[Résolu] .exe n'est pas une application win32 valide

[Kinarach]

Reg export of SafeBoot key after repair:

========================

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

"AlternateShell"="cmd.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]

@="FSFilter System Recovery"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]

@="FSFilter System Recovery"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

@="Net"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

@="NetClient"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

@="NetService"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

@="NetTrans"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

 

========================

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC

[Thanos]

Bien, il ya du mieux

 

On va utiliser ceci à présent >>

 

Télécharge Deckard's System Scanner (DSS) sur ton bureau.

Tu dois possèder les droits administrateurs pour le lancer.

• Ferme toutes les applications en cours (fenêtres internet etc...)
  
• Double-clique sur dss.exe pour lancer le programme.
  
• DSS va afficher un message et te proposer d'installer Hijackthis: clique sur OUI.
  
• Un nouveau message va te demander de t'assurer que ton pare-feu (si tu en as un) accepte bien la connexion de DSS.exe à internet: clique sur OK et donne lui l'accès si tu reçois une alerte de ton pare-feu.
  
• Lorsque le scan est terminé, deux fichiers texte vont s'ouvrir.
  
• Poste le contenu du rapport nommé main.txt
  
• Si tu ne vois pas le rapport, tu le trouvera dans le dossier suivant > C:\Deckard\System Scanner
  

Que fait DSS ? >

• Il créé un point de restauration pour Windows Xp et Vista.
  
• Il nettoie les fichiers temporaires, le contenu du dossier Downloaded Program Files, le cache internet,et vide aussi la corbeille sur tous les lecteurs.
  
• Il contrôle quelques points névralgiques du système et produit un rapport à soumettre à un analyste.
  
• DSS lance automatiquement HijackThis,si tu ne possèdes pas ce programme, il va l'installer et créer un raccourci sur le bureau.
  

[Kinarach]

Voili Voilou, un peu de lecture...

 

Deckard's System Scanner v20071014.68

Run by Mme legall on 2008-03-20 12:09:42

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 5 Restore Point(s) --

8: 2008-03-20 11:09:47 UTC - RP8 - Deckard's System Scanner Restore Point

7: 2008-03-19 11:53:27 UTC - RP7 - ComboFix created restore point

6: 2008-03-19 11:15:40 UTC - RP6 - Point de vérification système

5: 2008-03-18 08:27:34 UTC - RP5 - Installed AVG 7.5

4: 2008-03-17 20:27:38 UTC - RP4 - Installed Windows Defender

 

 

-- First Restore Point --

1: 2008-03-16 11:55:33 UTC - RP1 - Point de vérification système

 

 

Backed up registry hives.

Performed disk cleanup.

 

Total Physical Memory: 448 MiB (512 MiB recommended).

 

 

-- HijackThis (run as Mme legall.exe) ------------------------------------------

 

Unable to run HijackThis;

Path: C:\PROGRA~1\TRENDM~1\HIJACK~1\Mme legall.exe

 

 

-- HijackThis Clone ------------------------------------------------------------

 

 

Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-03-20 12:11:18

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Fichiers communs\logishrd\LComMgr\Communications_Helper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\logishrd\LQCVFX\COCIManager.exe

C:\Documents and Settings\Mme legall\Bureau\dss.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe

O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe

O4 - HKLM\..\Policies\Explorer\Run: [gbieh.1] rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b...heckControl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://titebullamoi.spaces.live.com//Photo...ad/MsnPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192264014062

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_...geUploader4.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://titebullamoi.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version=

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_01) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\logishrd\SrvLnch\SrvLnch.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

 

 

--

End of file - 8226 bytes

 

-- File Associations -----------------------------------------------------------

 

.reg - regfile - shell\open\command - "%1" %*

.scr - scrfile - shell\open\command - "%1" %*

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>

R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>

R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>

R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>

R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys

R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>

R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

 

S0 AVG Anti-Rootkit - c:\windows\system32\drivers\avgarkt.sys (file missing)

S1 AvgArCln (Avg Anti-Rootkit Clean Driver) - c:\windows\system32\drivers\avgarcln.sys (file missing)

S1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys (file missing)

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)

S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 driverhardwarev2 - c:\program files\hardwaredetection\driverhardwarev2.sys

S3 Navcar (Navman In-car Navigator USB Driver Service) - c:\windows\system32\drivers\navcar.sys <Not Verified; NAVMAN; In-car Navigator USB Driver>

S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)

S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 ZDCndis5 (ZDCndis5 Protocol Driver) - c:\windows\system32\zdcndis5.sys (file missing)

S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys (file missing)

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 BlueSoleil Hid Service - c:\program files\sitecom\ivt bluesoleil\btntservice.exe

R2 Bonjour Service (Service Bonjour) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

Class GUID: {4D36E969-E325-11CE-BFC1-08002BE10318}

Description: Contrôleur de lecteur de disquettes standard

Device ID: ACPI\PNP0700\3&61AAA01&0

Manufacturer: (Contrôleurs de lecteur de disquettes standard)

Name: Contrôleur de lecteur de disquettes standard

PNP Device ID: ACPI\PNP0700\3&61AAA01&0

Service: fdc

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Bluetooth PAN Network Adapter

Device ID: ROOT\NET\0000

Manufacturer: IVT Corporation

Name: Bluetooth PAN Network Adapter

PNP Device ID: ROOT\NET\0000

Service: BT

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2008-03-17 12:54:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2008-03-14 19:47:34 418 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job

 

 

-- Files created between 2008-02-20 and 2008-03-20 -----------------------------

 

2008-03-20 00:08:33 0 d-------- C:\Documents and Settings\Mme legall\Application Data\Malwarebytes

2008-03-20 00:08:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-03-20 00:08:27 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-03-19 17:35:45 0 d-------- C:\Kinarach

2008-03-19 17:10:50 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>

2008-03-19 12:57:59 6736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS <Not Verified; Sysinternals - www.sysinternals.com; Process Explorer>

2008-03-19 12:54:16 0 d-------- C:\cmdcons

2008-03-19 12:53:05 68096 --a------ C:\WINDOWS\system32\zip.exe

2008-03-19 12:53:05 98816 --a------ C:\WINDOWS\system32\sed.exe

2008-03-19 12:53:05 80412 --a------ C:\WINDOWS\system32\grep.exe

2008-03-19 12:53:05 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-03-19 01:09:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-03-19 01:09:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-17 23:49:26 0 d-------- C:\WINDOWS\system32\NtmsData

2008-03-17 22:22:30 0 d-------- C:\Program Files\pebuilder3110a

2008-03-17 21:36:25 0 d-------- C:\WINDOWS\system32\ZoneLabs

2008-03-17 21:35:42 0 d-------- C:\WINDOWS\Internet Logs

2008-03-17 21:27:41 0 d-------- C:\Program Files\Windows Defender

2008-03-17 21:26:16 0 d-------- C:\Program Files\Trend Micro

2008-03-17 11:13:47 0 d-------- C:\Program Files\Alwil Software

2008-03-16 13:58:49 0 d-------- C:\Documents and Settings\Mme Legall_2\Application Data\Adobe

2008-03-16 13:56:25 0 d-------- C:\Documents and Settings\Mme Legall_2\Application Data\Identities

2008-03-16 13:56:08 0 d--h----- C:\Documents and Settings\Mme Legall_2\Voisinage réseau

2008-03-16 13:56:08 0 d--h----- C:\Documents and Settings\Mme Legall_2\Voisinage d'impression

2008-03-16 13:56:08 0 dr-h----- C:\Documents and Settings\Mme Legall_2\SendTo

2008-03-16 13:56:08 0 dr-h----- C:\Documents and Settings\Mme Legall_2\Recent

2008-03-16 13:56:08 1048576 --ah----- C:\Documents and Settings\Mme Legall_2\NTUSER.DAT

2008-03-16 13:56:08 0 d--h----- C:\Documents and Settings\Mme Legall_2\Modèles

2008-03-16 13:56:08 0 dr------- C:\Documents and Settings\Mme Legall_2\Mes documents

2008-03-16 13:56:08 0 dr------- C:\Documents and Settings\Mme Legall_2\Menu Démarrer

2008-03-16 13:56:08 0 d--h----- C:\Documents and Settings\Mme Legall_2\Local Settings

2008-03-16 13:56:08 0 dr------- C:\Documents and Settings\Mme Legall_2\Favoris

2008-03-16 13:56:08 0 d--hs---- C:\Documents and Settings\Mme Legall_2\Cookies

2008-03-16 13:56:08 0 d-------- C:\Documents and Settings\Mme Legall_2\Bureau

2008-03-16 13:56:08 0 dr-h----- C:\Documents and Settings\Mme Legall_2\Application Data

2008-03-16 13:56:08 0 d---s---- C:\Documents and Settings\Mme Legall_2\Application Data\Microsoft

2008-03-16 09:57:50 0 d-------- C:\temp

2008-03-14 22:58:08 0 d-------- C:\Documents and Settings\Mme legall\Application Data\Opera

2008-03-14 22:57:58 0 d-------- C:\Program Files\Opera

2008-03-14 19:58:49 0 dr-h----- C:\Documents and Settings\Mme legall\Recent

2008-03-09 18:35:42 0 d-------- C:\Documents and Settings\Mme legall\Application Data\Apple Computer

2008-03-09 18:34:53 0 d-------- C:\Program Files\iPod

2008-03-09 18:34:27 0 d-------- C:\Program Files\iTunes

2008-03-09 18:33:33 0 d-------- C:\Program Files\Bonjour

2008-03-09 18:30:53 0 d-------- C:\Program Files\QuickTime

2008-03-09 18:30:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-03-09 18:30:07 0 d-------- C:\Program Files\Apple Software Update

2008-03-09 18:29:23 0 d-------- C:\Program Files\Fichiers communs\Apple

2008-03-09 18:29:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-03-06 18:44:18 0 d-------- C:\Program Files\Tumblebugs

2008-03-06 15:37:00 4096 --a------ C:\WINDOWS\d3dx.dat

2008-03-06 15:36:41 0 d-------- C:\Documents and Settings\Mme legall\Application Data\Wildfire

2008-03-06 15:35:47 0 d-------- C:\Program Files\ReflexiveArcade

2008-03-06 13:15:15 0 d-------- C:\Documents and Settings\Mme legall\Application Data\Absolutist.com

2008-03-06 13:06:37 0 d-------- C:\idex

2008-03-06 12:47:50 0 d-------- C:\WINDOWS\prefTransLM20

2008-03-06 12:47:50 0 d-------- C:\WINDOWS\PrefsLM01

2008-03-05 22:22:24 0 d-------- C:\Program Files\Windows Resource Kits

2008-03-05 10:28:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe

2008-03-05 10:27:52 0 d-------- C:\Program Files\Fichiers communs\Adobe

2008-02-29 22:34:21 0 --a------ C:\WINDOWS\system\lkjsoiq

2008-02-29 16:12:28 0 d-------- C:\WINDOWS\Downloaded Installations

2008-02-26 13:36:16 0 d-------- C:\WINDOWS\_tmp

2008-02-26 13:35:40 121344 -----n--- C:\WINDOWS\svcpool.dll

2008-02-26 13:35:30 3392 --a------ C:\WINDOWS\svchost

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-03-17 21:06:19 0 d-------- C:\Program Files\VirtualDJ

2008-03-17 20:55:22 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared

2008-03-17 10:22:56 0 d-------- C:\Program Files\Norton Security Scan

2008-03-16 13:50:29 0 d-------- C:\Documents and Settings\Mme legall\Application Data\MSN Pictures Displayer

2008-03-14 23:15:48 474316 --a------ C:\WINDOWS\system32\perfh00C.dat

2008-03-14 23:15:48 77038 --a------ C:\WINDOWS\system32\perfc00C.dat

2008-03-09 18:29:23 0 d-------- C:\Program Files\Fichiers communs

2008-03-05 10:37:40 0 d-------- C:\Documents and Settings\Mme legall\Application Data\Adobe

2008-02-29 16:14:34 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-02-21 18:08:04 0 d-------- C:\Program Files\Winamp

2008-02-04 14:32:50 0 d-------- C:\Program Files\Navman

2008-02-04 14:32:24 0 d-------- C:\Documents and Settings\Mme legall\Application Data\InstallShield

2008-01-29 19:34:34 0 d-------- C:\Program Files\PFConfig

2008-01-28 22:01:52 0 d-------- C:\Program Files\Fichiers communs\logishrd

2008-01-23 13:05:20 0 d-------- C:\Program Files\Logitech

2008-01-23 11:31:21 446976 --a------ C:\WINDOWS\system32\ShellMPD.dll

2008-01-23 11:31:21 0 d-------- C:\Program Files\MSN Pictures Displayer

2008-01-23 10:34:23 3652 --a------ C:\WINDOWS\desctemp.dat

2008-01-21 12:58:58 0 d-------- C:\Program Files\Sitecom

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13]

"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

"RegistryMechanic"="" []

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-19 17:09]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54]

"drvsyskit"="C:\WINDOWS\system32\drivers\hldrrr.exe" []

"german.exe"="C:\WINDOWS\system32\wintems.exe" []

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"disableregistrytools"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

"gbieh.1"=rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]

backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mme legall^Menu Démarrer^Programmes^Démarrage^MSN Pictures Displayer.lnk]

backup=C:\WINDOWS\pss\MSN Pictures Displayer.lnkStartup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

"C:\Program Files\Winamp\winampa.exe"

 

 

 

 

-- Hosts -----------------------------------------------------------------------

 

127.0.0.1 mpa.one.microsoft.com

 

 

-- End of Deckard's System Scanner: finished at 2008-03-20 12:12:15 ------------

[Thanos]

salut

 

Ok il y encore quelques manipulations à faire pour te débarasser de l'infection >>

 

1) Passe maintenant par le Menu Démarrer > Exécuter > et tape ceci > ComboFix /u (il ya un espace entre x et / )

Une fenêtre va s'ouvrir et ComboFix sera désinstallé de ton pc.

 

2) On va de nouveau télécharger ComboFix >>

 

Fais un clic droit ICI

• Dans le menu qui se déroule, choisis "Enregistrer la cible du lien sous" (si tu utilises Firefox) et "Enregistrer la cible sous" (si tu utilises Internet Explorer)
  
• Une fenêtre va s'ouvrir: dans le champs Nom du fichier (en bas ), tape ceci > Kinarach
  
• On va enregistrer ce fichier sur le Bureau: pour cela, sur le panneau de gauche, clique sur le Bureau.
  
• Clique enfin sur le bouton Enregistrer en bas de page à droite.
  
• ne lance pas le programme pour le moment.
  

3) Rend toi sur cette page afin de télécharger le fichier CFScript > http://www.sendspace.com/file/slmdmb

pour cela, clique sur le lien en bas de page > Download Link: CFScript

• Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
  
  
• Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
  

4) Le pc a redémarré:

 

-Télécharge ATF Cleaner by Atribune sur ton bureau.

 

Double-clique ATF Cleaner afin de lancer le programme.

• Sous l'onglet Main, choisis : Select All
  Clique sur le bouton Empty Selected
   
  Si tu utilises le navigateur Firefox :
   
   
  
• Clique Firefox au haut et choisis : Select All
  Clique le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
   
  Si tu utilises le navigateur Opera :
   
   
  
• Clique Opera au haut et choisis : Select All
  Clique le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
   
  Clique Exit, du menu prinicipal, afin de fermer le programme.
  

- Désactive puis réactive la restauration système comme ceci => aide visuelle

Clique sur Démarrer.

Clique avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés.

Clique sur l'onglet «Restauration du système».

Sélectionne «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs»

Clique sur "Appliquer".

Comme le dit le message, ceci supprimera tous les points de restauration existants. Pour faire cela, clique sur Oui.

Clique sur OK.Redémarre ton PC. Fais l'opération inverse, et réactive la restauration:un nouveau point sera automatiquement créé.

 

5) Refais stp le scan en ligne Kaspersky et poste le nouveau rapport. Poste aussi celui de ComboFix.

 

Ca fait beaucoup de scans à passer, mais c'est nécéssaire! cette infection a tendance à se régénérer, et il nous faut être sûr qu'un fichier infecté ne nous échappe pas.

[Kinarach]

ComboFix 08-03-18.1 - Mme legall 2008-03-20 13:12:43.4 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.228 [GMT 1:00]

Endroit: C:\Documents and Settings\Mme legall\Bureau\Kinarach.exe

Command switches used :: C:\Documents and Settings\Mme legall\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

FILE ::

C:\WINDOWS\gbiehbsb.dll

C:\WINDOWS\svchost

C:\WINDOWS\svcpool.dll

C:\WINDOWS\system\lkjsoiq

C:\WINDOWS\system32\drivers\hldrrr.exe

C:\WINDOWS\system32\mdelk.exe

C:\WINDOWS\system32\wintems.exe

.

TimedOut: Windir.dat

TimedOut: progfile.dat

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\_tmp

C:\WINDOWS\svchost

C:\WINDOWS\svcpool.dll

C:\WINDOWS\system\lkjsoiq

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SROSA

-------\Service_srosa

 

 

((((((((((((((((((((((((((((( Fichiers créés 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))))))))

.

 

2008-03-20 00:08 . 2008-03-20 00:08 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-03-20 00:08 . 2008-03-20 00:08 <REP> d-------- C:\Documents and Settings\Mme legall\Application Data\Malwarebytes

2008-03-20 00:08 . 2008-03-20 00:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-03-19 17:10 . 2008-03-19 17:10 782,412 --a------ C:\catchme2008-03-20_131236,99.zip

2008-03-19 01:09 . 2008-03-19 01:09 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-19 01:09 . 2008-03-19 01:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-03-17 23:49 . 2008-03-17 23:50 <REP> d-------- C:\WINDOWS\system32\NtmsData

2008-03-17 23:23 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-03-17 23:23 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-03-17 23:23 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-03-17 23:23 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-17 23:23 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-03-17 23:23 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-17 23:23 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-17 23:23 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-17 22:22 . 2008-03-17 22:22 <REP> d-------- C:\Program Files\pebuilder3110a

2008-03-17 21:36 . 2008-03-17 21:36 <REP> d-------- C:\WINDOWS\system32\ZoneLabs

2008-03-17 21:36 . 2008-03-17 21:36 <REP> d-------- C:\Program Files\Zone Labs

2008-03-17 21:36 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll

2008-03-17 21:36 . 2008-03-17 21:36 353,072 --a------ C:\WINDOWS\system32\vsconfig.xml

2008-03-17 21:35 . 2008-03-17 21:36 <REP> d-------- C:\WINDOWS\Internet Logs

2008-03-17 21:27 . 2008-03-17 21:27 <REP> d-------- C:\Program Files\Windows Defender

2008-03-17 21:26 . 2008-03-17 21:26 <REP> d-------- C:\Program Files\Trend Micro

2008-03-17 11:13 . 2008-03-17 11:13 <REP> d-------- C:\Program Files\Alwil Software

2008-03-16 13:56 . 2007-01-23 21:00 <REP> d--h----- C:\Documents and Settings\Mme Legall_2\Voisinage r‚seau

2008-03-16 13:56 . 2007-01-23 21:00 <REP> d--h----- C:\Documents and Settings\Mme Legall_2\Voisinage d'impression

2008-03-16 13:56 . 2007-01-23 20:05 <REP> d--h----- C:\Documents and Settings\Mme Legall_2\ModŠles

2008-03-16 13:56 . 2008-03-16 13:58 <REP> dr------- C:\Documents and Settings\Mme Legall_2\Mes documents

2008-03-16 13:56 . 2007-01-23 21:00 <REP> dr------- C:\Documents and Settings\Mme Legall_2\Menu D‚marrer

2008-03-16 13:56 . 2008-03-16 13:57 <REP> dr------- C:\Documents and Settings\Mme Legall_2\Favoris

2008-03-16 13:56 . 2008-03-18 09:26 <REP> d-------- C:\Documents and Settings\Mme Legall_2\Bureau

2008-03-16 09:57 . 2008-03-16 20:47 <REP> d-------- C:\temp

2008-03-14 22:57 . 2008-03-14 23:02 <REP> d-------- C:\Program Files\Opera

2008-03-13 03:02 . 2008-03-13 03:02 1,276 --a------ C:\WINDOWS\system32\MRT.INI

2008-03-09 18:36 . 2008-03-16 13:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-09 18:36 . 2008-03-09 18:36 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-09 18:35 . 2008-03-09 18:35 <REP> d-------- C:\Documents and Settings\Mme legall\Application Data\Apple Computer

2008-03-09 18:34 . 2008-03-09 18:35 <REP> d-------- C:\Program Files\iTunes

2008-03-09 18:34 . 2008-03-09 18:34 <REP> d-------- C:\Program Files\iPod

2008-03-09 18:33 . 2008-03-09 18:33 <REP> d-------- C:\Program Files\Bonjour

2008-03-09 18:30 . 2008-03-09 18:33 <REP> d-------- C:\Program Files\QuickTime

2008-03-09 18:30 . 2008-03-09 18:30 <REP> d-------- C:\Program Files\Apple Software Update

2008-03-09 18:30 . 2008-03-09 18:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-03-09 18:29 . 2008-03-09 18:29 <REP> d-------- C:\Program Files\Fichiers communs\Apple

2008-03-09 18:29 . 2008-03-09 18:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-03-06 18:44 . 2008-03-06 18:44 <REP> d-------- C:\Program Files\Tumblebugs

2008-03-06 15:37 . 2008-03-06 15:37 4,096 --a------ C:\WINDOWS\d3dx.dat

2008-03-06 15:36 . 2008-03-13 21:33 <REP> d-------- C:\Documents and Settings\Mme legall\Application Data\Wildfire

2008-03-06 15:35 . 2008-03-06 15:35 <REP> d-------- C:\Program Files\ReflexiveArcade

2008-03-06 13:15 . 2008-03-06 13:15 <REP> d-------- C:\Documents and Settings\Mme legall\Application Data\Absolutist.com

2008-03-06 13:06 . 2008-03-06 13:06 <REP> d-------- C:\idex

2008-03-06 12:48 . 2008-03-06 12:48 121 --a------ C:\WINDOWS\projRecent.lst

2008-03-06 12:47 . 2008-03-06 12:47 <REP> d-------- C:\WINDOWS\prefTransLM20

2008-03-06 12:47 . 2008-03-06 12:47 <REP> d-------- C:\WINDOWS\PrefsLM01

2008-03-05 22:22 . 2008-03-05 22:22 <REP> d-------- C:\Program Files\Windows Resource Kits

2008-03-05 10:27 . 2008-03-05 10:27 <REP> d-------- C:\Program Files\Fichiers communs\Adobe

2008-02-29 16:12 . 2008-03-17 20:59 <REP> d-------- C:\WINDOWS\Downloaded Installations

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-17 20:06 --------- d-----w C:\Program Files\VirtualDJ

2008-03-17 19:55 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-03-17 09:22 --------- d-----w C:\Program Files\Norton Security Scan

2008-03-16 12:50 --------- d-----w C:\Documents and Settings\Mme legall\Application Data\MSN Pictures Displayer

2008-02-29 15:14 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-21 17:08 --------- d-----w C:\Program Files\Winamp

2008-02-04 13:32 --------- d-----w C:\Program Files\Navman

2008-02-04 13:32 --------- d-----w C:\Documents and Settings\Mme legall\Application Data\InstallShield

2008-01-29 18:34 --------- d-----w C:\Program Files\PFConfig

2008-01-29 10:48 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL

2008-01-29 10:48 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS

2008-01-28 21:01 --------- d-----w C:\Program Files\Fichiers communs\logishrd

2008-01-23 12:05 --------- d-----w C:\Program Files\Logitech

2008-01-23 12:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd

2008-01-23 10:31 --------- d-----w C:\Program Files\MSN Pictures Displayer

2008-01-21 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth

2008-01-21 11:58 --------- d-----w C:\Program Files\Sitecom

2007-11-24 17:59 16,368 ----a-w C:\Documents and Settings\Mme legall\Application Data\GDIPFONTCACHEV1.DAT

.

 

------- Sigcheck -------

 

2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

2007-10-04 08:56 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

2008-01-29 11:48 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\dllcache\TCPIP.SYS

2008-01-29 11:48 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\drivers\TCPIP.SYS

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-19 17:09 79224]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]

backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Mme legall^Menu Démarrer^Programmes^Démarrage^MSN Pictures Displayer.lnk]

backup=C:\WINDOWS\pss\MSN Pictures Displayer.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

--a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-01-15 23:54 37376 C:\Program Files\Winamp\winampa.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Vertrix 2\\Vertrix2.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"C:\\Program Files\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"=

"E:\\eMule\\EMULE.EXE"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

 

S3 Navcar;Navman In-car Navigator USB Driver Service;C:\WINDOWS\system32\DRIVERS\Navcar.sys [2006-09-18 13:48]

S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-05-12 15:24]

S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-03-17 11:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-03-14 18:47:34 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-20 13:17:23

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs a chargé sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-03-20 13:19:38 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-20 12:19:35

.

2008-03-14 22:19:51 --- E O F ---

 

 

Et je continue...

[Kinarach]

Affichage au démarrage:

 

Windows Guenuine Advantage

Vous êtes peut être victime d un logiciel piraté, cette copie de Windows n a pas pu être validée.

 

Je lance Kaspersky...

[Kinarach]

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Thursday, March 20, 2008 2:55:56 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 20/03/2008

Kaspersky Anti-Virus database records: 644561

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

C:\

D:\

E:\

F:\

G:\

H:\

I:\

 

Scan Statistics:

Total number of scanned objects: 79529

Number of viruses found: 5

Number of infected objects: 8

Number of suspicious objects: 0

Duration of the scan process: 00:58:23

 

Infected Object Name / Virus Name / Last Action

C:\catchme2008-03-20_131236,99.zip/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.lm skipped

C:\catchme2008-03-20_131236,99.zip/wintems.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\catchme2008-03-20_131236,99.zip/mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\catchme2008-03-20_131236,99.zip/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped

C:\catchme2008-03-20_131236,99.zip ZIP: infected - 4 skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Mme legall\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Mme legall\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Mme legall\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Mme legall\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mme legall\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mme legall\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Mme legall\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\svcpool.dll.vir Infected: Trojan.Win32.Delf.bdc skipped

C:\QooBox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped

C:\QooBox\Quarantine\Registry_backups\Service_srosa.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{A51891B6-3DF0-49E6-B006-A26660803DFF}\RP1\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{D1694E36-F382-4C89-8D71-FC3CEA94960E}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

[Thanos]

salut

 

Beau boulot Kinarach l'infection est nettoyée.

Le rapport Kaspersky n'est pas mauvais rassure toi, il s'agit d'infections confinées dans la quarantaine de ComboFix.

Je te prépare quelques manipulations pour terminer: Ton antivirus est détruit et il va falloir le remplacer. Je te poste ca sous peu....

[Kinarach]

C est cool... Le rapport Kaspersky m inquiétait un peu je dois l avouer... Si tu dis que c est bon, ça me rassure.

J aurais quelques autres conseils à te demander...

 

Quels logiciels de sécurité me conseilles tu?

Qu en est t il de Hijackthis? Avast Virus cleaner? Windows defender? Zone alarm 6? Regcleaner? Ccleaner? Malwarebytes ' Antimalware? Avg antivirus, Antivir? Avast est t il fiable?

Je ne sais que choisir...

Et;

Qd à la suite d un scan de mon antivirus, il m est proposé de supprimer le fichier infecté, de le réparer ou de le mettre en quarantaine, qu elle est la meilleure des options?

 

Qu en est t il pour la notification Windows Guenuine Advantage?

 

J attends la suite de tes directives.

 

Milles mercis...

 

Aurélie

[Thanos]

1) Ton antivirus est détruit!! On va donc faire ceci de très important >>

 

- Avast n'est plus au point! je te conseille de lire ce comparatif très intéressant de Malekal Morte afin de te faire une idée quant à l'efficacité de cet antivirus > http://forum.malekal.com/ftopic3528.php

C'est une étude indépendante et sérieuse! Je ne saurais que te conseiller de désinstaller avast et d'installer Antivir afin de protéger ton pc au mieux.

 

Si tu décides d'installer Antivir procède ainsi >

 

-Télécharge Antivir sur le bureau, mais ne le lance pas encore!

 

-Déconnecte le pc d'internet .

 

-Désinstalle Avast et redémarre le pc.

 

-Installe Antivir.

 

-Met Antivir à jour et configure le en suivant les indications du Tutoriel de tesgaz

2) Je vois Zone Alarm sur ton pc, mais il ne semble plus opérationnel...!

 

Commence par désinstaller Zone Alarm, puis réinstalle le car le pare-feu de Windows n'est pas efficace! >

 

Zone Alarm

Lien de téléchargement de la version FREE : http://dl2.zonelabs.com/bin/free/3301_fr/z..._737_000_fr.exe

 

Tuto de Odsen pour la version free : http://benoit.aun.free.fr/securite-facile-php/zonealarm.php

 

Télécharge l'exécutable d'installation du pare-feu que tu auras choisi. Déconnecte toi, débranche physiquement ta connexion, et lance l'installation de ton pare-feu. Puis reconnecte toi et suis les instructions supplémentaires s'il y en a. Aide toi des tutos.

 

Il faudra nettoyer les restes de Norton car il est encore présent sur le pc: je te poste ca toute à l'heure.

Je répondrais à tes quesqtions plus tard car je dois filer ^^

@+

Modifié le 20 mars 2008 par Thanos