infection???

[franck81]

Bonjour, voici mon problème :

 

j'ai été contaminé il y a quelques temps par system defender je crois...

j'ai fait malwarebytes ( mis à jour) + adaware + ccleaner. je pensais m'en etre debarassé

 

depuis, impossible de redemarrer en mode sans echec.

de plus apres un redemarrage en mode normal, ma connection internet est en vrac...je dois desactiver et reactiver par la suite.

 

je viens de faire un malwarebytes, voici le rapport;

 

Malwarebytes' Anti-Malware 1.42

Version de la base de données: 3396

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

 

20/12/2009 14:39:09

mbam-log-2009-12-20 (14-39-09).txt

 

Type de recherche: Examen complet (C:\|D:\|G:\|)

Eléments examinés: 191933

Temps écoulé: 31 minute(s), 37 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

 

 

je fais un ad-aware, voici le rapport:

 

 

 

Logfile created: 20/12/2009 10:45:30

Lavasoft Ad-Aware version: 8.1.3

User performing scan: franck_hélène

 

*********************** Definitions database information ***********************

Lavasoft definition file: 149.118

Genotype definition file version: 2009/12/17 16:29:18

 

******************************** Scan results: *********************************

Scan profile name: Analyse complète (ID: full)

Objects scanned: 109128

Objects detected: 76

 

 

Type Detected

==========================

Processes.......: 0

Registry entries: 0

Hostfile entries: 6

Files...........: 0

Folders.........: 0

LSPs............: 0

Cookies.........: 70

Browser hijacks.: 0

MRU objects.....: 0

 

 

 

Removed items:

Description: www.securesoftwarebill.com(74.125.45.100) @ 3 Family Name: Redirected hostfile entry Engine: 1 Clean status: Reboot required Item ID: 1752071 Family ID: 560

Description: secure-plus-payments.com(74.125.45.100) @ 4 Family Name: Redirected hostfile entry Engine: 1 Clean status: Reboot required Item ID: 1752067 Family ID: 560

Description: www.getantivirusplusnow.com(74.125.45.100) @ 5 Family Name: Redirected hostfile entry Engine: 1 Clean status: Reboot required Item ID: 1752066 Family ID: 560

Description: www.secure-plus-payments.com(74.125.45.100) @ 6 Family Name: Redirected hostfile entry Engine: 1 Clean status: Reboot required Item ID: 1752067 Family ID: 560

Description: secure.paysecuresystem.com(74.125.45.100) @ 7 Family Name: Redirected hostfile entry Engine: 1 Clean status: Reboot required Item ID: 1752072 Family ID: 560

Description: paysoftbillsolution.com(74.125.45.100) @ 8 Family Name: Redirected hostfile entry Engine: 1 Clean status: Reboot required Item ID: 1752073 Family ID: 560

Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0

Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0

Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0

Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0

Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0

Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0

Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0

Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0

Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0

Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0

Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0

Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0

Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0

Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0

Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0

Description: *adviva* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409016 Family ID: 0

Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0

Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0

Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0

Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0

Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0

Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0

Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0

Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0

Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0

Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0

Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0

Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0

Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0

Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0

Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0

Description: *mediaplex* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408991 Family ID: 0

Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0

Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0

Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0

Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0

Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0

Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0

Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0

Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0

Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0

Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0

Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0

Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0

Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0

Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0

Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0

Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0

Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0

Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0

Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0

Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0

Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0

Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0

Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0

Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0

Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0

Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0

Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0

Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0

Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0

Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0

Description: *bluestreak* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408904 Family ID: 0

Description: *tradedoubler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408964 Family ID: 0

Description: *tradedoubler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408964 Family ID: 0

Description: *tradedoubler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408964 Family ID: 0

Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0

Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0

Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0

Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0

 

Scan and cleaning complete: Finished correctly after 1598 seconds

 

*********************************** Settings ***********************************

 

Scan profile:

ID: full, enabled:1, value: Analyse complète

ID: folderstoscan, enabled:1, value: C:\,D:\

ID: useantivirus, enabled:1, value: true

ID: sections, enabled:1

ID: scancriticalareas, enabled:1, value: true

ID: scanrunningapps, enabled:1, value: true

ID: scanregistry, enabled:1, value: true

ID: scanlsp, enabled:1, value: true

ID: scanads, enabled:1, value: true

ID: scanhostsfile, enabled:1, value: true

ID: scanmru, enabled:1, value: true

ID: scanbrowserhijacks, enabled:1, value: true

ID: scantrackingcookies, enabled:1, value: true

ID: closebrowsers, enabled:1, value: false

ID: filescanningoptions, enabled:1

ID: archives, enabled:1, value: true

ID: onlyexecutables, enabled:1, value: false

ID: skiplargerthan, enabled:1, value: 20480

ID: scanrootkits, enabled:1, value: true

ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict

ID: usespywareheuristics, enabled:1, value: true

 

Scan global:

ID: global, enabled:1

ID: addtocontextmenu, enabled:1, value: true

ID: playsoundoninfection, enabled:1, value: false

ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

 

Scheduled scan settings:

<Empty>

 

Update settings:

ID: updates, enabled:1

ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently

ID: deffiles, enabled:1, value: dontcheck, domain: dontcheck,downloadandinstall

ID: licenseandinfo, enabled:1, value: dontcheck, domain: dontcheck,downloadandinstall

ID: schedules, enabled:1, value: true

ID: updatedaily1, enabled:1, value: Daily 1

ID: time, enabled:1, value: Sat Dec 19 16:34:00 2009

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily2, enabled:1, value: Daily 2

ID: time, enabled:1, value: Sat Dec 19 22:34:00 2009

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily3, enabled:1, value: Daily 3

ID: time, enabled:1, value: Sat Dec 19 04:34:00 2009

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily4, enabled:1, value: Daily 4

ID: time, enabled:1, value: Sat Dec 19 10:34:00 2009

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updateweekly1, enabled:1, value: Weekly

ID: time, enabled:1, value: Sat Dec 19 16:34:00 2009

ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: true

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: true

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

 

Appearance settings:

ID: appearance, enabled:1

ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource

ID: showtrayicon, enabled:1, value: true

ID: autoentertainmentmode, enabled:1, value: false

ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple

ID: language, enabled:1, value: fr, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

 

Realtime protection settings:

ID: realtime, enabled:1

ID: modules, enabled:1

ID: processprotection, enabled:1, value: true

ID: registryprotection, enabled:1, value: false

ID: networkprotection, enabled:1, value: false

ID: layers, enabled:1

ID: useantivirus, enabled:1, value: false

ID: usespywareheuristics, enabled:1, value: false

ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

 

 

****************************** System information ******************************

Computer name: XPSP2

Processor name: Intel® Core2 Duo CPU E8200 @ 2.66GHz

Processor identifier: x86 Family 6 Model 23 Stepping 6

Processor speed: ~2666MHZ

Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 5894, number of processors 2, processor features: [MMX,SSE,SSE2]

Physical memory available: 2178932736 bytes

Physical memory total: 3219566592 bytes

Virtual memory available: 1997004800 bytes

Virtual memory total: 2147352576 bytes

Memory load: 32%

Microsoft Windows XP Professional Service Pack 3 (build 2600)

Windows startup mode:

 

Running processes:

PID: 496 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: AUTORITE NT

PID: 552 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: AUTORITE NT

PID: 576 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: AUTORITE NT

PID: 620 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: AUTORITE NT

PID: 632 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: AUTORITE NT

PID: 808 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: AUTORITE NT

PID: 836 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: AUTORITE NT

PID: 892 name: C:\WINDOWS\system32\svchost.exe owner: SERVICE RÉSEAU domain: AUTORITE NT

PID: 960 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT

PID: 1052 name: C:\WINDOWS\system32\svchost.exe owner: SERVICE RÉSEAU domain: AUTORITE NT

PID: 1104 name: C:\WINDOWS\system32\svchost.exe owner: SERVICE LOCAL domain: AUTORITE NT

PID: 1200 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: AUTORITE NT

PID: 1392 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: AUTORITE NT

PID: 1464 name: C:\WINDOWS\Explorer.EXE owner: franck_hélène domain: XPSP2

PID: 1544 name: C:\WINDOWS\RTHDCPL.EXE owner: franck_hélène domain: XPSP2

PID: 1604 name: C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE owner: franck_hélène domain: XPSP2

PID: 1612 name: C:\Program Files\McAfee\Common Framework\UdaterUI.exe owner: franck_hélène domain: XPSP2

PID: 1636 name: C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe owner: franck_hélène domain: XPSP2

PID: 1656 name: C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe owner: franck_hélène domain: XPSP2

PID: 1672 name: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe owner: franck_hélène domain: XPSP2

PID: 1688 name: C:\Program Files\iTunes\iTunesHelper.exe owner: franck_hélène domain: XPSP2

PID: 1720 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: franck_hélène domain: XPSP2

PID: 1728 name: C:\Program Files\SFR\Kit\9props.exe owner: franck_hélène domain: XPSP2

PID: 1784 name: C:\Program Files\McAfee\Common Framework\McTray.exe owner: franck_hélène domain: XPSP2

PID: 1952 name: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: AUTORITE NT

PID: 1976 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: AUTORITE NT

PID: 2024 name: C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe owner: SYSTEM domain: AUTORITE NT

PID: 404 name: C:\Program Files\McAfee\Common Framework\FrameworkService.exe owner: SYSTEM domain: AUTORITE NT

PID: 428 name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe owner: SYSTEM domain: AUTORITE NT

PID: 352 name: C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe owner: SYSTEM domain: AUTORITE NT

PID: 636 name: C:\Program Files\McAfee\Common Framework\naPrdMgr.exe owner: SYSTEM domain: AUTORITE NT

PID: 992 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: AUTORITE NT

PID: 2304 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: AUTORITE NT

PID: 2340 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: AUTORITE NT

PID: 2424 name: C:\WINDOWS\system32\wscntfy.exe owner: franck_hélène domain: XPSP2

PID: 2528 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: AUTORITE NT

PID: 2844 name: C:\WINDOWS\System32\alg.exe owner: SERVICE LOCAL domain: AUTORITE NT

PID: 3424 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: franck_hélène domain: XPSP2

PID: 2980 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: franck_hélène domain: XPSP2

 

Startup items:

Name: CTFMON.EXE

imagepath: C:\WINDOWS\system32\CTFMON.EXE

Name: RTHDCPL

imagepath: RTHDCPL.EXE

Name: Alcmtr

imagepath: ALCMTR.EXE

Name: JMB36X IDE Setup

imagepath: C:\WINDOWS\RaidTool\xInsIDE.exe

Name: 36X Raid Configurer

imagepath: C:\WINDOWS\system32\xRaidSetup.exe boot

Name: ShStatEXE

imagepath: "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

Name: McAfeeUpdaterUI

imagepath: "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

Name: Adobe Reader Speed Launcher

imagepath: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

Name: NeroFilterCheck

imagepath: C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

Name: SunJavaUpdateSched

imagepath: "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

Name: SSBkgdUpdate

imagepath: "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

Name: OpwareSE4

imagepath: "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

Name: CanonSolutionMenu

imagepath: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

Name: CanonMyPrinter

imagepath: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

Name: QuickTime Task

imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime

Name: iTunesHelper

imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"

Name: AppleSyncNotifier

imagepath: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

Name: nwiz

imagepath: C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

Name: NvCplDaemon

imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

Name: NvMediaCenter

imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}

imagepath: Pré-chargeur Browseui

Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}

imagepath: Démon de cache des catégories de composant

Name: PostBootReminder

imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}

Name: CDBurn

imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}

Name: WebCheck

imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

Name: SysTray

imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}

Name: WPDShServiceObj

imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

Name:

imagepath: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini

Name:

imagepath: C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\desktop.ini

 

Bootexecute items:

Name:

imagepath: autocheck autochk *

Name:

imagepath: lsdelete

 

Running services:

Name: ALG

displayname: Service de la passerelle de la couche Application

Name: Apple Mobile Device

displayname: Apple Mobile Device

Name: AudioSrv

displayname: Audio Windows

Name: Bonjour Service

displayname: Service Bonjour

Name: Browser

displayname: Explorateur d'ordinateur

Name: CryptSvc

displayname: Services de cryptographie

Name: DcomLaunch

displayname: Lanceur de processus serveur DCOM

Name: Dhcp

displayname: Client DHCP

Name: dmserver

displayname: Gestionnaire de disque logique

Name: Dnscache

displayname: Client DNS

Name: ERSvc

displayname: Service de rapport d'erreurs

Name: Eventlog

displayname: Journal des événements

Name: EventSystem

displayname: Système d'événements de COM+

Name: FastUserSwitchingCompatibility

displayname: Compatibilité avec le Changement rapide d'utilisateur

Name: helpsvc

displayname: Aide et support

Name: iPod Service

displayname: Service de l’iPod

Name: lanmanserver

displayname: Serveur

Name: lanmanworkstation

displayname: Station de travail

Name: Lavasoft Ad-Aware Service

displayname: Lavasoft Ad-Aware Service

Name: LightScribeService

displayname: LightScribeService Direct Disc Labeling Service

Name: LmHosts

displayname: Assistance TCP/IP NetBIOS

Name: McAfeeFramework

displayname: McAfee Framework Service

Name: McShield

displayname: McAfee McShield

Name: McTaskManager

displayname: McAfee Task Manager

Name: Netman

displayname: Connexions réseau

Name: Nla

displayname: NLA (Network Location Awareness)

Name: NVSvc

displayname: NVIDIA Display Driver Service

Name: PlugPlay

displayname: Plug-and-Play

Name: PolicyAgent

displayname: Services IPSEC

Name: ProtectedStorage

displayname: Emplacement protégé

Name: RasMan

displayname: Gestionnaire de connexions d'accès distant

Name: RemoteRegistry

displayname: Accès à distance au Registre

Name: RpcSs

displayname: Appel de procédure distante (RPC)

Name: SamSs

displayname: Gestionnaire de comptes de sécurité

Name: Schedule

displayname: Planificateur de tâches

Name: seclogon

displayname: Connexion secondaire

Name: SENS

displayname: Notification d'événement système

Name: SharedAccess

displayname: Pare-feu Windows / Partage de connexion Internet

Name: ShellHWDetection

displayname: Détection matériel noyau

Name: Spooler

displayname: Spouleur d'impression

Name: SSDPSRV

displayname: Service de découvertes SSDP

Name: stisvc

displayname: Acquisition d'image Windows (WIA)

Name: TapiSrv

displayname: Téléphonie

Name: TermService

displayname: Services Terminal Server

Name: Themes

displayname: Thèmes

Name: TrkWks

displayname: Client de suivi de lien distribué

Name: W32Time

displayname: Horloge Windows

Name: WebClient

displayname: WebClient

Name: winmgmt

displayname: Infrastructure de gestion Windows

Name: wscsvc

displayname: Centre de sécurité

Name: wuauserv

displayname: Mises à jour automatiques

Name: WZCSVC

displayname: Configuration automatique sans fil

 

je parcours les forums depuis 2 jours et j'ai des doutes sur ces trucs:

Description: www.securesoftwarebill.com(74.125.45.100) @ 3 Family Name: Redirected hostfile entry Engine: 1 Clean status: Reboot required Item ID: 1752071 Family ID: 560

Description: secure-plus-payments.com(74.125.45.100) @ 4 Family Name: Redirected hostfile entry Engine: 1 Clean status: Reboot required Item ID: 1752067 Family ID: 560

Description: www.getantivirusplusnow.com(74.125.45.100) @ 5 Family Name: Redirected hostfile entry Engine: 1 Clean status: Reboot required Item ID: 1752066 Family ID: 560

Description: www.secure-plus-payments.com(74.125.45.100) @ 6 Family Name: Redirected hostfile entry Engine: 1 Clean status: Reboot required Item ID: 1752067 Family ID: 560

Description: secure.paysecuresystem.com(74.125.45.100) @ 7 Family Name: Redirected hostfile entry Engine: 1 Clean status: Reboot required Item ID: 1752072 Family ID: 560

Description: paysoftbillsolution.com(74.125.45.100) @ 8 Family Name: Redirected hostfile entry Engine: 1 Clean status: Reboot required Item ID: 1752073 Family ID: 560

 

mais je ne sais pas comment faire...car ad aware me dit qu'un redemarrage est necessaire mais à la remise en route internet est deconnecté et MAB ne trouve rien alors que adaware les retrouve...

 

à noter mon antivirus est macafee ( de mon entreprise) mis à jour également.

 

Merci pour votre aide

[Falkra]

Bonjour, bienvenue.

 

Messages : 2

Si jamais tu as besoin de quelques infos ou dun peu d'aide pour retrouver tes posts :

• Comment participer à un forum
  
• Retrouver ses messages
  

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau. Cet outil va faire un état des lieux, lire la configuration, comme HijackThis, mais en plus détaillé.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• NB : Les rapports sont sauvegardés dans le dossier C:\rsit
  Ca fait deux rapports donc. Comme ils sont longs, tu peux faire 2 réponses, une par rapport.
  

[franck81]

Bonjour et merci de m'aider

 

quand je lance RIST il me met un souci avec HOST.... je sais pas trop quoi

par curiosité je suis allé dans windows/system32/...

je ne trouve plus etc/host...

 

cepandant j'ai fait RIST dans l'apres midi ( avant de crier Help sur le forum) et voici le info.txt de l'apres midi:

 

info.txt logfile of random's system information tool 1.06 2009-12-20 15:28:09

 

======Uninstall list======

 

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->MsiExec /X{5DB65884-C963-4454-AABA-4CA3089281FA}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE

Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}

Alcohol 120% (Trial Version)-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}

Alcoholer - Multiprofiler v4.0b-->"C:\Program Files\Alcoholer\unins000.exe"

Alcoholer All Required Components-->C:\WINDOWS\unins000.exe

Alcoholer Required DB Components-->C:\WINDOWS\unins001.exe

ANNO 1404-->"C:\Program Files\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\Setup.exe" -runfromtemp -l0x040c -removeonly

Anno 1701-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2433A63-5F5D-40E5-B529-9123C2B3E734}\Setup.exe" -l0x40c -removeonly

Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Architecte Studio Pro-->MsiExec.exe /I{C59CD0C6-EC2D-4D00-8AF5-A899C8C12D47}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Audacity 1.3.7 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"

AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Call of Duty Modern Warfare 2-->"C:\Program Files\Call of Duty\Modern Warfare 2\unins000.exe"

Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini

Canon MP220 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series /L0x000c

Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini

Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini

Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CSV2ASC-->C:\Program Files\CSV2ASC\uninstall.exe

DVD Audio Extractor 4.4.1-->"C:\Program Files\DVD Audio Extractor\unins000.exe"

DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"

Enregistrement utilisateur de Canon MP220 series-->C:\Program Files\Canon\IJEREG\MP220 series\UNINST.EXE

EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"

Extension Système de Microsoft Money-->MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}

Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x40c -removeonly

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

IsoBuster 1.4-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"

iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}

Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}

K-Lite Codec Pack 3.6.1 Full BETA-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf

LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{B578C85A-A84C-4230-A177-C5B2AF565B8C}

Microsoft Games for Windows - LIVE-->MsiExec.exe /X{B45FABE7-D101-4D99-A671-E16DA40AF7F0}

Microsoft Money-->MsiExec.exe /I{1D643CD0-4DD6-11D7-A4E0-000874180BB3}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Mio Transfer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2003F533-7639-4436-8404-CB3DE67F1FFA}\setup.exe" -l0x40c

MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe

Mozilla Firefox (1.0.3)-->C:\WINDOWS\UninstallFirefox.exe /ua "1.0.3 (fr-FR)"

Mozilla Thunderbird (1.0.2)-->C:\WINDOWS\UninstallThunderbird.exe /ua "1.0.2 (fr)"

MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}

Need for Speed™ SHIFT-->MsiExec.exe /X{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}

Nero 7 Essentials-->MsiExec.exe /X{BC61F51E-8AF7-46B9-AF20-B33B5EE81036}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall

NVIDIA PhysX-->MsiExec.exe /X{5DB65884-C963-4454-AABA-4CA3089281FA}

OpenOffice.org 2.0-->MsiExec.exe /I{752783F5-0CFC-44C3-9E1F-CAF17C4508E7}

OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}

PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_2828.exe" _?=C:\Program Files\PDFCreator Toolbar

PDFCreator-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_2828.exe" -hu _?=C:\Program Files\PDFCreator Toolbar

Pro Evolution Soccer 2008-->C:\Program Files\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x040c

PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u

QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}

REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x040c -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x40c -removeonly

Rip It ! (CD)-->"C:\Program Files\Rip It !\unins000.exe"

Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly

ScanSoft OmniPage SE 4-->MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}

SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe

Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

Yahoo! Companion-->rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui

 

======Hosts File======

 

74.125.45.100 safebrowsing-cache.google.com

74.125.45.100 urs.microsoft.com

74.125.45.100 www.securesoftwarebill.com

74.125.45.100 secure-plus-payments.com

74.125.45.100 www.getantivirusplusnow.com

74.125.45.100 www.secure-plus-payments.com

74.125.45.100 secure.paysecuresystem.com

74.125.45.100 paysoftbillsolution.com

74.125.45.100 protected.maxisoftwaremart.com

67.215.245.21 www.google-analytics.com

93.174.89.12 google.ae

93.174.89.12 google.as

93.174.89.12 google.at

93.174.89.12 google.az

93.174.89.12 google.ba

93.174.89.12 google.be

93.174.89.12 google.bg

93.174.89.12 google.bs

93.174.89.12 google.ca

93.174.89.12 google.cd

93.174.89.12 google.com.gh

93.174.89.12 google.com.hk

93.174.89.12 google.com.jm

93.174.89.12 google.com.mx

93.174.89.12 google.com.my

93.174.89.12 google.com.na

93.174.89.12 google.com.nf

93.174.89.12 google.com.ng

93.174.89.12 google.ch

93.174.89.12 google.com.np

93.174.89.12 google.com.pr

93.174.89.12 google.com.qa

93.174.89.12 google.com.sg

93.174.89.12 google.com.tj

93.174.89.12 google.com.tw

93.174.89.12 google.dj

93.174.89.12 google.de

93.174.89.12 google.dk

93.174.89.12 google.dm

93.174.89.12 google.ee

93.174.89.12 google.fi

93.174.89.12 google.fm

93.174.89.12 google.fr

93.174.89.12 google.ge

93.174.89.12 google.gg

93.174.89.12 google.gm

93.174.89.12 google.gr

93.174.89.12 google.ht

93.174.89.12 google.ie

93.174.89.12 google.im

93.174.89.12 google.in

93.174.89.12 google.it

93.174.89.12 google.ki

93.174.89.12 google.la

93.174.89.12 google.li

93.174.89.12 google.lv

93.174.89.12 google.ma

93.174.89.12 google.ms

93.174.89.12 google.mu

93.174.89.12 google.mw

93.174.89.12 google.nl

93.174.89.12 google.no

93.174.89.12 google.nr

93.174.89.12 google.nu

93.174.89.12 google.pl

93.174.89.12 google.pn

93.174.89.12 google.pt

93.174.89.12 google.ro

93.174.89.12 google.ru

93.174.89.12 google.rw

93.174.89.12 google.sc

93.174.89.12 google.se

93.174.89.12 google.sh

93.174.89.12 google.si

93.174.89.12 google.sm

93.174.89.12 google.sn

93.174.89.12 google.st

93.174.89.12 google.tl

93.174.89.12 google.tm

93.174.89.12 google.tt

93.174.89.12 google.us

93.174.89.12 google.vu

93.174.89.12 google.ws

93.174.89.12 google.co.ck

93.174.89.12 google.co.id

93.174.89.12 google.co.il

93.174.89.12 google.co.in

93.174.89.12 google.co.jp

93.174.89.12 google.co.kr

93.174.89.12 google.co.ls

93.174.89.12 google.co.ma

93.174.89.12 google.co.nz

93.174.89.12 google.co.tz

93.174.89.12 google.co.ug

93.174.89.12 google.co.uk

93.174.89.12 google.co.za

93.174.89.12 google.co.zm

93.174.89.12 google.com

93.174.89.12 google.com.af

93.174.89.12 google.com.ag

93.174.89.12 google.com.ar

93.174.89.12 google.com.au

93.174.89.12 google.com.bn

93.174.89.12 google.com.br

93.174.89.12 google.com.by

93.174.89.12 google.com.bz

93.174.89.12 google.com.cu

93.174.89.12 google.com.ec

93.174.89.12 google.com.fj

93.174.89.12 www.google.ae

93.174.89.12 www.google.as

93.174.89.12 www.google.at

93.174.89.12 www.google.az

93.174.89.12 www.google.ba

93.174.89.12 www.google.be

93.174.89.12 www.google.bg

93.174.89.12 www.google.bs

93.174.89.12 www.google.ca

93.174.89.12 www.google.cd

93.174.89.12 www.google.com.gh

93.174.89.12 www.google.com.hk

93.174.89.12 www.google.com.jm

93.174.89.12 www.google.com.mx

93.174.89.12 www.google.com.my

93.174.89.12 www.google.com.na

93.174.89.12 www.google.com.nf

93.174.89.12 www.google.com.ng

93.174.89.12 www.google.ch

93.174.89.12 www.google.com.np

93.174.89.12 www.google.com.pr

93.174.89.12 www.google.com.qa

93.174.89.12 www.google.com.sg

93.174.89.12 www.google.com.tj

93.174.89.12 www.google.com.tw

93.174.89.12 www.google.dj

93.174.89.12 www.google.de

93.174.89.12 www.google.dk

93.174.89.12 www.google.dm

93.174.89.12 www.google.ee

93.174.89.12 www.google.fi

93.174.89.12 www.google.fm

93.174.89.12 www.google.fr

93.174.89.12 www.google.ge

93.174.89.12 www.google.gg

93.174.89.12 www.google.gm

93.174.89.12 www.google.gr

93.174.89.12 www.google.ht

93.174.89.12 www.google.ie

93.174.89.12 www.google.im

93.174.89.12 www.google.in

93.174.89.12 www.google.it

93.174.89.12 www.google.ki

93.174.89.12 www.google.la

93.174.89.12 www.google.li

93.174.89.12 www.google.lv

93.174.89.12 www.google.ma

93.174.89.12 www.google.ms

93.174.89.12 www.google.mu

93.174.89.12 www.google.mw

93.174.89.12 www.google.nl

93.174.89.12 www.google.no

93.174.89.12 www.google.nr

93.174.89.12 www.google.nu

93.174.89.12 www.google.pl

93.174.89.12 www.google.pn

93.174.89.12 www.google.pt

93.174.89.12 www.google.ro

93.174.89.12 www.google.ru

93.174.89.12 www.google.rw

93.174.89.12 www.google.sc

93.174.89.12 www.google.se

93.174.89.12 www.google.sh

93.174.89.12 www.google.si

93.174.89.12 www.google.sm

93.174.89.12 www.google.sn

93.174.89.12 www.google.st

93.174.89.12 www.google.tl

93.174.89.12 www.google.tm

93.174.89.12 www.google.tt

93.174.89.12 www.google.us

93.174.89.12 www.google.vu

93.174.89.12 www.google.ws

93.174.89.12 www.google.co.ck

93.174.89.12 www.google.co.id

93.174.89.12 www.google.co.il

93.174.89.12 www.google.co.in

93.174.89.12 www.google.co.jp

93.174.89.12 www.google.co.kr

93.174.89.12 www.google.co.ls

93.174.89.12 www.google.co.ma

93.174.89.12 www.google.co.nz

93.174.89.12 www.google.co.tz

93.174.89.12 www.google.co.ug

93.174.89.12 www.google.co.uk

93.174.89.12 www.google.co.za

93.174.89.12 www.google.co.zm

93.174.89.12 www.google.com

93.174.89.12 www.google.com.af

93.174.89.12 www.google.com.ag

93.174.89.12 www.google.com.ar

93.174.89.12 www.google.com.au

93.174.89.12 www.google.com.bn

93.174.89.12 www.google.com.br

93.174.89.12 www.google.com.by

93.174.89.12 www.google.com.bz

93.174.89.12 www.google.com.cu

93.174.89.12 www.google.com.ec

93.174.89.12 www.google.com.fj

93.174.89.12 google.com

93.174.89.12 www.google.com

93.174.89.12 bing.com

93.174.89.12 www.bing.com

93.174.89.12 search.yahoo.com

93.174.89.12 www.search.yahoo.com

93.174.89.12 search.live.com

93.174.89.12 search.msn.com

93.174.89.12 uk.search.yahoo.com

93.174.89.12 ca.search.yahoo.com

93.174.89.12 de.search.yahoo.com

93.174.89.12 fr.search.yahoo.com

93.174.89.12 au.search.yahoo.com

 

 

======Security center information======

 

AV: System Defender

AV: McAfee VirusScan Enterprise

AV: Windows System Defender

FW: System Defender

FW: Windows System Defender

 

======System event log======

 

Computer Name: XPSP2

Event Code: 7036

Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

 

Record Number: 35669

Source Name: Service Control Manager

Time Written: 20091112193522.000000+060

Event Type: Informations

User:

 

Computer Name: XPSP2

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

 

Record Number: 35668

Source Name: Service Control Manager

Time Written: 20091112193522.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: XPSP2

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Service de l’iPod.

 

Record Number: 35667

Source Name: Service Control Manager

Time Written: 20091112193522.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: XPSP2

Event Code: 7036

Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

 

Record Number: 35666

Source Name: Service Control Manager

Time Written: 20091112193522.000000+060

Event Type: Informations

User:

 

Computer Name: XPSP2

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

 

Record Number: 35665

Source Name: Service Control Manager

Time Written: 20091112193522.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

=====Application event log=====

 

Computer Name: XPSP2

Event Code: 5000

Message: Service McShield démarré.

 

Version du moteur : 5301.4018

 

Version du fichier DAT : 5791.0000

 

 

 

Nombre de signatures dans le fichier EXTRA.DAT : Aucun

 

Nom des menaces pouvant être détectées par EXTRA.DAT : Aucun

 

Record Number: 24335

Source Name: McLogEvent

Time Written: 20091121081456.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: XPSP2

Event Code: 1800

Message: Le service Centre de sécurité Windows a démarré.

 

Record Number: 24334

Source Name: SecurityCenter

Time Written: 20091121081446.000000+060

Event Type: Informations

User:

 

Computer Name: XPSP2

Event Code: 1

Message:

Record Number: 24333

Source Name: Bonjour Service

Time Written: 20091121081438.000000+060

Event Type: Informations

User:

 

Computer Name: XPSP2

Event Code: 4

Message: The LightScribe Service started successfully.

 

Record Number: 24332

Source Name: LightScribeService

Time Written: 20091121081438.000000+060

Event Type: Informations

User:

 

Computer Name: XPSP2

Event Code: 257

Message: Elément bloqué par une règle de blocage de port (Protection standard antivirus:Empêcher la communication IRC).

 

Record Number: 24331

Source Name: McLogEvent

Time Written: 20091120202620.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=1706

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club

"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip

 

-----------------EOF-----------------

 

 

et le log.txt:

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by franck_hélène at 2009-12-20 19:04:40

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 95 GB (48%) free of 200 GB

Total RAM: 3070 MB (78% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:04:58, on 20/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\SFR\Kit\9props.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\franck_hélène\Bureau\RSIT.exe

C:\Program Files\trend micro\franck_hélène.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 7829 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]

Objet d'aide à la navigation SFR - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll [2009-10-15 165184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll [2006-11-30 67136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]

PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2008-08-02 757760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]

{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2008-08-02 757760]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]

"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-08-29 1966080]

"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-02-22 112216]

"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-12-19 136768]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]

"SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-04-03 644696]

"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-09 1657376]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Connexion SFR 9props.exe"=C:\Program Files\SFR\Kit\9props.exe [2009-10-15 959808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"

"C:\Program Files\eChanblard\emule.exe"="C:\Program Files\eChanblard\emule.exe:*:Enabled:eChanblard"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Disabled:GPGNet - Supreme Commander"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Disabled:Grand Theft Auto IV"

"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV"

"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Disabled:Rockstar Games Social Club"

"C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"

"C:\Program Files\Anno 1701\Anno1701.exe"="C:\Program Files\Anno 1701\Anno1701.exe:*:Disabled:Anno 1701"

"C:\Program Files\DVICO\TViXNetShare\TViXNetShare.exe"="C:\Program Files\DVICO\TViXNetShare\TViXNetShare.exe:*:Disabled:TViXNetShare"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe"="C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Disabled:Anno4Web"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caba9096-5906-11de-9ff4-001a4d5a5e3d}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL KIT_NEUROPSY_Tome_2_BAT_24.02.09.pdf

 

 

======List of files/folders created in the last 1 months======

 

2009-12-20 15:27:34 ----D---- C:\rsit

2009-12-20 15:27:34 ----D---- C:\Program Files\trend micro

2009-12-19 17:10:10 ----A---- C:\WINDOWS\system32\lsdelete.exe

2009-12-19 16:33:56 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2009-12-19 16:33:48 ----D---- C:\Program Files\Lavasoft

2009-12-16 17:34:56 ----SHD---- C:\Documents and Settings\All Users\Application Data\WSNZSYQVRD_APDM

2009-12-12 11:42:49 ----HD---- C:\WINDOWS\system32\GroupPolicy

2009-12-12 10:40:24 ----D---- C:\Program Files\SFR

2009-12-12 10:37:45 ----A---- C:\WINDOWS\RTacDbg.txt

2009-12-05 11:56:11 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-12-02 17:42:20 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles

2009-12-01 18:38:18 ----D---- C:\Program Files\Call of Duty

2009-12-01 17:08:58 ----D---- C:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP

2009-12-01 17:06:19 ----D---- C:\Program Files\NVIDIA Corporation

2009-12-01 17:06:11 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

2009-12-01 17:05:42 ----RA---- C:\WINDOWS\system32\nvuninst.exe

2009-11-28 16:12:11 ----D---- C:\WINDOWS\NV28563132.TMP

2009-11-28 15:49:36 ----A---- C:\WINDOWS\system32\nvudisp.exe

 

======List of files/folders modified in the last 1 months======

 

2009-12-20 18:05:42 ----D---- C:\WINDOWS\Prefetch

2009-12-20 18:05:10 ----D---- C:\WINDOWS\Temp

2009-12-20 15:27:34 ----RD---- C:\Program Files

2009-12-20 11:29:04 ----D---- C:\WINDOWS\system32\CatRoot2

2009-12-20 11:29:04 ----D---- C:\WINDOWS

2009-12-19 19:35:21 ----SD---- C:\WINDOWS\Tasks

2009-12-19 17:10:10 ----D---- C:\WINDOWS\system32

2009-12-19 16:34:23 ----D---- C:\WINDOWS\system32\drivers

2009-12-19 16:34:23 ----D---- C:\WINDOWS\inf

2009-12-19 16:34:20 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-12-19 16:33:56 ----SHD---- C:\WINDOWS\Installer

2009-12-19 16:33:48 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2009-12-19 15:12:02 ----D---- C:\QUARANTINE

2009-12-19 08:10:06 ----D---- C:\WINDOWS\Help

2009-12-18 19:32:28 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-12-18 17:42:51 ----D---- C:\WINDOWS\addins

2009-12-18 14:32:43 ----A---- C:\WINDOWS\NeroDigital.ini

2009-12-17 16:48:56 ----HD---- C:\Program Files\InstallShield Installation Information

2009-12-17 16:48:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-12-16 17:35:01 ----SHD---- C:\Documents and Settings\All Users\Application Data\9862ec8

2009-12-12 10:37:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-12-01 17:08:53 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

2009-11-28 16:19:51 ----D---- C:\WINDOWS\nview

2009-11-28 16:02:54 ----D---- C:\WINDOWS\system32\Restore

2009-11-22 16:41:52 ----D---- C:\Documents and Settings\franck_hélène\Application Data\Audacity

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]

R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []

R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-08-21 281760]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-08-21 25888]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]

R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]

R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264]

R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152]

R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-02-22 170408]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-14 7741664]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 DsAudioDevice_207;DsAudioDevice_207; C:\WINDOWS\system32\drivers\DsAudioDevice_207.sys [2009-01-08 16640]

S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8192su.sys [2009-05-15 583552]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-08-19 32128]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-19 1181328]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2007-06-28 79136]

R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-12-19 104000]

R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-02-22 144960]

R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-02-22 54872]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-14 168004]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[Falkra]

Il n'y a rien de vraiment anormal côté rapport.

 

Le fichier hosts contient des choses, on peut le remettre à zéro si besoin.

 

Tu peux télécharger et utiliser R-hosts pour remettre un hosts par défaut :

http://siri.urz.free.fr/RHosts.php

 

Côté itnernet, tu dis que c'est en vrac, peux-tu préciser le problème stp ?

[franck81]

je n'arrive pas a restaurer le fichier Host : il me met imposible de creer le fichier Host

 

 

pour internet, en fait je fais adaware qui trouve des chose qui necessite un redemarrage, et ensuite ma connection est limité ou inexistante

de plus je suis rediriger ailleus quand je vais sur certains sites

[franck81]

j'ai aussi fait une analyse avec kaspersky online

voila le rapport:

 

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Monday, December 21, 2009

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Monday, December 21, 2009 11:13:15

Records in database: 3395108

--------------------------------------------------------------------------------

 

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

 

Scan statistics:

Objects scanned: 77148

Threats found: 5

Infected objects found: 5

Suspicious objects found: 0

Scan duration: 01:39:40

 

 

File name / Threat / Threats count

C:\Documents and Settings\franck_hélène\Application Data\Thunderbird\Profiles\ompm9ma5.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.lua 1

C:\Documents and Settings\franck_hélène\Application Data\Thunderbird\Profiles\ompm9ma5.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.lxg 1

C:\Documents and Settings\franck_hélène\Application Data\Thunderbird\Profiles\ompm9ma5.default\Mail\Local Folders\Inbox Infected: Trojan.Win32.Pakes.lgd 1

C:\Documents and Settings\franck_hélène\Application Data\Thunderbird\Profiles\ompm9ma5.default\Mail\Local Folders\Inbox Infected: Trojan.Win32.Small.yfv 1

C:\Documents and Settings\franck_hélène\Application Data\Thunderbird\Profiles\ompm9ma5.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.rwo 1

 

Selected area has been scanned.

[Falkra]

Un mail pourri avec une pièce jointe piégée (là par contre, pour trouver lequel...).

 

Va voir dans c:\windows\system32\drivers\etc\ si tu as un fichier nommé "hosts" (tout court, sans extension).

 

Tu peux avoir besoin d'afficher les fichiers cachés et masqués du système, temporairement.

[franck81]

bonjour, voci je que j'ai:

drivers était caché, j'ai un dossier system32\divers\etc\lmhosts

[Falkra]

As-tu un fichier "hosts" tout court, sans extension, là dedans ?

Je peux aussi te faire regarder avec un petit programme qui fera le rapport, si tu as des doutes.

[franck81]

merci de m'aider Falkra

 

non je n'ai pas de host tout court, le pire c'est que maintenant même drivers est caché

 

dans etc il y a lmhost fichier SAM, networks, protocol et services.