carabel
-
Compteur de contenus
6 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par carabel
-
Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1026 Windows 5.1.2600 Service Pack 2 16:40:25 5/08/2008 mbam-log-8-5-2008 (16-40-25).txt Type de recherche: Examen rapide Eléments examinés: 42695 Temps écoulé: 4 minute(s), 44 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\micky\Local Settings\Application Data\mfmgfr_navps.dat (Adware.Navipromo) -> Quarantined and deleted successfully. C:\Documents and Settings\micky\Local Settings\Application Data\mfmgfr_nav.dat (Adware.Navipromo) -> Quarantined and deleted successfully. C:\Documents and Settings\micky\Local Settings\Application Data\mfmgfr.dat (Adware.Navipromo) -> Quarantined and deleted successfully. C:\WINDOWS\Downloaded Program Files\UniSSOCheck.inf (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully. Voilà j'ai enfin réussi à mettre le log..... merci Micky
-
Merci j'ai enfin réussi et j'espère que tout est en odre maintenant. Merci pour ton aide qui m'a été très précieuse. Bon dimanche. Micky
-
Deckard's System Scanner v20071014.68 Run by micky on 2008-08-02 17:24:34 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 4 Restore Point(s) -- 4: 2008-08-02 15:24:41 UTC - RP4 - Deckard's System Scanner Restore Point 3: 2008-08-01 15:19:29 UTC - RP3 - Point de vérification système 2: 2008-07-30 07:01:53 UTC - RP2 - Point de vérification système 1: 2008-07-26 13:32:33 UTC - RP1 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis (run as micky.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:26:00, on 2/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63fe3e6e-1cb9-11dc-a3f9-00138f27febd}] Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Backup4all\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Backup4all\Backup4all.exe C:\Program Files\Backup4all\Backup4all.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\micky\Mes documents\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\micky.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [backup4all] C:\Program Files\Backup4all\Backup4all.exe /s O4 - HKCU\..\Run: [backup4all OTB Agent] C:\Program Files\Backup4all\B4AOTB.exe O4 - HKCU\..\Run: [Exstora] C:\Program Files\Exstora\Exstora.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.emule-project.net O15 - Trusted Zone: *.ma%20planète O15 - Trusted Zone: http://be.msn.com O15 - Trusted Zone: http://ma.planete.qc.ca O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mickycarabel150.spaces.live.com//Ph...ad/MsnPUpld.cab O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://europe.samsungportal.com/EP/web/com...rustChecker.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} (SSOCheck Class) - http://europe.samsungportal.com/EP/web/com...UniSSOCheck.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} - http://europe.samsungportal.com/EP/web/com...ctiveXSetup.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Print Spooler Service (lcheu3u8ehj) - Unknown owner - C:\WINDOWS\system32\cjjdooehaq.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Backup4all\IoctlSvc.exe -- End of file - 9328 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 viasraid - c:\windows\system32\drivers\viasraid.sys <Not Verified; VIA Technologies inc,.ltd; Raid controller 6420 driver> R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS> S3 MagicTune - c:\windows\system32\drivers\mtictwl.sys S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 PLFlash DeviceIoControl Service - c:\program files\backup4all\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application> S2 lcheu3u8ehj (Print Spooler Service) - c:\windows\system32\cjjdooehaq.exe /service (file missing) S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-08-02 17:06:00 254 --a------ C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job 2008-08-02 17:00:00 504 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job 2008-08-02 16:41:28 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2B2B5B76-5DC6-446A-A34D-EFDC3C05326B}.job -- Files created between 2008-07-02 and 2008-08-02 ----------------------------- 2008-08-02 17:25:47 0 d-------- C:\Program Files\Trend Micro 2008-08-02 07:16:11 0 d--hs---- C:\Documents and Settings\micky\Recent -- Find3M Report --------------------------------------------------------------- 2008-08-02 07:24:17 0 d-------- C:\Documents and Settings\micky\Application Data\Skype 2008-07-10 20:03:08 473864 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-07-10 20:03:08 77468 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-07-03 20:00:16 0 d-------- C:\Program Files\Java 2008-07-03 13:42:00 0 d-------- C:\Documents and Settings\micky\Application Data\LimeWire 2008-06-29 16:56:44 0 d-------- C:\Program Files\eMule 2008-06-28 00:41:25 0 d-------- C:\Documents and Settings\micky\Application Data\SpinTop 2008-06-20 14:52:07 0 d-------- C:\Program Files\QuickTime -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37] "Cmaudio"="cmicnfg.cpl" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17/03/2006 14:16] "nwiz"="nwiz.exe" [17/03/2006 14:16 C:\WINDOWS\system32\nwiz.exe] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [12/01/2006 16:40] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [17/03/2006 14:16] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [03/07/2001 09:11] "CamMonitor"="C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [07/10/2002 01:23] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [01/06/2006 13:32] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [06/07/2006 19:53] "Backup4all"="C:\Program Files\Backup4all\Backup4all.exe" [12/01/2006 08:35] "Backup4all OTB Agent"="C:\Program Files\Backup4all\B4AOTB.exe" [12/01/2006 08:35] "Exstora"="C:\Program Files\Exstora\Exstora.exe" [16/10/2006 14:28] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [20/08/2004 01:09] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [17/01/2008 11:40] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 10:15:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63fe3e6e-1cb9-11dc-a3f9-00138f27febd}] Auto\command- RavMonE.exe e AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa05f3ac-b52b-11dc-a51d-00138f27febd}] AutoRun\command- G:\InstallTomTomHOME.exe -- End of Deckard's System Scanner: finished at 2008-08-02 17:26:28 ------------
-
Je suis arrivée à coller la ligne dans me bloc notes mais ensuite j ne parviens pas à mettre cela sur le bureazu. le copier-collr ne fonctionne pas/ Y a-t-il un autre moyen pour conserver et faut-il aussi sauver et envoyer sur le bureau la première phrase ou seulement Hkey etc..... Merci pour votre patience mais je suis âgée et pas douée on dirait...
-
-- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 4 Restore Point(s) -- 4: 2008-08-02 15:24:41 UTC - RP4 - Deckard's System Scanner Restore Point 3: 2008-08-01 15:19:29 UTC - RP3 - Point de vérification système 2: 2008-07-30 07:01:53 UTC - RP2 - Point de vérification système 1: 2008-07-26 13:32:33 UTC - RP1 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis (run as micky.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:26:00, on 2/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Backup4all\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Backup4all\Backup4all.exe C:\Program Files\Backup4all\Backup4all.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\micky\Mes documents\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\micky.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [backup4all] C:\Program Files\Backup4all\Backup4all.exe /s O4 - HKCU\..\Run: [backup4all OTB Agent] C:\Program Files\Backup4all\B4AOTB.exe O4 - HKCU\..\Run: [Exstora] C:\Program Files\Exstora\Exstora.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.emule-project.net O15 - Trusted Zone: *.ma%20planète O15 - Trusted Zone: http://be.msn.com O15 - Trusted Zone: http://ma.planete.qc.ca O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mickycarabel150.spaces.live.com//Ph...ad/MsnPUpld.cab O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://europe.samsungportal.com/EP/web/com...rustChecker.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} (SSOCheck Class) - http://europe.samsungportal.com/EP/web/com...UniSSOCheck.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} - http://europe.samsungportal.com/EP/web/com...ctiveXSetup.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Print Spooler Service (lcheu3u8ehj) - Unknown owner - C:\WINDOWS\system32\cjjdooehaq.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Backup4all\IoctlSvc.exe -- End of file - 9328 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 viasraid - c:\windows\system32\drivers\viasraid.sys <Not Verified; VIA Technologies inc,.ltd; Raid controller 6420 driver> R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS> S3 MagicTune - c:\windows\system32\drivers\mtictwl.sys S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 PLFlash DeviceIoControl Service - c:\program files\backup4all\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application> S2 lcheu3u8ehj (Print Spooler Service) - c:\windows\system32\cjjdooehaq.exe /service (file missing) S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-08-02 17:06:00 254 --a------ C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job 2008-08-02 17:00:00 504 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job 2008-08-02 16:41:28 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2B2B5B76-5DC6-446A-A34D-EFDC3C05326B}.job -- Files created between 2008-07-02 and 2008-08-02 ----------------------------- 2008-08-02 17:25:47 0 d-------- C:\Program Files\Trend Micro 2008-08-02 07:16:11 0 d--hs---- C:\Documents and Settings\micky\Recent -- Find3M Report --------------------------------------------------------------- 2008-08-02 07:24:17 0 d-------- C:\Documents and Settings\micky\Application Data\Skype 2008-07-10 20:03:08 473864 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-07-10 20:03:08 77468 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-07-03 20:00:16 0 d-------- C:\Program Files\Java 2008-07-03 13:42:00 0 d-------- C:\Documents and Settings\micky\Application Data\LimeWire 2008-06-29 16:56:44 0 d-------- C:\Program Files\eMule 2008-06-28 00:41:25 0 d-------- C:\Documents and Settings\micky\Application Data\SpinTop 2008-06-20 14:52:07 0 d-------- C:\Program Files\QuickTime -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37] "Cmaudio"="cmicnfg.cpl" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17/03/2006 14:16] "nwiz"="nwiz.exe" [17/03/2006 14:16 C:\WINDOWS\system32\nwiz.exe] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [12/01/2006 16:40] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [17/03/2006 14:16] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [03/07/2001 09:11] "CamMonitor"="C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [07/10/2002 01:23] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [01/06/2006 13:32] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [06/07/2006 19:53] "Backup4all"="C:\Program Files\Backup4all\Backup4all.exe" [12/01/2006 08:35] "Backup4all OTB Agent"="C:\Program Files\Backup4all\B4AOTB.exe" [12/01/2006 08:35] "Exstora"="C:\Program Files\Exstora\Exstora.exe" [16/10/2006 14:28] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [20/08/2004 01:09] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [17/01/2008 11:40] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 10:15:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63fe3e6e-1cb9-11dc-a3f9-00138f27febd}] Auto\command- RavMonE.exe e AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa05f3ac-b52b-11dc-a51d-00138f27febd}] AutoRun\command- G:\InstallTomTomHOME.exe -- End of Deckard's System Scanner: finished at 2008-08-02 17:26:28 ------------
-
avast ne trouve aucun virus mais par contre un autre m'annonce que j'ai un trojan t 86 dossiers infectés alors je ne sais plus que faire.