,512 --a--c--- C:\WINDOWS\system32\W32MKDE.EXE
2008-09-10 06:44 . 1996-09-24 16:40 110,080 --a--c--- C:\WINDOWS\system32\W32MKRC.DLL
2008-09-10 06:44 . 1998-03-13 17:02 68,096 --a--c--- C:\WINDOWS\system32\Wbtrv32.dll
2008-09-10 06:44 . 1998-02-10 21:59 43,008 --a--c--- C:\WINDOWS\system32\W32BTICM.DLL
2008-09-08 17:01 . 2008-09-08 17:01 <REP> d----c--- C:\Program Files\DVD X Studios
2008-09-08 17:01 . 2008-09-08 17:01 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\DVD X Studios
2008-09-03 16:20 . 2008-09-03 16:20 <REP> d----c--- C:\SYSTEM.SAV
2008-08-31 23:32 . 2008-08-31 23:32 14 --a--c--- C:\WINDOWS\system32\SystemInfo32.sys
2008-08-27 16:32 . 2008-06-23 19:28 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-27 16:32 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-27 16:32 . 2007-03-08 08:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-27 16:32 . 2008-06-23 19:28 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-27 16:32 . 2008-06-23 19:28 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-27 16:32 . 2008-06-23 19:28 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-27 16:32 . 2008-06-23 19:28 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-27 16:32 . 2008-06-23 19:28 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-27 16:32 . 2008-06-23 12:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-22 21:11 . 2008-09-17 18:27 <REP> d----c--- C:\Program Files\Fichiers communs\Ahead
2008-08-22 02:29 . 2008-09-18 15:56 <REP> d----c--- C:\WINDOWS\system32\CatRoot_bak
2008-08-22 02:07 . 2008-06-14 20:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-21 15:00 . 2003-04-24 15:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-08-21 14:59 . 2003-04-24 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-21 14:58 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\WindowsShell.Manifest
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-21 14:57 . 2008-08-21 14:57 488 -rah-c--- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-21 14:56 . 2003-04-24 15:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-08-21 14:49 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\drivers\RTL8139.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 13:41 --------- dc----w C:\Documents and Settings\salomé\Application Data\MEGAUPLOADTOOLBAR
2008-09-17 15:27 --------- dc----w C:\Program Files\Ahead
2008-09-15 16:08 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\MegauploadToolbar
2008-09-15 14:47 --------- dc----w C:\Program Files\DivX
2008-09-15 14:18 --------- dc----w C:\Documents and Settings\salomé\Application Data\OpenOffice.org2
2008-09-15 14:18 --------- dc----w C:\Documents and Settings\salomé\Application Data\MSNInstaller
2008-09-15 14:18 --------- dc----w C:\Documents and Settings\salomé\Application Data\ATI
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Megaupload
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Media Player Classic
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Malwarebytes
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\EBP
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\DivX
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Ahead
2008-09-15 11:44 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-09-14 14:52 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-14 12:52 47,360 -c--a-w C:\Documents and Settings\AJAGUIN\Application Data\pcouffin.sys
2008-09-14 12:52 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Vso
2008-09-14 09:32 47,360 -c--a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-13 09:56 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Gamelab
2008-09-12 06:23 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Apple Computer
2008-09-11 16:00 --------- dc----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-11 15:50 --------- dc----w C:\Program Files\SlySoft
2008-09-06 15:45 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\dvdcss
2008-09-04 16:00 --------- dc----w C:\Program Files\Zylom Games
2008-08-31 08:24 --------- dc----w C:\Program Files\Fichiers communs\Adobe
2008-08-20 18:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-08-20 18:51 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Zylom
2008-08-17 15:42 --------- dc----w C:\Program Files\FDRLab
2008-08-17 15:32 --------- dc----w C:\Program Files\Power Video Downloader
2008-08-13 14:09 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\32 Math Corn
2008-08-13 12:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-11 13:14 --------- dc----w C:\Program Files\Apple Software Update
2008-07-28 19:20 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-07-28 19:20 --------- dc----w C:\Program Files\Windows Live Toolbar
2008-07-28 19:20 --------- dc----w C:\Program Files\vanBasco's Karaoke Player
2008-07-28 19:20 --------- dc----w C:\Program Files\QuickTime
2008-07-28 19:20 --------- dc----w C:\Program Files\FlashGet
2008-07-18 19:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 -c--a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-11 08:54 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-07 20:31 253,952 -c--a-w C:\WINDOWS\system32\es.dll
2008-07-04 07:11 3,532 -c--a-w C:\drmHeader.bin
2008-06-24 16:23 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 15:12 295,936 -c--a-w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:28 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-04-24 09:34 1,710 -c--a-w C:\Documents and Settings\AJAGUIN\afrnsj.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\lnxfrx.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\krdjwh.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\fbjafd.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\cdszkz.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\byyxdt.exe
2008-04-24 09:32 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\gjckmu.exe
2008-04-24 09:17 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\ivanqf.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-20_10.34.40.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-21 04:14:38 16,384 -c--atw C:\WINDOWS\Temp\Perflib_Perfdata_584.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

C:\Documents and Settings\AJAGUIN\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= mtkjpeg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\autre\\Nouveau dossier\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56967:TCP"= 56967:TCP:Pando P2P TCP Listening Port
"56967:UDP"= 56967:UDP:Pando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.
Contenu du dossier 'Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 16:50:14
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\SALOM~1\LOCALS~1\Temp\mc21.tmp"
.
Heure de fin: 2008-09-21 16:52:18
ComboFix-quarantined-files.txt 2008-09-21 13:51:14
ComboFix2.txt 2008-09-20 19:15:56
ComboFix3.txt 2008-09-20 07:35:15

Avant-CF: 1,781,301,248 octets libres
AprŠs-CF: 1,770,762,240 octets libres

226

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:58, on 21/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\MegaIEMn.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download Link Using Mega Manager... - D:\Program Files\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - D:\autre\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - D:\autre\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe (file missing)
0
Réponse 39 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

au post 29 j'ai écrit ceci :

et enregistre le sur le Bureau. (en parlant de Combofix).

Or je lis (dernier rapport de Combofix) : ComboFix 08-09-16.01 - salomé 2008-09-21 16:48:08.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1333 [GMT 3:00]
Lancé depuis: D:\mes raccourcis bureau\antivirus\ComboFix.exe

Déplace Combofix.exe dans C:\Documents and Settings\salomé\Bureau\ (à coté de CFscript.txt) et fais ceci :

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Fait un glisser/déposer du fichier CFscript qui est sur ton Bureau sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

Que se passe-t-il avec OAD que tu ne peux pas le télécharger ?

0
Réponse 40 / 53
lauri24
 
ComboFix 08-09-16.01 - salomé 2008-09-21 21:53:46.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1331 [GMT 3:00]
Lancé depuis: C:\Documents and Settings\salomé\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\salomé\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-21 au 2008-09-21 ))))))))))))))))))))))))))))))))))))
.

2008-09-20 22:28 . 2008-09-20 22:28 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\vlc
2008-09-20 10:53 . 2008-09-20 10:53 <REP> d----c--- C:\Program Files\7-Zip
2008-09-20 10:35 . 2008-09-20 10:35 <REP> d----c--- C:\Documents and Settings\salomÚ
2008-09-19 11:56 . 2008-09-19 22:15 <REP> d----c--- C:\Lop SD
2008-09-18 00:41 . 2008-09-18 00:41 <REP> d----c--- C:\Program Files\RogueRemover FREE
2008-09-18 00:36 . 2008-09-18 00:41 <REP> d----c--- C:\rogue remover
2008-09-17 23:39 . 2008-09-18 00:28 2,330 --a--c--- C:\Documents and Settings\Orph.egd
2008-09-17 23:38 . 2008-09-18 00:29 <REP> d----c--- C:\ToolBar SD
2008-09-17 18:27 . 2004-07-26 16:16 1,568,768 -----c--- C:\WINDOWS\system32\ImagX7.dll
2008-09-17 18:27 . 2004-07-26 16:16 476,320 -----c--- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-17 18:27 . 2004-07-26 16:16 471,040 -----c--- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-17 18:27 . 2004-07-09 08:43 364,544 -----c--- C:\WINDOWS\system32\TwnLib4.dll
2008-09-17 18:27 . 2004-07-26 16:16 262,144 -----c--- C:\WINDOWS\system32\ImagXR7.dll
2008-09-17 18:27 . 2005-09-01 11:03 127,488 -----c--- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-09-17 18:27 . 2005-09-01 11:03 5,888 -----c--- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-09-17 18:16 . 2008-09-18 00:25 <REP> d----c--- C:\Program Files\AskTBar
2008-09-16 16:32 . 2008-09-16 16:32 <REP> d----c--- C:\rsit
2008-09-15 22:20 . 2008-09-15 22:20 <REP> d----c--- C:\Program Files\MagicDVDRipper
2008-09-15 20:42 . 2008-09-20 17:52 <REP> d----c--- C:\Documents and Settings\salomé\Contacts
2008-09-15 20:42 . 2008-09-20 17:52 <REP> d----c--- C:\Documents and Settings\salomé\Contacts
2008-09-15 20:01 . 2008-09-15 20:10 <REP> d----c--- C:\Program Files\Navilog1
2008-09-15 19:19 . 2008-09-21 07:24 <REP> d----c--- C:\Documents and Settings\salomé\Download
2008-09-15 19:19 . 2008-09-21 07:24 <REP> d----c--- C:\Documents and Settings\salomé\Download
2008-09-15 19:19 . 2008-09-15 19:19 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\Logs
2008-09-15 19:10 . 2008-09-21 07:16 23,262 --a--c--- C:\Documents and Settings\salomé\base.dat
2008-09-15 19:10 . 2008-09-21 07:16 23,262 --a--c--- C:\Documents and Settings\salomé\base.dat
2008-09-15 19:07 . 2008-09-15 19:50 11,935 --a--c--- C:\Documents and Settings\AJAGUIN\base.dat
2008-09-15 18:56 . 2008-09-15 18:56 <REP> d----c--- C:\Program Files\TimeAdjuster
2008-09-15 18:52 . 2008-09-15 18:52 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Logs
2008-09-15 17:13 . 2008-09-15 17:13 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\Apple Computer
2008-09-15 14:44 . 2008-09-15 14:44 <REP> d----c--- C:\Program Files\ToniArts
2008-09-15 13:18 . 2008-09-20 10:21 <REP> d----c--- C:\Program Files\SecureExpertCleaner
2008-09-15 13:18 . 2008-09-15 13:20 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\SEC
2008-09-15 13:11 . 2008-09-15 13:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Software Licensors
2008-09-15 13:11 . 2008-09-15 13:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\services
2008-09-15 12:59 . 2008-09-15 12:59 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-14 20:54 . 2008-09-14 20:54 118 --a--c--- C:\WINDOWS\system32\MRT.INI
2008-09-14 19:04 . 2008-09-10 00:04 38,528 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-14 19:04 . 2008-09-10 00:03 17,200 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys
2008-09-14 17:16 . 2008-09-14 17:16 <REP> d----c--- C:\Program Files\Trend Micro
2008-09-14 15:47 . 2008-09-14 15:47 <REP> d----c--- C:\Program Files\SAV
2008-09-14 12:39 . 2008-09-14 12:39 <REP> d----c--- C:\Program Files\Transcend Utility
2008-09-13 16:47 . 2008-09-13 16:47 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\JollyBear
2008-09-13 16:24 . 2008-09-13 16:24 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-09-13 12:55 . 2008-09-13 12:55 <REP> d----c--- C:\Program Files\Fichiers communs\Oberon Media
2008-09-12 09:10 . 2008-09-12 09:10 <REP> d----c--- C:\Program Files\Safari
2008-09-11 16:31 . 2008-09-11 16:32 <REP> d----c--- C:\Program Files\DVD Shrink
2008-09-10 06:45 . 2008-09-15 17:17 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\Comptabilité
2008-09-10 06:45 . 2008-09-11 16:38 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Comptabilité
2008-09-10 06:45 . 2008-09-11 16:38 1,536 --a--c--- C:\MKDEWE.TRN
2008-09-10 06:44 . 1998-02-03 12:48 818,688 --a--c--- C:\WINDOWS\system32\VCF132.OCX
2008-09-10 06:44 . 1996-10-07 19:22 320,512 --a--c--- C:\WINDOWS\system32\W32MKDE.EXE
2008-09-10 06:44 . 1996-09-24 16:40 110,080 --a--c--- C:\WINDOWS\system32\W32MKRC.DLL
2008-09-10 06:44 . 1998-03-13 17:02 68,096 --a--c--- C:\WINDOWS\system32\Wbtrv32.dll
2008-09-10 06:44 . 1998-02-10 21:59 43,008 --a--c--- C:\WINDOWS\system32\W32BTICM.DLL
2008-09-08 17:01 . 2008-09-08 17:01 <REP> d----c--- C:\Program Files\DVD X Studios
2008-09-08 17:01 . 2008-09-08 17:01 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\DVD X Studios
2008-09-03 16:20 . 2008-09-03 16:20 <REP> d----c--- C:\SYSTEM.SAV
2008-08-31 23:32 . 2008-08-31 23:32 14 --a--c--- C:\WINDOWS\system32\SystemInfo32.sys
2008-08-27 16:32 . 2008-06-23 19:28 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-27 16:32 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-27 16:32 . 2007-03-08 08:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-27 16:32 . 2008-06-23 19:28 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-27 16:32 . 2008-06-23 19:28 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-27 16:32 . 2008-06-23 19:28 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-27 16:32 . 2008-06-23 19:28 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-27 16:32 . 2008-06-23 19:28 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-27 16:32 . 2008-06-23 12:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-22 21:11 . 2008-09-17 18:27 <REP> d----c--- C:\Program Files\Fichiers communs\Ahead
2008-08-22 02:29 . 2008-09-18 15:56 <REP> d----c--- C:\WINDOWS\system32\CatRoot_bak
2008-08-22 02:07 . 2008-06-14 20:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-21 15:00 . 2003-04-24 15:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-08-21 14:59 . 2003-04-24 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-21 14:58 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\WindowsShell.Manifest
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-21 14:57 . 2008-08-21 14:57 488 -rah-c--- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-21 14:56 . 2003-04-24 15:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-08-21 14:49 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\drivers\RTL8139.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 16:19 --------- dc----w C:\Documents and Settings\salomé\Application Data\MEGAUPLOADTOOLBAR
2008-09-17 15:27 --------- dc----w C:\Program Files\Ahead
2008-09-15 16:08 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\MegauploadToolbar
2008-09-15 14:47 --------- dc----w C:\Program Files\DivX
2008-09-15 14:18 --------- dc----w C:\Documents and Settings\salomé\Application Data\OpenOffice.org2
2008-09-15 14:18 --------- dc----w C:\Documents and Settings\salomé\Application Data\MSNInstaller
2008-09-15 14:18 --------- dc----w C:\Documents and Settings\salomé\Application Data\ATI
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Megaupload
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Media Player Classic
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Malwarebytes
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\EBP
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\DivX
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Ahead
2008-09-15 11:44 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-09-14 14:52 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-14 12:52 47,360 -c--a-w C:\Documents and Settings\AJAGUIN\Application Data\pcouffin.sys
2008-09-14 12:52 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Vso
2008-09-14 09:32 47,360 -c--a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-13 09:56 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Gamelab
2008-09-12 06:23 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Apple Computer
2008-09-11 16:00 --------- dc----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-11 15:50 --------- dc----w C:\Program Files\SlySoft
2008-09-06 15:45 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\dvdcss
2008-09-04 16:00 --------- dc----w C:\Program Files\Zylom Games
2008-08-31 08:24 --------- dc----w C:\Program Files\Fichiers communs\Adobe
2008-08-20 18:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-08-20 18:51 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Zylom
2008-08-17 15:42 --------- dc----w C:\Program Files\FDRLab
2008-08-17 15:32 --------- dc----w C:\Program Files\Power Video Downloader
2008-08-13 14:09 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\32 Math Corn
2008-08-13 12:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-11 13:14 --------- dc----w C:\Program Files\Apple Software Update
2008-07-28 19:20 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-07-28 19:20 --------- dc----w C:\Program Files\Windows Live Toolbar
2008-07-28 19:20 --------- dc----w C:\Program Files\vanBasco's Karaoke Player
2008-07-28 19:20 --------- dc----w C:\Program Files\QuickTime
2008-07-28 19:20 --------- dc----w C:\Program Files\FlashGet
2008-07-18 19:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 -c--a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-11 08:54 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-07 20:31 253,952 -c--a-w C:\WINDOWS\system32\es.dll
2008-07-04 07:11 3,532 -c--a-w C:\drmHeader.bin
2008-06-24 16:23 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 15:12 295,936 -c--a-w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:28 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-04-24 09:34 1,710 -c--a-w C:\Documents and Settings\AJAGUIN\afrnsj.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\lnxfrx.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\krdjwh.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\fbjafd.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\cdszkz.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\byyxdt.exe
2008-04-24 09:32 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\gjckmu.exe
2008-04-24 09:17 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\ivanqf.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-20_10.34.40.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-21 04:14:38 16,384 -c--atw C:\WINDOWS\Temp\Perflib_Perfdata_584.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

C:\Documents and Settings\AJAGUIN\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= mtkjpeg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\autre\\Nouveau dossier\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56967:TCP"= 56967:TCP:Pando P2P TCP Listening Port
"56967:UDP"= 56967:UDP:Pando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.
Contenu du dossier 'Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 21:55:24
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\SALOM~1\LOCALS~1\Temp\mc21.tmp"
.
Heure de fin: 2008-09-21 21:57:24
ComboFix-quarantined-files.txt 2008-09-21 18:56:23
ComboFix2.txt 2008-09-21 13:52:19
ComboFix3.txt 2008-09-20 19:15:56
ComboFix4.txt 2008-09-20 07:35:15

Avant-CF: 3,930,746,880 octets libres
AprŠs-CF: 3,915,583,488 octets libres

227

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:12, on 21/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\MegaManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\MegaIEMn.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download Link Using Mega Manager... - D:\Program Files\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - D:\autre\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - D:\autre\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe (file missing)
0

Discussions similaires

Logiciel skillkorp
Mae -
txiki -

1 réponse