Virus or not virus? 2ème ordinateur !

[lolo12]

Bonjour!

Alors maintenant, voici le rapport d'Antivir du 2ème ordi, en l'occurence celui de mes parents (voir 1er sujet: "Virus or not virus?" ^^)

 

 

 

Avira AntiVir Personal

Report file date: mercredi 24 juin 2009 13:58

 

Scanning for 1488081 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir Personal - FREE Antivirus

Serial number: 0000149996-ADJIE-0000001

Platform: Windows XP

Windows version: (Service Pack 1) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: PACKARD-BELL

 

Version information:

BUILD.DAT : 8.2.0.353 17048 Bytes 15/05/2009 12:02:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 26/11/2008 09:17:29

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 19:20:45

ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 10:20:28

ANTIVIR2.VDF : 7.1.4.87 2982912 Bytes 12/06/2009 06:54:40

ANTIVIR3.VDF : 7.1.4.130 342016 Bytes 24/06/2009 07:17:37

Engineversion : 8.2.0.193

AEVDF.DLL : 8.1.1.1 106868 Bytes 01/05/2009 14:46:16

AESCRIPT.DLL : 8.1.2.9 409978 Bytes 18/06/2009 06:49:00

AESCN.DLL : 8.1.2.3 127347 Bytes 16/05/2009 09:49:20

AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 12:45:14

AEPACK.DLL : 8.1.3.18 401783 Bytes 28/05/2009 07:39:49

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 18/06/2009 06:48:58

AEHEUR.DLL : 8.1.0.133 1798520 Bytes 18/06/2009 06:48:57

AEHELP.DLL : 8.1.3.6 205174 Bytes 12/06/2009 06:48:43

AEGEN.DLL : 8.1.1.46 348533 Bytes 20/06/2009 06:51:01

AEEMU.DLL : 8.1.0.9 393588 Bytes 17/10/2008 12:52:43

AECORE.DLL : 8.1.6.12 180599 Bytes 28/05/2009 07:39:48

AEBB.DLL : 8.1.0.3 53618 Bytes 17/10/2008 12:52:38

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01

AVREP.DLL : 8.0.0.3 155688 Bytes 21/04/2009 10:33:22

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: mercredi 24 juin 2009 13:58

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avnotify.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'Watch.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned

Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'scardsvr.exe' - '1' Module(s) have been scanned

Scan process 'PollingModule.exe' - '1' Module(s) have been scanned

Scan process 'Inactivity.exe' - '1' Module(s) have been scanned

Scan process 'Toaster.exe' - '1' Module(s) have been scanned

Scan process 'ComComp.exe' - '1' Module(s) have been scanned

Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'OSA.EXE' - '1' Module(s) have been scanned

Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'CTLCMgr.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

C:\windows\pp10.exe

[DETECTION] Contains recognition pattern of the WORM/Koobface.UK worm

Scan process 'pp10.exe' - '1' Module(s) have been scanned

Module is infected -> 'C:\windows\pp10.exe'

Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned

C:\windows\freddy46.exe

[DETECTION] Contains recognition pattern of the WORM/Koobface.UK worm

Scan process 'freddy46.exe' - '1' Module(s) have been scanned

Module is infected -> 'C:\windows\freddy46.exe'

Scan process 'mstre19.exe' - '1' Module(s) have been scanned

Module is infected -> 'C:\windows\mstre19.exe'

Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned

Scan process 'reader_sl.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'V0220Mon.exe' - '1' Module(s) have been scanned

Scan process 'E_FATIAAE.EXE' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

Process 'pp10.exe' has been terminated

Process 'freddy46.exe' has been terminated

Process 'mstre19.exe' has been terminated

C:\windows\pp10.exe

[DETECTION] Contains recognition pattern of the WORM/Koobface.UK worm

[NOTE] The file was moved to '4a731586.qua'!

C:\windows\freddy46.exe

[DETECTION] Contains recognition pattern of the WORM/Koobface.UK worm

[NOTE] The file was moved to '4aa7158b.qua'!

C:\windows\mstre19.exe

[DETECTION] Contains recognition pattern of the WORM/Koobface.UL worm

[NOTE] The file was moved to '4ab6158e.qua'!

 

48 processes with 45 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

C:\WINDOWS\system32\rpcc.exe

[WARNING] The file could not be opened!

C:\WINDOWS\ld10.exe

[DETECTION] Contains recognition pattern of the WORM/Koobface.UK worm

[NOTE] The file was moved to '4b200507.qua'!

 

The registry was scanned ( '52' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\$253B2685.t$m

[0] Archive type: CAB (Microsoft)

--> HLP95EN.DLL_1036

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\Documents and Settings\ST-GENIEZ\Local Settings\Temporary Internet Files\Content.IE5\C1U301MJ\fb.46[1].exe

[DETECTION] Contains recognition pattern of the WORM/Koobface.UK worm

[NOTE] The file was moved to '4a702950.qua'!

C:\Documents and Settings\ST-GENIEZ\Local Settings\Temporary Internet Files\Content.IE5\GH4PE38D\pdrv[1].exe

[DETECTION] Is the TR/Drop.Agent.sja Trojan

[NOTE] The file was moved to '4ab42ba2.qua'!

C:\Documents and Settings\ST-GENIEZ\Local Settings\Temporary Internet Files\Content.IE5\IRMV2PQN\ms.19[1].exe

[DETECTION] Contains recognition pattern of the WORM/Koobface.UL worm

[NOTE] The file was moved to '4a702d97.qua'!

C:\Documents and Settings\ST-GENIEZ\Local Settings\Temporary Internet Files\Content.IE5\JVX7714S\webtvs[1]

[0] Archive type: GZ

--> unkwn

[DETECTION] Contains HEUR/HTML.Malware suspicious code

[NOTE] The file was moved to '4aa42dc3.qua'!

C:\Program Files\sys\sys.dll

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program

[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003

[WARNING] The file could not be deleted!

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] The file was moved to '48f8fd4c.qua'!

C:\Program Files\sys\sys.sys

[DETECTION] Is the TR/Agent.clsj.B Trojan

[NOTE] The file was moved to '4ab53159.qua'!

C:\System Volume Information\_restore{2DD67642-5285-4666-99A5-ED66714A7A0F}\RP1401\A0123252.exe

[DETECTION] Contains recognition pattern of the WORM/Koobface.UK worm

[NOTE] The file was moved to '4a7331bf.qua'!

C:\System Volume Information\_restore{2DD67642-5285-4666-99A5-ED66714A7A0F}\RP1401\A0123253.exe

[DETECTION] Contains recognition pattern of the WORM/Koobface.UK worm

[NOTE] The file was moved to '4a7331c2.qua'!

C:\System Volume Information\_restore{2DD67642-5285-4666-99A5-ED66714A7A0F}\RP1401\A0123254.exe

[DETECTION] Contains recognition pattern of the WORM/Koobface.UL worm

[NOTE] The file was moved to '4a7331c5.qua'!

C:\System Volume Information\_restore{2DD67642-5285-4666-99A5-ED66714A7A0F}\RP1401\A0123255.exe

[DETECTION] Contains recognition pattern of the WORM/Koobface.UK worm

[NOTE] The file was moved to '4a7331cd.qua'!

C:\System Volume Information\_restore{2DD67642-5285-4666-99A5-ED66714A7A0F}\RP1402\A0123256.sys

[DETECTION] Is the TR/Agent.clsj.B Trojan

[NOTE] The file was moved to '4a7331d1.qua'!

C:\WINDOWS\system32\rpcc.exe

[WARNING] The file could not be opened!

 

 

End of the scan: mercredi 24 juin 2009 16:08

Used time: 2:09:46 Hour(s)

 

The scan has been done completely.

 

2819 Scanning directories

124414 Files were scanned

17 viruses and/or unwanted programs were found

1 Files were classified as suspicious:

0 files were deleted

0 files were repaired

15 files were moved to quarantine

0 files were renamed

3 Files cannot be scanned

124393 Files not concerned

1877 Archives were scanned

5 Warnings

15 Notes

[Falkra]

Bonjour, poste d'abord un rapport HijackThis stp, pour cet autre PC.

[lolo12]

Voici le rapport d'Hijackthis :

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:58:16, on 30/06/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE

C:\WINDOWS\V0220Mon.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\ST-GENIEZ\Bureau\hijackthis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {450AB723-7A21-3A44-FDD4-5ECDDB4A1C18} - C:\DOCUME~1\ST-GEN~1\APPLIC~1\GRAMBA~1\Flaw Time.exe (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"

O4 - HKLM\..\Run: [soundMan] C:\WINDOWS\sndman.exe -i

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\System32\rpcc.exe

O4 - HKLM\..\Run: [sysmstray] C:\windows\mstre19.exe

O4 - HKLM\..\Run: [sysfbtray] C:\windows\freddy46.exe

O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe

O4 - HKCU\..\Run: [NEW THAT] C:\DOCUME~1\ST-GEN~1\APPLIC~1\4BURND~1\cdrommetaaim.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"

O4 - HKCU\..\Run: [intel Audio Studio V2.0] C:\WINDOWS\fmideploy.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: rncsys32.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab

O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{3BD68922-9E9E-49DD-B82B-89EE1D009A3A}: NameServer = 213.174.139.72,192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{A20B70DB-11F1-4518-B209-D592CD96B853}: NameServer = 213.174.139.72,192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{3BD68922-9E9E-49DD-B82B-89EE1D009A3A}: NameServer = 213.174.139.72,192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{3BD68922-9E9E-49DD-B82B-89EE1D009A3A}: NameServer = 213.174.139.72,192.168.1.1

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 7929 bytes

[Falkra]

Il y a du boulot là. Il faut passer au SP3 et à IE8, obligé, sinon consulter une page suffit à infecter tout ça.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen rapide"
  
• Clique sur "Rechercher"
  
• L'analyse démarre.
  
• A la fin de l'analyse (mais ce n'est pas fini), un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. N'oublie pas la suite.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

 

NB : Si MBAM te demande à redémarrer, fais-le.

[lolo12]

Il y a du boulot là. Il faut passer au SP3 et à IE8, obligé, sinon consulter une page suffit à infecter tout ça.

J'ai compris pour Internet Explorer, mais SP3 c'est quoi ? (désolée pour mon ignorance ^^)

 

Sinon voici le rapport de MBAM :

 

 

Malwarebytes' Anti-Malware 1.38

Version de la base de données: 2333

Windows 5.1.2600 Service Pack 1

 

02/07/2009 11:51:06

mbam-log-2009-07-02 (11-51-06).txt

 

Type de recherche: Examen rapide

Eléments examinés: 123203

Temps écoulé: 1 hour(s), 21 minute(s), 56 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 1

Clé(s) du Registre infectée(s): 7

Valeur(s) du Registre infectée(s): 5

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 11

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

c:\program files\sys\sys.dll (Trojan.Agent) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\{def85c80-216a-43ab-af70-1665edbe2780} (Spyware.Sinowal) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sys (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sys (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sys (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sysdrv (Rootkit.Agent) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowshive (Spyware.Passwords) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sys (Rootkit.Agent) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Program Files\Montorgueil (Dialer) -> Quarantined and deleted successfully.

c:\program files\montorgueil\yakleku (Dialer) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

c:\program files\montorgueil\14.06208 (Dialer) -> Quarantined and deleted successfully.

C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rpcc.exe (Spyware.Passwords) -> Delete on reboot.

c:\documents and settings\ST-GENIEZ\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\jmmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\WINDOWS\010112010146115110.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\WINDOWS\0101120101465452.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\WINDOWS\0101120101465749.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Program Files\sys\sys.dll (Trojan.Agent) -> Delete on reboot.

[Falkra]

Bien ça, redémarre et poste un nouveau rapport HijackThis stp.

 

SP3 c'est le service pack 3 de windows XP, on fera ça en fin de parcours.

[lolo12]

SP3 c'est le service pack 3 de windows XP, on fera ça en fin de parcours.

 

Okéé, compris !

 

Voici le rapport Hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:19:15, on 05/07/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE

C:\WINDOWS\V0220Mon.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe

C:\Documents and Settings\ST-GENIEZ\Bureau\hijackthis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {450AB723-7A21-3A44-FDD4-5ECDDB4A1C18} - C:\DOCUME~1\ST-GEN~1\APPLIC~1\GRAMBA~1\Flaw Time.exe (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"

O4 - HKLM\..\Run: [soundMan] C:\WINDOWS\sndman.exe -i

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [NEW THAT] C:\DOCUME~1\ST-GEN~1\APPLIC~1\4BURND~1\cdrommetaaim.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"

O4 - HKCU\..\Run: [intel Audio Studio V2.0] C:\WINDOWS\fmideploy.exe

O4 - HKCU\..\Run: [sT-GENIEZ] C:\Documents and Settings\ST-GENIEZ\ST-GENIEZ.exe /i

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab

O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{3BD68922-9E9E-49DD-B82B-89EE1D009A3A}: NameServer = 213.174.139.72,192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{A20B70DB-11F1-4518-B209-D592CD96B853}: NameServer = 213.174.139.72,192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{3BD68922-9E9E-49DD-B82B-89EE1D009A3A}: NameServer = 213.174.139.72,192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{3BD68922-9E9E-49DD-B82B-89EE1D009A3A}: NameServer = 213.174.139.72,192.168.1.1

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 7813 bytes

[Falkra]

Relance HijackThis, clique sur "Do a system scan only" puis coche ceci et clique sur le bouton "Fix checked", en bas à gauche :

O2 - BHO: (no name) - {450AB723-7A21-3A44-FDD4-5ECDDB4A1C18} - C:\DOCUME~1\ST-GEN~1\APPLIC~1\GRAMBA~1\Flaw Time.exe (file missing)

O4 - HKCU\..\Run: [NEW THAT] C:\DOCUME~1\ST-GEN~1\APPLIC~1\4BURND~1\cdrommetaaim.exe

O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe

 

 

---------

 

Désactive tes protections résidentes (Antivirus, ...) tu les réactivera après le scan

 

Télécharge Lop S&D < ici

 

Double-clique sur Lop S&D.exe présent sur ton bureau

Sélectionne la langue souhaitée, puis choisis l'Option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

[lolo12]

Voici le rapport :

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 1

X86-based PC ( Uniprocessor Free : AMD Athlon XP 2400+ )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : ST-GENIEZ ( Administrator )

BOOT : Normal boot

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:12 Go (Free:3 Go)

D:\ (CD or DVD)

E:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 06/07/2009|10:41 )

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[17/01/2009|14:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[31/10/2007|23:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[12/06/2008|19:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7

[17/10/2008|14:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[28/06/2007|11:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[12/06/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[25/06/2009|18:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[19/06/2007|21:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[12/06/2008|19:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[24/06/2004|19:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NFS Underground

[17/01/2009|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS

[20/03/2005|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

[30/05/2004|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[12/06/2008|19:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shimstyleloadlink

[29/10/2006|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[28/04/2007|13:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[17/01/2006|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL

[13/01/2007|14:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

 

[29/03/2004|02:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[17/06/2004|20:54] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities

[12/06/2008|19:46] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft

 

[29/10/2006|19:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7

[12/06/2008|19:46] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[12/06/2008|19:46] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[12/06/2008|19:50] C:\DOCUME~1\ST-GEN~1\APPLIC~1\4 Burn Dog

[01/09/2008|18:49] C:\DOCUME~1\ST-GEN~1\APPLIC~1\Adobe

[15/06/2007|22:26] C:\DOCUME~1\ST-GEN~1\APPLIC~1\Apple Computer

[12/06/2008|19:47] C:\DOCUME~1\ST-GEN~1\APPLIC~1\AVG7

[27/01/2009|17:51] C:\DOCUME~1\ST-GEN~1\APPLIC~1\Canon

[25/12/2006|14:26] C:\DOCUME~1\ST-GEN~1\APPLIC~1\Creative

[21/01/2006|19:00] C:\DOCUME~1\ST-GEN~1\APPLIC~1\EPSON

[03/01/2007|15:04] C:\DOCUME~1\ST-GEN~1\APPLIC~1\Google

[29/10/2006|19:42] C:\DOCUME~1\ST-GEN~1\APPLIC~1\gram bags store

[25/11/2006|14:51] C:\DOCUME~1\ST-GEN~1\APPLIC~1\Help

[29/03/2004|02:53] C:\DOCUME~1\ST-GEN~1\APPLIC~1\Identities

[29/03/2004|03:00] C:\DOCUME~1\ST-GEN~1\APPLIC~1\InterTrust

[12/06/2008|19:10] C:\DOCUME~1\ST-GEN~1\APPLIC~1\Lavasoft

[06/04/2004|23:45] C:\DOCUME~1\ST-GEN~1\APPLIC~1\Macromedia

[25/06/2009|18:03] C:\DOCUME~1\ST-GEN~1\APPLIC~1\Malwarebytes

[19/05/2009|12:27] C:\DOCUME~1\ST-GEN~1\APPLIC~1\Microsoft

[26/06/2009|19:10] C:\DOCUME~1\ST-GEN~1\APPLIC~1\Screenshot Sender

[14/04/2004|12:30] C:\DOCUME~1\ST-GEN~1\APPLIC~1\Sun

[29/03/2004|21:43] C:\DOCUME~1\ST-GEN~1\APPLIC~1\Symantec

[21/03/2008|22:20] C:\DOCUME~1\ST-GEN~1\APPLIC~1\WinRAR

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[06/07/2009 10:00][--ah-----] C:\WINDOWS\tasks\AB73A50E91885ACA.job

[06/07/2009 10:38][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job

[06/07/2009 08:46][--ah-----] C:\WINDOWS\tasks\SA.DAT

[24/04/2003 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

( AB73A50E91885ACA.job )=( c:\docume~1\st-gen~1\applic~1\4burnd~1\User64first.exe )

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[20/05/2006|08:42] C:\Program Files\4 Burn Dog

[17/01/2009|14:08] C:\Program Files\Adobe

[29/03/2004|21:19] C:\Program Files\ahead

[12/06/2008|19:38] C:\Program Files\Alwil Software

[17/10/2008|14:47] C:\Program Files\Avira

[12/04/2004|17:00] C:\Program Files\Canon

[27/03/2006|08:03] C:\Program Files\CBI pour Windows

[18/06/2009|09:19] C:\Program Files\CBIDev

[28/10/2004|11:20] C:\Program Files\Common Files

[29/03/2004|02:38] C:\Program Files\ComPlus Applications

[29/03/2004|22:15] C:\Program Files\CONEXANT

[25/01/2006|12:44] C:\Program Files\Copie de CBIDev

[05/04/2004|01:56] C:\Program Files\Corel

[22/06/2007|11:55] C:\Program Files\Creative

[20/12/2007|11:42] C:\Program Files\CrossLoop

[28/10/2004|11:21] C:\Program Files\Crystal Decisions

[25/12/2006|17:25] C:\Program Files\CyberLink

[25/08/2004|19:16] C:\Program Files\directx

[30/05/2004|11:03] C:\Program Files\EHMINSTALL

[17/01/2006|20:36] C:\Program Files\EPSON

[12/06/2008|19:20] C:\Program Files\Fichiers communs

[29/06/2007|08:38] C:\Program Files\Google

[12/06/2008|19:46] C:\Program Files\Grisoft

[25/12/2006|17:27] C:\Program Files\InstallShield Installation Information

[30/03/2004|00:28] C:\Program Files\Internet Explorer

[14/04/2004|12:30] C:\Program Files\Java

[30/05/2004|10:57] C:\Program Files\JavaSoft

[12/06/2008|19:21] C:\Program Files\Lavasoft

[25/06/2009|18:03] C:\Program Files\Malwarebytes' Anti-Malware

[12/04/2004|19:08] C:\Program Files\Messenger

[03/04/2008|22:02] C:\Program Files\Messenger Plus! Live

[29/03/2004|02:44] C:\Program Files\microsoft frontpage

[02/06/2007|15:05] C:\Program Files\Microsoft Office

[29/03/2004|02:40] C:\Program Files\Movie Maker

[28/05/2007|18:01] C:\Program Files\MSECache

[25/12/2006|17:20] C:\Program Files\MSN Apps

[29/03/2004|02:37] C:\Program Files\MSN Gaming Zone

[03/04/2008|22:02] C:\Program Files\MSN Messenger

[29/03/2004|02:40] C:\Program Files\NetMeeting

[17/01/2009|12:58] C:\Program Files\NOS

[28/04/2007|10:51] C:\Program Files\orange

[28/04/2007|15:13] C:\Program Files\Outlook Express

[22/02/2005|16:52] C:\Program Files\Rainbow Technologies

[04/11/2006|14:52] C:\Program Files\SAGEM

[24/12/2006|15:16] C:\Program Files\Satsuki Decoder Pack

[04/11/2006|14:26] C:\Program Files\Securitoo

[30/03/2004|20:53] C:\Program Files\Services en ligne

[02/07/2009|11:55] C:\Program Files\sys

[29/03/2004|22:15] C:\Program Files\UIU

[30/03/2004|00:27] C:\Program Files\Uninstall Information

[06/07/2009|10:38] C:\Program Files\Wanadoo

[02/08/2007|13:32] C:\Program Files\Windows Live

[13/01/2007|15:20] C:\Program Files\Windows Live Toolbar

[24/12/2006|15:17] C:\Program Files\Windows Media Player

[29/03/2004|02:37] C:\Program Files\Windows NT

[29/04/2005|10:45] C:\Program Files\WindowsUpdate

[21/03/2008|22:18] C:\Program Files\WinRAR

[19/11/2006|18:47] C:\Program Files\WinZip

[29/03/2004|02:44] C:\Program Files\xerox

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[17/01/2009|14:11] C:\Program Files\Fichiers communs\Adobe

[28/10/2004|11:21] C:\Program Files\Fichiers communs\Crystal Decisions

[29/03/2004|04:06] C:\Program Files\Fichiers communs\Designer

[24/06/2004|12:03] C:\Program Files\Fichiers communs\DirectX

[18/10/2007|11:05] C:\Program Files\Fichiers communs\DVDVIDEOSOFT

[17/01/2006|20:38] C:\Program Files\Fichiers communs\InstallShield

[14/04/2004|11:50] C:\Program Files\Fichiers communs\Java

[19/06/2007|20:54] C:\Program Files\Fichiers communs\Microsoft Shared

[29/03/2004|02:39] C:\Program Files\Fichiers communs\MSSoap

[29/03/2004|09:29] C:\Program Files\Fichiers communs\ODBC

[29/03/2004|02:39] C:\Program Files\Fichiers communs\Services

[29/03/2004|09:29] C:\Program Files\Fichiers communs\SpeechEngines

[29/10/2006|20:43] C:\Program Files\Fichiers communs\Symantec Shared

[29/03/2004|02:39] C:\Program Files\Fichiers communs\System

[12/06/2008|19:20] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

--------------------\\ Process

 

( 42 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\ST-GEN~1\APPLIC~1\4burnd~1

C:\Program Files\4burnd~1

C:\DOCUME~1\ST-GEN~1\LOCALS~1\Temp\nse14.tmp

C:\DOCUME~1\ST-GEN~1\LOCALS~1\Temp\nse15.tmp

C:\DOCUME~1\ST-GEN~1\LOCALS~1\Temp\nsfF.tmp

C:\DOCUME~1\ST-GEN~1\LOCALS~1\Temp\nsk149.tmp

C:\DOCUME~1\ST-GEN~1\LOCALS~1\Temp\nsv10.tmp

C:\DOCUME~1\ST-GEN~1\LOCALS~1\Temp\nsy5.tmp

C:\DOCUME~1\ST-GEN~1\LOCALS~1\Temp\nsy6.tmp

C:\DOCUME~1\ST-GEN~1\Cookies\st-geniez@d2.advertserve[1].txt

C:\DOCUME~1\ST-GEN~1\Cookies\st-geniez@adultfriendfinder[2].txt

C:\DOCUME~1\ST-GEN~1\Cookies\st-geniez@advertising[1].txt

C:\DOCUME~1\ST-GEN~1\Cookies\st-geniez@adopt.euroclick[1].txt

C:\DOCUME~1\ST-GEN~1\Cookies\st-geniez@adopt.euroclick[2].txt

C:\DOCUME~1\ST-GEN~1\Cookies\st-geniez@euroclick[2].txt

C:\DOCUME~1\ST-GEN~1\Cookies\st-geniez@2xmoinscher[1].txt

C:\DOCUME~1\ST-GEN~1\Cookies\st-geniez@www.2xmoinscher[2].txt

C:\DOCUME~1\ST-GEN~1\Cookies\st-geniez@www.2xmoinscher[3].txt

C:\WINDOWS\Tasks\AB73A50E91885ACA.job

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-06 10:41:49

Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\ST-GEN~1\Local Settings\Temp\Le seigneur des anneaux - bataille pour la terre du milieu NOCD crack.exe

 

 

[F:15479][D:142]-> C:\DOCUME~1\ST-GEN~1\LOCALS~1\Temp

[F:2276][D:0]-> C:\DOCUME~1\ST-GEN~1\Cookies

[F:20775][D:30]-> C:\DOCUME~1\ST-GEN~1\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 06/07/2009|10:47 - Option : [1]

 

--------------------\\ Fin du rapport a 10:47:28

 

 

 

 

Par contre j'ai essayé de télécharger IE8 mais quand je clique sur iesetup.exe, ça me dit :

" Le point d'entrée de procédure SHRegGetValueW est introuvable dans la bibliothèque de liaisons dynamique SHLWAPI.dll "

Phrase qui m'est relativement incompréhensible !

[Falkra]

Relance Lop S&D

 

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

 

--------

 

Passe par windows updates, puis re-tente IE8, sinon laisse Windows Updates tout installer.