Ok, attention les yeux les gens, voici les trois rapports :
List'em by g3n-h@ckm@n 1.3.2.3
User : Urzu (Administrateurs)
Update on 15/03/2010 by g3n-h@ckm@n ::::: 00.30
Start at: 20:14:03 | 16/03/2010
Contact :
http://www.commentcamarche.net/forum/forum-7-virus-securite
Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz
Microsoft Windows 7 Édition Intégrale (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
AV : ESET Smart Security 3.0 3.0 [ (!) Disabled | Updated ]
FW : Pare-feu personnel d'ESET[ (!) Disabled ]3.0.672.0
C:\ -> Disque fixe local | 220,27 Go (32,32 Go free) | NTFS
D:\ -> Disque fixe local | 10 Go (5,16 Go free) [RECOVERY] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Virtual CD v10\System\VC10SecS.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\cmd.exe
C:\Program Files\List_Kill'em\FxEx.scr
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint REG_SZ C:\Program Files\DellTPad\Apoint.exe
SigmatelSysTrayApp REG_SZ C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
IAAnotif REG_SZ C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
egui REG_SZ "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 0 (0x0)
ConsentPromptBehaviorUser REG_DWORD 3 (0x3)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 0 (0x0)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ Hey there !
legalnoticetext REG_SZ Welcome back Urzu !
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
PreCreateKnownFolders REG_SZ {A520A1A4-1780-4FF6-BD18-167343C5AF16}
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VMApplet REG_SZ SystemPropertiesPerformance.exe /pagefile
AutoRestartShell REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
CachedLogonsCount REG_SZ 10
DebugServerCommand REG_SZ no
ForceUnlockLogon REG_DWORD 0 (0x0)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 43 (0x2b)
AutoAdminLogon REG_SZ 0
PasswordExpiryWarning REG_DWORD 14 (0xe)
ScreenSaverGracePeriod REG_SZ 5
===============
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe REG_SZ C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe REG_SZ C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe REG_SZ C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{325E3DFE-B41F-4C26-8CD8-A9D4C7F00FE4}: DhcpNameServer=130.102.128.43 130.102.2.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{59094014-AA84-480A-A02D-1F8EB5B0E2F9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F5779330-5191-4AFD-BD2A-F8B1F4CDFF33}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{325E3DFE-B41F-4C26-8CD8-A9D4C7F00FE4}: DhcpNameServer=130.102.128.43 130.102.2.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{59094014-AA84-480A-A02D-1F8EB5B0E2F9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F5779330-5191-4AFD-BD2A-F8B1F4CDFF33}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{325E3DFE-B41F-4C26-8CD8-A9D4C7F00FE4}: DhcpNameServer=130.102.128.43 130.102.2.15
HKLM\SYSTEM\CS2\Services\Tcpip\..\{59094014-AA84-480A-A02D-1F8EB5B0E2F9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F5779330-5191-4AFD-BD2A-F8B1F4CDFF33}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ
http://fr.msn.com/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ
http://fr.msn.com/
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x3 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\drivers\atapi.sys
##
21584,338c86357871c167a96ab976519bf59e,f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6,C:\Windows\System32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
##
21584,338c86357871c167a96ab976519bf59e,f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
##
21584,338c86357871c167a96ab976519bf59e,f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
=======
Drive :
=======
D‚fragmenteur de disque Microsoft
Copyright (c) 2007 Microsoft Corp.
Invocation de analyse sur (C:)...
L'op‚ration a r‚ussi.
Post Defragmentation Report:
Informations sur le volumeÿ:
Taille du volume = 220,26 Go
Espace libre = 32,32 Go
Quantit‚ totale d'espace fragment‚ = 0%
Taille maximale d'espace libre = 1,31 Go
Remarqueÿ: les fragments de fichier de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.
Il n'est pas n‚cessaire de d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\install.exe
Present !! : C:\Program Files\mozilla firefox\components\flashgetXpi.dll
Present !! : C:\Program Files\Mozilla Firefox\components\npclntax.xpt
Present !! : C:\Windows\iun6002.exe
Present !! : C:\Windows\jestertb.dll
Present !! : C:\Windows\System32\drivers\etc\hosts.msn
Present !! : C:\Windows\System32\ealregsnapshot1.reg
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{32099AAC-C132-4136-9E9A-4E364A424E17}
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-03-16 20:35:47
Windows 6.1.7600 FAT NTAPI
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x864F7B4C]<<
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Nouveau dossier (2)\AOE\crack.zip
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 20:36:43,01
*******************
********************
**********************
****************************
***********************************
Rapport n°2 :
======= RAPPORT D'AD-REMOVER 2.0.0.0,A | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 15/03/10 à 17:00
Contact: AdRemover.contact@gmail.com
Site web:
http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 19:55:45 le 16/03/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
Système d'exploitation: Microsoft® Windows 7™ Ultimate
Nom du PC: URZUS | Utilisateur actuel: Urzu (Administrateur)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
C:\Program Files\Mozilla FireFox\extensions\search@searchsettings.com
C:\Program Files\Search Settings
C:\ProgramData\Search Settings
C:\Users\Urzu\AppData\LocalLow\Search Settings
C:\Users\Urzu\AppData\LocalLow\Zango
C:\Users\Urzu\AppData\Roaming\Search Settings
(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\AppDataLow\Software\zango
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Search Settings
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\Installer\Products\79CAA1B036589D14EA74856E2A220F1E
HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ZangoOE
HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ZangoSA
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\79CAA1B036589D14EA74856E2A220F1E
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
HKLM\Software\Search Settings
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\kb128\SearchSettings.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\kb128\SearchSettingsRes409.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.exe
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.6 (fr) *
.
C:\Users\Urzu\..\obdljlx6.default\prefs.js - browser.download.dir: C:\\Users\\Urzu\\Downloads
C:\Users\Urzu\..\obdljlx6.default\prefs.js - browser.download.lastDir: C:\\Users\\Urzu\\Desktop
C:\Users\Urzu\..\obdljlx6.default\prefs.js - browser.startup.homepage: hxxp://www.google.com.au/ig
C:\Users\Urzu\..\obdljlx6.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2
C:\Users\Urzu\..\obdljlx6.default\prefs.js - keyword.URL: hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
.
.
* Internet Explorer Version 8.0.7600.16385 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\Windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
============== SUSPECT(S) ==============
.
C:\Users\Urzu\AppData\Roaming\BitTorrent\Battlefield 2142 1.4 Crack.rar.torrent
C:\Users\Urzu\AppData\Roaming\BitTorrent\Crack Crysis Warhead.torrent
C:\Users\Urzu\AppData\Roaming\BitTorrent\PFConfig v1.0.163 working serial.rar.torrent
C:\Users\Urzu\AppData\Roaming\BitTorrent\Recon92's 2142Keygen.rar.torrent
C:\Users\Urzu\AppData\Roaming\BitTorrent\TuneUp_Utilities_2008_v7.0.8004 + Keygen-Core 100% Working.torrent
C:\Users\Urzu\AppData\Roaming\uTorrent\Battlefield Bad Company 2 Crack Only - RELOADED.torrent
C:\Users\Urzu\AppData\Roaming\uTorrent\Call.Of.Duty.4.Modern.Warfare.(v1.5).Single.&.Multiplayer.Crack.Incl.KeyGen-XiNiTHAOUS.rar.torrent
C:\Users\Urzu\AppData\Roaming\uTorrent\GRAND THEFT AUTO (GTA) IV 1.0.4 - RAZOR1911 CRACK ONLY - 100% WORKING.rar.torrent
C:\Users\Urzu\AppData\Roaming\uTorrent\GTA 4 v1.0.2.0 Crack - Razor1911.zip.1.torrent
C:\Users\Urzu\AppData\Roaming\uTorrent\GTA 4 v1.0.2.0 Crack - Razor1911.zip.torrent
C:\Users\Urzu\AppData\Roaming\uTorrent\iPhone Video Converter & Serial.rar.torrent
C:\Users\Urzu\AppData\Roaming\uTorrent\TuneUP.Utilities.2010.Incl.Serial.WinAll-iND.torrent
C:\Users\Urzu\AppData\Roaming\uTorrent\Virtual CD 10.0.0.38 Full Retail (with Serial)~ IslandGirl@1337x.org.torrent
C:\Users\Urzu\Desktop\Applications\Left4Deadpatch4Trainer.zip
C:\Users\Urzu\Desktop\Temporaires\grand_theft_auto_iv_patch_v1.0.2.0_multi-langues_274194.exe
C:\Users\Urzu\Desktop\Temporaires\icons\iVista_2_for_IconPackager_by_MrEyePatch.zip
C:\Users\Urzu\Documents\call_of_duty_4_modern_warfare_patch_v1.6_variety_map_pack_multi-langues_245252.exe
.
========================================
.
C:\Users\Urzu\AppData\Local\Temp: 3 Fichier(s), 21 Dossier(s)
C:\Windows\temp: 0 Fichier(s), 3 Dossier(s)
C:\Users\Urzu\AppData\Roaming\Microsoft\Windows\Cookies: 2 Fichier(s), 0 Dossier(s)
Temporary Internet Files: 2 Fichier(s), 14 Dossier(s)
.
C:\Ad-Remover\Quarantine: 124 Fichier(s)
C:\Ad-Remover\Backup: 15 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 6280 Octet(s)
.
Fin à: 20:02:47, 16/03/2010
.
============== E.O.F - CLEAN[1] ==============
************
****************
***********************
**********************************
*****************************************
Et enfin, ce que je pense etre le rapport de MalwareBytes :
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3865
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
14/03/2010 21:35:57
mbam-log-2010-03-14 (21-35-57).txt
Type de recherche: Examen complet (C:\|D:\|H:\|)
Eléments examinés: 404335
Temps écoulé: 1 hour(s), 51 minute(s), 17 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 11
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{9f99a7b2-bd68-4b07-9c48-2f6b861fdfed} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\serverxml (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.75.0 (Adware.Zango) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\ProgramData\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\Common Files\Server\ServerXML.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\HL Free Music Converter.exe (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\Sigmatel\C-Major Audio\CryptLoad_1.1.4\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\CryptLoad_1.1.4\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\Urzu\Desktop\Applications\fff-ea198(Multi KeyGen).exe (Trojan.Orsam) -> Quarantined and deleted successfully.
C:\Users\Urzu\Desktop\Applications\pztrain.exe (Malware.Packer.Mew) -> Quarantined and deleted successfully.
C:\ProgramData\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\ProgramData\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\ProgramData\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\ProgramData\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\ProgramData\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.