Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

INFECTION QUI EMPECHE LES VIDEOS

TROPIQUES971

Par TROPIQUES971
dans Analyses et éradication malwares

 Partager

Messages recommandés

TROPIQUES971 Junior Member

TROPIQUES971

Posté(e)
Posté(e)

Bonsoir,

 

Je vous adresse ce post acr j'ai un problème avec mon écran et mes vidéos. Quand je veux lire une vidéo avec WMP ou VLC, mon écran s'éteint mais la tour reste allumée. Le voyant de l'écran passe du vert au jaune orangé.

On m'a dit que ça devait être une infection. Je joins au présent une analyse hijackthis.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:20:39, on 14/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Secunia\PSI (RC4)\psi.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Logitech\Video\AlbumDB2.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\LVComsX.exe

C:\Poubelle\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll

O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - Startup: Secunia PSI (RC4).lnk = C:\Program Files\Secunia\PSI (RC4)\psi.exe

O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk142YYGP

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.76\AMVConverter\grab.html

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.76\MediaManager\grab.html

O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll

O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

O24 - Desktop Component 0: (no name) - http://www.czechferrari.cz/obrtunn/golf1.jpg

 

--

End of file - 11335 bytes

 

Merci de votre aide.

 

Cordialement.

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonjour,

 

Bienvenue sur les forums de Zébulon.

 

Voici quelques renseignements utiles avant de commencer:

 

  • *
Comment participer à un forum
*Retrouver ses messages et activer la notification par email

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement :P

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure : dangereux.

 

Désactive ton bouclier résident d'Avast avant de télécharger et d'exécuter ComboFix par clic droit sur l'icône Avast de la barre des tâches.

 

Connecter les supports amovibles (clé usb et autres) avant de procéder.

 

Tutoriel officiel

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Si la console de récupération n'est pas installée sur un XP, ComboFix va proposer de l'installer: Accepter!
  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  • Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

 

Si tu perds la connexion après le passage de ComboFix, voici comment la réparer ICI.

 

@++

TROPIQUES971 Junior Member

TROPIQUES971

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

Voici le rapport de combofix mais il a fallu que je le relance une seconde fois car la première, à la fin de l'analyse, il est resté bloqué. Je l'ai donc relancé pour une seconde analyse et qu'il créé un rapport, ce qu'il n'avait pas fait.

 

ComboFix 08-11-13.01 - HP_Propriétaire 2008-11-15 9:29:34.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.172 [GMT -4:00]

Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\HP_Propriétaire\Application Data\FunWebProducts

c:\documents and settings\HP_Propriétaire\Application Data\FunWebProducts\Data\HP_Propriétaire\avatar.dat

c:\documents and settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Vaccin_USB-Lisez_moi.html

c:\documents and settings\HP_Propriétaire\ravmonlog

c:\program files\FunWebProducts

c:\program files\FunWebProducts\Installr\Cache\1FDB4583.exe

c:\program files\FunWebProducts\Installr\Cache\files.ini

c:\program files\FunWebProducts\ScreenSaver\Images\1461C38F.urr

c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html

c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html

c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html

c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

c:\program files\GamesBar\oberontb.dll

c:\program files\montorgueil

c:\program files\montorgueil\14.06268

c:\program files\montorgueil\Enculer\Enculer.ico

c:\program files\MyWebSearch

c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG

c:\program files\MyWebSearch\bar\2.bin\F3BROVLY.DLL

c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL

c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL

c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL

c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL

c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL

c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR

c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL

c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE

c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL

c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV

c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT

c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL

c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR

c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST

c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL

c:\program files\MyWebSearch\bar\2.bin\M3MSG.DLL

c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR

c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST

c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL

c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE

c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

c:\program files\MyWebSearch\bar\2.bin\trz1E90.tmp

c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S

c:\program files\MyWebSearch\bar\Avatar\COMMON\avatar.htm

c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\common-x.css

c:\program files\MyWebSearch\bar\Avatar\COMMON\common.css

c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\include.js

c:\program files\MyWebSearch\bar\Avatar\COMMON\index.htm

c:\program files\MyWebSearch\bar\Avatar\COMMON\loader.htm

c:\program files\MyWebSearch\bar\Avatar\COMMON\loading.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\logo.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\max_def.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\min_def.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\noflash.htm

c:\program files\MyWebSearch\bar\Avatar\COMMON\res_def.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.swf

c:\program files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif

c:\program files\MyWebSearch\bar\Avatar\COMMON\window.ico

c:\program files\MyWebSearch\bar\Cache\0630FB7E

c:\program files\MyWebSearch\bar\Cache\0631548B

c:\program files\MyWebSearch\bar\Cache\0631573A.bin

c:\program files\MyWebSearch\bar\Cache\063159EA.bin

c:\program files\MyWebSearch\bar\Cache\06316738.bin

c:\program files\MyWebSearch\bar\Cache\0631692C.bin

c:\program files\MyWebSearch\bar\Cache\0C01D790.bin

c:\program files\MyWebSearch\bar\Cache\0C01EC9F.bin

c:\program files\MyWebSearch\bar\Cache\0C01EEC2.bin

c:\program files\MyWebSearch\bar\Cache\0C01F096.bin

c:\program files\MyWebSearch\bar\Cache\2025EFA5

c:\program files\MyWebSearch\bar\Cache\files.ini

c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S

c:\program files\MyWebSearch\bar\Game\CHESS.F3S

c:\program files\MyWebSearch\bar\Game\REVERSI.F3S

c:\program files\MyWebSearch\bar\History\search2

c:\program files\MyWebSearch\bar\icons\CM.ICO

c:\program files\MyWebSearch\bar\icons\MFC.ICO

c:\program files\MyWebSearch\bar\icons\PSS.ICO

c:\program files\MyWebSearch\bar\icons\SMILEY.ICO

c:\program files\MyWebSearch\bar\icons\WB.ICO

c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO

c:\program files\MyWebSearch\bar\Message\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\DOG.F3S

c:\program files\MyWebSearch\bar\Notifier\FISH.F3S

c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S

c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

c:\program files\MyWebSearch\bar\Notifier\MAID.F3S

c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S

c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S

c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S

c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S

c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S

c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm

c:\program files\MyWebSearch\bar\Settings\s_pid.dat

c:\windows\pack.epk

c:\windows\system32\f3PSSavr.scr

D:\Autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_BOONTY_GAMES

-------\Service_Boonty Games

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-15 au 2008-11-15 ))))))))))))))))))))))))))))))))))))

.

 

2008-11-14 22:01 . 2008-11-14 22:01 <REP> d-------- c:\windows\system32\bits

2008-11-14 22:01 . 2008-11-14 22:01 <REP> d-------- c:\windows\l2schemas

2008-11-14 21:57 . 2008-11-14 22:01 <REP> d-------- c:\windows\ServicePackFiles

2008-11-14 21:48 . 2008-11-14 21:48 <REP> d-------- c:\windows\EHome

2008-11-14 21:30 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

2008-11-14 20:29 . 2008-11-14 20:29 <REP> d-------- c:\program files\iPod

2008-11-14 19:51 . 2008-11-14 21:20 <REP> d----c--- C:\Poubelle

2008-11-14 19:11 . 2008-11-14 20:35 <REP> d-------- c:\program files\iTunes

2008-11-14 19:09 . 2008-11-14 19:09 <REP> d-------- c:\program files\Bonjour

2008-11-14 19:06 . 2008-11-14 19:06 <REP> d-------- c:\program files\Apple Software Update

2008-11-14 14:22 . 2008-11-14 14:23 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\vlc

2008-11-14 13:53 . 2008-11-14 13:53 <REP> d-------- c:\program files\Secunia

2008-11-14 13:43 . 2008-11-14 13:43 410,976 --a------ c:\windows\system32\deploytk.dll

2008-11-12 05:18 . 2008-10-24 07:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-10-27 04:04 . 2008-10-27 04:04 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys

2008-10-24 02:48 . 2008-10-15 12:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-10-16 17:54 . 2008-10-24 16:23 <REP> d-------- c:\program files\Téléchargeur de FIFA 2009

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-15 12:35 --------- d-----w c:\program files\GamesBar

2008-11-15 00:30 --------- d-----w c:\program files\Fichiers communs\Adobe

2008-11-14 23:09 --------- d-----w c:\program files\QuickTime

2008-11-14 23:08 --------- d-----w c:\program files\Fichiers communs\Apple

2008-11-14 18:32 --------- dc----w c:\documents and settings\All Users\Application Data\GamesBar

2008-11-14 17:52 --------- d-----w c:\program files\Java

2008-11-12 10:25 53,648 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat

2008-11-03 22:25 --------- d-----w c:\program files\Easy Internet signup

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-16 21:54 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-10-16 18:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 18:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 18:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 18:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 18:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 18:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 18:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-10 20:40 --------- d-----w c:\program files\NDSROM Player

2008-10-08 06:38 97,464 -c--a-w c:\documents and settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT

2008-09-30 20:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-25 12:07 --------- d-----w c:\program files\eMule

2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys

2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-08-29 14:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 13:53 61,440 ----a-w c:\windows\system32\dnssd.dll

2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll

2006-08-31 08:37 774,144 -c--a-w c:\program files\RngInterstitial.dll

2006-01-05 16:25 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe

2005-12-10 14:15 282 -c--a-w c:\documents and settings\valentin\Application Data\wklnhst.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acme.PCHButton"="c:\progra~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe" [2004-01-01 159744]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-01-05 190024]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-14 136600]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-08-15 271672]

 

c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\

Secunia PSI (RC4).lnk - c:\program files\Secunia\PSI (RC4)\psi.exe [2008-11-12 728408]

wkcalrem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2003-07-23 24651]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=MsgPlusLoader.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk

backup=c:\windows\pss\DSLMON.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]

--a------ 2004-01-01 12:55 159744 c:\progra~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]

--a--c--- 2004-08-20 07:42 155648 c:\program files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]

--a--c--- 2004-06-07 13:43 659456 c:\windows\system32\hphmon06.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]

--a--c--- 2004-06-07 13:53 49152 c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

--a--c--- 1998-05-07 11:04 52736 c:\windows\system\hpsysdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

--a--c--- 2003-02-11 15:02 61440 c:\hp\KBD\kbd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

--a--c--- 2004-10-08 12:06 196608 c:\program files\Logitech\Video\ManifestEngine.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

--a--c--- 2004-10-08 12:31 458752 c:\program files\Logitech\Video\ISStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

--a--c--- 2004-10-08 12:24 217088 c:\program files\Logitech\Video\LogiTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

--a------ 2004-10-08 11:52 221184 c:\windows\system32\LVCOMSX.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

--a------ 2006-01-05 13:24 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

--a--c--- 2003-06-10 12:49 50688 c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2004-07-01 18:12 4112384 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]

--a--c--- 2002-10-16 11:57 81920 c:\windows\system32\ps2.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

--a--c--- 2004-04-14 15:43 233472 c:\windows\SMINST\Recguard.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]

--a--c--- 2004-05-20 04:47 249856 c:\windows\system32\Keyhook.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a--c--- 2005-06-03 14:28 100056 c:\progra~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]

--a--c--- 2004-06-25 06:47 192512 c:\program files\InterVideo\Common\Bin\WinRemote.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a--c--- 2005-03-04 06:01 88209 c:\windows\AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

--a--c--- 2003-04-03 21:21 50176 c:\windows\ALCXMNTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a--c--- 2004-07-01 18:12 843776 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Wlancfg"=2 (0x2)

"SymWSC"=2 (0x2)

"Symantec Core LC"=2 (0x2)

"SPBBCSvc"=2 (0x2)

"SNDSrvc"=2 (0x2)

"SBService"=2 (0x2)

"SAVScan"=3 (0x3)

"NVSvc"=2 (0x2)

"NPFMntor"=2 (0x2)

"navapsvc"=3 (0x3)

"FTRTSVC"=2 (0x2)

"ccSetMgr"=2 (0x2)

"ccPwdSvc"=3 (0x3)

"ccProxy"=2 (0x2)

"ccEvtMgr"=2 (0x2)

"C-DillaCdaC11BA"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Micro Application\\Maxi Mah-Jong\\Mahjongg.exe"=

"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\TmNationsForever\\TmForever.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"21054:TCP"= 21054:TCP:emule tcp

"4672:UDP"= 4672:UDP:emule udp

"17994:TCP"= 17994:TCP:NortonAV

"12298:TCP"= 12298:TCP:NortonAV

"17425:TCP"= 17425:TCP:NortonAV

"12615:TCP"= 12615:TCP:NortonAV

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R3 Cap7134;ASUS TV7134 WDM Video Capture;c:\windows\system32\DRIVERS\Cap7134.sys [2004-06-23 334432]

R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2004-05-27 24608]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-10-27 7808]

R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 usbscan;Pilote de scanneur USB;c:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bf936e6-a4ec-11dd-880e-000b6b99db74}]

\Shell\AutoRun\command - L:\xn1i9x.com

\Shell\explore\Command - L:\xn1i9x.com

\Shell\open\Command - L:\xn1i9x.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a1e75e7-b426-11dc-878a-000b6b99db74}]

\Shell\AutoRun\command - M:\xn1i9x.com

\Shell\explore\Command - M:\xn1i9x.com

\Shell\open\Command - M:\xn1i9x.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1a1159b-b52a-11db-86f3-000b6b99db74}]

\Shell\AutoRun\command - L:\xn1i9x.com

\Shell\explore\Command - L:\xn1i9x.com

\Shell\open\Command - L:\xn1i9x.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c969c336-6048-11db-8698-000b6b99db74}]

\Shell\AutoRun\command - xn1i9x.com

\Shell\explore\Command - xn1i9x.com

\Shell\open\Command - xn1i9x.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5446921-2815-11dd-87af-000b6b99db74}]

\Shell\AutoRun\command - xn1i9x.com

\Shell\explore\Command - xn1i9x.com

\Shell\open\Command - xn1i9x.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4e9d462-2dde-11dd-87b0-000b6b99db74}]

\Shell\AutoRun\command - L:\xn1i9x.com

\Shell\explore\Command - L:\xn1i9x.com

\Shell\open\Command - L:\xn1i9x.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f998c0c8-2a6f-11da-854d-4d6564696130}]

\Shell\AutoRun\command - L:\xn1i9x.com

\Shell\explore\Command - L:\xn1i9x.com

\Shell\open\Command - L:\xn1i9x.com

.

Contenu du dossier 'Tâches planifiées'

 

2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2008-11-03 c:\windows\Tasks\Connexion facile à Internet.job

- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-06-21 16:19]

 

2008-11-14 c:\windows\Tasks\Maintenance en 1 clic.job

- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-12-10 16:26]

 

2008-11-08 c:\windows\Tasks\Nettoyage de disque.job

- c:\windows\system32\cleanmgr.exe [2008-04-13 22:33]

 

2008-11-14 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-01-27 09:59]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

MSConfigStartUp-BoontyBox - c:\program files\Boonty\BoontyBox\BoontyBox.exe

MSConfigStartUp-ccApp - c:\program files\Fichiers communs\Symantec Shared\ccApp.exe

MSConfigStartUp-ImInstaller_IncrediMail - c:\docume~1\HP_PRO~1\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe

MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

MSConfigStartUp-Norton SystemWorks - c:\program files\Norton SystemWorks\cfgwiz.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

MSConfigStartUp-WOOKIT - c:\progra~1\Wanadoo\Shell.exe

MSConfigStartUp-WOOTASKBARICON - c:\progra~1\Wanadoo\GestMaj.exe

MSConfigStartUp-WOOWATCH - c:\progra~1\Wanadoo\Watch.exe

MSConfigStartUp-VTTimer - VTTimer.exe

 

 

.

------- Examen supplémentaire -------

.

R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop

R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop

R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

O8 -: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm

O8 -: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk142YYGP

O8 -: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.76\AMVConverter\grab.html

O8 -: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.76\MediaManager\grab.html

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-15 09:33:14

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDRSRVC]

"ImagePath"="system32\drivers\PCDRSRVC.pkms"

.

Heure de fin: 2008-11-15 9:45:47

ComboFix-quarantined-files.txt 2008-11-15 13:44:43

 

Avant-CF: 13,955,010,560 octets libres

Après-CF: 13,955,710,976 octets libres

 

385 --- E O F --- 2008-11-14 17:17:21

 

Merci.

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Pas mal de saletés virées d'un coup hein :P

 

1) Télécharger ATF Cleaner par Atribune.

  • Installe-le sur le bureau. (A conserver car très utile après chaque séance de surf)
     
    Double-clique ATF-Cleaner.exe afin de lancer le programme.
    --> Sous Vista: Clic droit/exécuter en temps qu'administrateur.
    Sous l'onglet Main, choisis : Select All
    Cliquer sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

  • Clique Firefox au haut et choisis : Select All
    Cliquer le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

  • Clique Opera au haut et choisis : Select All
    Cliquer le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

 

2) Télécharge Malwarebytes' Anti-Malware (MBAM)

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complet"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Si MBAM demande à être redémarré, redémarre le pc.

 

Poste un nouveau log Hijackthis après le redémarrage de la machine stp.

 

@++

TROPIQUES971 Junior Member

TROPIQUES971

Posté(e)
  • Auteur
Posté(e)

Bonsoir,

 

Ci-joint le rapport de :

 

Malwarebytes' Anti-Malware 1.30

Version de la base de données: 1400

Windows 5.1.2600 Service Pack 3

 

15/11/2008 13:47:20

mbam-log-2008-11-15 (13-47-20).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 216323

Temps écoulé: 2 hour(s), 23 minute(s), 28 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 81

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 38

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\trz1E90.tmp.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214720.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214721.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214722.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214723.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214724.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214725.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214726.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214727.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214728.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214729.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214730.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214733.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214734.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214736.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214737.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214738.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214747.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1307\A0214731.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

*********************************

 

rapport hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:12:07, on 15/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Secunia\PSI (RC4)\psi.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Alwil Software\Avast4\setup\avast.setup

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\LVComsX.exe

C:\Poubelle\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - Startup: Secunia PSI (RC4).lnk = C:\Program Files\Secunia\PSI (RC4)\psi.exe

O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.76\AMVConverter\grab.html

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.76\MediaManager\grab.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

O24 - Desktop Component 0: (no name) - http://www.czechferrari.cz/obrtunn/golf1.jpg

 

--

End of file - 9630 bytes

 

Merci

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Re,

 

On va passer les deux options de Navilog 1.

 

Poste les deux rapports stp.

 

1)

Fais un clic droit sur ce lien : Navilog1 par IL-MAFIOSO .

Enregistre la cible (du lien) sous... et enregistre-le sur ton bureau.

  • Ensuite double clique sur navilog1.exe pour lancer l'installation.
  • Certains antivirus réagissent à Navilog1, désactiver provisoirement l'antivirus en cas de problème.
  • Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
  • Laisse-toi guider. Au menu principal, choisis 1 et valide.
    Patiente jusqu'au message : *** Analyse Termine le ..... ***
  • Appuie sur une touche comme demandé, le bloc-notes va s'ouvrir.
  • Copie-colle l'intégralité dans ta prochaine réponse. Referme le bloc-notes.

Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

 

2) Double-clique sur le raccourci Navilog1 présent sur le bureau

  • Laisse-toi guider. Au menu principal, choisis 2 et valide.
    Patiente jusqu'au message : *** Analyse Termine le ..... ***
  • Appuie sur une touche comme demandé, le bloc-notes va s'ouvrir.
  • Copie-colle l'intégralité dans ta prochaine réponse. Referme le bloc-notes.
    Le rapport est en outre sauvegardé à la racine du disque (cleannavi.txt)

 

NB: Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.

Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"

Tape explorer et valide. Cela fera apparaître ton bureau.

 

Poste également un tout nouveau log Hijackthis après ça stp.

 

@++

TROPIQUES971 Junior Member

TROPIQUES971

Posté(e)
  • Auteur
Posté(e)

Bonsoir,

 

Voici les deux rapports plus celui de hijackthis :

 

Search Navipromo version 3.6.9 commencé le 15/11/2008 à 17:42:53.82

 

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Postez ce rapport sur le forum pour le faire analyser !!!

!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

 

Outil exécuté depuis C:\Program Files\navilog1

Session actuelle : "HP_Propriétaire"

 

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO

 

 

Microsoft Windows XP [version 5.1.2600]

Internet Explorer : 7.0.5730.11

Système de fichiers : NTFS

 

Recherche executé en mode normal

 

*** Recherche Programmes installés ***

 

 

*** Recherche dossiers dans "C:\WINDOWS" ***

 

 

*** Recherche dossiers dans "C:\Program Files" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

 

 

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\HP_Propriétaire\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\Marinou\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\valentin\applic~1" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\Marinou\locals~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\valentin\locals~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\HP_Propriétaire\menudm~1\progra~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\Marinou\menudm~1\progra~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\valentin\menudm~1\progra~1" ***

 

 

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***

pour + d'infos : http://www.gmer.net

 

 

 

*** Recherche avec GenericNaviSearch ***

!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!

!!! A vérifier impérativement avant toute suppression manuelle !!!

 

* Recherche dans "C:\WINDOWS\system32" *

 

* Recherche dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" *

 

* Recherche dans "C:\DOCUME~1\Marinou\locals~1\applic~1" *

 

* Recherche dans "C:\DOCUME~1\valentin\locals~1\applic~1" *

 

 

 

*** Recherche fichiers ***

 

 

 

*** Recherche clés spécifiques dans le Registre ***

 

 

*** Module de Recherche complémentaire ***

(Recherche fichiers spécifiques)

 

1)Recherche nouveaux fichiers Instant Access :

 

 

2)Recherche Heuristique :

 

* Dans "C:\WINDOWS\system32" :

 

 

* Dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" :

 

 

* Dans "C:\DOCUME~1\Marinou\locals~1\applic~1" :

 

 

* Dans "C:\DOCUME~1\valentin\locals~1\applic~1" :

 

 

3)Recherche Certificats :

 

Certificat Egroup absent !

Certificat Electronic-Group absent !

Certificat Montorgueil absent !

Certificat OOO-Favorit absent !

Certificat Sunny-Day-Design-Ltd absent !

 

4)Recherche fichiers connus :

 

 

 

*** Analyse terminée le 15/11/2008 à 17:56:19.25 ***

 

 

****************************************************************************

 

Clean Navipromo version 3.6.9 commencé le 15/11/2008 à 17:59:42.43

 

Outil exécuté depuis C:\Program Files\navilog1

Session actuelle : "HP_Propriétaire"

 

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO

 

 

Microsoft Windows XP [version 5.1.2600]

Internet Explorer : 7.0.5730.11

Système de fichiers : NTFS

 

Mode suppression automatique

avec prise en charge résultats Catchme et GNS

 

 

Nettoyage exécuté au redémarrage de l'ordinateur

 

 

*** fsbl1.txt non trouvé ***

(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

 

 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

 

* Suppression dans "C:\WINDOWS\System32" *

 

 

* Suppression dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" *

 

 

* Suppression dans "C:\DOCUME~1\Marinou\locals~1\applic~1" *

 

* Suppression dans "C:\DOCUME~1\valentin\locals~1\applic~1" *

 

 

*** Suppression dossiers dans "C:\WINDOWS" ***

 

 

*** Suppression dossiers dans "C:\Program Files" ***

 

 

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

 

 

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

 

 

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

 

 

*** Suppression dossiers dans "C:\Documents and Settings\HP_Propriétaire\applic~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\Marinou\applic~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\valentin\applic~1" ***

 

 

*** Suppression dossiers dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\Marinou\locals~1\applic~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\valentin\locals~1\applic~1" ***

 

 

*** Suppression dossiers dans "C:\Documents and Settings\HP_Propriétaire\menudm~1\progra~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\Marinou\menudm~1\progra~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\valentin\menudm~1\progra~1" ***

 

 

 

*** Suppression fichiers ***

 

 

*** Suppression fichiers temporaires ***

 

Nettoyage contenu C:\WINDOWS\Temp effectué !

Nettoyage contenu C:\Documents and Settings\HP_Propri‚taire\locals~1\Temp effectué !

 

*** Traitement Recherche complémentaire ***

(Recherche fichiers spécifiques)

 

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

 

2)Recherche, création sauvegardes et suppression Heuristique :

 

 

* Dans "C:\WINDOWS\system32" *

 

 

* Dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" *

 

 

* Dans "C:\DOCUME~1\Marinou\locals~1\applic~1" *

 

 

* Dans "C:\DOCUME~1\valentin\locals~1\applic~1" *

 

 

*** Sauvegarde du Registre vers dossier Safebackup ***

 

sauvegarde du Registre réalisée avec succès !

 

*** Nettoyage Registre ***

 

Nettoyage Registre Ok

 

 

*** Certificats ***

 

Certificat Egroup absent !

Certificat Electronic-Group absent !

Certificat Montorgueil absent !

Certificat OOO-Favorit absent !

Certificat Sunny-Day-Design-Ltdt absent !

 

*** Nettoyage terminé le 15/11/2008 à 18:08:55.28 ***

 

 

**************************************************************************

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:11:27, on 15/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Secunia\PSI (RC4)\psi.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\LVComsX.exe

C:\Poubelle\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - Startup: Secunia PSI (RC4).lnk = C:\Program Files\Secunia\PSI (RC4)\psi.exe

O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.76\AMVConverter\grab.html

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.76\MediaManager\grab.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

O24 - Desktop Component 0: (no name) - http://www.czechferrari.cz/obrtunn/golf1.jpg

 

--

End of file - 9572 bytes

 

***************************************************************************

 

Au démarrage, j'ai été obligé de relancer 3 fois pour que l'écran s'allume aussi.

 

Merci encore.

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonsoir,

 

Désolé mais je n'avais pas eu de notifications pour le post précédent.

 

Dis-moi Norton Works là, il s'agit d'une ancienne installation? Contenait-il un antivirus? Car Avast + ça, ça fait double emploi donc conflits certains.

 

Pour virer les restes nes produits Norton il y a cet outil:

 

Remover Norton

 

Avast! n'est pas sûr du tout...

 

 

Si tu es d'accord pour changer d'antivirus, voici Antivir; il est en anglais mais le tuto est très bien expliqué pour faire la configuration du logiciel.

http://www.libellules.ch/tuto_antivir.php

 

http://www.vista-xp.fr/forum/topic227.html

 

Procédure:

 

Télécharger l'exécutable d'Antivir. http://www.free-av.de/en/download/1/avira_..._antivirus.html

 

Déconnecter physiquement le pc du net, c'est à dire en retirant le câble de la tour.

 

Désinstaller Avast par Ajouter/Supprimer des programmes.

 

En cas de problème de désinstallation: http://www.avast.com/fre/avast-uninstall-utility.html

 

Installer Antivir et le configurer comme expliqué dans le tutoriel. (Ne pas oublier de cocher la case de recherche de Rootkits -> très important).

Fais un clic droit sur l'icône d'Antivir dans la barre des tâches et choisis Configure Antivir

Dans la fenêtre, coche la case Expert Mode

Juste en dessous, clique sur le menu Scanner

Sur le panneau de droite, coche la case Search for Rootkits before scan

 

img-2009312kgle.gif

 

 

Rebrancher le pc au net; effectuer la mise à jour des bases antivirales d'Antivir.

 

Lancer une analyse complète de l'ordinateur.

 

Poster le rapport ici svp.

 

Le log ne montre plus grand-chose mais je pense qu'une analyse avec Antivir pourra en dire plus.

 

 

@++

TROPIQUES971 Junior Member

TROPIQUES971

Posté(e)
  • Auteur
Posté(e) (modifié)

Bonsoir,

 

Désolé car j'ai eu beaucoup de travail mais voici le rapport ANTIVIR

 

 

 

Avira AntiVir Personal

Report file date: mercredi 19 novembre 2008 13:47

 

Scanning for 1041267 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: HP_Propriétaire

Computer name: NOM-641695C7437

 

Version information:

BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 14:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 13:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 18:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 13:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 01:44:24

ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 01:44:50

ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 01:45:02

ANTIVIR3.VDF : 7.1.0.106 91136 Bytes 19/11/2008 09:11:24

Engineversion : 8.2.0.34

AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 16:05:56

AESCRIPT.DLL : 8.1.1.15 332156 Bytes 19/11/2008 01:46:45

AESCN.DLL : 8.1.1.5 123251 Bytes 19/11/2008 01:46:37

AERDL.DLL : 8.1.1.3 438645 Bytes 19/11/2008 01:46:33

AEPACK.DLL : 8.1.3.4 393591 Bytes 19/11/2008 01:46:20

AEOFFICE.DLL : 8.1.0.30 196986 Bytes 19/11/2008 01:46:09

AEHEUR.DLL : 8.1.0.71 1487222 Bytes 19/11/2008 01:46:03

AEHELP.DLL : 8.1.2.0 119159 Bytes 19/11/2008 01:45:27

AEGEN.DLL : 8.1.1.4 319861 Bytes 19/11/2008 01:45:23

AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 16:05:56

AECORE.DLL : 8.1.5.0 172407 Bytes 19/11/2008 01:45:15

AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 16:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 14:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 15:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 19/11/2008 01:45:10

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 17:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 14:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 18:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 23:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 18:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 18:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 19:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 19:34:37

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:, H:, I:, J:, K:, E:, F:, G:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: mercredi 19 novembre 2008 13:47

 

Starting search for hidden objects.

'99244' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'WkCalRem.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'psi.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'QTTask.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'hpztsb10.exe' - '1' Module(s) have been scanned

Scan process 'MsgPlus.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

35 processes with 35 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

[WARNING] System error [21]: Le périphérique n'est pas prêt.

Master boot sector HD2

[iNFO] No virus was found!

[WARNING] System error [21]: Le périphérique n'est pas prêt.

Master boot sector HD3

[iNFO] No virus was found!

[WARNING] System error [21]: Le périphérique n'est pas prêt.

Master boot sector HD4

[iNFO] No virus was found!

[WARNING] System error [21]: Le périphérique n'est pas prêt.

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Boot sector 'H:\'

[iNFO] In the drive 'H:\' no data medium is inserted!

Boot sector 'I:\'

[iNFO] In the drive 'I:\' no data medium is inserted!

Boot sector 'J:\'

[iNFO] In the drive 'J:\' no data medium is inserted!

Boot sector 'K:\'

[iNFO] In the drive 'K:\' no data medium is inserted!

 

Starting to scan the registry.

The registry was scanned ( '58' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <HP_PAVILION>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\hotelmahjong\fr-FR\hotelmahjong.1.0.0.fr-FR.cab

[0] Archive type: CAB (Microsoft)

--> HotelMahjong.dll

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\MindMedley\fr-FR\mindmedley.1.0.1.fr-FR.cab

[0] Archive type: CAB (Microsoft)

--> MindMedley.dll

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\F5116GIY\175.16_geforce_winxp_32bit_international_whql[1].exe

[0] Archive type: CAB SFX (self extracting)

--> \Bkgnd600.bmp

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <HP_RECOVERY>

Begin scan in 'H:\'

Search path H:\ could not be opened!

System error [21]: Le périphérique n'est pas prêt.

Begin scan in 'I:\'

Search path I:\ could not be opened!

System error [21]: Le périphérique n'est pas prêt.

Begin scan in 'J:\'

Search path J:\ could not be opened!

System error [21]: Le périphérique n'est pas prêt.

Begin scan in 'K:\'

Search path K:\ could not be opened!

System error [21]: Le périphérique n'est pas prêt.

Begin scan in 'E:\'

Search path E:\ could not be opened!

System error [21]: Le périphérique n'est pas prêt.

Begin scan in 'F:\'

Search path F:\ could not be opened!

System error [21]: Le périphérique n'est pas prêt.

Begin scan in 'G:\'

Search path G:\ could not be opened!

System error [21]: Le périphérique n'est pas prêt.

 

 

End of the scan: mercredi 19 novembre 2008 15:22

Used time: 1:34:26 Hour(s)

 

The scan has been done completely.

 

13172 Scanning directories

487819 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

4 Files cannot be scanned

487815 Files not concerned

16539 Archives were scanned

11 Warnings

0 Notes

99244 Objects were scanned with rootkit scan

0 Hidden objects were found

 

Suis-je toujours infecté ?

 

Merci

Modifié par TROPIQUES971

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...