[RÉSOLU] Rapport HijackThis suite à infections SVP

[Thanos]

salut @ vous deux

 

Juste pour tranquiliser Sacros >

 

Flash_Disinfector crée un dossier autorun.inf qui permet d'éviter la réinfection en partie

 

Tu n'as pas trouvé le dossier C:\autorun.inf ? Si tu double cliques sur C:\ tu dois voir ce dossier si tu as bien modifié les options d'affichage. (il est caché)

 

Si, lorsque tu passes le curseur de la souris dessus, une pop up d'information affiche "Who created this folder.txt" tu sauras qu'il ne s'agit pas du fichier infecté mais de la protection ajoutée par Flash_Disinfector

Dans ce cas, il ne faudra pas tenir compte du résultat du rapport de clean qui dit >

Suppression des fichiers dans C:

tentative de suppression de C:\autorun.inf

Impossible de supprimer C:\autorun.inf

je vous laisse

Modifié le 26 novembre 2007 par charles ingals

[Sacros]

Bonjour Charles Ingals,

Merci pour ta réponse, j'ai fais ce que tu m'as dit....le dossier autorun.inf est vide. Je l'ai vérifier dans explorer. pour l'instant je le laisse. Je continu à chercher.

Je te dis à plus tard et merci.

Cordialement,

Ð

[Sacros]

re,+

Pour la clef USB, je viens de tous les trouver.

HK CUR USER/ software/microsoft/Search Assistant/ACMru/5603;

Les trois étaient là.

Il y avait en plus Autorun.inf de Flash qui s'appelle lpt3.Je l'ai laissé.

Il suffit de faire une recherche dans regedit.exe, pour cque saleté et pour chaque périph (cles et DD)

à bientôt...

Ð

[Sacros]

bonjour à tous.........

Pour moi, j'ai fini les recherches. Marre et je ne sais plus où chercher.

Voilà trois rapports. Qu'en dites vous svp.????

------------------------------------------------------------------------------------

Script execute en mode sans echec

Rapport clean par Malekal_morte - http://www.malekal.com

Script execute en mode sans echec 26/11/2007 a 16:14:53,26

 

Microsoft Windows XP [version 5.1.2600]

 

*** Suppression des fichiers dans C:

tentative de suppression de C:\autorun.inf

Impossible de supprimer C:\autorun.inf

 

*** Suppression des fichiers dans C:\WINDOWS\

 

*** Suppression des fichiers dans C:\WINDOWS\system32

 

*** Suppression des fichiers dans C:\Program Files

 

*** Suppression des clefs du registre effectuee..

*** Fin du rapport !

 

------------------------------------------------

 

---------------------------------------------------------

AVG Anti-Spyware - Rapport d'analyse

---------------------------------------------------------

 

+ Créé à: --- Ð --- 13:51:42 27/11/2007

 

+ Résultat de l'analyse:

 

 

 

Rien à signaler.

 

 

 

Fin du rapport

 

--------------------------------------------------------------

 

 

 

AntiVir PersonalEdition Classic

Report file date: mardi 27 novembre 2007 14:27

 

Scanning for 943200 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Sacros

Computer name: DOMTER

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55

ANTIVIR2.VDF : 7.0.1.0 1393152 Bytes 23/11/2007 09:38:40

ANTIVIR3.VDF : 7.0.1.11 38400 Bytes 27/11/2007 11:16:29

AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 14/11/2007 08:19:39

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: repair

Secondary action.................: delete

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: mardi 27 novembre 2007 14:27

 

Starting search for hidden objects.

The driver could not be initialized.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgas.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

14 processes with 14 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[NOTE] No virus was found!

Master boot sector HD1

[NOTE] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '27' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <DISKEVO>

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <DISKEVO >

 

 

End of the scan: mardi 27 novembre 2007 14:59

Used time: 31:36 min

 

The scan has been done completely.

 

2623 Scanning directories

165584 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

165584 Files not concerned

888 Archives were scanned

1 Warnings

0 Notes

 

------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at --- Ð --- 16:03:54, on 27/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Windows Defender\MSASCui.exe

D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\WINDOWS\system32\netdde.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\clipsrv.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\tlntsvr.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

D:\HiJackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [uberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"

O4 - HKCU\..\Run: [Gadwin PrintScreen] "D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191746421437

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191825686859

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 7893 bytes

 

Merci et à plus......Cordialement,

Ð

[Sacros]

bonjour à tous.........

Pour moi, j'ai fini les recherches. Marre et je ne sais plus où chercher.

Voilà trois rapports. Qu'en dites vous svp.????

------------------------------------------------------------------------------------

Script execute en mode sans echec

Rapport clean par Malekal_morte - http://www.malekal.com

Script execute en mode sans echec 26/11/2007 a 16:14:53,26

 

Microsoft Windows XP [version 5.1.2600]

 

*** Suppression des fichiers dans C:

tentative de suppression de C:\autorun.inf

Impossible de supprimer C:\autorun.inf

 

*** Suppression des fichiers dans C:\WINDOWS\

 

*** Suppression des fichiers dans C:\WINDOWS\system32

 

*** Suppression des fichiers dans C:\Program Files

 

*** Suppression des clefs du registre effectuee..

*** Fin du rapport !

 

------------------------------------------------

 

---------------------------------------------------------

AVG Anti-Spyware - Rapport d'analyse

---------------------------------------------------------

 

+ Créé à: --- Ð --- 13:51:42 27/11/2007

 

+ Résultat de l'analyse:

 

 

 

Rien à signaler.

 

 

 

Fin du rapport

 

--------------------------------------------------------------

 

 

 

AntiVir PersonalEdition Classic

Report file date: mardi 27 novembre 2007 14:27

 

Scanning for 943200 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Sacros

Computer name: DOMTER

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55

ANTIVIR2.VDF : 7.0.1.0 1393152 Bytes 23/11/2007 09:38:40

ANTIVIR3.VDF : 7.0.1.11 38400 Bytes 27/11/2007 11:16:29

AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 14/11/2007 08:19:39

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: repair

Secondary action.................: delete

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: mardi 27 novembre 2007 14:27

 

Starting search for hidden objects.

The driver could not be initialized.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgas.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

14 processes with 14 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[NOTE] No virus was found!

Master boot sector HD1

[NOTE] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '27' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <DISKEVO>

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <DISKEVO >

 

 

End of the scan: mardi 27 novembre 2007 14:59

Used time: 31:36 min

 

The scan has been done completely.

 

2623 Scanning directories

165584 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

165584 Files not concerned

888 Archives were scanned

1 Warnings

0 Notes

 

------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at --- Ð --- 16:03:54, on 27/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Windows Defender\MSASCui.exe

D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\WINDOWS\system32\netdde.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\clipsrv.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\tlntsvr.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

D:\HiJackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [uberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"

O4 - HKCU\..\Run: [Gadwin PrintScreen] "D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191746421437

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191825686859

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 7893 bytes

 

Merci et à plus......Cordialement,

Ð

[Thanos]

salut

 

Rien de visible sur ton rapport. Fais un scan en ligne pour terminer >

 

Fais un scan en ligne avec Panda >http://www.nanoscan.com/as/v1/principal.aspx?Lang=en

En images ici > http://www.malekal.com/scan_Av_en_ligne.php#mozTocId131054

• Il faut choisir Full Scan (et pas QuickScan) >
  
• Poste le rapport qu'il t'affichera à la fin.
  
• Note 1: Attention!! Panda et Antivir entrent en conflit, pour pouvoir télécharger le contrôle active x de Panda, il faut que tu désactives le bouclier d'Antivir avant et pendant le temps du scan. (Fais un clic droit sur l'icône d'Antivir dans la barre des tâches et décoche Antivir Guard enable> réactive le en fin de scan après avoir sauvegardé le rapport)
  
• Note 2: Tu n'es pas obligé de donner ton email, tu peux utiliser une adresse jetable si tu le souhaites : http://www.jetable.org/fr/index
   
  
• Si ca ne fonctionne pas,assure toi que Internet Explorer est correctement configuré pour le scan en ligne comme indiqué ici : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId898809 .
  
• Plus d'infos ici > http://www.malekal.com/scan_Av_en_ligne.php#mozTocId131054
  

Comment fonctionne le pc ?

[Sacros]

Bonjour Charles Ingals,

 

Je crois qu'il y a eu pas mal de dégats.

J'ai passé S&D qui m'a trouvé 15 applications vérolées et cela fait 26 problèmes. J'ai tout réparé par S&D.

Il y avait IE;WinZ;Microsoft,Windows,Security;IE.;MS direct 3D, MS direct Draw tous les MS avec office etc Regedit, PWS.LDPinchIE; Windows;Explorer; Media SDK;OpenWith. dedansil y avait que des SBI $xxxxxx clé reg, ou réglages, ou modif etc..enfin de compte, que des fichiers Registre.

 

J'en ai refait un ce matin, aucun problème.

 

Je vais faire le scan en ligne. Je nettoye un max, j'ai pris pour finir a-squared free qui ne m'a rien trouvé, je fais anti-malware et après je scanne comme tu m'as dit.

Je ne connais pas encore tous les dégats.

Merci, pour ton soutien et tes conseils.

cordialement,

Ð

[Thanos]

salut

 

Ok: est ce que tu peux me poster aussi le rapport de SS&D stp ?

 

tu le trouveras dans => C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs .Le rapport à poster se nomme Fixes 060411(date du jour) ...txt

[Sacros]

Re,

Tout à été fait. Panda n'a trouvé que cookies xiti.Pas grave.

Ce qui reste apparement, c'est le temps qu'il lui faut pôur s'ouvrir et se fermer. Dans les 2 à 3 minutes.

J'ai une perte de mémoire aussi.(C'est à dire qu'il est devenu lent)Voilà.

Merci, bonsoir.

Cordialement,

Ð

 

28.11.2007 09:30:01 - ##### check started #####

28.11.2007 09:30:01 - ### Version: 1.5

28.11.2007 09:30:01 - ### Date: 28/11/2007 9:30:01

28.11.2007 09:30:02 - ##### checking bots #####

28.11.2007 09:53:57 - ##### checking usage tracking #####

28.11.2007 09:53:57 - found: Log Activity: SchedLgU.Txt SchedLgU.Txt

28.11.2007 09:53:57 - found: Internet Explorer User agent

28.11.2007 09:53:57 - found: Internet Explorer User agent

28.11.2007 09:53:57 - found: Internet Explorer User agent

28.11.2007 09:53:57 - found: Internet Explorer User agent

28.11.2007 09:53:57 - found: Internet Explorer User agent

28.11.2007 09:53:59 - found: MS Media Player Client ID

28.11.2007 09:53:59 - found: MS Media Player Client ID

28.11.2007 09:53:59 - found: MS Media Player Anonymous ID

28.11.2007 09:53:59 - found: MS Direct3D Most recent application

28.11.2007 09:53:59 - found: MS DirectDraw Most recent application

28.11.2007 09:53:59 - found: MS Office 11.0 (Word) Recent file list

28.11.2007 09:54:00 - found: Windows Drivers installation paths

28.11.2007 09:54:00 - found: Windows Explorer User Assistant history IE 1 fichiers

28.11.2007 09:54:00 - found: Windows Explorer User Assistant history files 24 fichiers

28.11.2007 09:54:00 - found: Windows Explorer Last visited history 3 fichiers

28.11.2007 09:54:00 - found: Windows Explorer Recent file global history

28.11.2007 09:54:00 - found: Windows Media SDK Computer name

28.11.2007 09:54:00 - found: Windows Media SDK Computer name

28.11.2007 09:54:00 - found: Windows Media SDK Computer name

28.11.2007 09:54:00 - found: Windows Media SDK Unique ID

28.11.2007 09:54:00 - found: Windows Media SDK Unique ID

28.11.2007 09:54:00 - found: Windows Media SDK Unique ID

28.11.2007 09:54:00 - found: WinZip Number of times run

28.11.2007 09:54:00 - found: WinZip Number of times run

28.11.2007 09:54:00 - found: WinZip Number of times run

28.11.2007 09:54:00 - ##### check finished #####

---------------------------------------------------------------------------------------------------

Panda

Incident Status Location

 

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Sacros\Cookies\sacros@xiti[1].txt

Supprimé moi-m^m

----------------------------------------------------------------------------------------

Rapport SS&D 2ème. Pour vérif.

 

 

--- Report generated: 2007-11-28 09:54 ---

 

Log: [sBI $4CDCC3D5] Activity: SchedLgU.Txt (Sauver le fichier, nothing done)

C:\WINDOWS\SchedLgU.Txt

 

Internet Explorer: [sBI $0BC7B918] User agent (Modification du registre, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

 

Internet Explorer: [sBI $0BC7B918] User agent (Modification du registre, nothing done)

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

 

Internet Explorer: [sBI $0BC7B918] User agent (Modification du registre, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

 

Internet Explorer: [sBI $0BC7B918] User agent (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

 

Internet Explorer: [sBI $0BC7B918] User agent (Modification du registre, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

 

MS Media Player: [sBI $5C51E349] Client ID (Modification du registre, nothing done)

HKEY_USERS\S-1-5-19\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

 

MS Media Player: [sBI $5C51E349] Client ID (Modification du registre, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

 

MS Media Player: [sBI $67184AC2] Anonymous ID (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID

 

MS Direct3D: [sBI $7FB7B83F] Most recent application (Modification du registre, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

 

MS DirectDraw: [sBI $EB49D5AF] Most recent application (Modification du registre, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

 

MS Office 11.0 (Word): [sBI $15AC27CE] Recent file list (Valeur du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Office\11.0\Word\Data\Settings

 

Windows: [sBI $1E4E2003] Drivers installation paths (Modification du registre, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

 

Windows Explorer: [sBI $2026AFB6] User Assistant history IE (1 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

 

Windows Explorer: [sBI $6107D172] User Assistant history files (24 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

 

Windows Explorer: [sBI $B7EBA926] Last visited history (3 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

 

Windows Explorer: [sBI $D20DA0AD] Recent file global history (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

 

Windows Media SDK: [sBI $37AAEDE6] Computer name (Modification du registre, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

 

Windows Media SDK: [sBI $37AAEDE6] Computer name (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

 

Windows Media SDK: [sBI $37AAEDE6] Computer name (Modification du registre, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

 

Windows Media SDK: [sBI $CAA58B6E] Unique ID (Modification du registre, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

 

Windows Media SDK: [sBI $CAA58B6E] Unique ID (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

 

Windows Media SDK: [sBI $CAA58B6E] Unique ID (Modification du registre, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

 

WinZip: [sBI $1059E532] Number of times run (Modification du registre, nothing done)

HKEY_USERS\.DEFAULT\Software\Nico Mak Computing\WinZip\rrs\Opened

 

WinZip: [sBI $1059E532] Number of times run (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Nico Mak Computing\WinZip\rrs\Opened

 

WinZip: [sBI $1059E532] Number of times run (Modification du registre, nothing done)

HKEY_USERS\S-1-5-18\Software\Nico Mak Computing\WinZip\rrs\Opened

 

Félicitations!: Aucun mouchard n'a été trouvé. ()

 

 

 

--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

 

2007-08-31 blindman.exe (1.0.0.6)

2007-08-31 SDMain.exe (1.0.0.4)

2007-08-31 SDUpdate.exe (1.0.6.4)

2007-08-31 SDWinSec.exe (1.0.0.

2007-08-31 SpybotSD.exe (1.5.1.15)

2007-10-31 TeaTimer.exe (1.5.0.9)

2007-10-07 unins000.exe (51.46.0.0)

2007-08-31 Update.exe (1.4.0.5)

2007-08-31 advcheck.dll (1.5.3.0)

2007-04-02 aports.dll (2.1.0.0)

2007-04-02 DelZip179.dll (1.79.5.3)

2007-08-31 Tools.dll (2.1.2.0)

2007-11-21 Includes\Cookies.sbi (*)

2007-10-31 Includes\Dialer.sbi (*)

2007-11-21 Includes\DialerC.sbi (*)

2007-11-07 Includes\Hijackers.sbi (*)

2007-11-21 Includes\HijackersC.sbi (*)

2007-10-04 Includes\Keyloggers.sbi (*)

2007-11-21 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2007-11-07 Includes\Malware.sbi (*)

2007-11-21 Includes\MalwareC.sbi (*)

2007-10-24 Includes\PUPS.sbi (*)

2007-11-21 Includes\PUPSC.sbi (*)

2007-11-21 Includes\Revision.sbi (*)

2007-05-30 Includes\Security.sbi (*)

2007-11-21 Includes\SecurityC.sbi (*)

2007-11-07 Includes\Spybots.sbi (*)

2007-11-21 Includes\SpybotsC.sbi (*)

2007-11-06 Includes\Tracks.uti (*)

2007-11-14 Includes\Trojans.sbi (*)

2007-11-21 Includes\TrojansC.sbi (*)

2008-12-24 Plugins\TCPIPAddress.dll

--------------------------------------------------------------

Merci, à plus.........Ð

[Sacros]

Bonsoir à tous;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Charles, voici le dernier scan de SS&D.

Merci, à plus tard, bonne soirée......

Cordialement,

Ð

 

 

--- Report generated: 2007-11-28 19:24 ---

 

Log: [sBI $4CDCC3D5] Activity: SchedLgU.Txt (Sauver le fichier, nothing done)

C:\WINDOWS\SchedLgU.Txt

 

Log: [sBI $4CDCC3D5] Install: setupact.log (Sauver le fichier, nothing done)

C:\WINDOWS\setupact.log

 

Log: [sBI $4CDCC3D5] Install: setupapi.log (Sauver le fichier, nothing done)

C:\WINDOWS\setupapi.log

 

Log: [sBI $4CDCC3D5] Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done)

C:\WINDOWS\System32\wbem\logs\wbemess.log

 

Log: [sBI $4CDCC3D5] Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done)

C:\WINDOWS\System32\wbem\logs\wmiprov.log

 

Internet Explorer: [sBI $1E8157BE] Typed URL list (1 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Internet Explorer\TypedURLs

 

Internet Explorer: [sBI $0BC7B918] User agent (Modification du registre, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

 

Internet Explorer: [sBI $0BC7B918] User agent (Modification du registre, nothing done)

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

 

Internet Explorer: [sBI $0BC7B918] User agent (Modification du registre, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

 

Internet Explorer: [sBI $0BC7B918] User agent (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

 

Internet Explorer: [sBI $0BC7B918] User agent (Modification du registre, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

 

MS Management Console: [sBI $ECD50EAD] Recent command list (1 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Microsoft Management Console\Recent File List

 

MS Media Player: [sBI $5C51E349] Client ID (Modification du registre, nothing done)

HKEY_USERS\S-1-5-19\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

 

MS Media Player: [sBI $5C51E349] Client ID (Modification du registre, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

 

MS Media Player: [sBI $67184AC2] Anonymous ID (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID

 

MS DirectDraw: [sBI $EB49D5AF] Most recent application (Modification du registre, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

 

Windows: [sBI $1E4E2003] Drivers installation paths (Modification du registre, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

 

Windows.OpenWith: [sBI $B6B2B96E] Open with list - .CHM extension (2 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CHM\OpenWithList

 

Windows Explorer: [sBI $2026AFB6] User Assistant history IE (6 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

 

Windows Explorer: [sBI $6107D172] User Assistant history files (52 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

 

Windows Explorer: [sBI $B7EBA926] Last visited history (3 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

 

Windows Explorer: [sBI $D20DA0AD] Recent file global history (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

 

Windows Media SDK: [sBI $37AAEDE6] Computer name (Modification du registre, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

 

Windows Media SDK: [sBI $37AAEDE6] Computer name (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

 

Windows Media SDK: [sBI $37AAEDE6] Computer name (Modification du registre, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

 

Windows Media SDK: [sBI $CAA58B6E] Unique ID (Modification du registre, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

 

Windows Media SDK: [sBI $CAA58B6E] Unique ID (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

 

Windows Media SDK: [sBI $CAA58B6E] Unique ID (Modification du registre, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

 

WinZip: [sBI $1059E532] Number of times run (Modification du registre, nothing done)

HKEY_USERS\.DEFAULT\Software\Nico Mak Computing\WinZip\rrs\Opened

 

WinZip: [sBI $1059E532] Number of times run (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-725345543-1425521274-682003330-1003\Software\Nico Mak Computing\WinZip\rrs\Opened

 

WinZip: [sBI $1059E532] Number of times run (Modification du registre, nothing done)

HKEY_USERS\S-1-5-18\Software\Nico Mak Computing\WinZip\rrs\Opened

 

History: Historique (1) (Historique, nothing done)

 

 

Félicitations!: Aucun mouchard n'a été trouvé. ()

 

 

 

--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

 

2007-08-31 blindman.exe (1.0.0.6)

2007-08-31 SDMain.exe (1.0.0.4)

2007-08-31 SDUpdate.exe (1.0.6.4)

2007-08-31 SDWinSec.exe (1.0.0.

2007-08-31 SpybotSD.exe (1.5.1.15)

2007-10-31 TeaTimer.exe (1.5.0.9)

2007-10-07 unins000.exe (51.46.0.0)

2007-08-31 Update.exe (1.4.0.5)

2007-08-31 advcheck.dll (1.5.3.0)

2007-04-02 aports.dll (2.1.0.0)

2007-04-02 DelZip179.dll (1.79.5.3)

2007-08-31 Tools.dll (2.1.2.0)

2007-11-28 Includes\Cookies.sbi (*)

2007-10-31 Includes\Dialer.sbi (*)

2007-11-28 Includes\DialerC.sbi (*)

2007-11-07 Includes\Hijackers.sbi (*)

2007-11-28 Includes\HijackersC.sbi (*)

2007-10-04 Includes\Keyloggers.sbi (*)

2007-11-28 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2007-11-07 Includes\Malware.sbi (*)

2007-11-28 Includes\MalwareC.sbi (*)

2007-10-24 Includes\PUPS.sbi (*)

2007-11-28 Includes\PUPSC.sbi (*)

2007-11-28 Includes\Revision.sbi (*)

2007-05-30 Includes\Security.sbi (*)

2007-11-28 Includes\SecurityC.sbi (*)

2007-11-07 Includes\Spybots.sbi (*)

2007-11-28 Includes\SpybotsC.sbi (*)

2007-11-06 Includes\Tracks.uti (*)

2007-11-28 Includes\Trojans.sbi (*)

2007-11-28 Includes\TrojansC.sbi (*)

2008-12-24 Plugins\TCPIPAddress.dll

 

Salutations.........;;