Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Infection sécurity tool

mulette

Par mulette
dans Analyses et éradication malwares

 Partager

Messages recommandés

mulette Member

mulette

Posté(e)
  • Auteur
Posté(e)

Bonjour!

Voici le rapport ToolBarsSD:

 

 

-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU E7400 @ 2.80GHz )

BIOS : Phoenix ROM BIOS PLUS Version 1.10 A01

USER : DC ( Administrator )

BOOT : Normal boot

Antivirus : Windows System Defender (Activated)

Firewall : Windows System Defender (Activated)

C:\ (Local Disk) - NTFS - Total:297 Go (Free:274 Go)

D:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [1] ( 16/11/2009| 8:28 )

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com

C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js

C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul

C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd

C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.properties

C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll

C:\DOCUME~1\DC\APPLIC~1\Search Settings

C:\DOCUME~1\DC\APPLIC~1\Search Settings\kb128

C:\DOCUME~1\DC\APPLIC~1\Search Settings\kb128\temp

C:\DOCUME~1\DC\APPLIC~1\Search Settings\kb128\temp\ws-14562.log

C:\DOCUME~1\REMPLA~1\APPLIC~1\Search Settings

C:\DOCUME~1\REMPLA~1\APPLIC~1\Search Settings\kb128

C:\DOCUME~1\REMPLA~1\APPLIC~1\Search Settings\kb128\temp

C:\DOCUME~1\REMPLA~1\APPLIC~1\Search Settings\kb128\temp\ws-14537.log

C:\DOCUME~1\DC\LOCALS~1\Temp\nscopy-1.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nscopy-2.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nscopy.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-1.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-10.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-11.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-12.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-13.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-14.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-15.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-2.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-3.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-4.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-5.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-6.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-7.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-8.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-9.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail.tmp

C:\DOCUME~1\DC\LOCALS~1\Temp\nsw2D.tmp

 

-----------\\ Extensions

 

(DC) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

(DC) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

(DC) - {a7c6cf7f-112c-4500-a7ea-39801a327e5f} => fireftp

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ca

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-cs

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-da

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-de

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-en-US

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-es-AR

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-es-ES

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-eu

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-fr

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ga-IE

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-hu

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-is

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-it

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ja-JP-mac

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ja

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ka

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ko

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-lt

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-nb-NO

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-nl

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-nn-NO

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-pl

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-pt-BR

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-pt-PT

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ro

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ru

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-sk

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-sl

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-sv-SE

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-uk

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-zh-CN

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-zh-TW

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ca

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-cs

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-da

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-de

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-en-US

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-AR

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-ES

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-eu

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-fr

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ga-IE

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-hu

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-is

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-it

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja-JP-mac

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ka

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ko

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-lt

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nb-NO

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nl

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nn-NO

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pl

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-BR

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-PT

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ro

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ru

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sk

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sl

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sv-SE

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-uk

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-CN

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-TW

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ca

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-cs

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-da

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-de

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-en-US

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-AR

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-ES

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-eu

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-fr

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ga-IE

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-hu

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-is

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-it

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja-JP-mac

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ka

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ko

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-lt

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nb-NO

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nl

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nn-NO

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pl

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-BR

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-PT

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ro

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ru

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sk

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sl

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sv-SE

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-uk

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-CN

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-TW

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.bioserveur.com/"

"Search Page"="http://www.live.com"

"Default_Page_URL"="http://g.uk.msn.com/USREL/7"

"Search Bar"="http://search.msn.com/sphome.aspx"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Home_Page"="http://www1.euro.dell.com/content/default.aspx?c=fr&l=fr&s=gen"

"Help_Page"="http://support.euro.dell.com/support/index.aspx?c=fr&l=fr&s=gen"

 

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 16/11/2009| 8:32 - Option : [1]

 

-----------\\ Fin du rapport a 8:32:02.84

mulette Member

mulette

Posté(e)
  • Auteur
Posté(e)

Et voici le rapport après la seconde étape:

 

 

-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU E7400 @ 2.80GHz )

BIOS : Phoenix ROM BIOS PLUS Version 1.10 A01

USER : DC ( Administrator )

BOOT : Normal boot

Antivirus : Windows System Defender (Activated)

Firewall : Windows System Defender (Activated)

C:\ (Local Disk) - NTFS - Total:297 Go (Free:274 Go)

D:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [2] ( 16/11/2009| 8:34 )

 

-----------\\ SUPPRESSION

 

Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com

Supprime! - C:\DOCUME~1\DC\APPLIC~1\Search Settings\kb128

Supprime! - C:\DOCUME~1\REMPLA~1\APPLIC~1\Search Settings\kb128

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nscopy-1.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nscopy-2.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nscopy.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-1.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-10.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-11.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-12.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-13.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-14.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-15.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-2.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-3.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-4.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-5.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-6.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-7.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-8.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail-9.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsmail.tmp

Supprime! - C:\DOCUME~1\DC\LOCALS~1\Temp\nsw2D.tmp

Supprime! - C:\DOCUME~1\DC\APPLIC~1\Search Settings

Supprime! - C:\DOCUME~1\REMPLA~1\APPLIC~1\Search Settings

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ Extensions

 

(DC) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

(DC) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

(DC) - {a7c6cf7f-112c-4500-a7ea-39801a327e5f} => fireftp

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ca

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-cs

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-da

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-de

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-en-US

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-es-AR

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-es-ES

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-eu

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-fr

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ga-IE

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-hu

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-is

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-it

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ja-JP-mac

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ja

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ka

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ko

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-lt

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-nb-NO

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-nl

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-nn-NO

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-pl

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-pt-BR

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-pt-PT

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ro

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ru

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-sk

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-sl

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-sv-SE

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-uk

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-zh-CN

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-zh-TW

(DC) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ca

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-cs

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-da

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-de

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-en-US

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-AR

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-ES

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-eu

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-fr

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ga-IE

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-hu

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-is

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-it

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja-JP-mac

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ka

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ko

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-lt

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nb-NO

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nl

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nn-NO

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pl

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-BR

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-PT

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ro

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ru

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sk

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sl

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sv-SE

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-uk

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-CN

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-TW

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ca

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-cs

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-da

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-de

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-en-US

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-AR

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-ES

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-eu

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-fr

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ga-IE

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-hu

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-is

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-it

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja-JP-mac

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ka

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ko

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-lt

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nb-NO

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nl

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nn-NO

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pl

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-BR

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-PT

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ro

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ru

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sk

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sl

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sv-SE

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-uk

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-CN

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-TW

(DC) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.bioserveur.com/"

"Search Page"="http://www.live.com"

"Default_Page_URL"="http://g.uk.msn.com/USREL/7"

"Search Bar"="http://search.msn.com/sphome.aspx"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

"Home_Page"="http://www1.euro.dell.com/content/default.aspx?c=fr&l=fr&s=gen"

"Help_Page"="http://support.euro.dell.com/support/index.aspx?c=fr&l=fr&s=gen"

 

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 16/11/2009| 8:32 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 16/11/2009| 8:37 - Option : [2]

 

-----------\\ Fin du rapport a 8:37:23.01

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonjour,

 

Fais un nouveau log RSIT stp.

 

@++

mulette Member

mulette

Posté(e)
  • Auteur
Posté(e)

Logfile of random's system information tool 1.06 (written by random/random)

Run by DC at 2009-11-16 11:47:18

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 281 GB (92%) free of 305 GB

Total RAM: 1980 MB (54% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:47:29, on 16/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\Documents and Settings\All Users\Application Data\RssUpdate\RSSUpdate60.exe

C:\Program Files\Fichiers communs\Intel\Privacy Icon\PrivacyIconClient.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Rssauw32.exe

C:\Program Files\Réseau santé social\rssconnexion.exe

C:\Program Files\Cryptolib CPS\CCM.exe

C:\Program Files\SRVSVCNAM\srvsvcnam010702.exe

C:\WINDOWS\GALSVW32.EXE

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\Fichiers communs\Intel\Privacy Icon\UNS\UNS.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\DC\Bureau\RSIT.exe

C:\Documents and Settings\DC\Mes documents\Téléchargements\DC.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USREL/7

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bioserveur.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USREL/7

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

F2 - REG:system.ini: Shell=Explorer.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [srvSVCNAM] C:\Program Files\srvsvcnam\srvsvcnamexe.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe

O4 - HKLM\..\Run: [secureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [RSSUpdate60] C:\Documents and Settings\All Users\Application Data\RssUpdate\RSSUpdate60.exe

O4 - HKLM\..\Run: [picon] "C:\Program Files\Fichiers communs\Intel\Privacy Icon\PrivacyIconClient.exe" -startup

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: Authentification Réseau santé social.lnk = C:\WINDOWS\Rssauw32.exe

O4 - Global Startup: Connexion au Réseau santé social.lnk = ?

O4 - Global Startup: Gestionnaire de certificats CPS.lnk = C:\Program Files\Cryptolib CPS\CCM.exe

O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Service de rapport d'erreurs ERSvcWmiApSrv (ERSvcWmiApSrv) - Unknown owner - C:\WINDOWS\system32\acleditw.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe

O23 - Service: NTRU TSS v1.2.1.28 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Fichiers communs\Intel\Privacy Icon\UNS\UNS.exe

 

--

End of file - 13771 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-27 1111320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]

pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 172544]

"WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2008-08-22 145408]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

"SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]

"SrvSVCNAM"=C:\Program Files\srvsvcnam\srvsvcnamexe.exe [2007-03-26 49152]

"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-09-01 1044480]

"SetDefPrt"=C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe [2004-11-11 49152]

"SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2008-08-28 656696]

"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2008-08-13 536576]

"RSSUpdate60"=C:\Documents and Settings\All Users\Application Data\RssUpdate\RSSUpdate60.exe [2009-04-03 224944]

"picon"=C:\Program Files\Fichiers communs\Intel\Privacy Icon\PrivacyIconClient.exe [2008-07-17 773144]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-01-11 141336]

"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]

"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-03-10 57393]

"MsmqIntCert"=regsvr32 /s mqrt.dll []

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-03-10 40960]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-01-11 141336]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-01-11 173592]

"EmbassySecurityCheck"=C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe [2008-08-28 91448]

"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2004-11-11 864256]

"ChangeTPMAuth"=C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe [2008-08-21 184320]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-11-03 2028312]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-04-21 24264488]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]

"ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

Authentification Réseau santé social.lnk - C:\WINDOWS\Rssauw32.exe

Connexion au Réseau santé social.lnk - C:\Program Files\Réseau santé social\rssconnexion.exe

Gestionnaire de certificats CPS.lnk - C:\Program Files\Cryptolib CPS\CCM.exe

Lancement rapide d'Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-08-27 11952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2009-01-11 205312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

wvauth

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Vidal\VidalCD\system\runtime\bin\java.exe"="C:\Program Files\Vidal\VidalCD\system\runtime\bin\java.exe:*:Enabled:Java Platform SE binary"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\WINDOWS\Rssauw32.exe"="C:\WINDOWS\Rssauw32.exe:*:Enabled:Processus Client d'authentification RSS"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\WINDOWS\system32\winchat.exe"="C:\WINDOWS\system32\winchat.exe:*:Enabled:winchat"

"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"

"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"

"C:\Documents and Settings\All Users\Application Data\828bc31\WS828b.exe"="C:\Documents and Settings\All Users\Application Data\828bc31\WS828b.exe:*:Enabled:Windows System Defender"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57189224-bc8b-11de-ad07-00219b26212f}]

shell\AutoRun\command - E:\PStart.exe

 

 

======List of files/folders created in the last 1 months======

 

2009-11-16 08:28:52 ----A---- C:\TB.txt

2009-11-16 08:28:14 ----D---- C:\ToolBar SD

2009-11-15 12:03:08 ----D---- C:\rsit

2009-11-15 11:00:33 ----D---- C:\WINDOWS\LastGood

2009-11-10 14:59:08 ----D---- C:\32788R22FWJFW

2009-11-10 14:13:53 ----D---- C:\WINDOWS\pss

2009-11-10 12:41:56 ----D---- C:\Documents and Settings\DC\Application Data\Malwarebytes

2009-11-10 12:41:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-11-10 12:41:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-11-10 10:44:18 ----D---- C:\Program Files\WinPcap

2009-11-10 10:40:37 ----SHD---- C:\Documents and Settings\All Users\Application Data\828bc31

2009-11-09 17:58:08 ----D---- C:\Documents and Settings\DC\Application Data\kompozer.net

2009-11-09 17:16:12 ----D---- C:\Documents and Settings\DC\Application Data\FileZilla

2009-11-09 17:16:06 ----D---- C:\Program Files\FileZilla FTP Client

2009-11-09 11:11:32 ----D---- C:\WINDOWS\system32\appmgmt

2009-11-09 11:09:45 ----D---- C:\Program Files\VoiceMaskPro

2009-11-09 11:06:04 ----D---- C:\Documents and Settings\DC\Application Data\Roxio

2009-11-05 11:52:18 ----A---- C:\WINDOWS\inscpsst.ini

2009-11-05 11:52:16 ----D---- C:\Program Files\Cryptolib CPS

2009-11-05 11:52:16 ----A---- C:\WINDOWS\system32\cps_csp_w32.dll

2009-11-05 11:52:16 ----A---- C:\WINDOWS\JniCpsw32.dll

2009-11-05 11:52:16 ----A---- C:\WINDOWS\cps_pkcs11_w32.dll

2009-11-05 11:52:16 ----A---- C:\WINDOWS\CCMSetup.txt

2009-11-05 11:51:34 ----A---- C:\WINDOWS\cps_pkcs11_safe.ini

2009-11-05 11:51:30 ----D---- C:\Program Files\srvsvcnam

2009-11-03 14:42:44 ----D---- C:\Documents and Settings\DC\Application Data\gtk-2.0

2009-11-02 17:37:22 ----D---- C:\Program Files\GIMP-2.0

2009-10-26 19:03:35 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet

2009-10-26 19:03:32 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared

2009-10-19 18:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$

2009-10-19 18:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$

2009-10-19 18:19:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$

2009-10-19 18:19:03 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$

2009-10-19 18:19:00 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$

2009-10-19 18:18:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$

2009-10-19 18:18:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$

2009-10-19 18:18:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$

2009-10-19 18:17:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

 

======List of files/folders modified in the last 1 months======

 

2009-11-16 11:47:26 ----D---- C:\WINDOWS\Prefetch

2009-11-16 11:47:05 ----D---- C:\Program Files\Shaman

2009-11-16 11:24:29 ----D---- C:\Program Files\Mozilla Thunderbird

2009-11-16 11:11:02 ----D---- C:\Documents and Settings\DC\Application Data\Skype

2009-11-16 10:59:50 ----D---- C:\WINDOWS\Temp

2009-11-16 08:38:03 ----D---- C:\Program Files\Mozilla Firefox

2009-11-16 08:09:26 ----D---- C:\Documents and Settings\DC\Application Data\skypePM

2009-11-15 12:44:07 ----AD---- C:\WINDOWS\system32

2009-11-15 12:05:06 ----HD---- C:\$AVG8.VAULT$

2009-11-15 11:00:44 ----HD---- C:\WINDOWS\inf

2009-11-15 11:00:34 ----HD---- C:\WINDOWS\$hf_mig$

2009-11-15 11:00:33 ----D---- C:\WINDOWS\system32\CatRoot2

2009-11-15 11:00:33 ----AD---- C:\WINDOWS

2009-11-15 10:59:28 ----A---- C:\WINDOWS\system32\log.txt

2009-11-15 10:57:52 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-11-15 10:56:41 ----SD---- C:\WINDOWS\Tasks

2009-11-14 15:55:45 ----RASH---- C:\boot.ini

2009-11-14 15:55:45 ----A---- C:\WINDOWS\win.ini

2009-11-14 15:55:45 ----A---- C:\WINDOWS\system.ini

2009-11-10 15:52:23 ----A---- C:\WINDOWS\BRWMARK.INI

2009-11-10 15:12:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-11-10 12:41:52 ----D---- C:\WINDOWS\system32\drivers

2009-11-10 12:41:51 ----RD---- C:\Program Files

2009-11-10 12:15:22 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-11-09 15:46:13 ----D---- C:\Episodus

2009-11-09 11:11:32 ----SHD---- C:\WINDOWS\Installer

2009-11-09 11:11:31 ----D---- C:\Config.Msi

2009-11-05 18:52:51 ----D---- C:\WINDOWS\ie7updates

2009-11-05 11:52:12 ----HD---- C:\Program Files\InstallShield Installation Information

2009-11-05 09:21:24 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-11-02 08:54:01 ----D---- C:\Documents and Settings\All Users\Application Data\RssUpdate

2009-10-29 17:48:55 ----D---- C:\Program Files\Internet Explorer

2009-10-27 17:38:56 ----D---- C:\WINDOWS\LRP

2009-10-26 19:03:40 ----D---- C:\Program Files\Fichiers communs\Adobe

2009-10-26 19:03:39 ----D---- C:\Documents and Settings\DC\Application Data\Adobe

2009-10-26 19:03:32 ----D---- C:\Program Files\Fichiers communs

2009-10-26 19:03:32 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2009-10-26 19:00:19 ----D---- C:\WINDOWS\WinSxS

2009-10-26 18:58:35 ----RSD---- C:\WINDOWS\Fonts

2009-10-26 18:58:22 ----D---- C:\Program Files\Adobe

2009-10-21 05:07:57 ----A---- C:\WINDOWS\system32\mshtml.dll

2009-10-20 08:57:34 ----D---- C:\WINDOWS\Microsoft.NET

2009-10-20 08:57:31 ----RSD---- C:\WINDOWS\assembly

2009-10-19 18:20:16 ----A---- C:\WINDOWS\imsins.BAK

2009-10-19 18:18:54 ----D---- C:\WINDOWS\system32\fr-fr

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-27 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-27 27784]

R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-12 108552]

R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]

R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []

R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360]

R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848]

R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9136]

R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752]

R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216]

R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304]

R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448]

R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552]

R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000]

R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-15 34064]

R2 WavxDMgr;WavxDMgr; C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2008-08-28 208824]

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-09-01 338944]

R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K; C:\WINDOWS\system32\DRIVERS\e1k5132.sys [2008-12-30 144480]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]

R3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-09-01 40832]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-11 6273504]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12288]

R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []

R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]

R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbser;Virtual Comm port driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []

S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]

S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]

S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]

S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]

S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]

S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]

S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 ASFAgent;ASF Agent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968]

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-27 297752]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]

R2 LMS;Intel® Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2008-07-17 174616]

R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]

R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]

R2 TdmService;TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2008-08-28 966656]

R2 UNS;Intel® Active Management Technology User Notification Service; C:\Program Files\Fichiers communs\Intel\Privacy Icon\UNS\UNS.exe [2008-07-17 2054680]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-26 654848]

S2 ERSvcWmiApSrv;Service de rapport d'erreurs ERSvcWmiApSrv; C:\WINDOWS\system32\acleditw.exe [2008-04-14 64512]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]

S2 tcsd_win32.exe;NTRU TSS v1.2.1.28 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2008-08-05 1249280]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2008-08-27 638976]

S3 stllssvr;stllssvr; C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe [2007-07-11 69632]

S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Rends toi sur ce lien : Virus Total

  • Clique sur le bouton Parcourir...
  • Parcours tes dossiers jusque à ce fichier, si tu le trouves :

  • C:\Documents and Settings\All Users\Application Data\RssUpdate\RSSUpdate60.exe

  • Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
  • Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image : txtvt.jpg
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    NB : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

 

*** Tu vas devoir découvrir les dossiers/fichiers cachés pour trouver ce fichier:

 

Afficher les dossiers/fichiers cachés sous XP

 

@++

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Ok, merci et dans ce cas l'analyse ne sera pas nécessaire.

 

Changement d'antivirus: télécharge l'outil de nettoyage AVG au cas où la désinstallation "normale" échouerait http://www.grisoft.com/fr.36 enregistre-le sur le bureau.

 

Télécharge également sur le bureau, l'exécutable d'installation d'Antivir car tu vas devoir déconnecter physiquement l'ordinateur d'internet.

 

Une fois déconnectée, désinstalle AVG; n'utilise le "remover" que si la désinstallation échouait.

Le pc devra être redémarré (ce sera demandé en fin de désinstall).

 

Procède ensuite à l'installation d'Antivir et reconnecte le pc au net au moment de faire les mises à jour des bases virales.

En cas de souci de mise à jour: Mises à jour manuelles d'Antivir

 

Antivir est un antivirus gratuit, efficace et léger, maintenant en français, dont les mises à jour sont quotidiennes et les nouvelles menaces sont rapidement intégrées dans sa base virale. (D'où la meilleure protection).

 

 

 

PS: Quand un fichier infecté est détecté par Antivir, une fenêtre semblable à celle-ci s'ouvre:

 

Avira-Francais-037.jpg

 

Antivir te demande ce qu'il doit faire du fichier infecté.

Choisis Déplacer en quarantaine puis clique sur OK.

 

Tu peux automatiser ce type d'action en cochant une case), comme ci dessous :

 

img-221315ynxxt.jpg

Cela permet de ne pas rester à la surveiller.:P

 

Mets-le à jour puis lance une analyse complète.

Poste le rapport obtenu stp.

 

@+tard.

mulette Member

mulette

Posté(e)
  • Auteur
Posté(e)

je n'avais pas vu ton mail...

Mais application data est maintenant apparent.

J'ai analysé le fichier (qui pour moi correspond à la mise à jour de mon fournisseur internet RSS)

Je fais quand même la suite?

 

 

 

Fichier RSSUpdate60.exe reçu le 2009.11.16 11:20:23 (UTC)

Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 0/41 (0%)

en train de charger les informations du serveur...

Votre fichier est dans la file d'attente, en position: 1.

L'heure estimée de démarrage est entre 43 et 62 secondes.

Ne fermez pas la fenêtre avant la fin de l'analyse.

L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.

Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.

Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,

les résultats seront affichés au fur et à mesure de leur génération.

Formaté Formaté

Impression des résultats Impression des résultats

Votre fichier a expiré ou n'existe pas.

Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

 

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.

Email:

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.41 2009.11.16 -

AhnLab-V3 5.0.0.2 2009.11.13 -

AntiVir 7.9.1.65 2009.11.16 -

Antiy-AVL 2.0.3.7 2009.11.16 -

Authentium 5.2.0.5 2009.11.15 -

Avast 4.8.1351.0 2009.11.16 -

AVG 8.5.0.425 2009.11.16 -

BitDefender 7.2 2009.11.16 -

CAT-QuickHeal 10.00 2009.11.16 -

ClamAV 0.94.1 2009.11.15 -

Comodo 2957 2009.11.15 -

DrWeb 5.0.0.12182 2009.11.16 -

eSafe 7.0.17.0 2009.11.16 -

eTrust-Vet 35.1.7122 2009.11.16 -

F-Prot 4.5.1.85 2009.11.15 -

F-Secure 9.0.15370.0 2009.11.11 -

Fortinet 3.120.0.0 2009.11.16 -

GData 19 2009.11.16 -

Ikarus T3.1.1.74.0 2009.11.16 -

Jiangmin 11.0.800 2009.11.16 -

K7AntiVirus 7.10.896 2009.11.13 -

Kaspersky 7.0.0.125 2009.11.16 -

McAfee 5803 2009.11.15 -

McAfee+Artemis 5803 2009.11.15 -

McAfee-GW-Edition 6.8.5 2009.11.16 -

Microsoft 1.5202 2009.11.16 -

NOD32 4611 2009.11.16 -

Norman 6.03.02 2009.11.16 -

nProtect 2009.1.8.0 2009.11.16 -

Panda 10.0.2.2 2009.11.15 -

PCTools 7.0.3.5 2009.11.16 -

Prevx 3.0 2009.11.16 -

Rising 22.22.00.07 2009.11.16 -

Sophos 4.47.0 2009.11.16 -

Sunbelt 3.2.1858.2 2009.11.12 -

Symantec 1.4.4.12 2009.11.16 -

TheHacker 6.5.0.2.070 2009.11.14 -

TrendMicro 9.0.0.1003 2009.11.16 -

VBA32 3.12.10.11 2009.11.15 -

ViRobot 2009.11.16.2039 2009.11.16 -

VirusBuster 4.6.5.0 2009.11.15 -

Information additionnelle

File size: 224944 bytes

MD5...: f874b1bf95611773050bbde1a5c2134b

SHA1..: 7ddfd39304fe22736fe781fc190710adb41927ed

SHA256: d1353c0696c542aedc5266d751eb0b39ae9f374dd78b57dd01fc24a96d17d510

ssdeep: 6144:B/UtQt016gGdqV27RGtbcmDX/SK6pOQDjlCRh8eO/bdgoSV:B/dt01lGAw7

R2bbaBpOQDA89+oSV

PEiD..: -

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0xa13a0

timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)

machinetype.......: 0x14c (I386)

 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

UPX0 0x1000 0x6f000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

UPX1 0x70000 0x32000 0x32000 8.00 af89aa9e5928ec655e50084eb39c4679

.rsrc 0xa2000 0x2000 0x1e00 4.67 98fd7c093b791c6051f289b0e5278686

 

( 10 imports )

> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess

> advapi32.dll: RegFlushKey

> comctl32.dll: ImageList_Add

> gdi32.dll: SaveDC

> oleaut32.dll: VariantCopy

> shell32.dll: ShellExecuteA

> user32.dll: GetDC

> version.dll: VerQueryValueA

> wininet.dll: InternetQueryOptionA

> wsock32.dll: inet_ntoa

 

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: UPX compressed Win32 Executable (39.5%)

Win32 EXE Yoda's Crypter (34.3%)

Win32 Executable Generic (11.0%)

Win32 Dynamic Link Library (generic) (9.8%)

Generic Win/DOS Executable (2.5%)

sigcheck:

publisher....: Le R_seau sant_ social

copyright....: Copyright © Le R_seau sant_ social

product......: RSSUpdate

description..: RSSUpdate

original name:

internal name:

file version.: 1.0.0.1

comments.....: n/a

signers......: Le R�seau sant� social SAS

Thawte Code Signing CA

Thawte Premium Server CA

signing date.: 3:29 PM 5/5/2008

verified.....: -

packers (Kaspersky): UPX

packers (F-Prot): UPX_LZMA

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...