amy5770

Membres

Afficher le profil Afficher son activité

Compteur de contenus
5
Inscription
le 29 avril 2010
Dernière visite
le 12 mai 2010

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par amy5770

plus de wmv ni de recherche !

amy5770 a répondu à un(e) sujet de amy5770 dans Analyses et éradication malwares

super ! tout semble remarcher !!! (j'ai la fonction recherche qui remarche et wmv11 aussi ) voici le rapport combofix ComboFix 10-05-10.03 - LASRY 11/05/2010 14:17:23.1.1 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.958.606 [GMT 2:00] Lancé depuis: c:\documents and settings\LASRY\Bureau\amy5770.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LASRY\Local Settings\Application Data\Kosong.Bron.Tok.txt C:\LOG12.tmp C:\LOG1D.tmp C:\LOG1E.tmp C:\LOG28.tmp C:\LOG29.tmp C:\LOG38.tmp C:\LOG5.tmp C:\LOG6.tmp C:\LOG7.tmp C:\LOG98.tmp C:\LOG99.tmp c:\windows\system32\winspool.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-11 au 2010-05-11 )))))))))))))))))))))))))))))))))))) . 2010-05-05 15:28 . 2010-05-05 15:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\TeamViewer 2010-05-03 19:19 . 2010-05-03 19:19 -------- d-----w- C:\RESPBKUP 2010-05-03 18:58 . 2010-05-03 18:58 -------- d-----w- c:\program files\trend micro 2010-05-03 18:58 . 2010-05-03 18:58 -------- d-----w- C:\rsit 2010-05-03 18:08 . 2010-05-03 18:09 -------- d-----w- c:\documents and settings\LASRY\Application Data\Malwarebytes 2010-05-03 18:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-03 18:08 . 2010-05-03 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-03 18:08 . 2010-05-03 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-03 18:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-29 12:19 . 2010-04-29 12:19 -------- d-----w- c:\program files\ResponsaCD17b 2010-04-29 12:00 . 2010-04-29 12:00 388096 ----a-r- c:\documents and settings\LASRY\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-04-29 12:00 . 2010-04-29 12:00 -------- d-----w- c:\program files\hijack 2010-04-29 11:57 . 2010-04-29 11:57 -------- d-----w- c:\program files\WMV9_VCM 2010-04-29 11:51 . 2010-04-29 11:51 -------- d-----w- c:\program files\CCleaner 2010-04-27 17:17 . 2008-04-14 02:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2010-04-27 17:17 . 2010-04-27 17:17 47328 ----a-r- c:\documents and settings\LASRY\Application Data\Microsoft\Installer\{D416E000-D999-470A-BCAC-98E717CC1AFC}\ARPPRODUCTICON.exe 2010-04-27 17:17 . 2010-04-27 17:17 334048 ----a-r- c:\documents and settings\LASRY\Application Data\Microsoft\Installer\{D416E000-D999-470A-BCAC-98E717CC1AFC}\NewShortcut2_439CCEF89767436AB00754ACFDCFF417.exe 2010-04-27 17:17 . 2010-04-27 17:17 -------- d-----w- c:\program files\VirginMega 2010-04-27 17:17 . 2010-04-27 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations 2010-04-27 17:15 . 2010-04-27 17:15 -------- d-----w- c:\program files\Windows Media Connect 2 2010-04-27 17:14 . 2010-04-27 17:14 -------- d-----w- c:\windows\system32\drivers\UMDF 2010-04-27 17:14 . 2010-04-27 17:14 -------- d-----w- c:\windows\system32\LogFiles 2010-04-20 19:10 . 2010-04-20 19:10 -------- d-----w- C:\DBS 2010-04-19 18:05 . 2010-04-19 18:06 -------- d-----w- C:\?? ???? 2010-04-19 17:47 . 2010-04-19 17:47 -------- d-----w- c:\program files\Winamp 2010-04-19 17:47 . 2010-04-19 17:47 -------- d-----w- c:\documents and settings\LASRY\Application Data\Winamp 2010-04-18 08:18 . 2010-04-18 08:18 -------- d-----w- c:\documents and settings\LASRY\temp 2010-04-15 08:34 . 2010-04-15 08:34 -------- d-----w- C:\Shuki_II 2010-04-14 17:46 . 2010-04-14 17:46 -------- d-----w- c:\documents and settings\LASRY\Local Settings\Application Data\mywebsites.pro-FR 2010-04-14 17:46 . 2010-04-14 17:46 -------- d-----w- c:\program files\mywebsites.pro-FR 2010-04-14 17:23 . 2010-05-05 15:42 57344 ----a-w- c:\windows\system32\HCPS98Tool.dll 2010-04-14 17:23 . 2010-05-05 15:42 131072 ----a-w- c:\windows\system32\HCPSTool.dll 2010-04-14 17:23 . 2010-04-14 17:23 303104 ----a-w- c:\windows\system32\HCPSMng.exe 2010-04-13 09:32 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-04-13 09:22 . 2010-04-13 09:22 -------- d-----w- c:\program files\free-downloads.net 2010-04-13 09:22 . 2010-04-13 09:22 -------- d-----w- c:\program files\Conduit 2010-04-13 09:22 . 2010-04-13 09:22 -------- d-----w- c:\documents and settings\LASRY\Local Settings\Application Data\free-downloads.net 2010-04-13 09:22 . 2010-04-13 09:22 -------- d-----w- c:\documents and settings\LASRY\Local Settings\Application Data\Conduit 2010-04-13 09:22 . 2010-01-20 10:16 52224 ----a-w- c:\documents and settings\LASRY\Application Data\Mozilla\Firefox\Profiles\54vjea42.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll 2010-04-13 09:22 . 2010-01-20 10:16 101376 ----a-w- c:\documents and settings\LASRY\Application Data\Mozilla\Firefox\Profiles\54vjea42.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\RadioWMPCore.dll 2010-04-13 09:21 . 2010-04-13 09:21 -------- d-----w- c:\program files\Alcohol Soft 2010-04-13 09:18 . 2010-04-13 09:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-04-13 09:13 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-04-13 08:58 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-04-13 08:33 . 2010-04-13 08:33 -------- d-----w- c:\program files\ResponsaCD17 2010-04-13 08:26 . 2010-04-13 08:26 -------- d-----w- c:\documents and settings\LASRY\Application Data\Creative 2010-04-13 08:23 . 2010-04-13 08:23 -------- d-----w- c:\program files\Creative . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-20 19:20 . 2005-01-23 10:37 86862 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-20 19:20 . 2005-01-23 10:37 515380 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-09 12:46 . 2010-04-09 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON 2010-04-09 12:22 . 2010-04-09 12:22 -------- d-----w- c:\program files\SMC 2010-04-08 08:26 . 2008-03-28 10:13 110 ----a-w- c:\windows\CRUNX.BIN 2010-03-16 10:19 . 2007-05-20 10:20 69328 ----a-w- c:\documents and settings\STAGE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-16 10:19 . 2007-06-13 06:34 502 ----a-w- c:\documents and settings\All Users\Application Data\Ciel\Données Communes\pdf.dll 2010-03-11 12:34 . 2005-07-03 01:16 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:34 . 2004-08-05 03:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:34 . 2004-08-05 03:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-03-09 11:10 . 2004-08-05 03:00 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-02-24 13:11 . 2005-01-19 03:26 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 12:07 . 2005-03-02 17:08 2192000 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:07 . 2005-03-02 17:07 2068864 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:34 . 2004-08-05 03:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-05 03:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2008-02-28 12:30 . 2008-06-22 11:13 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll 2008-02-28 12:33 . 2008-06-22 11:13 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080] "{33727f97-486d-4d19-97c3-23f432ef93fc}"= "c:\program files\mywebsites.pro-FR\tbmywe.dll" [2009-11-09 2331672] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CLASSES_ROOT\clsid\{33727f97-486d-4d19-97c3-23f432ef93fc}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33727f97-486d-4d19-97c3-23f432ef93fc}] 2009-11-09 16:38 2331672 ----a-w- c:\program files\mywebsites.pro-FR\tbmywe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2009-12-31 09:53 2349080 ----a-w- c:\program files\free-downloads.net\tbfree.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080] "{33727f97-486d-4d19-97c3-23f432ef93fc}"= "c:\program files\mywebsites.pro-FR\tbmywe.dll" [2009-11-09 2331672] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CLASSES_ROOT\clsid\{33727f97-486d-4d19-97c3-23f432ef93fc}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080] "{33727F97-486D-4D19-97C3-23F432EF93FC}"= "c:\program files\mywebsites.pro-FR\tbmywe.dll" [2009-11-09 2331672] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CLASSES_ROOT\clsid\{33727f97-486d-4d19-97c3-23f432ef93fc}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WATCHPNP_Xerox"="watchPnp.exe Xerox" [X] "SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "nwiz"="nwiz.exe" [2005-11-11 1519616] "AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-01-19 110592] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497] "\\Lasry-ath\EPSON Stylus Photo R240 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE" [2005-04-25 98304] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-22 28672] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Num‚risation PC.lnk - c:\windows\ScanToPc.exe [2008-10-29 57344] SMCWUSB-G 802.11g Wireless USB Utility.lnk - c:\program files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe [2006-6-26 610304] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\MSMSGS.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"= "c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [07/10/2009 13:50 185640] R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [09/04/2010 15:20 7424] R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [09/04/2010 15:20 170368] R3 ZD1211BU(Atheros);Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [11/04/2008 20:52 722432] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/04/2010 11:18 691696] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 11:12 25088] S3 V0350Afx;Creative Camera VF0350 Audio Effects Driver;c:\windows\system32\drivers\V0350Afx.sys [09/04/2010 15:20 160768] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uStart Page = hxxp://myhomewebs.com uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://myhomewebs.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Tout télécharger avec Free Download Manager - file://c:\documents and settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlall.htm IE: Télécharger avec Free Download Manager - file://c:\documents and settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dllink.htm IE: Télécharger la sélection avec Free Download Manager - file://c:\documents and settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlselected.htm IE: Télécharger la vidéo avec Free Download Manager - file://c:\documents and settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlfvideo.htm DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\LASRY\Application Data\Mozilla\Firefox\Profiles\54vjea42.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - free-downloads.net Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q= FF - component: c:\documents and settings\LASRY\Application Data\Mozilla\Firefox\Profiles\54vjea42.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll FF - component: c:\documents and settings\LASRY\Application Data\Mozilla\Firefox\Profiles\54vjea42.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\RadioWMPCore.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-Cobian Backup 9 - c:\program files\Cobian Backup 9\Cobian.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-11 14:22 Windows 5.1.2600 Service Pack 3 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Heure de fin: 2010-05-11 14:24:02 ComboFix-quarantined-files.txt 2010-05-11 12:24 Avant-CF: 42 025 746 432 octets libres Après-CF: 42 203 316 224 octets libres - - End Of File - - C39A1223D92A1F6A5066026DFDCFEE39 MERCI BCP !!!!!!
- le 11 mai 2010
- 7 réponses
plus de wmv ni de recherche !

amy5770 a répondu à un(e) sujet de amy5770 dans Analyses et éradication malwares

et le 2e rapport ! bonne lecture et encore merci, thanos ! info.txt logfile of random's system information tool 1.06 2010-05-03 20:58:24 ======Uninstall list====== -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\DeIsL7.isu -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x40c Acer eMode Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}\setup.exe" -l0x40c Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x40c /remove Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x40c /remove Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Barre d'outils MSN-->C:\Program Files\MSN Toolbar\01.01.2607.0\fr\mtbs.exe c CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Ciel Compta pour Windows-->C:\WINDOWS\unin040c.exe -fC:\CIEL\WCPTA\DeIsL1.isu Ciel eSauvegarde V2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBF7A3DA-880B-4747-AB57-D74A4EBAC69E}\install.exe" UNINSTALL Ciel Paye 15.20-->MsiExec.exe /I{67C72E50-D287-47CB-B2A3-3014A3005E3A} Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Creative Live! Cam Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c /remove Creative Live! Cam Video Chat or Video IM (VF0350) Driver (1.04.01.00)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0350.uns -unsext NT -plugin V0350Pin.dll -pluginres CtCamPin.crl -langid 0x040C Desinstallateur pilote TWAIN-->C:\WINDOWS\IsUn0c0c.exe -fC:\WINDOWS\twain.isu EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27F650A9-6FAB-41C8-8621-92FF0118B0C4}\SETUP.EXE" -l0x40c UNINST EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE /U C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF} Guide d'utilisation ESPR240-->C:\Program Files\EPSON\TPMANUAL\ESPR240\USE_G\DOCUNINS.EXE HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050} Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft ActiveSync 3.7-->"C:\WINDOWS\ISUN040C.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll" Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour pour Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe" Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Mozilla Firefox (3.0.19)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} mywebsites.pro-FR Toolbar-->C:\PROGRA~1\MYWEBS~1.PRO\UNWISE.EXE /U C:\PROGRA~1\MYWEBS~1.PRO\INSTALL.LOG NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4 NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7 NTI HomeVideo-Maker-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8A6F713-D72D-47AD-A92D-B5C0E13F98C1}\setup.exe" -l0x40c NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_3265.exe" _?=C:\Program Files\PDFCreator Toolbar PDFCreator-->C:\Program Files\PDFCreator\unins000.exe Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SMCWUSB-G 802.11g Wireless USB 2.0 Adapter-->C:\Program Files\InstallShield Installation Information\{802C87BF-3A1E-45B0-8C12-9527A5C572B3}\setup.exe -runfromtemp -l0x0409 Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" TeamViewer 4 Host-->C:\Program Files\TeamViewer\Version4\uninstall.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VirginMega.Fr Premium-->MsiExec.exe /I{D416E000-D999-470A-BCAC-98E717CC1AFC} Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E} Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353} Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Xerox WorkCentre Pro 412 PCL 6-->C:\WINDOWS\ISUN040C.EXE -f"C:\WINDOWS\wcp412PCL6.isu" -c"C:\WINDOWS\system32\wcp412P6.dll" ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: Avira AntiVir PersonalEdition (outdated) ======System event log====== Computer Name: JUDITH Event Code: 7036 Message: Le service Gestion d'applications est entré dans l'état : arrêté. Record Number: 24218 Source Name: Service Control Manager Time Written: 20091230095355.000000+060 Event Type: Informations User: Computer Name: JUDITH Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications. Record Number: 24217 Source Name: Service Control Manager Time Written: 20091230095355.000000+060 Event Type: Informations User: JUDITH\LASRY Computer Name: JUDITH Event Code: 7023 Message: Le service Gestion d'applications s'est arrêté avec l'erreur : Le module spécifié est introuvable. Record Number: 24216 Source Name: Service Control Manager Time Written: 20091230095355.000000+060 Event Type: erreur User: Computer Name: JUDITH Event Code: 7036 Message: Le service Gestion d'applications est entré dans l'état : arrêté. Record Number: 24215 Source Name: Service Control Manager Time Written: 20091230095355.000000+060 Event Type: Informations User: Computer Name: JUDITH Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications. Record Number: 24214 Source Name: Service Control Manager Time Written: 20091230095355.000000+060 Event Type: Informations User: JUDITH\LASRY =====Application event log===== Computer Name: JUDITH Event Code: 32068 Message: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement. Code de pays/région : '*' Indicatif régional : '*' Record Number: 5735 Source Name: Microsoft Fax Time Written: 20081219092250.000000+060 Event Type: Avertissement User: Computer Name: JUDITH Event Code: 32026 Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI). Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé. Record Number: 5734 Source Name: Microsoft Fax Time Written: 20081219092250.000000+060 Event Type: Avertissement User: Computer Name: JUDITH Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 5733 Source Name: SecurityCenter Time Written: 20081219092250.000000+060 Event Type: Informations User: Computer Name: JUDITH Event Code: 0 Message: Record Number: 5732 Source Name: Acer Media Server Time Written: 20081219092235.000000+060 Event Type: Informations User: Computer Name: JUDITH Event Code: 4096 Message: Record Number: 5731 Source Name: Avira AntiVir Time Written: 20081219092227.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2f02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF-----------------
- le 3 mai 2010
- 7 réponses
plus de wmv ni de recherche !

amy5770 a répondu à un(e) sujet de amy5770 dans Analyses et éradication malwares

...et voici le 1e rapport de RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by LASRY at 2010-05-03 20:58:00 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 41 GB (55%) free of 74 GB Total RAM: 958 MB (51% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:58:21, on 03/05/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Acer\Acer eMode Management\AspireService.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\V0350Mon.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ScanToPc.exe C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\LASRY\temp\TeamViewer\Version5\TeamViewer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\LASRY\Bureau\RSIT.exe C:\Program Files\trend micro\LASRY.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://myhomewebs.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myhomewebs.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomewebs.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhomewebs.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://myhomewebs.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myhomewebs.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll R3 - URLSearchHook: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll O2 - BHO: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WATCHPNP_Xerox] watchPnp.exe Xerox O4 - HKLM\..\Run: [\\Lasry-ath\EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P42 "\\Lasry-ath\EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_S56.tmp" /EF "HKLM" O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Numérisation PC.lnk = C:\WINDOWS\ScanToPc.exe O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlfvideo.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- End of file - 10991 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33727f97-486d-4d19-97c3-23f432ef93fc}] mywebsites.pro-FR Toolbar - C:\Program Files\mywebsites.pro-FR\tbmywe.dll [2009-11-09 2331672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-04-17 806912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-12-31 2349080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Barre d'outils MSN - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll [2005-02-07 203464] {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-04-17 806912] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-12-31 2349080] {33727f97-486d-4d19-97c3-23f432ef93fc} - mywebsites.pro-FR Toolbar - C:\Program Files\mywebsites.pro-FR\tbmywe.dll [2009-11-09 2331672] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112] "ntiMUI"=c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-05 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168] "nwiz"=nwiz.exe /install [] "AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe [2006-01-19 110592] "eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2005-11-16 397312] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-21 266497] "WATCHPNP_Xerox"=watchPnp.exe Xerox [] "\\Lasry-ath\EPSON Stylus Photo R240 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE [2005-04-25 98304] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "EPSON Stylus DX4800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE [2005-02-02 98304] "V0350Mon.exe"=C:\WINDOWS\V0350Mon.exe [2007-08-23 28672] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-12-21 39424] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 9] C:\Program Files\Cobian Backup 9\Cobian.exe [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Numérisation PC.lnk - C:\WINDOWS\ScanToPc.exe SMCWUSB-G 802.11g Wireless USB Utility.lnk - C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableCMD"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoFolderOptions"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Acer\Acer eConsole\MediaSync.exe"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer" "C:\Program Files\Acer\Acer eConsole\eConsole.exe"="C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole" "C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"="C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server" "C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Mozilla Firefox\FIREFOX.EXE"="C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox" "C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE:*:Enabled:SAgent4" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N] shell\AutoRun\command - N:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19791bae-b2cd-11db-9f72-00155838b4cf}] shell\Auto\command - AdobeR.exe e shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1db45d44-4868-11df-ad8b-00222d0bf7c6}] shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{435f72b8-9041-11dc-9f56-00155838b4cf}] shell\Auto\command - AdobeR.exe e shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b571ea8-4d99-11dd-b51f-00155838b4cf}] shell\AutoRun\command - K:\xsia.bat shell\open\command - K:\xsia.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef98220-46fe-11df-ad85-00222d0bf7c6}] shell\AutoRun\command - K:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2010-05-03 20:58:01 ----D---- C:\Program Files\trend micro 2010-05-03 20:58:00 ----D---- C:\rsit 2010-05-03 20:08:58 ----D---- C:\Documents and Settings\LASRY\Application Data\Malwarebytes 2010-05-03 20:08:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-05-03 20:08:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-04-29 14:19:50 ----D---- C:\Program Files\ResponsaCD17b 2010-04-29 14:00:23 ----D---- C:\Program Files\hijack 2010-04-29 13:57:17 ----D---- C:\Program Files\WMV9_VCM 2010-04-29 13:55:21 ----N---- C:\WINDOWS\system32\spmsg.dll 2010-04-29 13:51:26 ----D---- C:\Program Files\CCleaner 2010-04-27 19:17:12 ----D---- C:\Program Files\VirginMega 2010-04-27 19:17:00 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2010-04-27 19:16:00 ----HD---- C:\WINDOWS\$NtUninstallMSCompPackV1$ 2010-04-27 19:15:47 ----D---- C:\Program Files\Windows Media Connect 2 2010-04-27 19:15:39 ----HD---- C:\WINDOWS\$NtUninstallwmp11$ 2010-04-27 19:14:57 ----HD---- C:\WINDOWS\$NtUninstallWMFDist11$ 2010-04-27 19:14:28 ----D---- C:\WINDOWS\system32\LogFiles 2010-04-27 19:14:23 ----HD---- C:\WINDOWS\$NtUninstallWudf01000$ 2010-04-27 19:13:44 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2010-04-20 21:10:20 ----D---- C:\DBS 2010-04-19 20:05:58 ----D---- C:\?? ???? 2010-04-19 19:48:10 ----D---- C:\WINDOWS\RegisteredPackages 2010-04-19 19:47:30 ----D---- C:\Program Files\Winamp 2010-04-19 19:47:30 ----D---- C:\Documents and Settings\LASRY\Application Data\Winamp 2010-04-18 10:18:06 ----A---- C:\LOG5.tmp 2010-04-15 10:34:03 ----D---- C:\Shuki_II 2010-04-14 19:46:41 ----D---- C:\Program Files\mywebsites.pro-FR 2010-04-14 19:23:02 ----A---- C:\WINDOWS\system32\HCPSTool.dll 2010-04-14 19:23:02 ----A---- C:\WINDOWS\system32\HCPSMng.exe 2010-04-14 19:23:02 ----A---- C:\WINDOWS\system32\HCPS98Tool.dll 2010-04-13 11:22:32 ----D---- C:\Program Files\free-downloads.net 2010-04-13 11:22:32 ----D---- C:\Program Files\Conduit 2010-04-13 11:21:22 ----D---- C:\Program Files\Alcohol Soft 2010-04-13 11:17:48 ----D---- C:\Documents and Settings\LASRY\Application Data\WinRAR 2010-04-13 11:17:21 ----D---- C:\Program Files\WinRAR 2010-04-13 10:58:33 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-04-13 10:33:12 ----D---- C:\Program Files\ResponsaCD17 2010-04-13 10:29:20 ----D---- C:\WINDOWS\pss 2010-04-13 10:26:41 ----D---- C:\Documents and Settings\LASRY\Application Data\Creative 2010-04-13 10:23:17 ----D---- C:\Program Files\Creative 2010-04-09 15:31:00 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2010-04-09 15:20:19 ----N---- C:\WINDOWS\V0350Mon.exe 2010-04-09 15:20:19 ----A---- C:\WINDOWS\CtDrvIns.exe 2010-04-09 15:20:18 ----A---- C:\WINDOWS\system32\V0350Vfw.dll 2010-04-09 15:20:18 ----A---- C:\WINDOWS\system32\V0350Afx.dll 2010-04-09 15:20:18 ----A---- C:\WINDOWS\system32\cximage.dll 2010-04-09 15:20:17 ----A---- C:\WINDOWS\system32\V0350Pin.dll 2010-04-09 15:20:17 ----A---- C:\WINDOWS\system32\V0350Hwx.dll 2010-04-09 15:20:17 ----A---- C:\WINDOWS\system32\V0350Cvw.dll 2010-04-09 15:20:16 ----A---- C:\WINDOWS\system32\CtCamMgr.dll 2010-04-09 15:20:14 ----D---- C:\WINDOWS\CtDrvInstall 2010-04-09 15:19:30 ----D---- C:\Live! Cam 2010-04-09 14:55:04 ----A---- C:\WINDOWS\system32\E_FBCHADE.DLL 2010-04-09 14:55:03 ----A---- C:\WINDOWS\system32\E_FLMADE.DLL 2010-04-09 14:55:03 ----A---- C:\WINDOWS\system32\E_FBCBADE.DLL 2010-04-09 14:46:02 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON 2010-04-09 14:44:58 ----A---- C:\LOG1E.tmp 2010-04-09 14:22:30 ----D---- C:\Program Files\SMC 2010-04-09 14:22:03 ----D---- C:\WINDOWS\{9CA05E9B-68D2-4EEC-8569-8C474416B082} ======List of files/folders modified in the last 1 months====== 2010-05-03 20:55:16 ----A---- C:\WINDOWS\system32\eRLog.ini 2010-05-03 20:51:38 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-27 19:15:54 ----A---- C:\WINDOWS\win.ini 2010-04-20 21:20:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-04-13 15:16:28 ----RASH---- C:\boot.ini 2010-04-13 15:16:28 ----A---- C:\WINDOWS\system.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-28 75096] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952] R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2001-03-06 40448] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [] R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664] R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-23 6144] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-11-11 3532928] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 VF0350Vfx;VF0350 Video FX; C:\WINDOWS\system32\DRIVERS\V0350VFx.sys [2007-03-05 7424] R3 VF0350Vid;Live! Cam Video IM (VF0350); C:\WINDOWS\system32\DRIVERS\V0350Vid.sys [2007-08-29 170368] R3 ZD1211BU(Atheros);Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2008-04-11 722432] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 a3suj2so;a3suj2so; C:\WINDOWS\system32\drivers\a3suj2so.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-05 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-05 15360] S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys [] S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 V0350Afx;Creative Camera VF0350 Audio Effects Driver; C:\WINDOWS\system32\DRIVERS\V0350Afx.sys [2008-04-30 160768] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-27 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-27 151297] R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-11-11 131139] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688] R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-07 185640] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
- le 3 mai 2010
- 7 réponses
plus de wmv ni de recherche !

amy5770 a répondu à un(e) sujet de amy5770 dans Analyses et éradication malwares

Bonsoir thanos merci pour ton aide !! voici le rapport de malwarebyte (déjà il y a l'air d'y avoir des virus!) Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4062 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 03/05/2010 20:48:33 mbam-log-2010-05-03 (20-48-33).txt Type d'examen: Examen complet (C:\|D:\|F:\|) Elément(s) analysé(s): 200243 Temps écoulé: 29 minute(s), 3 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 22 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-26 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-4 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-5 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-16 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-23 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-24 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-2 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-6 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-8 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-9 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-10 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-13 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-14 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-15 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-20 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-21 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-22 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-27 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-28 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-29 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-3 (Worm.Brontok) -> Quarantined and deleted successfully. C:\Documents and Settings\STAGE\Local Settings\Application Data\Bron.tok-3-5 (Worm.Brontok) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\LASRY\Local Settings\Application Data\caeeski_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\caeeski_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\caeeski.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\kqoae_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\kqoae_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\LASRY\Local Settings\Application Data\kqoae.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
- le 3 mai 2010
- 7 réponses
plus de wmv ni de recherche !

amy5770 a posté un sujet dans Analyses et éradication malwares

bonjour à tous Depuis quelques temps, la fonction RECHERCHER de xp ne marche plus et Windows Media Player non plus . (Dès que je le lance, rien ne se passe). J'ai réinstaller la v11. mais rien n'y fait comme j'ai eu un virus il y a quelque temps sur une clé USB (détecté par antivir), est-il possible que ça soit lié et que ça ait endommagé qq chose ? Qu'en pensez vous ??? merci à tous pour votre aide !!! voici le rapport hijack Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:03:32, on 29/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe C:\Program Files\TeamViewer\Version4\TeamViewer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Acer\Acer eMode Management\AspireService.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\V0350Mon.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ScanToPc.exe C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\hijack\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://myhomewebs.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myhomewebs.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomewebs.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhomewebs.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://myhomewebs.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myhomewebs.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll R3 - URLSearchHook: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll O2 - BHO: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WATCHPNP_Xerox] watchPnp.exe Xerox O4 - HKLM\..\Run: [\\Lasry-ath\EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P42 "\\Lasry-ath\EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_S56.tmp" /EF "HKLM" O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Numérisation PC.lnk = C:\WINDOWS\ScanToPc.exe O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlfvideo.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 12506 bytes
- le 29 avril 2010
- 7 réponses

Connexion

amy5770

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par amy5770

plus de wmv ni de recherche !

plus de wmv ni de recherche !

plus de wmv ni de recherche !

plus de wmv ni de recherche !

plus de wmv ni de recherche !

Zebulon

Outils en ligne

Naviguer