Pc infecté par brontok A et cpu toujours 100%
Fermé
hurbainharder
-
18 oct. 2008 à 18:37
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 - 1 nov. 2008 à 12:12
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 - 1 nov. 2008 à 12:12
A voir également:
- Pc infecté par brontok A et cpu toujours 100%
- Temperature cpu - Guide
- Test performance pc - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
- Whatsapp pc - Télécharger - Messagerie
50 réponses
C:\a1131ff6d50fe2343fed\pt-br moved successfully.
C:\a1131ff6d50fe2343fed\nl-nl moved successfully.
C:\a1131ff6d50fe2343fed\nl-be moved successfully.
C:\a1131ff6d50fe2343fed\ko-kr moved successfully.
C:\a1131ff6d50fe2343fed\ja-jp-psloc moved successfully.
C:\a1131ff6d50fe2343fed\ja-jp moved successfully.
C:\a1131ff6d50fe2343fed\it-it moved successfully.
C:\a1131ff6d50fe2343fed\fr-fr moved successfully.
C:\a1131ff6d50fe2343fed\fr-ch moved successfully.
C:\a1131ff6d50fe2343fed\fr-ca moved successfully.
C:\a1131ff6d50fe2343fed\fr-be moved successfully.
C:\a1131ff6d50fe2343fed\es-us moved successfully.
C:\a1131ff6d50fe2343fed\es-mx moved successfully.
C:\a1131ff6d50fe2343fed\es-es moved successfully.
C:\a1131ff6d50fe2343fed\en-sg moved successfully.
C:\a1131ff6d50fe2343fed\en-nz moved successfully.
C:\a1131ff6d50fe2343fed\en-in moved successfully.
C:\a1131ff6d50fe2343fed\en-ie moved successfully.
C:\a1131ff6d50fe2343fed\en-hk moved successfully.
C:\a1131ff6d50fe2343fed\en-gb moved successfully.
C:\a1131ff6d50fe2343fed\en-ca moved successfully.
C:\a1131ff6d50fe2343fed\en-au moved successfully.
C:\a1131ff6d50fe2343fed\de-de moved successfully.
C:\a1131ff6d50fe2343fed\de-ch moved successfully.
C:\a1131ff6d50fe2343fed\de-at moved successfully.
C:\a1131ff6d50fe2343fed moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} moved successfully.
C:\Documents and Settings\hurbainharder\Application Data\vmntoolbar\NewCfg moved successfully.
C:\Documents and Settings\hurbainharder\Application Data\vmntoolbar moved successfully.
C:\Program Files\vmntoolbar moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10262008_200802
mais il y a une ligne qui c est pas executer dans move it c est "C:\[u]0/uf35c969dd5e7ae9047261798c51b19c "
#######################################################################
Brontok Worm Removal Tool - (Version - 06.09.17B)
by sUBs
#######################################################################
Current date: Sun 10/26/2008 Current time: 20:11:17.62
=== PRE RUN ANALYSIS ===================================
=== POST RUN ANALYSIS ==================================
NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
20:12:18.32
======================================================
C:\a1131ff6d50fe2343fed\nl-nl moved successfully.
C:\a1131ff6d50fe2343fed\nl-be moved successfully.
C:\a1131ff6d50fe2343fed\ko-kr moved successfully.
C:\a1131ff6d50fe2343fed\ja-jp-psloc moved successfully.
C:\a1131ff6d50fe2343fed\ja-jp moved successfully.
C:\a1131ff6d50fe2343fed\it-it moved successfully.
C:\a1131ff6d50fe2343fed\fr-fr moved successfully.
C:\a1131ff6d50fe2343fed\fr-ch moved successfully.
C:\a1131ff6d50fe2343fed\fr-ca moved successfully.
C:\a1131ff6d50fe2343fed\fr-be moved successfully.
C:\a1131ff6d50fe2343fed\es-us moved successfully.
C:\a1131ff6d50fe2343fed\es-mx moved successfully.
C:\a1131ff6d50fe2343fed\es-es moved successfully.
C:\a1131ff6d50fe2343fed\en-sg moved successfully.
C:\a1131ff6d50fe2343fed\en-nz moved successfully.
C:\a1131ff6d50fe2343fed\en-in moved successfully.
C:\a1131ff6d50fe2343fed\en-ie moved successfully.
C:\a1131ff6d50fe2343fed\en-hk moved successfully.
C:\a1131ff6d50fe2343fed\en-gb moved successfully.
C:\a1131ff6d50fe2343fed\en-ca moved successfully.
C:\a1131ff6d50fe2343fed\en-au moved successfully.
C:\a1131ff6d50fe2343fed\de-de moved successfully.
C:\a1131ff6d50fe2343fed\de-ch moved successfully.
C:\a1131ff6d50fe2343fed\de-at moved successfully.
C:\a1131ff6d50fe2343fed moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} moved successfully.
C:\Documents and Settings\hurbainharder\Application Data\vmntoolbar\NewCfg moved successfully.
C:\Documents and Settings\hurbainharder\Application Data\vmntoolbar moved successfully.
C:\Program Files\vmntoolbar moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10262008_200802
mais il y a une ligne qui c est pas executer dans move it c est "C:\[u]0/uf35c969dd5e7ae9047261798c51b19c "
#######################################################################
Brontok Worm Removal Tool - (Version - 06.09.17B)
by sUBs
#######################################################################
Current date: Sun 10/26/2008 Current time: 20:11:17.62
=== PRE RUN ANALYSIS ===================================
=== POST RUN ANALYSIS ==================================
NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
20:12:18.32
======================================================
Que faire maintenant et surtout quand il y a plus de menace fo mr conseiller un bon anti viruse et fini le peer to peer et les cracks mais fo me conseiller
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
26 oct. 2008 à 20:37
26 oct. 2008 à 20:37
C'est pas mal du tout.
PLus de brontok et de bagle.
Tout à fait d'accord pour te conseiller sur les protections de ton PC.
1) désinstallation avast :
https://www.avast.com/fr-fr/uninstall-utility
Pour la désinstallation d’Avast, il te faut arrêtter ce service.
2 moyens :
- à l’aide de l’icône dans la barre des taches
- désactiver la protection résidente :
menu demarrer --> Programmes --> Avast
Tu ouvres Avast ( ce ne devrait pas être le skin mais l'interface normale )
Réglages --> Protection résidente
Mettre sur désactiver
2) Installe un de ces pare-feus gratuits :
Zone alarm :
https://www.malekal.com/tutoriel-zonealarm-firewall/
- Comodo™ Firewall ( version 3.0 en anglais, sinon 2.4 multi-langues )
https://www.malekal.com/tutorial-comodo-firewall/
http://www.personalfirewall.comodo.com/download_firewall.html#fw2.4
- Kerio Personal Firewall
https://www.malekal.com/tutorial-et-guide-counterspy/
3) Je te conseillerais d'installer Antivir. Il est en anglais mais la version française va bientôt sortir.
C'est l'antivirus le plus côté actuellement.
Suis le tuto pour installer Antivir :
https://www.malekal.com/avira-free-security-antivirus-gratuit/
Mets à jour Antivir et lance un scan complet :
Pour cela, clique sur l'onglet Local Protection puis Scanner
Choisis les éléments à scanner ( local hard disks ).
Lance le scan. Lorsque le scan est terminé, tu as la possibilité de générer un rapport en cliquant sur le bouton report.
Poste le rapport.
A+
PLus de brontok et de bagle.
Tout à fait d'accord pour te conseiller sur les protections de ton PC.
1) désinstallation avast :
https://www.avast.com/fr-fr/uninstall-utility
Pour la désinstallation d’Avast, il te faut arrêtter ce service.
2 moyens :
- à l’aide de l’icône dans la barre des taches
- désactiver la protection résidente :
menu demarrer --> Programmes --> Avast
Tu ouvres Avast ( ce ne devrait pas être le skin mais l'interface normale )
Réglages --> Protection résidente
Mettre sur désactiver
2) Installe un de ces pare-feus gratuits :
Zone alarm :
https://www.malekal.com/tutoriel-zonealarm-firewall/
- Comodo™ Firewall ( version 3.0 en anglais, sinon 2.4 multi-langues )
https://www.malekal.com/tutorial-comodo-firewall/
http://www.personalfirewall.comodo.com/download_firewall.html#fw2.4
- Kerio Personal Firewall
https://www.malekal.com/tutorial-et-guide-counterspy/
3) Je te conseillerais d'installer Antivir. Il est en anglais mais la version française va bientôt sortir.
C'est l'antivirus le plus côté actuellement.
Suis le tuto pour installer Antivir :
https://www.malekal.com/avira-free-security-antivirus-gratuit/
Mets à jour Antivir et lance un scan complet :
Pour cela, clique sur l'onglet Local Protection puis Scanner
Choisis les éléments à scanner ( local hard disks ).
Lance le scan. Lorsque le scan est terminé, tu as la possibilité de générer un rapport en cliquant sur le bouton report.
Poste le rapport.
A+
Service avast! Antivirus - Removed
Resident protection - Removed
Explorer extensions - Removed
Registry - Removed
Program was successfully removed
bon c est fait que faire pour me proteger ??
Resident protection - Removed
Explorer extensions - Removed
Registry - Removed
Program was successfully removed
bon c est fait que faire pour me proteger ??
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
27 oct. 2008 à 00:29
27 oct. 2008 à 00:29
Comme je te le dis, installe un parefeu ( comodo ) et antivir.
C'est le meilleur antivirus actuel.
http://www.av-comparatives.org/seiten/ergebnisse/report19.pdf
1) Il reste des traces de Nod32 que tu avais désinstallé pour le remplacer par Avast.
On nettoiera cela après.
Par contre, il est essentiel que tu vides la quarantaine de MalwareBytes pour éviter lors des scans une détection de ces fichiers.
Pour cela, ouvre MalwareBytes --> Quarantaine --> Supprimer tout ce que tu trouves
2) Installe ces deux protections avant de surfer.
je t'indiquerais d'autres pistes pour protéger correctement ton PC.
malwarebytes en est une. Tu as testé la version gratuite.
la version payante apporte la protection en temps réel.
Mais la version gratuite est très bien, c'est le même moteur d'analyse et comme tu l'as vu avec le bagle, il a fait une partie du boulot.
Prends ton temps pour bien comprendre ces deux outils.
poste moi ensuite le rapport Antivir.
A+
C'est le meilleur antivirus actuel.
http://www.av-comparatives.org/seiten/ergebnisse/report19.pdf
1) Il reste des traces de Nod32 que tu avais désinstallé pour le remplacer par Avast.
On nettoiera cela après.
Par contre, il est essentiel que tu vides la quarantaine de MalwareBytes pour éviter lors des scans une détection de ces fichiers.
Pour cela, ouvre MalwareBytes --> Quarantaine --> Supprimer tout ce que tu trouves
2) Installe ces deux protections avant de surfer.
je t'indiquerais d'autres pistes pour protéger correctement ton PC.
malwarebytes en est une. Tu as testé la version gratuite.
la version payante apporte la protection en temps réel.
Mais la version gratuite est très bien, c'est le même moteur d'analyse et comme tu l'as vu avec le bagle, il a fait une partie du boulot.
Prends ton temps pour bien comprendre ces deux outils.
poste moi ensuite le rapport Antivir.
A+
Avira AntiVir Personal
Report file date: Wednesday, October 29, 2008 19:33
Scanning for 995222 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: hurbainharder
Computer name: STICK-8D24848FE
Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 10/16/2008 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 22:35:36
ANTIVIR1.VDF : 7.1.0.1 2048 Bytes 10/27/2008 22:35:37
ANTIVIR2.VDF : 7.1.0.2 2048 Bytes 10/27/2008 22:35:38
ANTIVIR3.VDF : 7.1.0.4 38912 Bytes 10/27/2008 22:35:38
Engineversion : 8.2.0.9
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 11:05:56
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 10/26/2008 22:29:16
AESCN.DLL : 8.1.1.3 123252 Bytes 10/14/2008 11:05:56
AERDL.DLL : 8.1.1.2 438644 Bytes 9/12/2008 07:06:02
AEPACK.DLL : 8.1.2.4 369014 Bytes 10/14/2008 11:05:56
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 10/26/2008 22:29:15
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 10/26/2008 22:29:15
AEHELP.DLL : 8.1.1.2 115062 Bytes 10/14/2008 11:05:56
AEGEN.DLL : 8.1.0.42 319861 Bytes 10/26/2008 22:29:14
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 11:05:56
AECORE.DLL : 8.1.2.8 172406 Bytes 10/26/2008 22:29:13
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 10/26/2008 22:29:13
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, K:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Wednesday, October 29, 2008 19:33
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'EXCEL.EXE' - '1' Module(s) have been scanned
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD5
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'K:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '63' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'K:\' <musicas teck elec house minimal>
End of the scan: Wednesday, October 29, 2008 20:27
Used time: 53:57 Minute(s)
The scan has been done completely.
16013 Scanning directories
356135 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
356133 Files not concerned
1444 Archives were scanned
6 Warnings
0 Notes
Report file date: Wednesday, October 29, 2008 19:33
Scanning for 995222 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: hurbainharder
Computer name: STICK-8D24848FE
Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 10/16/2008 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 22:35:36
ANTIVIR1.VDF : 7.1.0.1 2048 Bytes 10/27/2008 22:35:37
ANTIVIR2.VDF : 7.1.0.2 2048 Bytes 10/27/2008 22:35:38
ANTIVIR3.VDF : 7.1.0.4 38912 Bytes 10/27/2008 22:35:38
Engineversion : 8.2.0.9
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 11:05:56
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 10/26/2008 22:29:16
AESCN.DLL : 8.1.1.3 123252 Bytes 10/14/2008 11:05:56
AERDL.DLL : 8.1.1.2 438644 Bytes 9/12/2008 07:06:02
AEPACK.DLL : 8.1.2.4 369014 Bytes 10/14/2008 11:05:56
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 10/26/2008 22:29:15
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 10/26/2008 22:29:15
AEHELP.DLL : 8.1.1.2 115062 Bytes 10/14/2008 11:05:56
AEGEN.DLL : 8.1.0.42 319861 Bytes 10/26/2008 22:29:14
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 11:05:56
AECORE.DLL : 8.1.2.8 172406 Bytes 10/26/2008 22:29:13
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 10/26/2008 22:29:13
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, K:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Wednesday, October 29, 2008 19:33
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'EXCEL.EXE' - '1' Module(s) have been scanned
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD5
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'K:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '63' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'K:\' <musicas teck elec house minimal>
End of the scan: Wednesday, October 29, 2008 20:27
Used time: 53:57 Minute(s)
The scan has been done completely.
16013 Scanning directories
356135 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
356133 Files not concerned
1444 Archives were scanned
6 Warnings
0 Notes
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
30 oct. 2008 à 00:11
30 oct. 2008 à 00:11
Poste moi un dernier rapport Hijackthis et on termine par la procédure de nettoyage.
A+
A+
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:57 AM, on 11/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk.disabled
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://docs.google.com/File?id=dcxr9s3w_7c4tskqg9
Scan saved at 11:42:57 AM, on 11/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk.disabled
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://docs.google.com/File?id=dcxr9s3w_7c4tskqg9
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
1 nov. 2008 à 12:12
1 nov. 2008 à 12:12
1) Lance Hijackthis et tu choisis " Do a system scan only ".
Tu sélectionnes les lignes suivantes :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O24 - Desktop Component 0: (no name) - http://docs.google.com/File?id=dcxr9s3w_7c4tskqg9
Tu choisis l'option " Fixchecked" en bas de la page.
2) Il te faut désinstaller ou désactiver Nod32 pour que les deux antivirus ne se marchent pas sur les pieds.
A mon avis, c'est inutile de garder Nod32.
-Arrête Nod32 : icone dans la barre des taches --> désactive-le.
- Arrête les services associés :
démarrer --> exécuter --> tape sc stop EhttpSrv puis valide par entrée.
même chose avec sc config EhttpSrv start=disabled
Tu recommences les 2 manips avec ekrn à la place de EhttpSrv.
- Ajout/supp de programmes --> tu devrais trouver ESET ou Nod32 dans la liste.
Désinstalle-le.
3) Reposte moi un rapport Hijackthis pour que je vérifie.
Mets les logiciels suivants à jour :
4) mets à jour le service pack de XP. Le service pack 3 SP3 contient tous les correctifs depuis le SP2.
Si tu n'as pas mis à jour régulièrement windows, c'est préférable de le faire.
lien de téléchargement
3) Télécharge JavaRa de PaulMcLain et Fred De Vries.
http://raproducts.org/click/click.php?id=1
Click droit sur l’archive JavaRa.zip et extraire sur le bureau.
Un dossier sera crée. L’ouvrir et double-cliquer sur JavaRa.exe pour le lancer
Choisis la langue ( anglais )
Une fenêtre va s’ouvrir ou tu auras le choix entre mettre à jour et supprimer les anciennes versions de Java.
- Mise à jour :
clique sur Search for Updates et choisis l’option Update Using jucheck.exe.
Il te sera précisé si il existe ou pas de nouvelle version à installer sur ton PC.
Si oui, clique sur Installer puis suis les invites.
- Suppression des anciennes versions :
Relance JavaRa.exe s’il le faut et choisis Remove Older Versions.
Suis les invites.
Il te sera précisé de la suppression les versions trouvées et supprimées.
A+
Tu sélectionnes les lignes suivantes :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O24 - Desktop Component 0: (no name) - http://docs.google.com/File?id=dcxr9s3w_7c4tskqg9
Tu choisis l'option " Fixchecked" en bas de la page.
2) Il te faut désinstaller ou désactiver Nod32 pour que les deux antivirus ne se marchent pas sur les pieds.
A mon avis, c'est inutile de garder Nod32.
-Arrête Nod32 : icone dans la barre des taches --> désactive-le.
- Arrête les services associés :
démarrer --> exécuter --> tape sc stop EhttpSrv puis valide par entrée.
même chose avec sc config EhttpSrv start=disabled
Tu recommences les 2 manips avec ekrn à la place de EhttpSrv.
- Ajout/supp de programmes --> tu devrais trouver ESET ou Nod32 dans la liste.
Désinstalle-le.
3) Reposte moi un rapport Hijackthis pour que je vérifie.
Mets les logiciels suivants à jour :
4) mets à jour le service pack de XP. Le service pack 3 SP3 contient tous les correctifs depuis le SP2.
Si tu n'as pas mis à jour régulièrement windows, c'est préférable de le faire.
lien de téléchargement
3) Télécharge JavaRa de PaulMcLain et Fred De Vries.
http://raproducts.org/click/click.php?id=1
Click droit sur l’archive JavaRa.zip et extraire sur le bureau.
Un dossier sera crée. L’ouvrir et double-cliquer sur JavaRa.exe pour le lancer
Choisis la langue ( anglais )
Une fenêtre va s’ouvrir ou tu auras le choix entre mettre à jour et supprimer les anciennes versions de Java.
- Mise à jour :
clique sur Search for Updates et choisis l’option Update Using jucheck.exe.
Il te sera précisé si il existe ou pas de nouvelle version à installer sur ton PC.
Si oui, clique sur Installer puis suis les invites.
- Suppression des anciennes versions :
Relance JavaRa.exe s’il le faut et choisis Remove Older Versions.
Suis les invites.
Il te sera précisé de la suppression les versions trouvées et supprimées.
A+
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
18 oct. 2008 à 18:43
18 oct. 2008 à 18:43
Bonjour,
1) Télécharge et installe HijackThis .
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Choisir « Download Hijackthis Installer »
Après l'installation, un raccourci sera crée sur le bureau. Double-clique dessus pour le lancer ( si sous Vista --> Click droit et executer en tant qu’administrateur )
Choisir l'option Do a system scan and save a logfile.
Le rapport va s'ouvrir. Tu copies/colles le contenu de ce rapport dans ton prochain message
2) Si tu n'arrives pas à faire tourner Hijackthis ( brontok le désactive parfois ).
Tu passeras l'outil suivant :
Télécharge PCA (d'Evosla) : http://ww25.evosla.com/pca_cpt.php?agr=pca_securite
* Dézippe-le dans un répertoire dédié comme c:\PCA au moyen d'un clic droit (Extraire...),
* Clique sur l'onglet "diagnostic du PC" puis "analyser".
* Laisse l'analyse se dérouler. Cela ne prend que quelques secondes.
* Clique sur "enregistrer le rapport" en bas à droite et sauvegarde-le sur le bureau.
* Edite le contenu de ce rapport dans ta prochaine réponse. Il se nomme PCA_LOG.txt
A+
1) Télécharge et installe HijackThis .
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Choisir « Download Hijackthis Installer »
Après l'installation, un raccourci sera crée sur le bureau. Double-clique dessus pour le lancer ( si sous Vista --> Click droit et executer en tant qu’administrateur )
Choisir l'option Do a system scan and save a logfile.
Le rapport va s'ouvrir. Tu copies/colles le contenu de ce rapport dans ton prochain message
2) Si tu n'arrives pas à faire tourner Hijackthis ( brontok le désactive parfois ).
Tu passeras l'outil suivant :
Télécharge PCA (d'Evosla) : http://ww25.evosla.com/pca_cpt.php?agr=pca_securite
* Dézippe-le dans un répertoire dédié comme c:\PCA au moyen d'un clic droit (Extraire...),
* Clique sur l'onglet "diagnostic du PC" puis "analyser".
* Laisse l'analyse se dérouler. Cela ne prend que quelques secondes.
* Clique sur "enregistrer le rapport" en bas à droite et sauvegarde-le sur le bureau.
* Edite le contenu de ce rapport dans ta prochaine réponse. Il se nomme PCA_LOG.txt
A+
de plus le pc s eteit a chaque telechargement
# PCA Sécurité V 1.2.11, (fichier LOG).
# Rapport du :10/18/2008 1:41:43 AM
Microsoft Windows XP Service Pack 2
==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Documents and Settings\hurbainharder\Local Settings\Application Data\winlogon.exe
C:\Documents and Settings\hurbainharder\Local Settings\Application Data\services.exe
C:\Documents and Settings\hurbainharder\Local Settings\Application Data\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\hurbainharder\Desktop\pca.exe
C:\WINDOWS\system32\ping.exe
//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.google.com/?gws_rd=ssl
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Links
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
//applications lancées depuis system.ini,win.ini
//03 - Browser Helper Objects (BHOs)
02 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
02 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
02 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
02 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
02 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
02 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
02 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
02 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar : PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar : VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar : Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [ATICCC] - "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
04 - HKLM\..\RUN: [DLA] - C:\WINDOWS\System32\DLA\DLACTRLW.EXE
04 - HKLM\..\RUN: [UltraMon] - "C:\Program Files\UltraMon\UltraMon.exe" /auto
04 - HKLM\..\RUN: [SbUsb AudCtrl] - RunDll32 sbusbdll.dll,RCMonitor
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
04 - HKLM\..\RUN: [UserFaultCheck] -
04 - HKLM\..\RUN: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\RUN: [Acrobat Assistant 8.0] - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
04 - HKLM\..\RUN: [] -
04 - HKLM\..\RUN: [Adobe_ID0EYTHM] - C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
04 - HKLM\..\RUN: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\RUN: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\..\RUN: [Launch Ai Booster] - "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
04 - HKLM\..\RUN: [egui] - "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
04 - HKLM\..\RUN: [KernelFaultCheck] -
04 - HKLM\..\RUN: [Bron-Spizaetus] - "C:\WINDOWS\ShellNew\RakyatKelaparan.exe"
04 - HKCU\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\RUN: [MsnMsgr] - "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
04 - HKCU\..\RUN: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
04 - HKCU\..\RUN: [ccleaner] - "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
04 - HKCU\..\RUN: [Tok-Cirrhatus-3675] - "C:\Documents and Settings\hurbainharder\Local Settings\Application Data\smss.exe"
04 - HKCU\..\RUN: [Tok-Cirrhatus] -
04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
04 - HKUS\S-1-5-18\..\RUN: [Tok-Cirrhatus] - C:\WINDOWS\System32\DLA\DLACTRLW.EXE
04 - HKUS\S-1-5-18\..\RUN: [Tok-Cirrhatus-1860] - "C:\Program Files\UltraMon\UltraMon.exe" /auto
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
04 - HKUS\S-1-5-21-73586283-963894560-1801674531-1003\..\RUN: [CTFMON.EXE] - "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
04 - HKUS\S-1-5-21-73586283-963894560-1801674531-1003\..\RUN: [MsnMsgr] - C:\WINDOWS\System32\DLA\DLACTRLW.EXE
04 - HKUS\S-1-5-21-73586283-963894560-1801674531-1003\..\RUN: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\UltraMon\UltraMon.exe" /auto
04 - HKUS\S-1-5-21-73586283-963894560-1801674531-1003\..\RUN: [ccleaner] - RunDll32 sbusbdll.dll,RCMonitor
04 - HKUS\S-1-5-21-73586283-963894560-1801674531-1003\..\RUN: [Tok-Cirrhatus-3675] - "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
04 - HKUS\S-1-5-21-73586283-963894560-1801674531-1003\..\RUN: [Tok-Cirrhatus] -
04 - Global Startup: Adobe Acrobat Speed Launcher.lnk= C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
04 - Global Startup: Adobe Acrobat Synchronizer.lnk= C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
04 - Startup: Adobe Gamma.lnk= C:\Documents and Settings\hurbainharder\Start Menu\Programs\Startup\Adobe Gamma.lnk
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini)
//06- interdiction à l' accès au options (Internet Explorer)
06 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel: Homepage
//07 - blocage de l'exécution de Regedit
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
08 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
08 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
08 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
08 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
08 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
08 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
08 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
08 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
08 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
09 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
09 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
09 - Extra 'Tools' menuitem: - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
09 - Extra button: - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
O10 - fichier inconnu - winsock lsp : mdnsNSP - C:\Program Files\Bonjour\mdnsNSP.dll
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer)
O11 - Options group: [INTERNATIONAL] - International*
//O12 - IE plugins
//013 : DefaultPrefix
//014 - Option : (Rétablir les paramètres Web)
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF : - {17492023-C23A-453E-A040-C7C580BBF700} -
O16 - DPF : - {3234504D-0000-0010-8000-00AA00389B71} -
O16 - DPF : Windows Live Safety Center Base Module - {5ED80217-570B-4DA9-BF44-BE107C0EC166} - C:\WINDOWS\Downloaded Program Files\wlscBase.dll
O16 - DPF : HouseCall Control - {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - C:\WINDOWS\DOWNLO~1\xscan53.ocx
O16 - DPF : Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [Adobe LM Service] - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: [Adobe Version Cue CS3] - "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service
O23 - Service: [Application Layer Gateway Service] - %SystemRoot%\System32\alg.exe
O23 - Service: [Apple Mobile Device] - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
O23 - Service: [ASP.NET State Service] - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: [] - %SystemRoot%\system32\Ati2evxx.exe
O23 - Service: [ATI Smart] - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: [BitDefender Scan Server] - "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
O23 - Service: [Bonjour Service] - "C:\Program Files\Bonjour\mDNSResponder.exe"
O23 - Service: [Boonty Games] - "C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"
O23 - Service: [ClipBook] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [.NET Runtime Optimization Service v2.0.50727_X86] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: [COM+ System Application] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [Eset HTTP Server] - "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
O23 - Service: [Eset Service] - "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
O23 - Service: [FLEXnet Licensing Service] - "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
O23 - Service: [IMAPI CD-Burning COM Service] -
O23 - Service: [iPod Service] - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: [NetMeeting Remote Desktop Sharing] - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: [Distributed Transaction Coordinator] - C:\WINDOWS\system32\msdtc.exe
O23 - Service: [NMIndexingService] - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
O23 - Service: [Office Source Engine] - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: [Remote Desktop Help Session Manager] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Remote Procedure Call (RPC) Locator] - %SystemRoot%\system32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\system32\rsvp.exe
O23 - Service: [Print Spooler] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{3637F69E-F4CF-40BD-BB64-EA8D9F9B4D6C}
O23 - Service: [Performance Logs and Alerts] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Telnet] - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: [Uninterruptible Power Supply] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
O23 - Service: [Volume Shadow Copy] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Windows Live Setup Service] - "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
O23 - Service: [WMI Performance Adapter] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
# PCA Sécurité V 1.2.11, (fichier LOG).
# Rapport du :10/18/2008 1:41:43 AM
Microsoft Windows XP Service Pack 2
==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Documents and Settings\hurbainharder\Local Settings\Application Data\winlogon.exe
C:\Documents and Settings\hurbainharder\Local Settings\Application Data\services.exe
C:\Documents and Settings\hurbainharder\Local Settings\Application Data\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\hurbainharder\Desktop\pca.exe
C:\WINDOWS\system32\ping.exe
//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.google.com/?gws_rd=ssl
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Links
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
//applications lancées depuis system.ini,win.ini
//03 - Browser Helper Objects (BHOs)
02 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
02 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
02 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
02 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
02 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
02 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
02 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
02 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar : PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar : VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar : Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [ATICCC] - "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
04 - HKLM\..\RUN: [DLA] - C:\WINDOWS\System32\DLA\DLACTRLW.EXE
04 - HKLM\..\RUN: [UltraMon] - "C:\Program Files\UltraMon\UltraMon.exe" /auto
04 - HKLM\..\RUN: [SbUsb AudCtrl] - RunDll32 sbusbdll.dll,RCMonitor
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
04 - HKLM\..\RUN: [UserFaultCheck] -
04 - HKLM\..\RUN: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\RUN: [Acrobat Assistant 8.0] - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
04 - HKLM\..\RUN: [] -
04 - HKLM\..\RUN: [Adobe_ID0EYTHM] - C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
04 - HKLM\..\RUN: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\RUN: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\..\RUN: [Launch Ai Booster] - "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
04 - HKLM\..\RUN: [egui] - "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
04 - HKLM\..\RUN: [KernelFaultCheck] -
04 - HKLM\..\RUN: [Bron-Spizaetus] - "C:\WINDOWS\ShellNew\RakyatKelaparan.exe"
04 - HKCU\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\RUN: [MsnMsgr] - "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
04 - HKCU\..\RUN: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
04 - HKCU\..\RUN: [ccleaner] - "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
04 - HKCU\..\RUN: [Tok-Cirrhatus-3675] - "C:\Documents and Settings\hurbainharder\Local Settings\Application Data\smss.exe"
04 - HKCU\..\RUN: [Tok-Cirrhatus] -
04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
04 - HKUS\S-1-5-18\..\RUN: [Tok-Cirrhatus] - C:\WINDOWS\System32\DLA\DLACTRLW.EXE
04 - HKUS\S-1-5-18\..\RUN: [Tok-Cirrhatus-1860] - "C:\Program Files\UltraMon\UltraMon.exe" /auto
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
04 - HKUS\S-1-5-21-73586283-963894560-1801674531-1003\..\RUN: [CTFMON.EXE] - "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
04 - HKUS\S-1-5-21-73586283-963894560-1801674531-1003\..\RUN: [MsnMsgr] - C:\WINDOWS\System32\DLA\DLACTRLW.EXE
04 - HKUS\S-1-5-21-73586283-963894560-1801674531-1003\..\RUN: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\UltraMon\UltraMon.exe" /auto
04 - HKUS\S-1-5-21-73586283-963894560-1801674531-1003\..\RUN: [ccleaner] - RunDll32 sbusbdll.dll,RCMonitor
04 - HKUS\S-1-5-21-73586283-963894560-1801674531-1003\..\RUN: [Tok-Cirrhatus-3675] - "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
04 - HKUS\S-1-5-21-73586283-963894560-1801674531-1003\..\RUN: [Tok-Cirrhatus] -
04 - Global Startup: Adobe Acrobat Speed Launcher.lnk= C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
04 - Global Startup: Adobe Acrobat Synchronizer.lnk= C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
04 - Startup: Adobe Gamma.lnk= C:\Documents and Settings\hurbainharder\Start Menu\Programs\Startup\Adobe Gamma.lnk
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini)
//06- interdiction à l' accès au options (Internet Explorer)
06 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel: Homepage
//07 - blocage de l'exécution de Regedit
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
08 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
08 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
08 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
08 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
08 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
08 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
08 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
08 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
08 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
09 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
09 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
09 - Extra 'Tools' menuitem: - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
09 - Extra button: - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
O10 - fichier inconnu - winsock lsp : mdnsNSP - C:\Program Files\Bonjour\mdnsNSP.dll
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer)
O11 - Options group: [INTERNATIONAL] - International*
//O12 - IE plugins
//013 : DefaultPrefix
//014 - Option : (Rétablir les paramètres Web)
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF : - {17492023-C23A-453E-A040-C7C580BBF700} -
O16 - DPF : - {3234504D-0000-0010-8000-00AA00389B71} -
O16 - DPF : Windows Live Safety Center Base Module - {5ED80217-570B-4DA9-BF44-BE107C0EC166} - C:\WINDOWS\Downloaded Program Files\wlscBase.dll
O16 - DPF : HouseCall Control - {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - C:\WINDOWS\DOWNLO~1\xscan53.ocx
O16 - DPF : Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [Adobe LM Service] - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: [Adobe Version Cue CS3] - "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service
O23 - Service: [Application Layer Gateway Service] - %SystemRoot%\System32\alg.exe
O23 - Service: [Apple Mobile Device] - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
O23 - Service: [ASP.NET State Service] - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: [] - %SystemRoot%\system32\Ati2evxx.exe
O23 - Service: [ATI Smart] - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: [BitDefender Scan Server] - "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
O23 - Service: [Bonjour Service] - "C:\Program Files\Bonjour\mDNSResponder.exe"
O23 - Service: [Boonty Games] - "C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"
O23 - Service: [ClipBook] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [.NET Runtime Optimization Service v2.0.50727_X86] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: [COM+ System Application] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [Eset HTTP Server] - "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
O23 - Service: [Eset Service] - "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
O23 - Service: [FLEXnet Licensing Service] - "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
O23 - Service: [IMAPI CD-Burning COM Service] -
O23 - Service: [iPod Service] - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: [NetMeeting Remote Desktop Sharing] - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: [Distributed Transaction Coordinator] - C:\WINDOWS\system32\msdtc.exe
O23 - Service: [NMIndexingService] - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
O23 - Service: [Office Source Engine] - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: [Remote Desktop Help Session Manager] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Remote Procedure Call (RPC) Locator] - %SystemRoot%\system32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\system32\rsvp.exe
O23 - Service: [Print Spooler] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{3637F69E-F4CF-40BD-BB64-EA8D9F9B4D6C}
O23 - Service: [Performance Logs and Alerts] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Telnet] - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: [Uninterruptible Power Supply] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
O23 - Service: [Volume Shadow Copy] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Windows Live Setup Service] - "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
O23 - Service: [WMI Performance Adapter] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"