ragondin
-
Compteur de contenus
18 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par ragondin
-
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
Coucou, voici le rapport log : Logfile of random's system information tool 1.06 (written by random/random) Run by anthony at 2010-01-15 21:39:01 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 22 GB (23%) free of 95 GB Total RAM: 958 MB (50% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:39:11, on 15/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\SFR\Media Center\MediaCenter.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\lxcrcoms.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\anthony\Bureau\sécurité\RSIT.exe C:\Program Files\Trend Micro\HijackThis\anthony.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/telechargement/tele...nt-photoweb.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 7531 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GlaryInitialize.job C:\WINDOWS\tasks\User_Feed_Synchronization-{BDBAD413-8856-4AC8-A196-D5044D432A0F}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}] Lexmark Barre d'outils - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-01 110652] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-13 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-13 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Barre d'outils - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920] "TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-08-03 266240] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-11-10 15473664] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "LXCRCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 [] "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-14 98394] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1024000] "THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2005-12-08 352256] "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Neuf Media Center"=C:\Program Files\SFR\Media Center\MediaCenter.exe [2008-10-10 726336] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-02-07 98304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-02-02 290816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2006-03-06 286720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-08-30 1077328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [2005-05-17 118784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-11 65536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [2005-11-30 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2] C:\Program Files\Windows Media Connect 2\WMCCFG.exe [2006-10-18 8704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^RAMASST.lnk] C:\WINDOWS\system32\RAMASST.exe [2004-08-28 155648] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] C:\WINDOWS\system32\NavLogon.dll [2001-09-24 45056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "BackupNoCDBurning"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\i-Media\ims.exe"="C:\Program Files\i-Media\ims.exe:*:Disabled:i-Minitel Serveur" "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe"="C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Disabled:ConfigFree SUMMIT Engine" "C:\Program Files\Outlook Express\msimn.exe"="C:\Program Files\Outlook Express\msimn.exe:*:Disabled:Outlook Express" "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\SFR\Media Center\httpd\httpd.exe"="C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2010-01-15 21:39:01 ----D---- C:\rsit 2010-01-08 12:44:58 ----HD---- C:\WINDOWS\msdownld.tmp 2010-01-08 12:39:32 ----HDC---- C:\WINDOWS\ie8 2010-01-08 12:32:15 ----SHD---- C:\RECYCLER 2010-01-05 00:43:51 ----D---- C:\Documents and Settings\anthony\Application Data\Malwarebytes 2010-01-05 00:35:27 ----A---- C:\ComboFix.txt 2010-01-05 00:05:02 ----A---- C:\Boot.bak 2010-01-05 00:04:54 ----RASHD---- C:\cmdcons 2010-01-05 00:01:58 ----A---- C:\WINDOWS\zip.exe 2010-01-05 00:01:58 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-01-05 00:01:58 ----A---- C:\WINDOWS\SWSC.exe 2010-01-05 00:01:58 ----A---- C:\WINDOWS\SWREG.exe 2010-01-05 00:01:58 ----A---- C:\WINDOWS\sed.exe 2010-01-05 00:01:58 ----A---- C:\WINDOWS\PEV.exe 2010-01-05 00:01:58 ----A---- C:\WINDOWS\NIRCMD.exe 2010-01-05 00:01:58 ----A---- C:\WINDOWS\MBR.exe 2010-01-05 00:01:58 ----A---- C:\WINDOWS\grep.exe 2010-01-05 00:01:41 ----D---- C:\WINDOWS\ERDNT 2010-01-04 23:58:54 ----D---- C:\Qoobox 2009-12-31 12:38:21 ----A---- C:\fixnavi.txt 2009-12-31 12:10:04 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini 2009-12-31 11:38:06 ----D---- C:\_OTM 2009-12-27 12:08:17 ----D---- C:\Program Files\uTorrent 2009-12-27 11:57:18 ----A---- C:\Rapport-FS.txt 2009-12-27 10:29:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-12-20 20:33:58 ----D---- C:\Program Files\Windows Live 2009-12-20 11:40:58 ----D---- C:\Program Files\Avira 2009-12-20 11:40:58 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-12-19 21:40:09 ----A---- C:\WINDOWS\is-P0LGU.exe 2009-12-19 14:31:52 ----A---- C:\cleannavi.txt 2009-12-18 01:12:36 ----D---- C:\Documents and Settings\anthony\Application Data\uTorrent ======List of files/folders modified in the last 1 months====== 2010-01-15 21:39:09 ----D---- C:\WINDOWS\Prefetch 2010-01-15 18:19:58 ----D---- C:\WINDOWS\Temp 2010-01-15 18:15:54 ----D---- C:\WINDOWS 2010-01-15 18:15:45 ----D---- C:\WINDOWS\Debug 2010-01-15 18:07:23 ----D---- C:\WINDOWS\system32\Lang 2010-01-15 18:06:48 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-15 18:06:26 ----D---- C:\WINDOWS\system32\DLA 2010-01-15 13:48:22 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-01-14 23:41:27 ----D---- C:\Documents and Settings\anthony\Application Data\vlc 2010-01-13 20:22:13 ----D---- C:\WINDOWS\AppPatch 2010-01-13 20:04:55 ----HD---- C:\WINDOWS\inf 2010-01-13 20:04:54 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-01-13 20:04:49 ----HD---- C:\WINDOWS\$hf_mig$ 2010-01-13 20:04:37 ----D---- C:\WINDOWS\system32 2010-01-13 03:25:04 ----D---- C:\Documents and Settings\anthony\Application Data\dvdcss 2010-01-12 13:57:34 ----D---- C:\WINDOWS\system32\drivers 2010-01-12 13:55:48 ----D---- C:\WINDOWS\network diagnostic 2010-01-12 12:34:40 ----D---- C:\Program Files\MSN 2010-01-09 20:01:43 ----D---- C:\WINDOWS\system32\CatRoot 2010-01-09 20:01:39 ----D---- C:\WINDOWS\ie8updates 2010-01-09 09:33:25 ----AD---- C:\Program Files 2010-01-09 09:33:14 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-01-08 12:54:58 ----SD---- C:\WINDOWS\Tasks 2010-01-08 12:49:20 ----RASH---- C:\boot.ini 2010-01-08 12:49:19 ----A---- C:\WINDOWS\win.ini 2010-01-08 12:49:18 ----A---- C:\WINDOWS\system.ini 2010-01-08 12:47:30 ----D---- C:\WINDOWS\system32\fr-fr 2010-01-08 12:47:29 ----D---- C:\WINDOWS\Media 2010-01-08 12:47:29 ----D---- C:\WINDOWS\Help 2010-01-08 12:47:29 ----D---- C:\Program Files\Internet Explorer 2010-01-08 12:32:04 ----D---- C:\Program Files\Mozilla Firefox 2010-01-08 12:31:59 ----D---- C:\Documents and Settings\anthony\Application Data\Mozilla 2010-01-06 21:20:51 ----D---- C:\Program Files\Fichiers communs 2010-01-06 15:39:50 ----D---- C:\Program Files\lx_cats 2010-01-06 15:38:26 ----D---- C:\WINDOWS\Registration 2010-01-05 21:19:36 ----A---- C:\WINDOWS\msdfmaps32.ini 2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe 2010-01-05 00:24:50 ----D---- C:\WINDOWS\system32\config 2010-01-05 00:23:45 ----D---- C:\WINDOWS\system 2010-01-02 12:11:08 ----D---- C:\WINDOWS\system32\NtmsData 2010-01-02 12:06:53 ----SHD---- C:\WINDOWS\Installer 2010-01-02 12:06:53 ----D---- C:\Config.Msi 2010-01-02 12:03:47 ----D---- C:\WINDOWS\system32\Restore 2010-01-02 12:03:46 ----D---- C:\Program Files\Microsoft Works 2010-01-02 12:03:46 ----D---- C:\Documents and Settings\anthony\Application Data\OneSwarm 2010-01-02 12:03:45 ----D---- C:\Program Files\Windows Media Player 2010-01-02 11:16:45 ----D---- C:\Program Files\Real 2010-01-02 11:16:45 ----D---- C:\Program Files\Fichiers communs\Real 2010-01-02 11:16:39 ----D---- C:\Documents and Settings\anthony\Application Data\Real 2009-12-31 20:03:04 ----D---- C:\Documents and Settings\anthony\Application Data\LimeWire 2009-12-22 00:36:37 ----D---- C:\WINDOWS\WinSxS 2009-12-20 20:33:11 ----D---- C:\WINDOWS\Microsoft.NET 2009-12-20 20:23:06 ----D---- C:\Documents and Settings\anthony\Application Data\GlarySoft 2009-12-20 20:18:42 ----RSD---- C:\WINDOWS\assembly 2009-12-20 20:04:00 ----D---- C:\WINDOWS\ie7updates 2009-12-20 11:03:45 ----D---- C:\Program Files\Glary Utilities 2009-12-19 14:24:27 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-12-19 14:24:23 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-12-17 10:29:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-16 20:28:32 ----D---- C:\Documents and Settings 2009-12-16 20:10:09 ----D---- C:\WINDOWS\system32\wbem 2009-12-16 20:09:04 ----D---- C:\FindyKill 2009-12-16 20:08:43 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-16 20:08:42 ----D---- C:\Program Files\CCleaner ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628] R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-12-20 28520] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-06-01 17801] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-20 56816] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628] R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544] R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656] R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-09-12 468736] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-11 4064256] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-12-06 220032] R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144] R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem; C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 31579] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SoC PC-Camera Service;CIF USB CAMERA; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-02-10 127692] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 38496] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACS;Service de configuration Atheros; C:\WINDOWS\system32\acs.exe [2005-07-07 36864] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-12-20 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-12-20 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928] R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-18 40960] R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-13 152984] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632] R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-08-10 35328] R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 lxcr_device;lxcr_device; C:\WINDOWS\system32\lxcrcoms.exe [2006-02-20 495616] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
Bonjour, désolé pour le retard mais je n'avais pas accès à mon pc. En tous cas, merci beaucoup car ca a l'air pas mal... voici le rapport mbam : Malwarebytes' Anti-Malware 1.43 Version de la base de données: 3498 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/01/2010 13:52:30 mbam-log-2010-01-12 (13-52-30).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 240488 Temps écoulé: 1 hour(s), 14 minute(s), 56 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTlwvpltmwvj.sys.vir (Malware.Packer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP396\A0363218.exe (Malware.Tool) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP401\A0374683.sys (Malware.Packer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP401\A0374765.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
ComboFix 10-01-04.01 - anthony 05/01/2010 0:15.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.958.576 [GMT 1:00] Lancé depuis: c:\documents and settings\anthony\Bureau\ragondin.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system\msvbvm60.dll c:\windows\system32\drivers\H8SRTlwvpltmwvj.sys c:\windows\system32\drivers\npf.sys c:\windows\system32\H8SRTlctgceufkx.dll c:\windows\system32\H8SRTokmknawvks.dll c:\windows\system32\H8SRTqrpkxbkkar.dat c:\windows\system32\H8SRTyodetytaqj.dll c:\windows\system32\Ijl11.dll c:\windows\system32\Packet.dll c:\windows\system32\SrchSTS.exe c:\windows\system32\srcr.dat c:\windows\system32\twain.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_H8SRTd.sys -------\Legacy_H8SRTd.sys -------\Service_NPF ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-04 au 2010-01-04 )))))))))))))))))))))))))))))))))))) . 2010-01-02 10:57 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-02 10:57 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-31 11:13 . 2010-01-04 14:23 860 ----a-w- c:\windows\system32\krl32mainweq.dll 2009-12-31 10:38 . 2009-12-31 10:38 -------- d-----w- C:\_OTM 2009-12-27 11:08 . 2009-12-27 11:08 -------- d-----w- c:\program files\uTorrent 2009-12-27 09:29 . 2010-01-02 11:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-20 19:33 . 2009-12-20 19:34 -------- d-----w- c:\program files\Windows Live 2009-12-20 10:41 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-12-20 10:41 . 2009-12-20 11:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-20 10:41 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-12-20 10:41 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-12-20 10:40 . 2009-12-20 10:40 -------- d-----w- c:\program files\Avira 2009-12-20 10:40 . 2009-12-20 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-12-19 20:40 . 2009-12-19 20:40 1163776 ----a-w- c:\windows\is-P0LGU.exe 2009-12-18 00:12 . 2010-01-03 13:41 -------- d-----w- c:\documents and settings\anthony\Application Data\uTorrent 2009-12-16 19:28 . 2009-12-31 11:07 -------- d-----w- c:\documents and settings\HelpAssistant.AURÉLIE 2009-12-16 19:10 . 2009-12-16 19:10 -------- d-----w- c:\windows\system32\wbem\Repository 2009-12-13 21:57 . 2009-12-13 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-13 20:38 . 2009-12-16 19:09 -------- d-----w- C:\FindyKill 2009-12-13 01:48 . 2010-01-02 11:03 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing 2009-12-13 01:48 . 2009-12-13 01:48 -------- d-----w- c:\documents and settings\HelpAssistant\UserData 2009-12-13 01:35 . 2009-12-13 01:39 -------- d-----r- c:\documents and settings\HelpAssistant\Menu Démarrer 2009-12-13 01:35 . 2005-12-09 06:55 -------- d--h--w- c:\documents and settings\HelpAssistant\Voisinage d'impression 2009-12-13 01:35 . 2005-03-02 13:58 -------- d--h--w- c:\documents and settings\HelpAssistant\Modèles 2009-12-13 01:35 . 2005-03-02 13:58 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS 2009-12-13 01:35 . 2009-12-16 18:41 -------- d-----w- c:\documents and settings\HelpAssistant 2009-12-08 22:33 . 2009-12-08 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite 2009-12-08 22:33 . 2009-12-08 22:33 -------- d-----w- c:\documents and settings\anthony\Application Data\PC Suite 2009-12-08 22:31 . 2008-07-03 00:48 319456 ----a-w- c:\windows\system32\DIFxAPI.dll 2009-12-08 22:31 . 2007-05-02 15:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll 2009-12-08 22:31 . 2007-09-17 14:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-12-08 22:29 . 2009-12-08 22:29 -------- d-----w- c:\program files\MarkAny 2009-12-08 22:29 . 2009-12-13 19:12 -------- d-----w- c:\program files\PC Connectivity Solution 2009-12-08 22:28 . 2009-12-08 22:31 -------- d-----w- c:\program files\Samsung 2009-12-08 22:26 . 2009-12-08 22:27 -------- d-----w- c:\documents and settings\anthony\Local Settings\Application Data\Downloaded Installations . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-03 22:56 . 2009-12-04 13:22 -------- d-----w- c:\documents and settings\anthony\Application Data\vlc 2010-01-02 17:00 . 2007-03-26 00:00 -------- d-----w- c:\program files\lx_cats 2010-01-02 11:03 . 2009-05-12 23:55 -------- d-----w- c:\documents and settings\anthony\Application Data\OneSwarm 2010-01-02 11:03 . 2005-12-16 05:15 -------- d-----w- c:\program files\Microsoft Works 2010-01-02 10:18 . 2007-02-23 22:38 40000 ----a-w- c:\documents and settings\anthony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-02 10:16 . 2008-01-28 21:25 -------- d-----w- c:\program files\Real 2010-01-02 10:16 . 2008-01-28 21:25 -------- d-----w- c:\program files\Fichiers communs\Real 2010-01-01 22:58 . 2009-10-07 22:42 -------- d-----w- c:\documents and settings\anthony\Application Data\dvdcss 2009-12-31 19:03 . 2009-04-13 07:28 -------- d-----w- c:\documents and settings\anthony\Application Data\LimeWire 2009-12-31 12:38 . 2009-11-10 14:38 79488 ----a-w- c:\documents and settings\anthony\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-20 19:23 . 2009-09-02 23:20 -------- d-----w- c:\documents and settings\anthony\Application Data\GlarySoft 2009-12-20 10:03 . 2009-09-02 23:19 -------- d-----w- c:\program files\Glary Utilities 2009-12-19 13:24 . 2008-03-27 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-12-17 09:29 . 2005-12-09 05:49 85980 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-17 09:29 . 2005-12-09 05:49 511562 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-16 19:08 . 2006-11-25 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-16 19:08 . 2007-11-14 18:55 -------- d-----w- c:\program files\CCleaner 2009-12-13 19:59 . 2008-11-28 01:19 -------- d-----w- c:\program files\Virtools Web Player 3.5 2009-12-13 19:09 . 2007-03-11 21:32 -------- d-----w- c:\program files\Google 2009-12-13 19:06 . 2005-12-09 08:52 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-13 19:04 . 2009-07-09 09:10 -------- d-----w- c:\program files\AoA Audio Extractor 2009-12-13 19:04 . 2009-07-23 22:10 -------- d-----w- c:\program files\Any Video Converter 2009-12-13 19:03 . 2009-07-23 22:10 -------- d-----w- c:\documents and settings\anthony\Application Data\Any Video Converter 2009-12-13 19:02 . 2009-07-23 21:54 -------- d-----w- c:\program files\Agree AVI WMV to FLV MP4 MPEG ASF MOV Converter 2009-12-08 22:35 . 2009-12-08 22:35 69632 ----a-w- c:\documents and settings\anthony\Application Data\Samsung\New PC Studio\DriverChecker.exe 2009-12-08 22:31 . 2009-12-08 22:30 -------- d-----w- c:\program files\DIFX 2009-12-08 22:30 . 2009-12-08 22:30 -------- d-----w- c:\documents and settings\anthony\Application Data\Samsung 2009-11-07 00:49 . 2009-11-07 00:49 -------- d-----w- c:\program files\Fichiers communs\Windows Live 2009-10-29 07:44 . 2005-12-09 05:48 832512 ----a-w- c:\windows\system32\wininet.dll 2009-10-29 07:44 . 2009-10-21 13:31 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-29 07:44 . 2005-12-09 05:48 17408 ----a-w- c:\windows\system32\corpol.dll 2009-10-21 05:39 . 2005-12-09 05:48 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:39 . 2005-12-09 05:48 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:33 . 2005-12-09 05:48 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:39 . 2005-12-09 05:48 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:39 . 2005-12-09 05:48 150528 ----a-w- c:\windows\system32\rastls.dll 2001-05-24 10:59 . 2008-03-26 19:00 162304 ----a-w- c:\program files\UNWISE.EXE . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "TPSMain"="TPSMain.exe" [2005-08-03 266240] "RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-12-08 352256] "SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077328] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-6-1 155648] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^RAMASST.lnk] backup=c:\windows\pss\RAMASST.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] 2006-02-07 05:10 98304 ----a-w- c:\program files\Lexmark 2400 Series\ezprint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] 2006-02-02 08:11 290816 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe] 2006-03-06 17:48 286720 ----a-w- c:\program files\Lexmark 2400 Series\lxcrmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2008-07-07 07:34 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] 2005-04-11 15:08 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs] 2005-11-30 11:25 73728 ----a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2] 2006-10-18 20:58 8704 ------w- c:\program files\Windows Media Connect 2\WMCCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-11-03 08:59 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "LXCRCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "SerialNumber"="A109A-K13-3ZXD-BAP5-TE" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\i-Media\\ims.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\Program Files\\Outlook Express\\msimn.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "2479:TCP"= 2479:TCP:Services "6953:TCP"= 6953:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop "8789:TCP"= 8789:TCP:Services "2304:TCP"= 2304:TCP:Services "2743:TCP"= 2743:TCP:Services "3246:TCP"= 3246:TCP:Services R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/12/2009 11:41 108289] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 13:50 238960] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [02/01/2010 11:57 38224] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\system32\drivers\usbiad.sys [13/06/2005 05:57 31579] . Contenu du dossier 'Tâches planifiées' 2010-01-04 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-09-02 11:09] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\anthony\Application Data\Mozilla\Firefox\Profiles\7vik75ew.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-TkBellExe - c:\program files\Fichiers communs\Real\Update_OB\realsched.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-05 00:29 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85554228]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf76baf28 \Driver\ACPI -> ACPI.sys @ 0xf760ccb8 \Driver\atapi -> 0x85554228 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9 ParseProcedure -> ntoskrnl.exe @ 0x8056ea15 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9 ParseProcedure -> ntoskrnl.exe @ 0x8056ea15 NDIS: Atheros AR5005G Wireless Network Adapter -> SendCompleteHandler -> 0x85b814c0 PacketIndicateHandler -> NDIS.sys @ 0xf7496a21 SendHandler -> NDIS.sys @ 0xf748ad44 Warning: possible MBR rootkit infection ! copy of MBR has been found in sector 0x0BA51E60 malicious code @ sector 0x0BA51E63 ! PE file found in sector at 0x0BA51E79 ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(624) c:\windows\system32\Ati2evxx.dll c:\windows\system32\NavLogon.dll - - - - - - - > 'explorer.exe'(2728) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\eappprxy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\acs.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\Ati2evxx.exe c:\windows\RTHDCPL.EXE c:\windows\AGRSMMSG.exe c:\windows\system32\TPSBattM.exe c:\windows\system32\lxcrcoms.exe c:\program files\SFR\Media Center\httpd\httpd.exe c:\program files\SFR\Media Center\httpd\httpd.exe . ************************************************************************** . Heure de fin: 2010-01-05 00:35:26 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-04 23:35 Avant-CF: 44 562 743 296 octets libres Après-CF: 44 524 441 600 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - 8149D8B72ED71BB24133CA4785C08D75 -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
salut, voici le rapport gmer: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-04 23:29:03 Windows 5.1.2600 Service Pack 3 Running: dcy5wm7z.exe; Driver: C:\DOCUME~1\anthony\LOCALS~1\Temp\pxldrpog.sys ---- System - GMER 1.0.15 ---- Code 86283AE8 ZwEnumerateKey Code 861074B0 ZwFlushInstructionCache Code 860DB75E IofCallDriver Code 860DB2E6 IofCompleteRequest ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) ---- Modules - GMER 1.0.15 ---- Module \systemroot\system32\drivers\H8SRTlwvpltmwvj.sys (*** hidden *** ) F248A000-F24A7000 (118784 bytes) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\H8SRTyodetytaqj.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [380] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTyodetytaqj.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [648] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTyodetytaqj.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [876] 0x00C10000 Library \\?\globalroot\systemroot\system32\H8SRTyodetytaqj.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [988] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTyodetytaqj.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1032] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTyodetytaqj.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1072] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTyodetytaqj.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1216] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTyodetytaqj.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1284] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTyodetytaqj.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1316] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTyodetytaqj.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [2316] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTokmknawvks.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [2316] 0x00CC0000 Library \\?\globalroot\systemroot\system32\H8SRTyodetytaqj.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [4080] 0x10000000 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\H8SRTlwvpltmwvj.sys (*** hidden *** ) [sYSTEM] H8SRTd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTlwvpltmwvj.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTlwvpltmwvj.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTlctgceufkx.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTqrpkxbkkar.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTyodetytaqj.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTokmknawvks.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTlwvpltmwvj.sys Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTlwvpltmwvj.sys Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTlctgceufkx.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTqrpkxbkkar.dat Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTyodetytaqj.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTokmknawvks.dll ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Administrateur\Local Settings\Temp\h8srtmainqt.dll 16149 bytes File C:\Documents and Settings\anthony\Local Settings\Temp\H8SRT5ac8.tmp 343040 bytes executable File C:\Documents and Settings\anthony\Local Settings\Temp\h8srtmainqt.dll 15813 bytes File C:\Documents and Settings\anthony\Local Settings\Temporary Internet Files\Content.IE5\I6TABY30\dnserrordiagoff[1] 0 bytes File C:\WINDOWS\system32\drivers\H8SRTlwvpltmwvj.sys 40448 bytes executable <-- ROOTKIT !!! File C:\WINDOWS\system32\H8SRTlctgceufkx.dll 23040 bytes executable File C:\WINDOWS\system32\H8SRTokmknawvks.dll 40960 bytes executable File C:\WINDOWS\system32\H8SRTqrpkxbkkar.dat 202 bytes File C:\WINDOWS\system32\H8SRTyodetytaqj.dll 36864 bytes executable File C:\WINDOWS\Temp\H8SRT5440.tmp 202 bytes ---- EOF - GMER 1.0.15 ---- -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
La situation s'est encore dégradée, maintenant impossible de lancer avira ni mbam, même le setup d'installation de mbam plante... Redirections encore plus importantes avec firefox... J'ai été infecté par malware defense et windows security center mais ils ont disparu... voici, une bonne qui commence. merci de ton aide -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
Et voici le rapport fox scan : bon reveillon FoxScan Version 1.1.1 Par Loup blanc - Zebulon.fr Scan lancé le 31/12/2009 à 11:52 Microsoft Windows XP dition familiale Service Pack 3 [version 5.1.2600] Mozilla Firefox version : 3.5.6 (fr) Dossier d'installation : C:\Program Files\Mozilla Firefox ================================================================================ = ---------- Compte utilisateur : anthony [session en cours] ================================================================================ = Profil : default Dossier du profil : C:\Documents and Settings\anthony\Application Data\mozilla\firefox\Profiles\7vik75ew.default\ Pages de démarrage prefs.js : "http://www.google.fr/" //////////// Configuration \\\\\\\\\\\\\ ======= Profil : default ======= Mise à jour Firefox : Activé Mise à jour des modules complémentaires : Activé Mise à jour des moteurs de recherche : Activé Java : Activé Javascript : Activé Proxy : Pas de Proxy //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : default ======= La notification d'installation des modules complémentaires est activée Nom : Default Dossier : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ Etat : actif Nom : RealPlayer Browser Record Plugin Dossier : C:\Program Files\Real\RealPlayer\browserrecord\ Etat : actif Nom : Java Quick Starter Dossier : C:\Program Files\Java\jre6\lib\deploy\jqs\ff\ Etat : actif Nom : Microsoft .NET Framework Assistant Dossier : c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ Etat : Inactif Nom : Neofox IE 6 Dossier : C:\Documents and Settings\anthony\Application Data\mozilla\firefox\Profiles\7vik75ew.default\extensions\{3EB655F8-A508-11DB-8BC6-FD5B55D89593}\ Etat : Inactif //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : default ======= Recherche dans "prefs.js" : browser.search.defaultenginename : "Ask.com" browser.search.defaulturl : browser.search.selectedEngine : "Google" keyword.URL : "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" keyword.enable : --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Documents and Settings\anthony\Application Data\mozilla\firefox\Profiles\7vik75ew.default\searchplugins\live-search.xml Template : http://search.live.com/results.aspx ================================================================================ = ---------- Compte utilisateur : HelpAssistant ================================================================================ = Profil : default Dossier du profil : C:\Documents and Settings\HelpAssistant\Application Data\mozilla\firefox\Profiles\7vik75ew.default\ Pages de démarrage prefs.js : "http://fr.msn.com/" //////////// Configuration \\\\\\\\\\\\\ ======= Profil : default ======= Mise à jour Firefox : Activé Mise à jour des modules complémentaires : Activé Mise à jour des moteurs de recherche : Activé Java : Activé Javascript : Activé Proxy : Pas de Proxy //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : default ======= La notification d'installation des modules complémentaires est activée Nom : Microsoft .NET Framework Assistant Dossier : C:\Documents and Settings\anthony\Application Data\mozilla\firefox\Profiles\7vik75ew.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ Etat : Inactif Nom : Default Dossier : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ Etat : actif Nom : RealPlayer Browser Record Plugin Dossier : C:\Program Files\Real\RealPlayer\browserrecord\ Etat : actif Nom : Neofox IE 6 Dossier : C:\Documents and Settings\HelpAssistant\Application Data\mozilla\firefox\Profiles\7vik75ew.default\extensions\{3EB655F8-A508-11DB-8BC6-FD5B55D89593}\ Etat : actif //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : default ======= Recherche dans "prefs.js" : browser.search.defaultenginename : browser.search.defaulturl : browser.search.selectedEngine : "Live Search" keyword.URL : "http://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=" keyword.enable : --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Documents and Settings\HelpAssistant\Application Data\mozilla\firefox\Profiles\7vik75ew.default\searchplugins\live-search.xml Template : http://search.live.com/results.aspx ================================================================================ = ---------- Compte utilisateur : HelpAssistant.AURLIE ================================================================================ = Profil : AURLIE\Application Data\mozilla\firefox\Profiles\7vik75ew Dossier du profil : C:\Documents and Settings\HelpAssistant.AURLIE\Application Data\mozilla\firefox\Profiles\7vik75ew\ //////////// Configuration \\\\\\\\\\\\\ ======= Profil : AURLIE\Application Data\mozilla\firefox\Profiles\7vik75ew ======= Mise à jour Firefox : Activé Mise à jour des modules complémentaires : Activé Mise à jour des moteurs de recherche : Activé Java : Activé Javascript : Activé Proxy : Pas de Proxy //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : AURLIE\Application Data\mozilla\firefox\Profiles\7vik75ew ======= La notification d'installation des modules complémentaires est activée //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : AURLIE\Application Data\mozilla\firefox\Profiles\7vik75ew ======= Recherche dans "prefs.js" : browser.search.defaultenginename : browser.search.defaulturl : browser.search.selectedEngine : keyword.URL : keyword.enable : --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur ================================================================================ = ---------- Section commune ================================================================================ = //////////// DLL présentes dans C:\Program Files\Mozilla Firefox\components \\\\\\\\\\\\\ browserdirprovider.dll brwsrcmp.dll ------------------------------------------------------ //////////// Plugins de recherche \\\\\\\\\\\\\ --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml Template : http://www.amazon.fr/exec/obidos/external-search/ C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml Template : http://www.cnrtl.fr/lexicographie/{searchTerms} C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml Template : http://rover.ebay.com/rover/1/709-47295-17703-3/4 C:\Program Files\Mozilla Firefox\searchplugins\google.xml Template : http://www.google.com/search C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml Template : http://fr.wikipedia.org/wiki/Special:Recherche C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml Template : http://fr.search.yahoo.com/search ------------------------------------------------------ //////////// Plugins configurés dans la Base de registre \\\\\\\\\\\\\ [HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/FlashPlayer] "Description"="Adobe® Flash® Player 10" "Vendor"="Adobe Systems Incorporated" "Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@google.com/npPicasa3,version=3.0.0] "Description"="Picasa3 plugin" "Vendor"="Google, Inc." "Path"="C:\Program Files\Google\Picasa3\npPicasa3.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@ma-config.com/HardwareDetection] "Description"="Détection de sa configuration" "Vendor"="CybelSoft" "Path"="C:\Program Files\ma-config.com\nphardwaredetection.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WPF,version=3.5] "Description"="Windows Presentation Foundation plug-in for Mozilla browsers" "Vendor"="Microsoft Corp." "Path"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nppl3260;version=6.0.12.69] "Description"="RealPlayer LiveConnect-Enabled Plug-In" "Vendor"="RealNetworks" "Path"="C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprjplug;version=1.0.3.69] "Description"="RealJukebox Netscape Plugin" "Vendor"="RealNetworks" "Path"="C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprpjplug;version=6.0.12.69] "Description"="6.0.12.69" "Vendor"="RealNetworks" "Path"="C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nsJSRealPlayerPlugin;version=] [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/RhapsodyPlayerEngine,version=1.1] "Description"="Rhapsody Control" "Vendor"="RealNetworks" "Path"="C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll" [HKEY_CURRENT_USER\software\mozillaplugins\@adobe.com/FlashPlayer] "Description"="Adobe Flash Player 9.0" "Vendor"="Adobe Systems Inc." "Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" ------------------------------------------------------ //////////// Recherche additionnelles... \\\\\\\\\\\\\ ==== Extension supplémentaire ==== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.5.6\extensions] =========================== Fin du rapport =========================== -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
voici le rapport otm mais lors de la suppression il y a eu une erreur : "l'application ou dll youtubex n'est pas une image windows valide, veuillez utiliser le disque windows" All processes killed Error: Unable to interpret <:first> in the current context! ========== FILES ========== C:\Documents and Settings\anthony\Application Data\mozilla\firefox\Profiles\7vik75ew.default\searchplugins\askcom.xml moved successfully. File/Folder C:\Program Files\eChanblard\EvID4226Patch.exe not found. LoadLibrary failed for C:\WINDOWS\youtubex.dll C:\WINDOWS\youtubex.dll moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Zeldar\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Casino Tropez\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\fcn\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\MediaHoldings\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: anthony ->Temp folder emptied: 2832467 bytes ->Temporary Internet Files folder emptied: 1644662 bytes ->Java cache emptied: 13690300 bytes ->FireFox cache emptied: 36625813 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: HelpAssistant ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: HelpAssistant.AURÉLIE ->Temp folder emptied: 4247411 bytes ->Temporary Internet Files folder emptied: 2783591 bytes ->Java cache emptied: 3495396 bytes ->FireFox cache emptied: 79264665 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 563308 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 14654011 bytes Total Files Cleaned = 153,00 mb OTM by OldTimer - Version 3.1.4.0 log created on 12312009_113806 Files moved on Reboot... File move failed. C:\WINDOWS\temp\$$$dq3e scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\$67we.$ scheduled to be moved on reboot. Registry entries deleted on Reboot... -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
Bonsoir, j'ai bien compris ce que tu me demandais de faire mais j'ai un probleme quand je veux supprimer la liste d'éléments en fin de scan mbam plante donc je ne vois pas comment je peux faire pour les supprimer... J'ai essayé de réinstaller mbam mis le résultat est indentique ! -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
Et voila le rapport foxscan, encore merci et j'espère que tu passes de bonnes fêtes : FoxScan Version 1.1.1 Par Loup blanc - Zebulon.fr Scan lancé le 27/12/2009 à 11:57 Microsoft Windows XP dition familiale Service Pack 3 [version 5.1.2600] Mozilla Firefox version : 3.5.6 (fr) Dossier d'installation : C:\Program Files\Mozilla Firefox ================================================================================ = ---------- Compte utilisateur : anthony [session en cours] ================================================================================ = Profil : default Dossier du profil : C:\Documents and Settings\anthony\Application Data\mozilla\firefox\Profiles\7vik75ew.default\ Pages de démarrage prefs.js : "http://www.google.fr/" //////////// Configuration \\\\\\\\\\\\\ ======= Profil : default ======= Mise à jour Firefox : Activé Mise à jour des modules complémentaires : Activé Mise à jour des moteurs de recherche : Activé Java : Activé Javascript : Activé Proxy : Pas de Proxy //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : default ======= La notification d'installation des modules complémentaires est activée Nom : Default Dossier : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ Etat : actif Nom : RealPlayer Browser Record Plugin Dossier : C:\Program Files\Real\RealPlayer\browserrecord\ Etat : actif Nom : Java Quick Starter Dossier : C:\Program Files\Java\jre6\lib\deploy\jqs\ff\ Etat : actif Nom : Microsoft .NET Framework Assistant Dossier : c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ Etat : Inactif Nom : Neofox IE 6 Dossier : C:\Documents and Settings\anthony\Application Data\mozilla\firefox\Profiles\7vik75ew.default\extensions\{3EB655F8-A508-11DB-8BC6-FD5B55D89593}\ Etat : Inactif //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : default ======= Recherche dans "prefs.js" : browser.search.defaultenginename : "Ask.com" browser.search.defaulturl : browser.search.selectedEngine : "Google" keyword.URL : "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" keyword.enable : --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Documents and Settings\anthony\Application Data\mozilla\firefox\Profiles\7vik75ew.default\searchplugins\askcom.xml Template : http://websearch.ask.com/redirect?client C:\Documents and Settings\anthony\Application Data\mozilla\firefox\Profiles\7vik75ew.default\searchplugins\live-search.xml Template : http://search.live.com/results.aspx ================================================================================ = ---------- Compte utilisateur : HelpAssistant ================================================================================ = Profil : default Dossier du profil : C:\Documents and Settings\HelpAssistant\Application Data\mozilla\firefox\Profiles\7vik75ew.default\ Pages de démarrage prefs.js : "http://fr.msn.com/" //////////// Configuration \\\\\\\\\\\\\ ======= Profil : default ======= Mise à jour Firefox : Activé Mise à jour des modules complémentaires : Activé Mise à jour des moteurs de recherche : Activé Java : Activé Javascript : Activé Proxy : Pas de Proxy //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : default ======= La notification d'installation des modules complémentaires est activée Nom : Microsoft .NET Framework Assistant Dossier : C:\Documents and Settings\anthony\Application Data\mozilla\firefox\Profiles\7vik75ew.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ Etat : Inactif Nom : Default Dossier : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ Etat : actif Nom : RealPlayer Browser Record Plugin Dossier : C:\Program Files\Real\RealPlayer\browserrecord\ Etat : actif Nom : Neofox IE 6 Dossier : C:\Documents and Settings\HelpAssistant\Application Data\mozilla\firefox\Profiles\7vik75ew.default\extensions\{3EB655F8-A508-11DB-8BC6-FD5B55D89593}\ Etat : actif //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : default ======= Recherche dans "prefs.js" : browser.search.defaultenginename : browser.search.defaulturl : browser.search.selectedEngine : "Live Search" keyword.URL : "http://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=" keyword.enable : --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Documents and Settings\HelpAssistant\Application Data\mozilla\firefox\Profiles\7vik75ew.default\searchplugins\live-search.xml Template : http://search.live.com/results.aspx ================================================================================ = ---------- Compte utilisateur : HelpAssistant.AURLIE ================================================================================ = Profil : AURLIE\Application Data\mozilla\firefox\Profiles\7vik75ew Dossier du profil : C:\Documents and Settings\HelpAssistant.AURLIE\Application Data\mozilla\firefox\Profiles\7vik75ew\ //////////// Configuration \\\\\\\\\\\\\ ======= Profil : AURLIE\Application Data\mozilla\firefox\Profiles\7vik75ew ======= Mise à jour Firefox : Activé Mise à jour des modules complémentaires : Activé Mise à jour des moteurs de recherche : Activé Java : Activé Javascript : Activé Proxy : Pas de Proxy //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : AURLIE\Application Data\mozilla\firefox\Profiles\7vik75ew ======= La notification d'installation des modules complémentaires est activée //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : AURLIE\Application Data\mozilla\firefox\Profiles\7vik75ew ======= Recherche dans "prefs.js" : browser.search.defaultenginename : browser.search.defaulturl : browser.search.selectedEngine : keyword.URL : keyword.enable : --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur ================================================================================ = ---------- Section commune ================================================================================ = //////////// DLL présentes dans C:\Program Files\Mozilla Firefox\components \\\\\\\\\\\\\ browserdirprovider.dll brwsrcmp.dll ------------------------------------------------------ //////////// Plugins de recherche \\\\\\\\\\\\\ --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml Template : http://www.amazon.fr/exec/obidos/external-search/ C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml Template : http://www.cnrtl.fr/lexicographie/{searchTerms} C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml Template : http://rover.ebay.com/rover/1/709-47295-17703-3/4 C:\Program Files\Mozilla Firefox\searchplugins\google.xml Template : http://www.google.com/search C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml Template : http://fr.wikipedia.org/wiki/Special:Recherche C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml Template : http://fr.search.yahoo.com/search ------------------------------------------------------ //////////// Plugins configurés dans la Base de registre \\\\\\\\\\\\\ [HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/FlashPlayer] "Description"="Adobe® Flash® Player 10" "Vendor"="Adobe Systems Incorporated" "Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@google.com/npPicasa3,version=3.0.0] "Description"="Picasa3 plugin" "Vendor"="Google, Inc." "Path"="C:\Program Files\Google\Picasa3\npPicasa3.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@ma-config.com/HardwareDetection] "Description"="Détection de sa configuration" "Vendor"="CybelSoft" "Path"="C:\Program Files\ma-config.com\nphardwaredetection.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WPF,version=3.5] "Description"="Windows Presentation Foundation plug-in for Mozilla browsers" "Vendor"="Microsoft Corp." "Path"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nppl3260;version=6.0.12.69] "Description"="RealPlayer LiveConnect-Enabled Plug-In" "Vendor"="RealNetworks" "Path"="C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprjplug;version=1.0.3.69] "Description"="RealJukebox Netscape Plugin" "Vendor"="RealNetworks" "Path"="C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprpjplug;version=6.0.12.69] "Description"="6.0.12.69" "Vendor"="RealNetworks" "Path"="C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nsJSRealPlayerPlugin;version=] [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/RhapsodyPlayerEngine,version=1.1] "Description"="Rhapsody Control" "Vendor"="RealNetworks" "Path"="C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll" [HKEY_CURRENT_USER\software\mozillaplugins\@adobe.com/FlashPlayer] "Description"="Adobe Flash Player 9.0" "Vendor"="Adobe Systems Inc." "Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" ------------------------------------------------------ //////////// Recherche additionnelles... \\\\\\\\\\\\\ ==== Extension supplémentaire ==== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.5.6\extensions] =========================== Fin du rapport =========================== -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
J'ai toujours un probleme pour demarrer le pc en mode sans échecs seul le mode avec prise en charge réseau ne plante pas... Voila le rapport maleware mais m'a encore ecrit : "malewarebite a rencontré un probleme et doit fermer" puis "le fichier drwtsn32.exe a rencontré un probleme et doit fermer" lorsque je veux supprimer la liste d'éléments infectés... Pour firefox par exemple je ne peux même plus acceder aux messages que tu me postes donc je le fais avec Internet explorer. voila le scan maleware : Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3418 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 27/12/2009 02:59:03 mbam-log-2009-12-27 (02-58-58).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 221491 Temps écoulé: 35 minute(s), 3 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 6 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Zeldar (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Program Files\eChanblard\EvID4226Patch.exe (Malware.Tool) -> No action taken. C:\_OTM\MovedFiles\12232009_200452\C_WINDOWS\msa.exe (Trojan.Fraudpack) -> No action taken. C:\WINDOWS\youtubex.dll (Trojan.Agent) -> No action taken. -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
Oui, j'ai toujours des redirection surtout à partir de google... Voici le rapport et encore merci pour ton aide : GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2009-12-27 00:54:24 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\anthony\LOCALS~1\Temp\pxldrpog.sys ---- System - GMER 1.0.15 ---- SSDT F7C93C26 ZwCreateKey SSDT F7C93C1C ZwCreateThread SSDT F7C93C2B ZwDeleteKey SSDT F7C93C35 ZwDeleteValueKey SSDT F7C93C3A ZwLoadKey SSDT F7C93C08 ZwOpenProcess SSDT F7C93C0D ZwOpenThread SSDT F7C93C44 ZwReplaceKey SSDT F7C93C3F ZwRestoreKey SSDT F7C93C30 ZwSetValueKey SSDT F7C93C17 ZwTerminateProcess ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[408] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 006B299A .text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[408] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 006B294A .text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[408] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 006B290E .text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[408] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 006B28F2 .text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[408] WS2_32.dll!send 719F4C27 5 Bytes JMP 006B277E .text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[408] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 006B2870 .text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[408] WS2_32.dll!recv 719F676F 5 Bytes JMP 006B27B6 .text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[408] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 006B27EE .text C:\Program Files\Windows Media Player\WMPNetwk.exe[1300] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 0143299A .text C:\Program Files\Windows Media Player\WMPNetwk.exe[1300] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 0143294A .text C:\Program Files\Windows Media Player\WMPNetwk.exe[1300] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 0143290E .text C:\Program Files\Windows Media Player\WMPNetwk.exe[1300] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 014328F2 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[1300] WS2_32.dll!send 719F4C27 5 Bytes JMP 0143277E .text C:\Program Files\Windows Media Player\WMPNetwk.exe[1300] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 01432870 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[1300] WS2_32.dll!recv 719F676F 5 Bytes JMP 014327B6 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[1300] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 014327EE .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1400] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 0103299A .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1400] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 0103294A .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1400] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 0103290E .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1400] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 010328F2 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1400] WS2_32.dll!send 719F4C27 5 Bytes JMP 0103277E .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1400] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 01032870 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1400] WS2_32.dll!recv 719F676F 5 Bytes JMP 010327B6 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1400] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 010327EE .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1600] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 01B2299A .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1600] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 01B2294A .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1600] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 01B2290E .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1600] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01B228F2 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1600] WS2_32.dll!send 719F4C27 5 Bytes JMP 01B2277E .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1600] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 01B22870 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1600] WS2_32.dll!recv 719F676F 5 Bytes JMP 01B227B6 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1600] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 01B227EE .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 01DB299A .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 01DB294A .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 01DB290E .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01DB28F2 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] WS2_32.dll!send 719F4C27 5 Bytes JMP 01DB277E .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 01DB2870 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] WS2_32.dll!recv 719F676F 5 Bytes JMP 01DB27B6 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 01DB27EE .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1780] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 0096299A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1780] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 0096294A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1780] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 0096290E .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1780] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 009628F2 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1780] WS2_32.dll!send 719F4C27 5 Bytes JMP 0096277E .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1780] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00962870 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1780] WS2_32.dll!recv 719F676F 5 Bytes JMP 009627B6 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1780] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 009627EE .text C:\Program Files\Java\jre6\bin\jqs.exe[2020] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 023728F2 .text C:\Program Files\Java\jre6\bin\jqs.exe[2020] WS2_32.dll!send 719F4C27 5 Bytes JMP 0237277E .text C:\Program Files\Java\jre6\bin\jqs.exe[2020] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 02372870 .text C:\Program Files\Java\jre6\bin\jqs.exe[2020] WS2_32.dll!recv 719F676F 5 Bytes JMP 023727B6 .text C:\Program Files\Java\jre6\bin\jqs.exe[2020] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 023727EE .text C:\Program Files\Java\jre6\bin\jqs.exe[2020] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 0237299A .text C:\Program Files\Java\jre6\bin\jqs.exe[2020] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 0237294A .text C:\Program Files\Java\jre6\bin\jqs.exe[2020] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 0237290E .text C:\Program Files\Java\jre6\bin\jusched.exe[2520] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 00CA299A .text C:\Program Files\Java\jre6\bin\jusched.exe[2520] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 00CA294A .text C:\Program Files\Java\jre6\bin\jusched.exe[2520] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 00CA290E .text C:\Program Files\Java\jre6\bin\jusched.exe[2520] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00CA28F2 .text C:\Program Files\Java\jre6\bin\jusched.exe[2520] WS2_32.dll!send 719F4C27 5 Bytes JMP 00CA277E .text C:\Program Files\Java\jre6\bin\jusched.exe[2520] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00CA2870 .text C:\Program Files\Java\jre6\bin\jusched.exe[2520] WS2_32.dll!recv 719F676F 5 Bytes JMP 00CA27B6 .text C:\Program Files\Java\jre6\bin\jusched.exe[2520] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00CA27EE .text C:\Program Files\SFR\Media Center\MediaCenter.exe[2664] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 00D6299A .text C:\Program Files\SFR\Media Center\MediaCenter.exe[2664] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 00D6294A .text C:\Program Files\SFR\Media Center\MediaCenter.exe[2664] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 00D6290E .text C:\Program Files\SFR\Media Center\MediaCenter.exe[2664] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00D628F2 .text C:\Program Files\SFR\Media Center\MediaCenter.exe[2664] WS2_32.dll!send 719F4C27 5 Bytes JMP 00D6277E .text C:\Program Files\SFR\Media Center\MediaCenter.exe[2664] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00D62870 .text C:\Program Files\SFR\Media Center\MediaCenter.exe[2664] WS2_32.dll!recv 719F676F 5 Bytes JMP 00D627B6 .text C:\Program Files\SFR\Media Center\MediaCenter.exe[2664] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00D627EE .text C:\Program Files\SFR\Media Center\httpd\httpd.exe[2724] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 014F299A .text C:\Program Files\SFR\Media Center\httpd\httpd.exe[2724] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 014F294A .text C:\Program Files\SFR\Media Center\httpd\httpd.exe[2724] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 014F290E .text C:\Program Files\SFR\Media Center\httpd\httpd.exe[2724] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 014F28F2 .text C:\Program Files\SFR\Media Center\httpd\httpd.exe[2724] WS2_32.dll!send 719F4C27 5 Bytes JMP 014F277E .text C:\Program Files\SFR\Media Center\httpd\httpd.exe[2724] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 014F2870 .text C:\Program Files\SFR\Media Center\httpd\httpd.exe[2724] WS2_32.dll!recv 719F676F 5 Bytes JMP 014F27B6 .text C:\Program Files\SFR\Media Center\httpd\httpd.exe[2724] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 014F27EE .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2844] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 00CD299A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2844] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 00CD294A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2844] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 00CD290E .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2844] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00CD28F2 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2844] WS2_32.dll!send 719F4C27 5 Bytes JMP 00CD277E .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2844] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00CD2870 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2844] WS2_32.dll!recv 719F676F 5 Bytes JMP 00CD27B6 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2844] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00CD27EE .text C:\WINDOWS\System32\alg.exe[2924] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 00B3299A .text C:\WINDOWS\System32\alg.exe[2924] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 00B3294A .text C:\WINDOWS\System32\alg.exe[2924] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 00B3290E .text C:\WINDOWS\System32\alg.exe[2924] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00B328F2 .text C:\WINDOWS\System32\alg.exe[2924] WS2_32.dll!send 719F4C27 5 Bytes JMP 00B3277E .text C:\WINDOWS\System32\alg.exe[2924] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00B32870 .text C:\WINDOWS\System32\alg.exe[2924] WS2_32.dll!recv 719F676F 5 Bytes JMP 00B327B6 .text C:\WINDOWS\System32\alg.exe[2924] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00B327EE .text C:\WINDOWS\system32\wuauclt.exe[3096] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 00ED299A .text C:\WINDOWS\system32\wuauclt.exe[3096] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 00ED294A .text C:\WINDOWS\system32\wuauclt.exe[3096] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 00ED290E .text C:\WINDOWS\system32\wuauclt.exe[3096] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00ED28F2 .text C:\WINDOWS\system32\wuauclt.exe[3096] WS2_32.dll!send 719F4C27 5 Bytes JMP 00ED277E .text C:\WINDOWS\system32\wuauclt.exe[3096] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00ED2870 .text C:\WINDOWS\system32\wuauclt.exe[3096] WS2_32.dll!recv 719F676F 5 Bytes JMP 00ED27B6 .text C:\WINDOWS\system32\wuauclt.exe[3096] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00ED27EE .text C:\WINDOWS\system32\lxcrcoms.exe[3488] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 00F9299A .text C:\WINDOWS\system32\lxcrcoms.exe[3488] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 00F9294A .text C:\WINDOWS\system32\lxcrcoms.exe[3488] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 00F9290E .text C:\WINDOWS\system32\lxcrcoms.exe[3488] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00F928F2 .text C:\WINDOWS\system32\lxcrcoms.exe[3488] WS2_32.dll!send 719F4C27 5 Bytes JMP 00F9277E .text C:\WINDOWS\system32\lxcrcoms.exe[3488] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00F92870 .text C:\WINDOWS\system32\lxcrcoms.exe[3488] WS2_32.dll!recv 719F676F 5 Bytes JMP 00F927B6 .text C:\WINDOWS\system32\lxcrcoms.exe[3488] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00F927EE .text C:\WINDOWS\system32\Ati2evxx.exe[3700] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 010A299A .text C:\WINDOWS\system32\Ati2evxx.exe[3700] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 010A294A .text C:\WINDOWS\system32\Ati2evxx.exe[3700] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 010A290E .text C:\WINDOWS\system32\Ati2evxx.exe[3700] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 010A28F2 .text C:\WINDOWS\system32\Ati2evxx.exe[3700] WS2_32.dll!send 719F4C27 5 Bytes JMP 010A277E .text C:\WINDOWS\system32\Ati2evxx.exe[3700] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 010A2870 .text C:\WINDOWS\system32\Ati2evxx.exe[3700] WS2_32.dll!recv 719F676F 5 Bytes JMP 010A27B6 .text C:\WINDOWS\system32\Ati2evxx.exe[3700] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 010A27EE .text C:\WINDOWS\Explorer.EXE[4004] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 0096299A .text C:\WINDOWS\Explorer.EXE[4004] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 0096294A .text C:\WINDOWS\Explorer.EXE[4004] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 0096290E .text C:\WINDOWS\Explorer.EXE[4004] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 009628F2 .text C:\WINDOWS\Explorer.EXE[4004] WS2_32.dll!send 719F4C27 5 Bytes JMP 0096277E .text C:\WINDOWS\Explorer.EXE[4004] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00962870 .text C:\WINDOWS\Explorer.EXE[4004] WS2_32.dll!recv 719F676F 5 Bytes JMP 009627B6 .text C:\WINDOWS\Explorer.EXE[4004] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 009627EE ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8619E7C0 Device \Driver\atapi \Device\Ide\IdePort0 8619E7C0 Device \Driver\atapi \Device\Ide\IdePort1 8619E7C0 Device \Driver\atapi \Device\Ide\IdePort2 8619E7C0 Device \Driver\atapi \Device\Ide\IdePort3 8619E7C0 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 8619E7C0 Device \FileSystem\Cdfs \Cdfs EEBE5400 Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior; ---- EOF - GMER 1.0.15 ---- -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
Désolé pour la lenteur de mes réponses mais je galère pour accéder au forum car je suis sans cesse rediriger ( scour, widjetlibrairies, etc...) Je n'arrive pas à lancer mon pc en mode sans echec, ilplante avec un écran noir et un tirait gris qui clignotte en ahut à gauche. Voice le rapport antivir : Avira AntiVir Personal Date de création du fichier de rapport : jeudi 24 décembre 2009 12:33 La recherche porte sur 1470217 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows XP Version de Windows : (Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : AURÉLIE Informations de version : BUILD.DAT : 9.0.0.74 21698 Bytes 04/12/2009 13:56:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 20/12/2009 11:01:42 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 10:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 11:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 10:21:31 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 11:01:39 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 11:01:39 VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 11:01:39 VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 11:01:39 VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 11:01:39 VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 11:01:39 VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 11:01:39 VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 11:01:39 VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 11:01:39 VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 11:01:39 VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 11:01:39 VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 11:01:39 VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 11:01:39 VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 11:01:39 VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 11:01:39 VBASE015.VDF : 7.10.1.178 195584 Bytes 07/12/2009 11:01:39 VBASE016.VDF : 7.10.1.224 183296 Bytes 14/12/2009 11:01:39 VBASE017.VDF : 7.10.1.247 182272 Bytes 15/12/2009 11:01:39 VBASE018.VDF : 7.10.2.30 198144 Bytes 21/12/2009 17:56:57 VBASE019.VDF : 7.10.2.31 2048 Bytes 21/12/2009 17:56:57 VBASE020.VDF : 7.10.2.32 2048 Bytes 21/12/2009 17:56:57 VBASE021.VDF : 7.10.2.33 2048 Bytes 21/12/2009 17:56:57 VBASE022.VDF : 7.10.2.34 2048 Bytes 21/12/2009 17:56:58 VBASE023.VDF : 7.10.2.35 2048 Bytes 21/12/2009 17:56:58 VBASE024.VDF : 7.10.2.36 2048 Bytes 21/12/2009 17:56:58 VBASE025.VDF : 7.10.2.37 2048 Bytes 21/12/2009 17:56:58 VBASE026.VDF : 7.10.2.38 2048 Bytes 21/12/2009 17:56:59 VBASE027.VDF : 7.10.2.39 2048 Bytes 21/12/2009 17:56:59 VBASE028.VDF : 7.10.2.40 2048 Bytes 21/12/2009 17:56:59 VBASE029.VDF : 7.10.2.41 2048 Bytes 21/12/2009 17:56:59 VBASE030.VDF : 7.10.2.42 2048 Bytes 21/12/2009 17:57:00 VBASE031.VDF : 7.10.2.57 144384 Bytes 23/12/2009 18:03:48 Version du moteur : 8.2.1.122 AEVDF.DLL : 8.1.1.2 106867 Bytes 20/12/2009 11:01:41 AESCRIPT.DLL : 8.1.3.4 586105 Bytes 22/12/2009 17:57:25 AESCN.DLL : 8.1.3.0 127348 Bytes 20/12/2009 11:01:41 AESBX.DLL : 8.1.1.1 246132 Bytes 20/12/2009 11:01:41 AERDL.DLL : 8.1.3.4 479605 Bytes 20/12/2009 11:01:41 AEPACK.DLL : 8.2.0.3 422261 Bytes 20/12/2009 11:01:41 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 20/12/2009 11:01:41 AEHEUR.DLL : 8.1.0.189 2195833 Bytes 22/12/2009 17:57:23 AEHELP.DLL : 8.1.9.0 237943 Bytes 20/12/2009 11:01:40 AEGEN.DLL : 8.1.1.82 369014 Bytes 22/12/2009 17:57:03 AEEMU.DLL : 8.1.1.0 393587 Bytes 20/12/2009 11:01:40 AECORE.DLL : 8.1.9.1 180598 Bytes 20/12/2009 11:01:39 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 14:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 20/12/2009 11:01:42 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 14:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 15:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 15:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 10:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 15:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 08:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 15:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 20/12/2009 11:01:38 RCTEXT.DLL : 9.0.73.0 88321 Bytes 20/12/2009 11:01:38 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Début de la recherche : jeudi 24 décembre 2009 12:33 La recherche d'objets cachés commence. '61496' objets ont été contrôlés, '0' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés Processus de recherche 'httpd.exe' - '1' module(s) sont contrôlés Processus de recherche 'httpd.exe' - '1' module(s) sont contrôlés Processus de recherche 'TPSBattM.exe' - '1' module(s) sont contrôlés Processus de recherche 'RAMASST.exe' - '1' module(s) sont contrôlés Processus de recherche 'MediaCenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'agrsmmsg.exe' - '1' module(s) sont contrôlés Processus de recherche 'atiptaxx.exe' - '1' module(s) sont contrôlés Processus de recherche 'RTHDCPL.exe' - '1' module(s) sont contrôlés Processus de recherche 'issch.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmpnetwk.exe' - '1' module(s) sont contrôlés Processus de recherche 'TAPPSRV.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'HPZipm12.exe' - '1' module(s) sont contrôlés Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'DVDRAMSV.exe' - '1' module(s) sont contrôlés Processus de recherche 'CFSvcs.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'acs.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '44' processus ont été contrôlés avec '44' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '56' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\hiberfil.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP388\A0335421.dll [RESULTAT] Contient le cheval de Troie TR/PSW.Sinowal.38912Q.1 C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP394\A0360045.dll [RESULTAT] Contient le cheval de Troie TR/Dldr.Agent.278 C:\temp\FixEngine\{417C4BB3-4224-4FFA-89B9-BCD383ED9408}\ddeinstall.fab [0] Type d'archive: CAB (Microsoft) --> Setup.exe [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. Début de la désinfection : C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP388\A0335421.dll [RESULTAT] Contient le cheval de Troie TR/PSW.Sinowal.38912Q.1 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b66628d.qua' ! C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP394\A0360045.dll [RESULTAT] Contient le cheval de Troie TR/Dldr.Agent.278 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a0e6d0e.qua' ! Fin de la recherche : jeudi 24 décembre 2009 13:45 Temps nécessaire: 1:04:56 Heure(s) La recherche a été effectuée intégralement 9153 Les répertoires ont été contrôlés 290792 Des fichiers ont été contrôlés 2 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 2 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 2 Impossible de contrôler des fichiers 290788 Fichiers non infectés 8057 Les archives ont été contrôlées 4 Avertissements 4 Consignes 61496 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés ainsi que le rapport rsit : Logfile of random's system information tool 1.06 (written by random/random) Run by anthony at 2009-12-24 14:41:31 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 23 GB (24%) free of 95 GB Total RAM: 958 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:41:52, on 24/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SFR\Media Center\MediaCenter.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\anthony\Bureau\sécurité\RSIT.exe C:\Documents and Settings\anthony\Mes documents\Téléchargements\anthony.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/telechargement/tele...nt-photoweb.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 6756 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\GlaryInitialize.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}] Lexmark Barre d'outils - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-05-25 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-01 110652] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-13 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-13 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Barre d'outils - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920] "TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-08-03 266240] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-11-10 15473664] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-13 148888] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Neuf Media Center"=C:\Program Files\SFR\Media Center\MediaCenter.exe [2008-10-10 726336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-02-07 98304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-02-02 290816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2006-03-06 286720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-08-30 1077328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [2005-05-17 118784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1024000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-14 98394] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2005-12-08 352256] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-05-25 198160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-11 65536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [2005-11-30 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2] C:\Program Files\Windows Media Connect 2\WMCCFG.exe [2006-10-18 8704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^RAMASST.lnk] C:\WINDOWS\system32\RAMASST.exe [2004-08-28 155648] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] C:\WINDOWS\system32\NavLogon.dll [2001-09-24 45056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "BackupNoCDBurning"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\i-Media\ims.exe"="C:\Program Files\i-Media\ims.exe:*:Disabled:i-Minitel Serveur" "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000" "C:\Program Files\eChanblard\emule.exe"="C:\Program Files\eChanblard\emule.exe:*:Enabled:eMule" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe"="C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Disabled:ConfigFree SUMMIT Engine" "C:\Program Files\Transcode360\Transcode360Tray.exe"="C:\Program Files\Transcode360\Transcode360Tray.exe:*:Disabled: " "C:\Program Files\TwonkyMedia\TwonkyMedia.exe"="C:\Program Files\TwonkyMedia\TwonkyMedia.exe:*:Disabled:TwonkyMedia" "C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe"="C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe:*:Disabled:TwonkyMediaServer" "C:\Program Files\Outlook Express\msimn.exe"="C:\Program Files\Outlook Express\msimn.exe:*:Disabled:Outlook Express" "C:\Documents and Settings\anthony\Local Settings\Temp\Rar$EX02.938\SopCast\SopCast.exe"="C:\Documents and Settings\anthony\Local Settings\Temp\Rar$EX02.938\SopCast\SopCast.exe:*:Disabled:SoP Client" "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player" "C:\WINDOWS\system32\dlcccoms.exe"="C:\WINDOWS\system32\dlcccoms.exe:*:Enabled:Dell 924 Server" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\OneSwarm\OneSwarm.exe"="C:\Program Files\OneSwarm\OneSwarm.exe:*:Enabled:OneSwarm" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\SFR\Media Center\httpd\httpd.exe"="C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5296fc77-6ddb-11dd-9b32-0011f5efba0f}] shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{603e515c-f26c-11da-9864-0011f5efba0f}] shell\AutoRun\command - E:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6747e591-f061-11dc-9b06-0011f5efba0f}] shell\AutoRun\command - F:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a516fbe1-70e3-11dc-9a9b-0011f5efba0f}] shell\AutoRun\command - E:\.pspware\PSPWareLauncher.exe ======List of files/folders created in the last 1 months====== 2009-12-23 20:04:52 ----D---- C:\_OTM 2009-12-22 14:47:15 ----D---- C:\rsit 2009-12-20 20:34:30 ----D---- C:\Program Files\Microsoft 2009-12-20 20:33:58 ----D---- C:\Program Files\Windows Live 2009-12-20 11:40:58 ----D---- C:\Program Files\Avira 2009-12-20 11:40:58 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-12-19 21:40:09 ----A---- C:\WINDOWS\is-P0LGU.exe 2009-12-19 14:31:52 ----A---- C:\cleannavi.txt 2009-12-18 01:12:36 ----D---- C:\Documents and Settings\anthony\Application Data\uTorrent 2009-12-13 22:57:37 ----D---- C:\Documents and Settings\anthony\Application Data\Malwarebytes 2009-12-13 22:57:28 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-12-13 22:57:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-12-13 21:53:07 ----A---- C:\FindyKill.txt 2009-12-13 21:38:08 ----D---- C:\FindyKill 2009-12-08 23:33:09 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite 2009-12-08 23:33:08 ----D---- C:\Documents and Settings\anthony\Application Data\PC Suite 2009-12-08 23:31:34 ----A---- C:\WINDOWS\system32\DIFxAPI.dll 2009-12-08 23:31:28 ----A---- C:\WINDOWS\system32\nmwcdcls.dll 2009-12-08 23:30:42 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers 2009-12-08 23:30:41 ----D---- C:\Program Files\DIFX 2009-12-08 23:30:33 ----A---- C:\WINDOWS\system32\FsUsbExService.Exe 2009-12-08 23:30:33 ----A---- C:\WINDOWS\system32\FsUsbExDevice.Dll 2009-12-08 23:30:13 ----D---- C:\Documents and Settings\anthony\Application Data\Samsung 2009-12-08 23:29:43 ----D---- C:\Program Files\MarkAny 2009-12-08 23:29:39 ----D---- C:\Program Files\PC Connectivity Solution 2009-12-08 23:28:43 ----D---- C:\Program Files\Samsung 2009-12-04 14:22:52 ----D---- C:\Documents and Settings\anthony\Application Data\vlc ======List of files/folders modified in the last 1 months====== 2009-12-24 14:41:39 ----D---- C:\WINDOWS\Prefetch 2009-12-24 14:27:27 ----D---- C:\Program Files\Mozilla Firefox 2009-12-24 14:22:19 ----D---- C:\WINDOWS\Temp 2009-12-24 14:21:18 ----D---- C:\WINDOWS 2009-12-24 13:51:06 ----D---- C:\WINDOWS\system32\Lang 2009-12-24 13:50:28 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-24 13:50:07 ----D---- C:\WINDOWS\system32\DLA 2009-12-24 13:48:25 ----N---- C:\WINDOWS\SchedLgU.Txt 2009-12-23 20:07:19 ----D---- C:\WINDOWS\system32 2009-12-23 20:05:07 ----SD---- C:\WINDOWS\Tasks 2009-12-22 00:36:40 ----SHD---- C:\WINDOWS\Installer 2009-12-22 00:36:39 ----HD---- C:\Config.Msi 2009-12-22 00:36:37 ----D---- C:\WINDOWS\WinSxS 2009-12-20 20:34:30 ----AD---- C:\Program Files 2009-12-20 20:33:11 ----D---- C:\WINDOWS\Microsoft.NET 2009-12-20 20:23:06 ----D---- C:\Documents and Settings\anthony\Application Data\GlarySoft 2009-12-20 20:18:42 ----RSD---- C:\WINDOWS\assembly 2009-12-20 20:05:19 ----HD---- C:\WINDOWS\inf 2009-12-20 20:04:47 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-12-20 20:04:39 ----D---- C:\WINDOWS\system32\fr-fr 2009-12-20 20:04:39 ----D---- C:\Program Files\Internet Explorer 2009-12-20 20:04:00 ----D---- C:\WINDOWS\ie7updates 2009-12-20 13:16:09 ----D---- C:\Program Files\Navilog1 2009-12-20 12:27:04 ----D---- C:\WINDOWS\system32\drivers 2009-12-20 11:10:13 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-20 11:03:45 ----D---- C:\Program Files\Glary Utilities 2009-12-20 11:03:42 ----D---- C:\WINDOWS\Media 2009-12-20 11:03:42 ----D---- C:\WINDOWS\Help 2009-12-19 22:00:44 ----D---- C:\Documents and Settings\anthony\Application Data\dvdcss 2009-12-19 20:42:13 ----D---- C:\WINDOWS\ie8updates 2009-12-19 14:24:27 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-12-19 14:24:23 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-12-18 16:53:05 ----D---- C:\Program Files\lx_cats 2009-12-17 10:29:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-16 20:28:32 ----D---- C:\Documents and Settings 2009-12-16 20:10:32 ----D---- C:\WINDOWS\system32\config 2009-12-16 20:10:09 ----D---- C:\WINDOWS\system32\wbem 2009-12-16 20:10:09 ----D---- C:\WINDOWS\Registration 2009-12-16 20:08:43 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-16 20:08:42 ----D---- C:\Program Files\CCleaner 2009-12-16 20:04:35 ----D---- C:\WINDOWS\system32\Restore 2009-12-14 02:22:08 ----D---- C:\WINDOWS\mui 2009-12-13 20:59:27 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-12-13 20:59:27 ----D---- C:\Program Files\Virtools Web Player 3.5 2009-12-13 20:09:40 ----D---- C:\Program Files\Google 2009-12-13 20:06:24 ----HD---- C:\Program Files\InstallShield Installation Information 2009-12-13 20:04:14 ----D---- C:\Program Files\AoA Audio Extractor 2009-12-13 20:04:00 ----D---- C:\Program Files\Any Video Converter 2009-12-13 20:03:56 ----D---- C:\Documents and Settings\anthony\Application Data\Any Video Converter 2009-12-13 20:02:58 ----D---- C:\Program Files\Agree AVI WMV to FLV MP4 MPEG ASF MOV Converter 2009-12-13 13:25:01 ----ASH---- C:\boot.ini 2009-12-13 13:25:00 ----A---- C:\WINDOWS\win.ini 2009-12-13 13:25:00 ----A---- C:\WINDOWS\system.ini 2009-12-13 12:54:15 ----D---- C:\WINDOWS\system32\CatRoot 2009-12-13 03:28:49 ----D---- C:\WINDOWS\Debug 2009-12-12 14:13:04 ----D---- C:\Documents and Settings\anthony\Application Data\LimeWire 2009-12-12 02:30:07 ----A---- C:\WINDOWS\msdfmaps32.ini 2009-12-04 06:35:32 ----D---- C:\temp 2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628] R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-12-20 28520] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-06-01 17801] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-20 56816] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628] R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544] R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656] R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-09-12 468736] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-11 4064256] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-12-06 220032] R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144] R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2008-04-18 42512] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem; C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 31579] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SoC PC-Camera Service;CIF USB CAMERA; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-02-10 127692] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 38496] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACS;Service de configuration Atheros; C:\WINDOWS\system32\acs.exe [2005-07-07 36864] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-12-20 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-12-20 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928] R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-18 40960] R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-13 152984] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632] R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-08-10 35328] R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 lxcr_device;lxcr_device; C:\WINDOWS\system32\lxcrcoms.exe [2006-02-20 495616] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Encore merci pour votre aide -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
Merci beaucoup voila le rapport malaware : mais il plante à chaque suppression de liste... Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3418 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 24/12/2009 03:42:56 mbam-log-2009-12-24 (03-42-46).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 220133 Temps écoulé: 2 hour(s), 39 minute(s), 53 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 6 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Zeldar (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Program Files\eChanblard\EvID4226Patch.exe (Malware.Tool) -> No action taken. C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP394\A0360045.dll (Trojan.FakeAlert) -> No action taken. C:\_OTM\MovedFiles\12232009_200452\C_WINDOWS\msa.exe (Trojan.Fraudpack) -> No action taken. C:\WINDOWS\youtubex.dll (Trojan.Agent) -> No action taken. Le redémarre le pc et je fais un scan avec antivir en tout cas merci de l'aide -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
J'ai effectué l'analyse otm, j'ai un autre soucis, ca deveint de plus en plus difficile de se connecter à internet, antivir trouve un trojan dans sshnas.dll mais je ne sais pas quoi faire comme manip : ignorer, quarantaine, etc ... Malaware plante quand je ne veux supprimer les objets trouver il me dit qu' il y a un probleme avec drswtsn32. Voila le rapport : All processes killed Error: Unable to interpret <:first> in the current context! ========== PROCESSES ========== No active process named explorer.exe was found! Process msa.exe killed successfully! No active process named c.exe was found! ========== SERVICES/DRIVERS ========== Error: Unable to stop service SSHNAS! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSHNAS deleted successfully. Service tmcomm stopped successfully! Service tmcomm deleted successfully! ========== FILES ========== C:\WINDOWS\msa.exe moved successfully. File/Folder C:\DOCUME~1\anthony\LOCALS~1\Temp\c.exe not found. C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully. C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully. C:\WINDOWS\system32\sshnas.dll moved successfully. File/Folder C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Hyginfo.exe not found. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Updates deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Zeldar not found. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Hyginfo.exe deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5296fc79-6ddb-11dd-9b32-0011f5efba0f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5296fc79-6ddb-11dd-9b32-0011f5efba0f}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a743b44-55a8-11de-9b9e-0011f5efba0f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a743b44-55a8-11de-9b9e-0011f5efba0f}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: All Users User: anthony ->Temp folder emptied: 25199 bytes ->Temporary Internet Files folder emptied: 3089507 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 38940509 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: HelpAssistant ->Temp folder emptied: 5349096 bytes ->Temporary Internet Files folder emptied: 67649093 bytes ->Java cache emptied: 3502703 bytes ->FireFox cache emptied: 1040618 bytes User: HelpAssistant.AURÉLIE ->Temp folder emptied: 7934507 bytes ->Temporary Internet Files folder emptied: 22770441 bytes ->Java cache emptied: 3500661 bytes ->FireFox cache emptied: 30771335 bytes User: LocalService ->Temp folder emptied: 115616 bytes ->Temporary Internet Files folder emptied: 8869391 bytes User: NetworkService ->Temp folder emptied: 279008 bytes ->Temporary Internet Files folder emptied: 34712 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 2676224 bytes Windows Temp folder emptied: 564585 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23971358 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 211,00 mb OTM by OldTimer - Version 3.1.3.0 log created on 12232009_200452 Files moved on Reboot... File move failed. C:\WINDOWS\temp\$$$dq3e scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\$67we.$ scheduled to be moved on reboot. Registry entries deleted on Reboot... -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
Salut et merci voici le rapport log : Logfile of random's system information tool 1.06 (written by random/random) Run by anthony at 2009-12-22 14:47:15 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 23 GB (24%) free of 95 GB Total RAM: 958 MB (11% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:48:11, on 22/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\msa.exe C:\DOCUME~1\anthony\LOCALS~1\Temp\c.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SFR\Media Center\MediaCenter.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\anthony\Mes documents\Téléchargements\RSIT.exe C:\Documents and Settings\anthony\Mes documents\Téléchargements\anthony.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe" O4 - HKCU\..\Run: [Zeldar] C:\DOCUME~1\anthony\LOCALS~1\Temp\c.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/telechargement/tele...nt-photoweb.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfi...fig_3_5_3_0.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - http://jeuxmultijoueurs.orange.fr/Gameshel...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://62.147.231.194:40002/activex/AMC.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photostation.fr/aurigma/ImageUploader4.cab O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 8571 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\GlaryInitialize.job C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}] Lexmark Barre d'outils - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-05-25 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-01 110652] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-13 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-13 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Barre d'outils - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920] "TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-08-03 266240] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-11-10 15473664] "Microsoft Updates"=svehost.exe [] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-13 148888] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Neuf Media Center"=C:\Program Files\SFR\Media Center\MediaCenter.exe [2008-10-10 726336] "Zeldar"=C:\DOCUME~1\anthony\LOCALS~1\Temp\c.exe [2009-12-22 216064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-02-07 98304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-02-02 290816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2006-03-06 286720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-08-30 1077328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [2005-05-17 118784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1024000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-14 98394] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2005-12-08 352256] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-05-25 198160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-11 65536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [2005-11-30 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2] C:\Program Files\Windows Media Connect 2\WMCCFG.exe [2006-10-18 8704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^RAMASST.lnk] C:\WINDOWS\system32\RAMASST.exe [2004-08-28 155648] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] C:\WINDOWS\system32\NavLogon.dll [2001-09-24 45056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "BackupNoCDBurning"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\i-Media\ims.exe"="C:\Program Files\i-Media\ims.exe:*:Disabled:i-Minitel Serveur" "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000" "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Hyginfo.exe"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Hyginfo.exe:*:Disabled:Up-Dating FTP-HygieAA" "C:\Program Files\eChanblard\emule.exe"="C:\Program Files\eChanblard\emule.exe:*:Enabled:eMule" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe"="C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Disabled:ConfigFree SUMMIT Engine" "C:\Program Files\Transcode360\Transcode360Tray.exe"="C:\Program Files\Transcode360\Transcode360Tray.exe:*:Disabled: " "C:\Program Files\TwonkyMedia\TwonkyMedia.exe"="C:\Program Files\TwonkyMedia\TwonkyMedia.exe:*:Disabled:TwonkyMedia" "C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe"="C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe:*:Disabled:TwonkyMediaServer" "C:\Program Files\Outlook Express\msimn.exe"="C:\Program Files\Outlook Express\msimn.exe:*:Disabled:Outlook Express" "C:\Documents and Settings\anthony\Local Settings\Temp\Rar$EX02.938\SopCast\SopCast.exe"="C:\Documents and Settings\anthony\Local Settings\Temp\Rar$EX02.938\SopCast\SopCast.exe:*:Disabled:SoP Client" "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player" "C:\WINDOWS\system32\dlcccoms.exe"="C:\WINDOWS\system32\dlcccoms.exe:*:Enabled:Dell 924 Server" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\OneSwarm\OneSwarm.exe"="C:\Program Files\OneSwarm\OneSwarm.exe:*:Enabled:OneSwarm" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\SFR\Media Center\httpd\httpd.exe"="C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5296fc77-6ddb-11dd-9b32-0011f5efba0f}] shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5296fc79-6ddb-11dd-9b32-0011f5efba0f}] shell\AutoRun\command - WScript.exe {HCQ9D-TVCWX-X9QRG-J4B2Y-GR2TT-CM3HY-26VYW-6JRYC-X66GX-JVY2D}.vbs "AutoRun" shell\AutoRun1\command - WScript.exe {HCQ9D-TVCWX-X9QRG-J4B2Y-GR2TT-CM3HY-26VYW-6JRYC-X66GX-JVY2D}.vbs "AutoRun" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{603e515c-f26c-11da-9864-0011f5efba0f}] shell\AutoRun\command - E:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6747e591-f061-11dc-9b06-0011f5efba0f}] shell\AutoRun\command - F:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a743b44-55a8-11de-9b9e-0011f5efba0f}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL strongkey-rc1.3-build-208.exe shell\default\command - strongkey-rc1.3-build-208.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a516fbe1-70e3-11dc-9a9b-0011f5efba0f}] shell\AutoRun\command - E:\.pspware\PSPWareLauncher.exe ======List of files/folders created in the last 1 months====== 2009-12-22 14:47:15 ----D---- C:\rsit 2009-12-22 00:51:25 ----A---- C:\WINDOWS\msa.exe 2009-12-22 00:51:01 ----A---- C:\WINDOWS\system32\sshnas.dll 2009-12-20 20:34:30 ----D---- C:\Program Files\Microsoft 2009-12-20 20:33:58 ----D---- C:\Program Files\Windows Live 2009-12-20 11:40:58 ----D---- C:\Program Files\Avira 2009-12-20 11:40:58 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-12-19 21:40:09 ----A---- C:\WINDOWS\is-P0LGU.exe 2009-12-19 20:40:21 ----A---- C:\WINDOWS\imsins.BAK 2009-12-19 14:31:52 ----A---- C:\cleannavi.txt 2009-12-18 01:12:36 ----D---- C:\Documents and Settings\anthony\Application Data\uTorrent 2009-12-13 22:57:37 ----D---- C:\Documents and Settings\anthony\Application Data\Malwarebytes 2009-12-13 22:57:28 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-12-13 22:57:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-12-13 21:53:07 ----A---- C:\FindyKill.txt 2009-12-13 21:38:08 ----D---- C:\FindyKill 2009-12-08 23:33:09 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite 2009-12-08 23:33:08 ----D---- C:\Documents and Settings\anthony\Application Data\PC Suite 2009-12-08 23:31:34 ----A---- C:\WINDOWS\system32\DIFxAPI.dll 2009-12-08 23:31:28 ----A---- C:\WINDOWS\system32\nmwcdcls.dll 2009-12-08 23:30:42 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers 2009-12-08 23:30:41 ----D---- C:\Program Files\DIFX 2009-12-08 23:30:33 ----A---- C:\WINDOWS\system32\FsUsbExService.Exe 2009-12-08 23:30:33 ----A---- C:\WINDOWS\system32\FsUsbExDevice.Dll 2009-12-08 23:30:13 ----D---- C:\Documents and Settings\anthony\Application Data\Samsung 2009-12-08 23:29:43 ----D---- C:\Program Files\MarkAny 2009-12-08 23:29:39 ----D---- C:\Program Files\PC Connectivity Solution 2009-12-08 23:28:43 ----D---- C:\Program Files\Samsung 2009-12-04 14:22:52 ----D---- C:\Documents and Settings\anthony\Application Data\vlc ======List of files/folders modified in the last 1 months====== 2009-12-22 14:47:18 ----D---- C:\WINDOWS\Prefetch 2009-12-22 14:44:54 ----D---- C:\WINDOWS\Temp 2009-12-22 14:42:39 ----D---- C:\Program Files\Mozilla Firefox 2009-12-22 14:41:20 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-22 14:41:13 ----D---- C:\WINDOWS\system32\Lang 2009-12-22 14:40:36 ----SD---- C:\WINDOWS\Tasks 2009-12-22 14:40:06 ----D---- C:\WINDOWS\system32\DLA 2009-12-22 00:51:25 ----D---- C:\WINDOWS 2009-12-22 00:51:01 ----D---- C:\WINDOWS\system32 2009-12-22 00:36:40 ----SHD---- C:\WINDOWS\Installer 2009-12-22 00:36:39 ----HD---- C:\Config.Msi 2009-12-22 00:36:37 ----D---- C:\WINDOWS\WinSxS 2009-12-20 20:40:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-12-20 20:34:30 ----AD---- C:\Program Files 2009-12-20 20:33:11 ----D---- C:\WINDOWS\Microsoft.NET 2009-12-20 20:23:06 ----D---- C:\Documents and Settings\anthony\Application Data\GlarySoft 2009-12-20 20:18:42 ----RSD---- C:\WINDOWS\assembly 2009-12-20 20:05:19 ----HD---- C:\WINDOWS\inf 2009-12-20 20:04:47 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-12-20 20:04:39 ----D---- C:\WINDOWS\system32\fr-fr 2009-12-20 20:04:39 ----D---- C:\Program Files\Internet Explorer 2009-12-20 20:04:00 ----D---- C:\WINDOWS\ie7updates 2009-12-20 13:16:09 ----D---- C:\Program Files\Navilog1 2009-12-20 12:27:04 ----D---- C:\WINDOWS\system32\drivers 2009-12-20 11:10:13 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-20 11:03:45 ----D---- C:\Program Files\Glary Utilities 2009-12-20 11:03:42 ----D---- C:\WINDOWS\Media 2009-12-20 11:03:42 ----D---- C:\WINDOWS\Help 2009-12-19 22:00:44 ----D---- C:\Documents and Settings\anthony\Application Data\dvdcss 2009-12-19 20:42:13 ----D---- C:\WINDOWS\ie8updates 2009-12-19 14:24:27 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-12-19 14:24:23 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-12-18 16:53:05 ----D---- C:\Program Files\lx_cats 2009-12-17 10:29:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-16 20:28:32 ----D---- C:\Documents and Settings 2009-12-16 20:10:32 ----D---- C:\WINDOWS\system32\config 2009-12-16 20:10:09 ----D---- C:\WINDOWS\system32\wbem 2009-12-16 20:10:09 ----D---- C:\WINDOWS\Registration 2009-12-16 20:08:43 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-16 20:08:42 ----D---- C:\Program Files\CCleaner 2009-12-16 20:04:35 ----D---- C:\WINDOWS\system32\Restore 2009-12-14 02:22:08 ----D---- C:\WINDOWS\mui 2009-12-13 20:59:27 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-12-13 20:59:27 ----D---- C:\Program Files\Virtools Web Player 3.5 2009-12-13 20:09:40 ----D---- C:\Program Files\Google 2009-12-13 20:06:24 ----HD---- C:\Program Files\InstallShield Installation Information 2009-12-13 20:04:14 ----D---- C:\Program Files\AoA Audio Extractor 2009-12-13 20:04:00 ----D---- C:\Program Files\Any Video Converter 2009-12-13 20:03:56 ----D---- C:\Documents and Settings\anthony\Application Data\Any Video Converter 2009-12-13 20:02:58 ----D---- C:\Program Files\Agree AVI WMV to FLV MP4 MPEG ASF MOV Converter 2009-12-13 13:25:01 ----ASH---- C:\boot.ini 2009-12-13 13:25:00 ----A---- C:\WINDOWS\win.ini 2009-12-13 13:25:00 ----A---- C:\WINDOWS\system.ini 2009-12-13 12:54:15 ----D---- C:\WINDOWS\system32\CatRoot 2009-12-13 03:28:49 ----D---- C:\WINDOWS\Debug 2009-12-12 14:13:04 ----D---- C:\Documents and Settings\anthony\Application Data\LimeWire 2009-12-12 02:30:07 ----A---- C:\WINDOWS\msdfmaps32.ini 2009-12-04 06:35:32 ----D---- C:\temp 2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628] R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-12-20 28520] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-06-01 17801] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-20 56816] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628] R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544] R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656] R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-09-12 468736] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-11 4064256] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-12-06 220032] R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144] R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2008-04-18 42512] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem; C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 31579] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SoC PC-Camera Service;CIF USB CAMERA; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-02-10 127692] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 38496] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACS;Service de configuration Atheros; C:\WINDOWS\system32\acs.exe [2005-07-07 36864] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-12-20 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-12-20 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928] R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-18 40960] R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-13 152984] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632] R2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-08-10 35328] R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 lxcr_device;lxcr_device; C:\WINDOWS\system32\lxcrcoms.exe [2006-02-20 495616] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- ainsi que le rapport info info.txt logfile of random's system information tool 1.06 2009-12-22 14:48:28 ======Uninstall list====== -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} -->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{684CB795-C157-4E15-93D4-E26015FEF1EA}\Setup.exe" -l0x40c -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B} Adobe Reader 7.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B755EF7-F860-4F72-9A2D-5216CB48BA7C}\setup.exe" -l0x40c Assist TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x40c Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} Atheros Client Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x40c Atheros Wireless LAN MiniPCI card Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\setup.exe" -l0x40c ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CIF USB CAMERA-->C:\WINDOWS\CleanDev.exe C:\WINDOWS\DC3110.txt Commandes TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x40c UNINSTALL Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" dBpoweramp AAC Encoder-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp AAC Encoder.dat dBpoweramp m4a Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat dBpoweramp m4a Utilities-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Utilities.dat dBpoweramp m4b Audio book Encoder-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4b Audio book Encoder.dat dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat Gestion d'énergie TOSHIBA-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll" Glary Utilities 2.18.0.786-->"C:\Program Files\Glary Utilities\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" ImgBurn 2.3.2.0 Fr-->"C:\Program Files\ImgBurn\unins000.exe" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity\Plug-Ins\unins000.exe" Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Lexmark 2400 Series-->C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe Lexmark Barre d'outils-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll" LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe" Ma-Config.com-->MsiExec.exe /X{425FFD94-36BD-4933-881B-FE0B9DADF2B7} Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76} Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6} Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB} Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Manuels TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EB6332B-AF02-457C-A31C-835458C5B48B}\setup.exe" -l0x40c -removeonly Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C} Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe" Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Navilog1 3.5.2-->"C:\Program Files\Navilog1\unins000.exe" neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Olympus Digital Wave Player-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x40c Open Cellar-->MsiExec.exe /I{1F0944C8-C099-4E12-8F0C-617316731B58} Outil de diagnostic PC TOSHIBA-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu" Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" PhotoBox-->"C:\Program Files\PhotoBox\uninstall.exe" Pilote du DVD-RAM-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x40c DVD-RAM Driver Polaroid i532-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56CBF657-1A88-4A6A-B3FF-304B608DA076}\Setup.exe" PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x40c REMOVE Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly Réducteur de bruit lect. CD/DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x40c Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SFR - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe SFR - Media Center-->C:\Program Files\SFR\Media Center\uninstall.exe SigmaTel MSCN Audio Player-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}\setup.exe" -l0x40c -remove Solutions de télécopie Lexmark-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst Son virtuel TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x40c UNINSTALL TOSHIBA Hotkey Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x40c TOSHIBA Software Modem-->Tosmreg -U TOSHIBA TouchPad ON/Off Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x40c TOSHIBA Utilities-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x40c Touch and Launch-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\setup.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Utilitaire de zoom TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe" -l0x40c VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} Virtualis Crédit Mutuel-->C:\Program Files\Virtualis\Désinstallation Virtualis Crédit Mutuel Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: AURÉLIE Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service avast! Mail Scanner. Record Number: 5 Source Name: Service Control Manager Time Written: 20091211031915.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: AURÉLIE Event Code: 14204 Message: Le service ‘WMPNetworkSvc’ a démarré. Record Number: 4 Source Name: WMPNetworkSvc Time Written: 20091211031858.000000+060 Event Type: Informations User: Computer Name: AURÉLIE Event Code: 4201 Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{FDD105DF-D326-4EE7-98E8-15ACD79012D0} était connectée au réseau, et a lancé une opération normale sur la carte réseau. Record Number: 3 Source Name: Tcpip Time Written: 20091211031845.000000+060 Event Type: Informations User: Computer Name: AURÉLIE Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 2 Source Name: EventLog Time Written: 20091211031836.000000+060 Event Type: Informations User: Computer Name: AURÉLIE Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free. Record Number: 1 Source Name: EventLog Time Written: 20091211031836.000000+060 Event Type: Informations User: =====Application event log===== Computer Name: AURÉLIE Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 178 Source Name: SecurityCenter Time Written: 20090602194442.000000+120 Event Type: Informations User: Computer Name: AURÉLIE Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 177 Source Name: SecurityCenter Time Written: 20090602121248.000000+120 Event Type: Informations User: Computer Name: AURÉLIE Event Code: 701 Message: msnmsgr (508) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\anthony\Local Settings\Application Data\Microsoft\Messenger\rat_gondin@hotmail.fr\SharingMetadata\Working\database_F2A0_D41F_A0D3_E85D\dfsr.db'. Record Number: 176 Source Name: ESENT Time Written: 20090602050003.000000+120 Event Type: Informations User: Computer Name: AURÉLIE Event Code: 700 Message: msnmsgr (508) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\anthony\Local Settings\Application Data\Microsoft\Messenger\rat_gondin@hotmail.fr\SharingMetadata\Working\database_F2A0_D41F_A0D3_E85D\dfsr.db'. Record Number: 175 Source Name: ESENT Time Written: 20090602050003.000000+120 Event Type: Informations User: Computer Name: AURÉLIE Event Code: 701 Message: msnmsgr (508) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\anthony\Local Settings\Application Data\Microsoft\Messenger\rat_gondin@hotmail.fr\SharingMetadata\Working\database_F2A0_D41F_A0D3_E85D\dfsr.db'. Record Number: 174 Source Name: ESENT Time Written: 20090602040003.000000+120 Event Type: Informations User: ======Environment variables====== "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=1 "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\Ulead Systems\DVD "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=0d08 "QTJAVA"=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "windir"=%SystemRoot% -----------------EOF----------------- -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
Merci en tout cas pour votre réponse. J'ai donc enlevé avast et installer antivir comme le demandait le tuto Puis j'ai installé maleware mais par contre il a planté quand j'ai voulu supprimer la sélection. Si vous aviez un peu de temps j'aurais bien aimé que vous m'expliquiez l'interprétation du rapport hijack... Voici donc le rapport malaware : Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3355 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 14/12/2009 02:19:34 mbam-log-2009-12-14 (02-19-34).txt Type de recherche: Examen rapide Eléments examinés: 124589 Temps écoulé: 8 minute(s), 13 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft updates (Backdoor.Bot) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\anthony\Local Settings\Temp\laSo.dll (Malware.Packer) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant\Local Settings\Temp\laSo.dll (Malware.Packer) -> Quarantined and deleted successfully. C:\WINDOWS\youtubex.dll (Trojan.Agent) -> Quarantined and deleted successfully. -
redirection vers des sites de pub ou porno ???
ragondin a répondu à un(e) sujet de ragondin dans Analyses et éradication malwares
Voici le rapport hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:13:59, on 19/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SFR\Media Center\MediaCenter.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\lxcrcoms.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\anthony\Mes documents\Téléchargements\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\RunOnce: [iERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/telechargement/tele...nt-photoweb.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfi...fig_3_5_3_0.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - http://jeuxmultijoueurs.orange.fr/Gameshel...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://62.147.231.194:40002/activex/AMC.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photostation.fr/aurigma/ImageUploader4.cab O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 9335 bytes -
redirection vers des sites de pub ou porno ???
ragondin a posté un sujet dans Analyses et éradication malwares
Bonsoir, j'ai un petit soucis, depuis 3 jours,sous internet explorer lorsque je fais un recherche sur google, je suis constament rediriger vers des dites de pub ou porno !!! J'ai télécharger firefox, ca marche mieux mais parfois pour aller sur gmail , il refuse... Merci d'avance pour vos conseils éclairés