Disque dur externe non reconnu
leprince63
Messages postés
7
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
j'appelle à l'aide. J'ai branché mon disque dur externe sur un PC et aujourd'hui sur le mien sans résultat, je ne plus plus y avoir accès. Il m'indique que le périphérique usb n'est pas reconnu. Par contre ma clé usb provenant du même premier PC pas de problème mis à part la détection et la suppression d'un "virus" : W32/Autorun.worm.bx!inf
Merci d'avance pour votre aide.
j'appelle à l'aide. J'ai branché mon disque dur externe sur un PC et aujourd'hui sur le mien sans résultat, je ne plus plus y avoir accès. Il m'indique que le périphérique usb n'est pas reconnu. Par contre ma clé usb provenant du même premier PC pas de problème mis à part la détection et la suppression d'un "virus" : W32/Autorun.worm.bx!inf
Merci d'avance pour votre aide.
A voir également:
- Disque dur externe non reconnu
- Cloner disque dur - Guide
- Defragmenter disque dur - Guide
- Cle usb non reconnu - Guide
- Chkdsk disque dur externe - Guide
- Test disque dur - Télécharger - Informations & Diagnostic
13 réponses
slt
branche ta clé et ton disque surtout puis
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
branche ta clé et ton disque surtout puis
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
bonjour,
j'ai suivi ce que tu m'as dit mais usbfix ne me propose pas de rapport lorsque je fait le nettoyage
j'ai suivi ce que tu m'as dit mais usbfix ne me propose pas de rapport lorsque je fait le nettoyage
refais
usbfix en te mettant administrateur et colle le rapport
dis nous si tu as encore des soucis et si tu trouve encore W32/Autorun.worm.bx!inf
usbfix en te mettant administrateur et colle le rapport
dis nous si tu as encore des soucis et si tu trouve encore W32/Autorun.worm.bx!inf
bonjour,
j'ai réussi sous Xp où j'ai le même problème. J'ai branché ma clé et mon disque dur externe. Donc voilà le rapport :
-------------- UsbFix V2.413.5 ---------------
* User :
* Outils mis a jours le 17/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 19:39:15 le 20/12/2008
* Windows Xp - Internet Explorer 7.0.5730.11
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\LECHO~1\LOCALS~1\Temp\1.tmp\b2e.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
J: - Lecteur amovible
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[09/01/2007 20:59][--a------] C:\AUTOEXEC.BAT
[10/01/2007 19:00][-rahs----] C:\NTDETECT.COM
[10/01/2007 19:08][-rahs----] C:\boot.ini
[20/12/2008 19:39][--a------] C:\UsbFix.txt
[09/01/2007 20:59][--a------] C:\CONFIG.SYS
[09/01/2007 20:59][--a------] C:\hiberfil.sys
[09/01/2007 20:59][--a------] C:\IO.SYS
[09/01/2007 20:59][--a------] C:\MSDOS.SYS
[09/01/2007 20:59][--a------] C:\pagefile.sys
--------------- [ Lecteur J ] ----------------
J: - Lecteur amovible
+- Listing des fichiers présents :
[10/12/2008 13:00][-r-hs----] J:\xrdygg.bat
[12/12/2008 08:20][-rahs----] J:\MSd48F.vbs
[20/12/2008 19:11][--a------] J:\UsbFix.exe
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
Cornwin=C:\DOCUME~1\LECHO~1\APPLIC~1\SETUPH~1\Internetlogplatform.exe
FlyAway=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NVIDIA nForce APU1 Utilities=NVATray.exe
NvCplDaemon=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
nwiz=nwiz.exe /install
Lexmark X74-X75="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
DT HPW=C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
HPDJ Taskbar Utility=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
HPHUPD05=C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
HP Component Manager="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Software Update="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
HPHmon05=C:\WINDOWS\system32\hphmon05.exe
nod32kui="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
NeroCheck=C:\WINDOWS\system32\NeroCheck.exe
InCD=C:\Program Files\ahead\InCD\InCD.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac9c2a27-c675-11dc-94e7-000b6ba0cc78}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac9c2a27-c675-11dc-94e7-000b6ba0cc78}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac9c2a27-c675-11dc-94e7-000b6ba0cc78}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - [20/12/2008 19:39][--a------] "C:\WINDOWS\system32\drivers\mrxdavv.sys"
Supprimé ! - [12/12/2008 08:20][-rahs----] J:\MSd*.vbs
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[09/01/2007 20:59][--a------] C:\AUTOEXEC.BAT
[10/01/2007 19:00][-rahs----] C:\NTDETECT.COM
[10/01/2007 19:08][-rahs----] C:\boot.ini
[10/12/2008 13:00][-r-hs----] J:\xrdygg.bat
[20/12/2008 19:11][--a------] J:\UsbFix.exe
--------------- ! Fin du rapport ! ----------------
j'ai réussi sous Xp où j'ai le même problème. J'ai branché ma clé et mon disque dur externe. Donc voilà le rapport :
-------------- UsbFix V2.413.5 ---------------
* User :
* Outils mis a jours le 17/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 19:39:15 le 20/12/2008
* Windows Xp - Internet Explorer 7.0.5730.11
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\LECHO~1\LOCALS~1\Temp\1.tmp\b2e.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
J: - Lecteur amovible
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[09/01/2007 20:59][--a------] C:\AUTOEXEC.BAT
[10/01/2007 19:00][-rahs----] C:\NTDETECT.COM
[10/01/2007 19:08][-rahs----] C:\boot.ini
[20/12/2008 19:39][--a------] C:\UsbFix.txt
[09/01/2007 20:59][--a------] C:\CONFIG.SYS
[09/01/2007 20:59][--a------] C:\hiberfil.sys
[09/01/2007 20:59][--a------] C:\IO.SYS
[09/01/2007 20:59][--a------] C:\MSDOS.SYS
[09/01/2007 20:59][--a------] C:\pagefile.sys
--------------- [ Lecteur J ] ----------------
J: - Lecteur amovible
+- Listing des fichiers présents :
[10/12/2008 13:00][-r-hs----] J:\xrdygg.bat
[12/12/2008 08:20][-rahs----] J:\MSd48F.vbs
[20/12/2008 19:11][--a------] J:\UsbFix.exe
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
Cornwin=C:\DOCUME~1\LECHO~1\APPLIC~1\SETUPH~1\Internetlogplatform.exe
FlyAway=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NVIDIA nForce APU1 Utilities=NVATray.exe
NvCplDaemon=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
nwiz=nwiz.exe /install
Lexmark X74-X75="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
DT HPW=C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
HPDJ Taskbar Utility=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
HPHUPD05=C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
HP Component Manager="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Software Update="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
HPHmon05=C:\WINDOWS\system32\hphmon05.exe
nod32kui="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
NeroCheck=C:\WINDOWS\system32\NeroCheck.exe
InCD=C:\Program Files\ahead\InCD\InCD.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac9c2a27-c675-11dc-94e7-000b6ba0cc78}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac9c2a27-c675-11dc-94e7-000b6ba0cc78}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac9c2a27-c675-11dc-94e7-000b6ba0cc78}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - [20/12/2008 19:39][--a------] "C:\WINDOWS\system32\drivers\mrxdavv.sys"
Supprimé ! - [12/12/2008 08:20][-rahs----] J:\MSd*.vbs
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[09/01/2007 20:59][--a------] C:\AUTOEXEC.BAT
[10/01/2007 19:00][-rahs----] C:\NTDETECT.COM
[10/01/2007 19:08][-rahs----] C:\boot.ini
[10/12/2008 13:00][-r-hs----] J:\xrdygg.bat
[20/12/2008 19:11][--a------] J:\UsbFix.exe
--------------- ! Fin du rapport ! ----------------
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok laisse branché ton disque J
puis
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)
:files
J:\xrdygg.bat
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_________________________
encore des soucis?????
___________________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
puis
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)
:files
J:\xrdygg.bat
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_________________________
encore des soucis?????
___________________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
bonjour,
voila pour la première méthode
========== FILES ==========
File/Folder J:\xrdygg.bat not found.
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12212008_143220
et pour la deuxième,
le log:
Logfile of random's system information tool 1.05 (written by random/random)
Run by le cho at 2008-12-21 14:34:21
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 43 GB (73%) free of 59 GB
Total RAM: 255 MB (9% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:52, on 21/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\le cho\Bureau\RSIT.exe
C:\Program Files\trend micro\le cho.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsec1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O2 - BHO: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsec1.dll
O3 - Toolbar: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsec1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cornwin] C:\DOCUME~1\LECHO~1\APPLIC~1\SETUPH~1\Internetlogplatform.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD} (HtmlHelpViewer.CViewerHtml) - http://www.mediapluspro.com/mediaplus65/Download/HtmlHelpViewer.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.mediapluspro.com/mediaplus65/Download/tsccinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC8DC31B-4EF2-46BA-8F33-7FD2CC604C72} (ENIInetTools2.clsManager) - http://www.mediapluspro.com/mediaplus65/Download/ENIPlugin.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DBAC4DB-D5E8-4745-B9AE-6396E265C585}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{325FBA02-4BAC-44C7-BE89-375111800DF2}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{67CFAC8D-96B0-41C3-AF7A-87C7ACC5123C}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{B47A854A-435F-49AF-ADA3-A818CBC8A8D3}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB28D284-A55E-4EDF-B580-FF3A4B62CD6D}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD1BBCC0-6831-4CB8-A374-57BB91CA0B17}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O17 - HKLM\System\CS4\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O17 - HKLM\System\CS5\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O17 - HKLM\System\CS6\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O17 - HKLM\System\CS7\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
voila pour la première méthode
========== FILES ==========
File/Folder J:\xrdygg.bat not found.
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12212008_143220
et pour la deuxième,
le log:
Logfile of random's system information tool 1.05 (written by random/random)
Run by le cho at 2008-12-21 14:34:21
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 43 GB (73%) free of 59 GB
Total RAM: 255 MB (9% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:52, on 21/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\le cho\Bureau\RSIT.exe
C:\Program Files\trend micro\le cho.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsec1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O2 - BHO: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsec1.dll
O3 - Toolbar: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsec1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cornwin] C:\DOCUME~1\LECHO~1\APPLIC~1\SETUPH~1\Internetlogplatform.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD} (HtmlHelpViewer.CViewerHtml) - http://www.mediapluspro.com/mediaplus65/Download/HtmlHelpViewer.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.mediapluspro.com/mediaplus65/Download/tsccinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC8DC31B-4EF2-46BA-8F33-7FD2CC604C72} (ENIInetTools2.clsManager) - http://www.mediapluspro.com/mediaplus65/Download/ENIPlugin.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DBAC4DB-D5E8-4745-B9AE-6396E265C585}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{325FBA02-4BAC-44C7-BE89-375111800DF2}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{67CFAC8D-96B0-41C3-AF7A-87C7ACC5123C}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{B47A854A-435F-49AF-ADA3-A818CBC8A8D3}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB28D284-A55E-4EDF-B580-FF3A4B62CD6D}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD1BBCC0-6831-4CB8-A374-57BB91CA0B17}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O17 - HKLM\System\CS4\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O17 - HKLM\System\CS5\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O17 - HKLM\System\CS6\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O17 - HKLM\System\CS7\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
ok tu es detourné en ukraine !
____________
vire cette barre de recherche via AJOUT/SUPPRESSION DE PROGRAMME
securedie Toolbar
________________
installe malwarebyte mets le a jour puis scan avec et colle nous les rapports:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
puis remets un rapport RSIT
____________
vire cette barre de recherche via AJOUT/SUPPRESSION DE PROGRAMME
securedie Toolbar
________________
installe malwarebyte mets le a jour puis scan avec et colle nous les rapports:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
puis remets un rapport RSIT
slt,
voila le rapport de malware:
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1528
Windows 5.1.2600 Service Pack 2
21/12/2008 18:58:48
mbam-log-2008-12-21 (18-58-12).txt
Type de recherche: Examen complet (C:\|F:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 82950
Temps écoulé: 58 minute(s), 3 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 30
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 46
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.netsearchsoft.com (Malware.Trace) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28 85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0f29367c-d34b-42e3-9403-c001af833a85}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1dbac4db-d5e8-4745-b9ae-6396e265c585}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{325fba02-4bac-44c7-be89-375111800df2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b47a854a-435f-49af-ada3-a818cbc8a8d3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d40b0088-72b8-42d0-9116-a8692c6688d1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{db28d284-a55e-4edf-b580-ff3a4b62cd6d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fd1bbcc0-6831-4cb8-a374-57bb91ca0b17}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28 85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0f29367c-d34b-42e3-9403-c001af833a85}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0f29367c-d34b-42e3-9403-c001af833a85}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1dbac4db-d5e8-4745-b9ae-6396e265c585}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1dbac4db-d5e8-4745-b9ae-6396e265c585}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{325fba02-4bac-44c7-be89-375111800df2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b47a854a-435f-49af-ada3-a818cbc8a8d3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d40b0088-72b8-42d0-9116-a8692c6688d1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d40b0088-72b8-42d0-9116-a8692c6688d1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{db28d284-a55e-4edf-b580-ff3a4b62cd6d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{fd1bbcc0-6831-4cb8-a374-57bb91ca0b17}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28 85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0f29367c-d34b-42e3-9403-c001af833a85}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0f29367c-d34b-42e3-9403-c001af833a85}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1dbac4db-d5e8-4745-b9ae-6396e265c585}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{325fba02-4bac-44c7-be89-375111800df2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{b47a854a-435f-49af-ada3-a818cbc8a8d3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d40b0088-72b8-42d0-9116-a8692c6688d1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d40b0088-72b8-42d0-9116-a8692c6688d1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{db28d284-a55e-4edf-b580-ff3a4b62cd6d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{fd1bbcc0-6831-4cb8-a374-57bb91ca0b17}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28 85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{0f29367c-d34b-42e3-9403-c001af833a85}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{1dbac4db-d5e8-4745-b9ae-6396e265c585}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{325fba02-4bac-44c7-be89-375111800df2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{b47a854a-435f-49af-ada3-a818cbc8a8d3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{d40b0088-72b8-42d0-9116-a8692c6688d1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{d40b0088-72b8-42d0-9116-a8692c6688d1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{db28d284-a55e-4edf-b580-ff3a4b62cd6d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{fd1bbcc0-6831-4cb8-a374-57bb91ca0b17}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.0.26 (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Program Files\WinZix (Trojan.Lop) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> No action taken.
Fichier(s) infecté(s):
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> No action taken.
voila le rapport de malware:
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1528
Windows 5.1.2600 Service Pack 2
21/12/2008 18:58:48
mbam-log-2008-12-21 (18-58-12).txt
Type de recherche: Examen complet (C:\|F:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 82950
Temps écoulé: 58 minute(s), 3 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 30
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 46
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.netsearchsoft.com (Malware.Trace) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28 85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0f29367c-d34b-42e3-9403-c001af833a85}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1dbac4db-d5e8-4745-b9ae-6396e265c585}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{325fba02-4bac-44c7-be89-375111800df2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b47a854a-435f-49af-ada3-a818cbc8a8d3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d40b0088-72b8-42d0-9116-a8692c6688d1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{db28d284-a55e-4edf-b580-ff3a4b62cd6d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fd1bbcc0-6831-4cb8-a374-57bb91ca0b17}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28 85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0f29367c-d34b-42e3-9403-c001af833a85}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0f29367c-d34b-42e3-9403-c001af833a85}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1dbac4db-d5e8-4745-b9ae-6396e265c585}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1dbac4db-d5e8-4745-b9ae-6396e265c585}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{325fba02-4bac-44c7-be89-375111800df2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b47a854a-435f-49af-ada3-a818cbc8a8d3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d40b0088-72b8-42d0-9116-a8692c6688d1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d40b0088-72b8-42d0-9116-a8692c6688d1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{db28d284-a55e-4edf-b580-ff3a4b62cd6d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{fd1bbcc0-6831-4cb8-a374-57bb91ca0b17}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28 85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0f29367c-d34b-42e3-9403-c001af833a85}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0f29367c-d34b-42e3-9403-c001af833a85}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1dbac4db-d5e8-4745-b9ae-6396e265c585}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{325fba02-4bac-44c7-be89-375111800df2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{b47a854a-435f-49af-ada3-a818cbc8a8d3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d40b0088-72b8-42d0-9116-a8692c6688d1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d40b0088-72b8-42d0-9116-a8692c6688d1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{db28d284-a55e-4edf-b580-ff3a4b62cd6d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{fd1bbcc0-6831-4cb8-a374-57bb91ca0b17}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28 85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{0f29367c-d34b-42e3-9403-c001af833a85}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{1dbac4db-d5e8-4745-b9ae-6396e265c585}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{325fba02-4bac-44c7-be89-375111800df2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{67cfac8d-96b0-41c3-af7a-87c7acc5123c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{b47a854a-435f-49af-ada3-a818cbc8a8d3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{d40b0088-72b8-42d0-9116-a8692c6688d1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{d40b0088-72b8-42d0-9116-a8692c6688d1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{db28d284-a55e-4edf-b580-ff3a4b62cd6d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{fd1bbcc0-6831-4cb8-a374-57bb91ca0b17}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.196 -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.0.26 (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Program Files\WinZix (Trojan.Lop) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> No action taken.
Fichier(s) infecté(s):
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\le cho\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> No action taken.
No action taken
est écrit !!! il faut virer tout ce qui a été trouvé
puis remets un rapport RSIT
a plus
est écrit !!! il faut virer tout ce qui a été trouvé
puis remets un rapport RSIT
a plus
slt
c fé et le log rsit
Bonjour,
et le log de rsit:
Logfile of random's system information tool 1.05 (written by random/random)
Run by le cho at 2008-12-21 19:14:13
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 43 GB (73%) free of 59 GB
Total RAM: 255 MB (18% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:20, on 21/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NVATray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\le cho\Bureau\RSIT.exe
C:\Program Files\trend micro\le cho.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cornwin] C:\DOCUME~1\LECHO~1\APPLIC~1\SETUPH~1\Internetlogplatform.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD} (HtmlHelpViewer.CViewerHtml) - http://www.mediapluspro.com/mediaplus65/Download/HtmlHelpViewer.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.mediapluspro.com/mediaplus65/Download/tsccinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC8DC31B-4EF2-46BA-8F33-7FD2CC604C72} (ENIInetTools2.clsManager) - http://www.mediapluspro.com/mediaplus65/Download/ENIPlugin.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O17 - HKLM\System\CS5\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
c fé et le log rsit
Bonjour,
et le log de rsit:
Logfile of random's system information tool 1.05 (written by random/random)
Run by le cho at 2008-12-21 19:14:13
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 43 GB (73%) free of 59 GB
Total RAM: 255 MB (18% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:20, on 21/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NVATray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\le cho\Bureau\RSIT.exe
C:\Program Files\trend micro\le cho.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cornwin] C:\DOCUME~1\LECHO~1\APPLIC~1\SETUPH~1\Internetlogplatform.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD} (HtmlHelpViewer.CViewerHtml) - http://www.mediapluspro.com/mediaplus65/Download/HtmlHelpViewer.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.mediapluspro.com/mediaplus65/Download/tsccinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC8DC31B-4EF2-46BA-8F33-7FD2CC604C72} (ENIInetTools2.clsManager) - http://www.mediapluspro.com/mediaplus65/Download/ENIPlugin.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.196
O17 - HKLM\System\CS5\Services\Tcpip\..\{0F29367C-D34B-42E3-9403-C001AF833A85}: NameServer = 85.255.115.28,85.255.112.196
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Online_TV toolbar est aussi associé a des espions alors vire cette barre de recherche de preférence
_________________
c'est toi qui a mis cornwin?
analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/
C:\DOCUME~1\LECHO~1\APPLIC~1\SETUPH~1\Internetlogplatform.exe
_________________
lance smitfraudfix et choisi l'option 5 et colle le rapport:
http://siri.urz.free.fr/Fix/SmitfraudFix.php
_________________
et remet un rapport malwarebyte
_________________
c'est toi qui a mis cornwin?
analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/
C:\DOCUME~1\LECHO~1\APPLIC~1\SETUPH~1\Internetlogplatform.exe
_________________
lance smitfraudfix et choisi l'option 5 et colle le rapport:
http://siri.urz.free.fr/Fix/SmitfraudFix.php
_________________
et remet un rapport malwarebyte
slt,
pour le fichier à analyser il n'existe plus normalement et pour l'analyse :
SmitFraudFix v2.387
Rapport fait à 9:31:06,62, 22/12/2008
Executé à partir de C:\Documents and Settings\le cho\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix
Description: 802.11g USB 2.0 adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
Description: 802.11g USB 2.0 adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1DBAC4DB-D5E8-4745-B9AE-6396E265C585}: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix
Description: 802.11g USB 2.0 adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
Description: 802.11g USB 2.0 adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
pour le fichier à analyser il n'existe plus normalement et pour l'analyse :
SmitFraudFix v2.387
Rapport fait à 9:31:06,62, 22/12/2008
Executé à partir de C:\Documents and Settings\le cho\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix
Description: 802.11g USB 2.0 adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
Description: 802.11g USB 2.0 adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1DBAC4DB-D5E8-4745-B9AE-6396E265C585}: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix
Description: 802.11g USB 2.0 adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
Description: 802.11g USB 2.0 adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
