Sujet Précédent Sujet Suivant

Disque dur tour ne en permanance à 384ko/s

Résolu/Fermé
Manu - 25 juin 2009 à 21:25
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 29 juin 2009 à 18:47
Bonjour,
Depuis quelque semaine suite à une attack par ip que j'ai bloquer j'ai remarque que mon disque dur tourne tout le temps à 384ko/s en moyenne es ce normal je ne sais pas avant je m'en était pas appercu j'ai fait de nombreuse annalyse de virus logiciel espion exct et je n'es rien trouvé alors j'ai décidé de venir ici pour vous pose un rapot celui de RSIT que je suis imcapable de décrypté malheureusement si quelqun voudrait bien me dire si il y trouve quelque chose cce serait sympa mer d'avance .

Logfile of random's system information tool 1.05 (written by random/random)
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 68 GB (67%) free of 102 GB
Total RAM: 3071 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:34, on 25/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\abylonsoft\SAPDrive\SAPCtrlSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ma-config.com\maconfservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\oopmagentts.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Aide mémoire\TrayIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Encarta\Collection Encarta 2003 DVD\EDICT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Malige\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Malige.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ooquickpdfv7] "C:\WINDOWS\system32\oopmagentts.exe"
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [L03FXLRD_6513656] C:\Program Files\Microsoft Encarta\Collection Encarta 2003 DVD\EDICT.EXE -m
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Aide mémoire.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: apm - SAP control service (apmSAPCtrl) - abylonsoft - Dr. Thomas Klabunde GbR - C:\Program Files\abylonsoft\SAPDrive\SAPCtrlSer.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9885be8750c5a) (gupdate1c9885be8750c5a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Malige/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
A voir également:

73 réponses

Réponse 1 / 73
Manu
25 juin 2009 à 22:11
Pers veu annalyser mon rapport ?
0
Réponse 2 / 73
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
25 juin 2009 à 22:32
Salut,


plusieurs infections .... ^^


Fais ce qui suit pour commencer :


1- Important :
Désactive le "tea timer" de Spybot S&D en t'aidant de ce tuto animé (merci Balltrap ;) ) :
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
( sur la 1er image , clique sur "tea timer" pour lancer l'animation ).

En effet , il risque de géner dans le bon déroulement des outils de désinfections et dans la répartion du registre ...

Tu le réactiveras une fois qu'on aura finit de désinfecter ( et pas avant ! ) .
/!\ Mais attention :
à ce moment là, le " TeaTimer " de Spybot proposera, par le biais de plusieurs pop-up, d'accepter ou non des modifications de registre ( survenuent lors de la désinfection )
-> il faudra alors les accepter toutes sans exeptions !

Puis part la suite , il faudra rester vigilant lorsque le "TeaTimer" donnera des alertes : accepter une modification uniquement si on en connait la provenance .


Une fois ceci fait ( et pas avant ! ) , tu enchaines .

=================

2- -Télécharge Lop S&D :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Déconnecte toi et ferme toutes tes applications en cours .

Double-clique sur sur l'.exe que tu viens de télécharger pour lancer l'installe .

Une fois l'installation faite, clique sur le raccourci pour lancer l'outil .

Là,laisses toi guider:
--->choisis l'option 1 (recherche) et valides.

(Tu ne fais pas l'option de nettoyage ( 2 ou 3) ).

Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Poste ce rapport dans ta prochaine réponse pour analyse .

Tuto : https://sites.google.com/site/eric71mespages/lop.sd.exe

0
Réponse 3 / 73
Manu
25 juin 2009 à 22:51
Voici le rapport merci de m'avoir accordé un peu de vortre .

Une question comment dans le rapport RSIT vous avvez trouvez des infections ces juste pour ma cultur perso.

Voici le rapport
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
BIOS : BIOS Date: 08/01/07 09:47:33 Ver: 08.00.10
USER : Malige ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Activated)
Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:99 Go (Free:66 Go)
D:\ (Local Disk) - NTFS - Total:64 Go (Free:48 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - FAT32 - Total:19 Go (Free:10 Go)
G:\ (Local Disk) - FAT32 - Total:19 Go (Free:19 Go)
H:\ (Local Disk) - NTFS - Total:68 Go (Free:68 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 25/06/2009|22:53 )

--------------------\\ Listing des dossiers dans APPLIC~1

[24/04/2008|11:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[24/04/2008|11:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[03/06/2009|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AA2DeployClient
[12/03/2009|14:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[24/04/2008|14:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[08/04/2009|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[02/05/2009|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[11/05/2008|13:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[29/04/2008|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[26/04/2008|23:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[11/05/2008|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[14/05/2009|07:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[25/06/2009|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[05/03/2009|16:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
[11/06/2009|12:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[11/06/2009|11:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[07/03/2009|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[28/09/2008|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[09/11/2008|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[08/04/2009|14:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[24/04/2008|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[03/05/2008|14:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NFS Underground Demo
[11/06/2009|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[30/06/2008|17:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[24/04/2008|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OFFICE One v7
[21/08/2008|13:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[25/10/2008|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[20/05/2008|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[25/06/2009|22:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[30/05/2009|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[10/05/2008|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[24/04/2008|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[10/11/2008|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[07/08/2008|22:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[24/04/2008|11:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[28/09/2008|18:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[14/05/2008|10:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[09/12/2008|16:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[03/11/2008|16:03] C:\DOCUME~1\Malige\APPLIC~1\Adobe
[26/04/2008|22:11] C:\DOCUME~1\Malige\APPLIC~1\AdobeUM
[06/05/2008|15:44] C:\DOCUME~1\Malige\APPLIC~1\Ahead
[24/03/2009|18:47] C:\DOCUME~1\Malige\APPLIC~1\apm
[31/12/2008|18:43] C:\DOCUME~1\Malige\APPLIC~1\Apple Computer
[24/01/2009|16:04] C:\DOCUME~1\Malige\APPLIC~1\Balabolka
[22/10/2008|11:06] C:\DOCUME~1\Malige\APPLIC~1\BitDownload
[22/10/2008|11:14] C:\DOCUME~1\Malige\APPLIC~1\Corel
[29/04/2008|21:08] C:\DOCUME~1\Malige\APPLIC~1\CyberLink
[25/03/2009|14:29] C:\DOCUME~1\Malige\APPLIC~1\Desktopicon
[26/03/2009|21:08] C:\DOCUME~1\Malige\APPLIC~1\DivX
[10/06/2009|13:50] C:\DOCUME~1\Malige\APPLIC~1\drivers
[03/04/2009|17:30] C:\DOCUME~1\Malige\APPLIC~1\dvdcss
[07/03/2009|15:42] C:\DOCUME~1\Malige\APPLIC~1\eMule
[06/10/2008|18:37] C:\DOCUME~1\Malige\APPLIC~1\flightgear.org
[21/06/2009|18:34] C:\DOCUME~1\Malige\APPLIC~1\FrostWire
[25/05/2009|20:11] C:\DOCUME~1\Malige\APPLIC~1\GetRightToGo
[07/03/2009|17:37] C:\DOCUME~1\Malige\APPLIC~1\GlarySoft
[06/05/2008|11:07] C:\DOCUME~1\Malige\APPLIC~1\Google
[18/05/2008|18:46] C:\DOCUME~1\Malige\APPLIC~1\gtk-2.0
[14/02/2009|20:55] C:\DOCUME~1\Malige\APPLIC~1\Help
[30/06/2008|18:07] C:\DOCUME~1\Malige\APPLIC~1\Icone
[24/04/2008|12:08] C:\DOCUME~1\Malige\APPLIC~1\Identities
[02/02/2009|12:43] C:\DOCUME~1\Malige\APPLIC~1\Image Zone Express
[22/05/2008|21:01] C:\DOCUME~1\Malige\APPLIC~1\InstallShield
[21/03/2009|18:13] C:\DOCUME~1\Malige\APPLIC~1\IObit
[01/09/2008|21:38] C:\DOCUME~1\Malige\APPLIC~1\Leadertech
[11/12/2008|11:25] C:\DOCUME~1\Malige\APPLIC~1\LimeWire
[28/03/2009|16:46] C:\DOCUME~1\Malige\APPLIC~1\LinkCollector
[24/04/2008|13:55] C:\DOCUME~1\Malige\APPLIC~1\Macromedia
[28/09/2008|17:20] C:\DOCUME~1\Malige\APPLIC~1\Malwarebytes
[27/05/2009|21:51] C:\DOCUME~1\Malige\APPLIC~1\Microsoft
[10/03/2009|20:37] C:\DOCUME~1\Malige\APPLIC~1\mIRC
[18/04/2009|21:59] C:\DOCUME~1\Malige\APPLIC~1\Mozilla
[30/04/2009|21:21] C:\DOCUME~1\Malige\APPLIC~1\NetStat Agent
[24/04/2008|12:28] C:\DOCUME~1\Malige\APPLIC~1\OFFICE One v7
[16/04/2009|11:50] C:\DOCUME~1\Malige\APPLIC~1\OFFICEOne7
[27/04/2008|00:03] C:\DOCUME~1\Malige\APPLIC~1\OLYMPUS
[13/05/2008|21:36] C:\DOCUME~1\Malige\APPLIC~1\PC Tools
[26/04/2008|17:24] C:\DOCUME~1\Malige\APPLIC~1\Printer Info Cache
[31/12/2008|19:53] C:\DOCUME~1\Malige\APPLIC~1\RaimaRadio
[22/06/2009|13:08] C:\DOCUME~1\Malige\APPLIC~1\Real
[29/04/2008|19:57] C:\DOCUME~1\Malige\APPLIC~1\Sun
[30/04/2008|13:45] C:\DOCUME~1\Malige\APPLIC~1\Talkback
[25/06/2009|21:58] C:\DOCUME~1\Malige\APPLIC~1\teamspeak2
[24/02/2009|20:23] C:\DOCUME~1\Malige\APPLIC~1\Texas Instruments
[30/08/2008|13:57] C:\DOCUME~1\Malige\APPLIC~1\Todae
[24/02/2009|21:04] C:\DOCUME~1\Malige\APPLIC~1\U3
[24/01/2009|22:27] C:\DOCUME~1\Malige\APPLIC~1\Unity
[07/03/2009|14:15] C:\DOCUME~1\Malige\APPLIC~1\uTorrent
[10/04/2009|19:54] C:\DOCUME~1\Malige\APPLIC~1\vlc
[21/08/2008|12:53] C:\DOCUME~1\Malige\APPLIC~1\Windows Desktop Search
[21/08/2008|15:12] C:\DOCUME~1\Malige\APPLIC~1\Windows Search
[06/05/2008|18:20] C:\DOCUME~1\Malige\APPLIC~1\WinRAR
[16/09/2008|14:41] C:\DOCUME~1\Malige\APPLIC~1\XnView

[26/04/2008|18:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[25/06/2009 22:45][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{8EF20294-B744-466D-9894-C59208BB3263}.job
[25/06/2009 10:57][--a------] C:\WINDOWS\tasks\GlaryInitialize.job
[25/06/2009 11:16][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[25/06/2009 21:09][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[25/06/2009 14:30][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[24/06/2009 18:00][--a------] C:\WINDOWS\tasks\Norton Security Scan for Malige.job
[25/06/2009 21:09][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[25/06/2009 10:56][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/09/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[25/02/2009|14:09] C:\Program Files\7-Zip
[24/03/2009|18:29] C:\Program Files\abylonsoft
[08/04/2009|14:48] C:\Program Files\Adobe
[11/06/2009|12:42] C:\Program Files\AGEIA Technologies
[04/01/2009|20:20] C:\Program Files\AGI
[06/05/2008|14:54] C:\Program Files\Ahead
[07/03/2009|14:15] C:\Program Files\AIDA32 - Personal System Information
[27/04/2008|00:50] C:\Program Files\Aide m‚moire
[15/05/2008|21:22] C:\Program Files\Audacity
[02/05/2009|16:13] C:\Program Files\Avira
[14/12/2008|16:21] C:\Program Files\AviSynth 2.5
[07/03/2009|14:15] C:\Program Files\Balabolka
[22/08/2008|16:30] C:\Program Files\Boonty
[15/06/2009|13:31] C:\Program Files\BoontyGames
[07/03/2009|14:15] C:\Program Files\Calculette Orplan
[07/02/2009|19:47] C:\Program Files\Camouflage
[06/03/2009|23:43] C:\Program Files\CCleaner
[27/04/2008|12:04] C:\Program Files\Clic CollŠge
[21/10/2008|17:59] C:\Program Files\CommentCaMarche
[13/12/2008|15:11] C:\Program Files\ComPlus Applications
[29/04/2008|20:09] C:\Program Files\Corel
[26/04/2008|23:55] C:\Program Files\CyberLink
[27/04/2008|01:01] C:\Program Files\DigitalSoundPlanet
[26/03/2009|21:07] C:\Program Files\DivX
[21/02/2009|14:04] C:\Program Files\Domotix
[10/09/2008|11:30] C:\Program Files\Driver-Soft
[24/02/2009|17:00] C:\Program Files\eptsoft
[14/12/2008|16:18] C:\Program Files\eRightSoft
[27/05/2009|16:32] C:\Program Files\Fichiers communs
[25/02/2009|12:10] C:\Program Files\filehippo.com
[13/04/2009|17:03] C:\Program Files\FindGraph
[21/03/2009|17:48] C:\Program Files\FindyKill
[20/03/2009|20:50] C:\Program Files\Flexbyte Software
[03/11/2008|16:04] C:\Program Files\FlightGear
[25/08/2008|14:58] C:\Program Files\FRAN
[07/02/2009|19:24] C:\Program Files\Frets on Fire
[21/06/2009|18:32] C:\Program Files\FrostWire
[11/05/2009|21:04] C:\Program Files\FusionSoft DVD Player XP
[12/05/2008|19:12] C:\Program Files\GeoGebra
[14/05/2008|16:46] C:\Program Files\GIMP-2.0
[07/03/2009|17:27] C:\Program Files\Glary Utilities
[03/11/2008|14:25] C:\Program Files\GLtron
[20/05/2009|17:54] C:\Program Files\Google
[14/05/2009|11:44] C:\Program Files\H2O-ScRipT
[26/04/2008|17:24] C:\Program Files\HP
[04/05/2009|17:13] C:\Program Files\HP DeskJet 810C Series
[25/06/2008|15:28] C:\Program Files\Icone
[21/06/2009|18:32] C:\Program Files\Incomplete
[11/06/2009|12:54] C:\Program Files\InstallShield Installation Information
[24/04/2008|11:41] C:\Program Files\Intel
[10/06/2009|09:56] C:\Program Files\Internet Explorer
[21/03/2009|18:13] C:\Program Files\IObit
[24/04/2008|12:31] C:\Program Files\ISSENDIS
[28/09/2008|20:35] C:\Program Files\Java
[01/06/2009|17:48] C:\Program Files\khi3
[25/06/2008|15:28] C:\Program Files\LETMIN
[28/03/2009|16:45] C:\Program Files\LinkCollector
[16/03/2009|21:11] C:\Program Files\Logicielsphysiquechimie
[11/06/2009|12:26] C:\Program Files\Logitech
[11/06/2009|11:46] C:\Program Files\ma-config.com
[01/06/2009|18:48] C:\Program Files\Malwarebytes' Anti-Malware
[14/08/2008|07:24] C:\Program Files\Messenger
[18/09/2008|18:41] C:\Program Files\Messenger Plus! Live
[08/04/2009|14:51] C:\Program Files\MessengerPlus! 3
[31/12/2008|18:52] C:\Program Files\Micro Application
[24/05/2009|15:50] C:\Program Files\Microsoft
[27/04/2008|11:49] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[26/04/2008|15:53] C:\Program Files\Microsoft Encarta
[24/04/2008|11:26] C:\Program Files\microsoft frontpage
[03/11/2008|15:37] C:\Program Files\Microsoft Games
[26/04/2008|15:37] C:\Program Files\Microsoft Office
[27/02/2009|12:16] C:\Program Files\Microsoft Silverlight
[27/04/2008|10:44] C:\Program Files\Microsoft SQL Server Compact Edition
[26/04/2008|15:28] C:\Program Files\Microsoft Visual Studio
[28/04/2008|17:44] C:\Program Files\Microsoft Works
[26/04/2008|15:26] C:\Program Files\Microsoft.NET
[03/11/2008|15:47] C:\Program Files\Mindscape
[26/11/2008|12:17] C:\Program Files\Model Science
[30/04/2008|15:30] C:\Program Files\Movie Maker
[15/06/2009|18:19] C:\Program Files\Mozilla Firefox
[15/06/2009|18:32] C:\Program Files\Mozilla Firefox 3.1 Beta 3
[25/06/2009|21:29] C:\Program Files\Mozilla Firefox 3.5 Beta 4
[24/04/2008|12:04] C:\Program Files\MSBuild
[24/04/2008|11:22] C:\Program Files\MSN
[24/04/2008|11:22] C:\Program Files\MSN Gaming Zone
[24/04/2008|11:26] C:\Program Files\MSXML 4.0
[24/04/2008|11:26] C:\Program Files\MSXML 6.0
[05/10/2008|17:06] C:\Program Files\My Drivers
[08/03/2009|10:55] C:\Program Files\Navilog1
[24/04/2008|13:56] C:\Program Files\Nero
[30/04/2008|15:27] C:\Program Files\NetMeeting
[12/01/2009|23:04] C:\Program Files\Norton Security Scan(2)
[24/04/2008|12:23] C:\Program Files\OFFICE One 7.0
[24/04/2008|12:30] C:\Program Files\OFFICE One Games
[24/04/2008|12:30] C:\Program Files\OFFICE One v7
[27/04/2008|00:02] C:\Program Files\OLYMPUS
[24/04/2008|11:22] C:\Program Files\Online Services
[01/03/2009|20:12] C:\Program Files\Outlook Express
[21/06/2009|17:56] C:\Program Files\PDF Editeur 2
[26/04/2008|18:08] C:\Program Files\PhotoFiltre
[21/08/2008|13:08] C:\Program Files\Pinnacle
[27/04/2008|00:01] C:\Program Files\PIXELA
[24/12/2008|20:52] C:\Program Files\ProgDVB
[25/02/2009|14:03] C:\Program Files\QuickTime
[31/12/2008|19:53] C:\Program Files\RaimaRadio
[22/09/2008|18:40] C:\Program Files\Real
[24/04/2008|11:43] C:\Program Files\Realtek
[24/04/2008|12:02] C:\Program Files\Reference Assemblies
[28/01/2009|14:44] C:\Program Files\RogueRemover FREE
[21/03/2009|16:30] C:\Program Files\Satellites
[24/04/2008|11:24] C:\Program Files\Services en ligne
[30/12/2008|18:04] C:\Program Files\SiSoftware
[19/03/2009|08:12] C:\Program Files\Spybot - Search & Destroy
[07/03/2009|04:35] C:\Program Files\Spyware Doctor
[30/05/2009|20:16] C:\Program Files\SpywareBlaster
[03/10/2008|18:35] C:\Program Files\Stardock
[29/04/2008|20:42] C:\Program Files\Sunbelt Software
[28/05/2008|13:35] C:\Program Files\SystemRequirementsLab
[15/06/2008|10:28] C:\Program Files\TalonSoft
[28/03/2009|16:00] C:\Program Files\Teamspeak2_RC2
[02/11/2008|15:25] C:\Program Files\TI Education
[28/09/2008|18:47] C:\Program Files\Trend Micro
[24/04/2008|11:30] C:\Program Files\Uninstall Information
[24/01/2009|21:20] C:\Program Files\Unity
[26/03/2009|08:25] C:\Program Files\Unlocker
[11/06/2009|12:11] C:\Program Files\UrbanTerror
[06/07/2008|14:50] C:\Program Files\VideoLAN
[19/04/2009|20:29] C:\Program Files\Virtual Earth 3D
[01/03/2009|20:20] C:\Program Files\VisualTaskTips
[21/03/2009|17:15] C:\Program Files\VSEPR
[12/05/2008|19:10] C:\Program Files\WGEO
[06/03/2009|23:31] C:\Program Files\Windows Defender
[10/06/2009|09:53] C:\Program Files\Windows Desktop Search
[08/04/2009|15:14] C:\Program Files\Windows Live
[08/04/2009|14:19] C:\Program Files\Windows Live Safety Center
[18/12/2008|12:43] C:\Program Files\Windows Live Toolbar
[22/03/2009|20:45] C:\Program Files\Windows Media Connect 2
[01/03/2009|20:12] C:\Program Files\Windows Media Player
[30/04/2008|15:27] C:\Program Files\Windows NT
[24/04/2008|11:24] C:\Program Files\WindowsUpdate
[21/05/2008|12:06] C:\Program Files\WSKETCH
[24/04/2008|11:26] C:\Program Files\xerox
[18/12/2008|13:21] C:\Program Files\XnView
[31/01/2009|21:30] C:\Program Files\ZNsoft Corporation
[07/03/2009|12:37] C:\Program Files\Zone Labs

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[12/03/2009|14:12] C:\Program Files\Fichiers communs\Adobe
[03/11/2008|16:03] C:\Program Files\Fichiers communs\Adobe AIR
[04/06/2008|12:44] C:\Program Files\Fichiers communs\Ahead
[29/04/2008|20:10] C:\Program Files\Fichiers communs\Corel
[26/04/2008|15:29] C:\Program Files\Fichiers communs\DESIGNER
[03/05/2008|14:53] C:\Program Files\Fichiers communs\DirectX
[26/03/2009|21:06] C:\Program Files\Fichiers communs\DivX Shared
[26/04/2008|17:24] C:\Program Files\Fichiers communs\HP
[26/04/2008|23:35] C:\Program Files\Fichiers communs\InstallShield
[12/05/2008|18:25] C:\Program Files\Fichiers communs\Java
[21/03/2009|17:45] C:\Program Files\Fichiers communs\LightScribe
[11/06/2009|13:42] C:\Program Files\Fichiers communs\logishrd
[02/01/2009|17:43] C:\Program Files\Fichiers communs\Logitech
[14/05/2009|07:11] C:\Program Files\Fichiers communs\Microsoft Shared
[24/04/2008|11:23] C:\Program Files\Fichiers communs\MSSoap
[24/04/2008|13:16] C:\Program Files\Fichiers communs\ODBC
[02/05/2009|15:58] C:\Program Files\Fichiers communs\Real
[24/04/2008|11:23] C:\Program Files\Fichiers communs\Services
[24/04/2008|13:16] C:\Program Files\Fichiers communs\SpeechEngines
[03/10/2008|18:35] C:\Program Files\Fichiers communs\Stardock
[25/05/2009|19:18] C:\Program Files\Fichiers communs\System
[24/02/2009|20:23] C:\Program Files\Fichiers communs\TI Shared
[18/12/2008|12:17] C:\Program Files\Fichiers communs\Windows Live
[27/04/2008|10:40] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[11/06/2009|12:43] C:\Program Files\Fichiers communs\Wise Installation Wizard
[02/05/2009|15:59] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 60 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\Malige\APPLIC~1\Bitdownload
C:\DOCUME~1\Malige\APPLIC~1\BitDownload
C:\DOCUME~1\Malige\APPLIC~1\BitDownload\Storage
C:\DOCUME~1\Malige\APPLIC~1\BitDownload\URLs.ini

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 22:58:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:286][D:27]-> C:\DOCUME~1\Malige\LOCALS~1\Temp
[F:24][D:0]-> C:\DOCUME~1\Malige\Cookies
[F:1154][D:5]-> C:\DOCUME~1\Malige\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 13/10/2008|21:10 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 25/06/2009|23:00 - Option : [1]

--------------------\\ Fin du rapport a 23:00:06
0
Réponse 4 / 73
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
25 juin 2009 à 22:55
re,

Une question comment dans le rapport RSIT vous avvez trouvez des infections


arf ...pour savoir comment, faut coucher ! .... =))))



on continue car il y a du travail :


1- -Va dans panneau de config/ajout et suppression de prg .
Regarde dans la liste si tu trouves un prg comme : " CID Help ", "Circle Developement" ou
"Adverts" --->si ils s'y trouvent , supprime les


=======

2-! Déconnecte toi et ferme toutes tes applications en cours !

Relance Lop S&D ,

--->choisis cette fois l'option 2 ( nettoyage ) et valide ...

->ne touche à rien pendant que l'outil travail .


Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Poste ce rapport dans ta prochaine réponse + un nouveau rapport RSIT pour analyse et attends la suite ...

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 73
Manu
25 juin 2009 à 23:11
Voici le rapport et merci encore

Par contre je n'ai n'ai trouvé aucun de ces 2 CID Help ", "Circle Developement" ou
"Adverts" ---> Ni dans ajour supression de programme nidans ccleaner outil ajout supression de programme


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
BIOS : BIOS Date: 08/01/07 09:47:33 Ver: 08.00.10
USER : Malige ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Activated)
Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:99 Go (Free:66 Go)
D:\ (Local Disk) - NTFS - Total:64 Go (Free:48 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - FAT32 - Total:19 Go (Free:10 Go)
G:\ (Local Disk) - FAT32 - Total:19 Go (Free:19 Go)
H:\ (Local Disk) - NTFS - Total:68 Go (Free:68 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 25/06/2009|23:14 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\Malige\APPLIC~1\BitDownload\Storage
Supprime! - C:\DOCUME~1\Malige\APPLIC~1\BitDownload\URLs.ini
Supprime! - C:\DOCUME~1\Malige\APPLIC~1\Bitdownload
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[24/04/2008|11:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[24/04/2008|11:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[03/06/2009|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AA2DeployClient
[12/03/2009|14:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[24/04/2008|14:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[08/04/2009|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[02/05/2009|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[11/05/2008|13:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[29/04/2008|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[26/04/2008|23:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[11/05/2008|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[14/05/2009|07:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[25/06/2009|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[05/03/2009|16:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
[11/06/2009|12:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[11/06/2009|11:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[07/03/2009|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[28/09/2008|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[09/11/2008|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[08/04/2009|14:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[24/04/2008|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[03/05/2008|14:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NFS Underground Demo
[11/06/2009|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[30/06/2008|17:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[24/04/2008|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OFFICE One v7
[21/08/2008|13:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[25/10/2008|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[20/05/2008|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[25/06/2009|22:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[30/05/2009|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[10/05/2008|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[24/04/2008|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[10/11/2008|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[07/08/2008|22:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[24/04/2008|11:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[28/09/2008|18:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[14/05/2008|10:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[09/12/2008|16:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[03/11/2008|16:03] C:\DOCUME~1\Malige\APPLIC~1\Adobe
[26/04/2008|22:11] C:\DOCUME~1\Malige\APPLIC~1\AdobeUM
[06/05/2008|15:44] C:\DOCUME~1\Malige\APPLIC~1\Ahead
[24/03/2009|18:47] C:\DOCUME~1\Malige\APPLIC~1\apm
[31/12/2008|18:43] C:\DOCUME~1\Malige\APPLIC~1\Apple Computer
[24/01/2009|16:04] C:\DOCUME~1\Malige\APPLIC~1\Balabolka
[22/10/2008|11:14] C:\DOCUME~1\Malige\APPLIC~1\Corel
[29/04/2008|21:08] C:\DOCUME~1\Malige\APPLIC~1\CyberLink
[25/03/2009|14:29] C:\DOCUME~1\Malige\APPLIC~1\Desktopicon
[26/03/2009|21:08] C:\DOCUME~1\Malige\APPLIC~1\DivX
[10/06/2009|13:50] C:\DOCUME~1\Malige\APPLIC~1\drivers
[03/04/2009|17:30] C:\DOCUME~1\Malige\APPLIC~1\dvdcss
[07/03/2009|15:42] C:\DOCUME~1\Malige\APPLIC~1\eMule
[06/10/2008|18:37] C:\DOCUME~1\Malige\APPLIC~1\flightgear.org
[21/06/2009|18:34] C:\DOCUME~1\Malige\APPLIC~1\FrostWire
[25/05/2009|20:11] C:\DOCUME~1\Malige\APPLIC~1\GetRightToGo
[07/03/2009|17:37] C:\DOCUME~1\Malige\APPLIC~1\GlarySoft
[06/05/2008|11:07] C:\DOCUME~1\Malige\APPLIC~1\Google
[18/05/2008|18:46] C:\DOCUME~1\Malige\APPLIC~1\gtk-2.0
[14/02/2009|20:55] C:\DOCUME~1\Malige\APPLIC~1\Help
[30/06/2008|18:07] C:\DOCUME~1\Malige\APPLIC~1\Icone
[24/04/2008|12:08] C:\DOCUME~1\Malige\APPLIC~1\Identities
[02/02/2009|12:43] C:\DOCUME~1\Malige\APPLIC~1\Image Zone Express
[22/05/2008|21:01] C:\DOCUME~1\Malige\APPLIC~1\InstallShield
[21/03/2009|18:13] C:\DOCUME~1\Malige\APPLIC~1\IObit
[01/09/2008|21:38] C:\DOCUME~1\Malige\APPLIC~1\Leadertech
[11/12/2008|11:25] C:\DOCUME~1\Malige\APPLIC~1\LimeWire
[28/03/2009|16:46] C:\DOCUME~1\Malige\APPLIC~1\LinkCollector
[24/04/2008|13:55] C:\DOCUME~1\Malige\APPLIC~1\Macromedia
[28/09/2008|17:20] C:\DOCUME~1\Malige\APPLIC~1\Malwarebytes
[27/05/2009|21:51] C:\DOCUME~1\Malige\APPLIC~1\Microsoft
[10/03/2009|20:37] C:\DOCUME~1\Malige\APPLIC~1\mIRC
[18/04/2009|21:59] C:\DOCUME~1\Malige\APPLIC~1\Mozilla
[30/04/2009|21:21] C:\DOCUME~1\Malige\APPLIC~1\NetStat Agent
[24/04/2008|12:28] C:\DOCUME~1\Malige\APPLIC~1\OFFICE One v7
[16/04/2009|11:50] C:\DOCUME~1\Malige\APPLIC~1\OFFICEOne7
[27/04/2008|00:03] C:\DOCUME~1\Malige\APPLIC~1\OLYMPUS
[13/05/2008|21:36] C:\DOCUME~1\Malige\APPLIC~1\PC Tools
[26/04/2008|17:24] C:\DOCUME~1\Malige\APPLIC~1\Printer Info Cache
[31/12/2008|19:53] C:\DOCUME~1\Malige\APPLIC~1\RaimaRadio
[22/06/2009|13:08] C:\DOCUME~1\Malige\APPLIC~1\Real
[29/04/2008|19:57] C:\DOCUME~1\Malige\APPLIC~1\Sun
[30/04/2008|13:45] C:\DOCUME~1\Malige\APPLIC~1\Talkback
[25/06/2009|21:58] C:\DOCUME~1\Malige\APPLIC~1\teamspeak2
[24/02/2009|20:23] C:\DOCUME~1\Malige\APPLIC~1\Texas Instruments
[30/08/2008|13:57] C:\DOCUME~1\Malige\APPLIC~1\Todae
[24/02/2009|21:04] C:\DOCUME~1\Malige\APPLIC~1\U3
[24/01/2009|22:27] C:\DOCUME~1\Malige\APPLIC~1\Unity
[07/03/2009|14:15] C:\DOCUME~1\Malige\APPLIC~1\uTorrent
[10/04/2009|19:54] C:\DOCUME~1\Malige\APPLIC~1\vlc
[21/08/2008|12:53] C:\DOCUME~1\Malige\APPLIC~1\Windows Desktop Search
[21/08/2008|15:12] C:\DOCUME~1\Malige\APPLIC~1\Windows Search
[06/05/2008|18:20] C:\DOCUME~1\Malige\APPLIC~1\WinRAR
[16/09/2008|14:41] C:\DOCUME~1\Malige\APPLIC~1\XnView

[26/04/2008|18:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[25/06/2009 23:00][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{8EF20294-B744-466D-9894-C59208BB3263}.job
[25/06/2009 10:57][--a------] C:\WINDOWS\tasks\GlaryInitialize.job
[25/06/2009 11:16][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[25/06/2009 21:09][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[25/06/2009 14:30][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[24/06/2009 18:00][--a------] C:\WINDOWS\tasks\Norton Security Scan for Malige.job
[25/06/2009 21:09][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[25/06/2009 10:56][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/09/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[25/02/2009|14:09] C:\Program Files\7-Zip
[24/03/2009|18:29] C:\Program Files\abylonsoft
[08/04/2009|14:48] C:\Program Files\Adobe
[11/06/2009|12:42] C:\Program Files\AGEIA Technologies
[04/01/2009|20:20] C:\Program Files\AGI
[06/05/2008|14:54] C:\Program Files\Ahead
[07/03/2009|14:15] C:\Program Files\AIDA32 - Personal System Information
[27/04/2008|00:50] C:\Program Files\Aide m‚moire
[15/05/2008|21:22] C:\Program Files\Audacity
[02/05/2009|16:13] C:\Program Files\Avira
[14/12/2008|16:21] C:\Program Files\AviSynth 2.5
[07/03/2009|14:15] C:\Program Files\Balabolka
[22/08/2008|16:30] C:\Program Files\Boonty
[15/06/2009|13:31] C:\Program Files\BoontyGames
[07/03/2009|14:15] C:\Program Files\Calculette Orplan
[07/02/2009|19:47] C:\Program Files\Camouflage
[06/03/2009|23:43] C:\Program Files\CCleaner
[27/04/2008|12:04] C:\Program Files\Clic CollŠge
[21/10/2008|17:59] C:\Program Files\CommentCaMarche
[13/12/2008|15:11] C:\Program Files\ComPlus Applications
[29/04/2008|20:09] C:\Program Files\Corel
[26/04/2008|23:55] C:\Program Files\CyberLink
[27/04/2008|01:01] C:\Program Files\DigitalSoundPlanet
[26/03/2009|21:07] C:\Program Files\DivX
[21/02/2009|14:04] C:\Program Files\Domotix
[10/09/2008|11:30] C:\Program Files\Driver-Soft
[24/02/2009|17:00] C:\Program Files\eptsoft
[14/12/2008|16:18] C:\Program Files\eRightSoft
[27/05/2009|16:32] C:\Program Files\Fichiers communs
[25/02/2009|12:10] C:\Program Files\filehippo.com
[13/04/2009|17:03] C:\Program Files\FindGraph
[21/03/2009|17:48] C:\Program Files\FindyKill
[20/03/2009|20:50] C:\Program Files\Flexbyte Software
[03/11/2008|16:04] C:\Program Files\FlightGear
[25/08/2008|14:58] C:\Program Files\FRAN
[07/02/2009|19:24] C:\Program Files\Frets on Fire
[21/06/2009|18:32] C:\Program Files\FrostWire
[11/05/2009|21:04] C:\Program Files\FusionSoft DVD Player XP
[12/05/2008|19:12] C:\Program Files\GeoGebra
[14/05/2008|16:46] C:\Program Files\GIMP-2.0
[07/03/2009|17:27] C:\Program Files\Glary Utilities
[03/11/2008|14:25] C:\Program Files\GLtron
[20/05/2009|17:54] C:\Program Files\Google
[14/05/2009|11:44] C:\Program Files\H2O-ScRipT
[26/04/2008|17:24] C:\Program Files\HP
[04/05/2009|17:13] C:\Program Files\HP DeskJet 810C Series
[25/06/2008|15:28] C:\Program Files\Icone
[21/06/2009|18:32] C:\Program Files\Incomplete
[11/06/2009|12:54] C:\Program Files\InstallShield Installation Information
[24/04/2008|11:41] C:\Program Files\Intel
[10/06/2009|09:56] C:\Program Files\Internet Explorer
[21/03/2009|18:13] C:\Program Files\IObit
[24/04/2008|12:31] C:\Program Files\ISSENDIS
[28/09/2008|20:35] C:\Program Files\Java
[01/06/2009|17:48] C:\Program Files\khi3
[25/06/2008|15:28] C:\Program Files\LETMIN
[28/03/2009|16:45] C:\Program Files\LinkCollector
[16/03/2009|21:11] C:\Program Files\Logicielsphysiquechimie
[11/06/2009|12:26] C:\Program Files\Logitech
[11/06/2009|11:46] C:\Program Files\ma-config.com
[01/06/2009|18:48] C:\Program Files\Malwarebytes' Anti-Malware
[14/08/2008|07:24] C:\Program Files\Messenger
[18/09/2008|18:41] C:\Program Files\Messenger Plus! Live
[08/04/2009|14:51] C:\Program Files\MessengerPlus! 3
[31/12/2008|18:52] C:\Program Files\Micro Application
[24/05/2009|15:50] C:\Program Files\Microsoft
[27/04/2008|11:49] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[26/04/2008|15:53] C:\Program Files\Microsoft Encarta
[24/04/2008|11:26] C:\Program Files\microsoft frontpage
[03/11/2008|15:37] C:\Program Files\Microsoft Games
[26/04/2008|15:37] C:\Program Files\Microsoft Office
[27/02/2009|12:16] C:\Program Files\Microsoft Silverlight
[27/04/2008|10:44] C:\Program Files\Microsoft SQL Server Compact Edition
[26/04/2008|15:28] C:\Program Files\Microsoft Visual Studio
[28/04/2008|17:44] C:\Program Files\Microsoft Works
[26/04/2008|15:26] C:\Program Files\Microsoft.NET
[03/11/2008|15:47] C:\Program Files\Mindscape
[26/11/2008|12:17] C:\Program Files\Model Science
[30/04/2008|15:30] C:\Program Files\Movie Maker
[15/06/2009|18:19] C:\Program Files\Mozilla Firefox
[15/06/2009|18:32] C:\Program Files\Mozilla Firefox 3.1 Beta 3
[25/06/2009|21:29] C:\Program Files\Mozilla Firefox 3.5 Beta 4
[24/04/2008|12:04] C:\Program Files\MSBuild
[24/04/2008|11:22] C:\Program Files\MSN
[24/04/2008|11:22] C:\Program Files\MSN Gaming Zone
[24/04/2008|11:26] C:\Program Files\MSXML 4.0
[24/04/2008|11:26] C:\Program Files\MSXML 6.0
[05/10/2008|17:06] C:\Program Files\My Drivers
[08/03/2009|10:55] C:\Program Files\Navilog1
[24/04/2008|13:56] C:\Program Files\Nero
[30/04/2008|15:27] C:\Program Files\NetMeeting
[12/01/2009|23:04] C:\Program Files\Norton Security Scan(2)
[24/04/2008|12:23] C:\Program Files\OFFICE One 7.0
[24/04/2008|12:30] C:\Program Files\OFFICE One Games
[24/04/2008|12:30] C:\Program Files\OFFICE One v7
[27/04/2008|00:02] C:\Program Files\OLYMPUS
[24/04/2008|11:22] C:\Program Files\Online Services
[01/03/2009|20:12] C:\Program Files\Outlook Express
[21/06/2009|17:56] C:\Program Files\PDF Editeur 2
[26/04/2008|18:08] C:\Program Files\PhotoFiltre
[21/08/2008|13:08] C:\Program Files\Pinnacle
[27/04/2008|00:01] C:\Program Files\PIXELA
[24/12/2008|20:52] C:\Program Files\ProgDVB
[25/02/2009|14:03] C:\Program Files\QuickTime
[31/12/2008|19:53] C:\Program Files\RaimaRadio
[22/09/2008|18:40] C:\Program Files\Real
[24/04/2008|11:43] C:\Program Files\Realtek
[24/04/2008|12:02] C:\Program Files\Reference Assemblies
[28/01/2009|14:44] C:\Program Files\RogueRemover FREE
[21/03/2009|16:30] C:\Program Files\Satellites
[24/04/2008|11:24] C:\Program Files\Services en ligne
[30/12/2008|18:04] C:\Program Files\SiSoftware
[19/03/2009|08:12] C:\Program Files\Spybot - Search & Destroy
[07/03/2009|04:35] C:\Program Files\Spyware Doctor
[30/05/2009|20:16] C:\Program Files\SpywareBlaster
[03/10/2008|18:35] C:\Program Files\Stardock
[29/04/2008|20:42] C:\Program Files\Sunbelt Software
[28/05/2008|13:35] C:\Program Files\SystemRequirementsLab
[15/06/2008|10:28] C:\Program Files\TalonSoft
[28/03/2009|16:00] C:\Program Files\Teamspeak2_RC2
[02/11/2008|15:25] C:\Program Files\TI Education
[28/09/2008|18:47] C:\Program Files\Trend Micro
[24/04/2008|11:30] C:\Program Files\Uninstall Information
[24/01/2009|21:20] C:\Program Files\Unity
[26/03/2009|08:25] C:\Program Files\Unlocker
[11/06/2009|12:11] C:\Program Files\UrbanTerror
[06/07/2008|14:50] C:\Program Files\VideoLAN
[19/04/2009|20:29] C:\Program Files\Virtual Earth 3D
[01/03/2009|20:20] C:\Program Files\VisualTaskTips
[21/03/2009|17:15] C:\Program Files\VSEPR
[12/05/2008|19:10] C:\Program Files\WGEO
[06/03/2009|23:31] C:\Program Files\Windows Defender
[10/06/2009|09:53] C:\Program Files\Windows Desktop Search
[08/04/2009|15:14] C:\Program Files\Windows Live
[08/04/2009|14:19] C:\Program Files\Windows Live Safety Center
[18/12/2008|12:43] C:\Program Files\Windows Live Toolbar
[22/03/2009|20:45] C:\Program Files\Windows Media Connect 2
[01/03/2009|20:12] C:\Program Files\Windows Media Player
[30/04/2008|15:27] C:\Program Files\Windows NT
[24/04/2008|11:24] C:\Program Files\WindowsUpdate
[21/05/2008|12:06] C:\Program Files\WSKETCH
[24/04/2008|11:26] C:\Program Files\xerox
[18/12/2008|13:21] C:\Program Files\XnView
[31/01/2009|21:30] C:\Program Files\ZNsoft Corporation
[07/03/2009|12:37] C:\Program Files\Zone Labs

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[12/03/2009|14:12] C:\Program Files\Fichiers communs\Adobe
[03/11/2008|16:03] C:\Program Files\Fichiers communs\Adobe AIR
[04/06/2008|12:44] C:\Program Files\Fichiers communs\Ahead
[29/04/2008|20:10] C:\Program Files\Fichiers communs\Corel
[26/04/2008|15:29] C:\Program Files\Fichiers communs\DESIGNER
[03/05/2008|14:53] C:\Program Files\Fichiers communs\DirectX
[26/03/2009|21:06] C:\Program Files\Fichiers communs\DivX Shared
[26/04/2008|17:24] C:\Program Files\Fichiers communs\HP
[26/04/2008|23:35] C:\Program Files\Fichiers communs\InstallShield
[12/05/2008|18:25] C:\Program Files\Fichiers communs\Java
[21/03/2009|17:45] C:\Program Files\Fichiers communs\LightScribe
[11/06/2009|13:42] C:\Program Files\Fichiers communs\logishrd
[02/01/2009|17:43] C:\Program Files\Fichiers communs\Logitech
[14/05/2009|07:11] C:\Program Files\Fichiers communs\Microsoft Shared
[24/04/2008|11:23] C:\Program Files\Fichiers communs\MSSoap
[24/04/2008|13:16] C:\Program Files\Fichiers communs\ODBC
[02/05/2009|15:58] C:\Program Files\Fichiers communs\Real
[24/04/2008|11:23] C:\Program Files\Fichiers communs\Services
[24/04/2008|13:16] C:\Program Files\Fichiers communs\SpeechEngines
[03/10/2008|18:35] C:\Program Files\Fichiers communs\Stardock
[25/05/2009|19:18] C:\Program Files\Fichiers communs\System
[24/02/2009|20:23] C:\Program Files\Fichiers communs\TI Shared
[18/12/2008|12:17] C:\Program Files\Fichiers communs\Windows Live
[27/04/2008|10:40] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[11/06/2009|12:43] C:\Program Files\Fichiers communs\Wise Installation Wizard
[02/05/2009|15:59] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 57 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 23:18:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:282][D:27]-> C:\DOCUME~1\Malige\LOCALS~1\Temp
[F:24][D:0]-> C:\DOCUME~1\Malige\Cookies
[F:1154][D:5]-> C:\DOCUME~1\Malige\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 13/10/2008|21:10 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 25/06/2009|23:00 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - 25/06/2009|23:20 - Option : [2]

--------------------\\ Fin du rapport a 23:20:18
0
Réponse 6 / 73
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
25 juin 2009 à 23:15
bien ....


un nouveau RSIT maintenant stp ....

0
Réponse 7 / 73
Manu
25 juin 2009 à 23:17
Je l'ai fait sur 2 mois comme le 1er Pour info

Logfile of random's system information tool 1.05 (written by random/random)
Run by Malige at 2009-06-25 23:27:57
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 68 GB (67%) free of 102 GB
Total RAM: 3071 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:04, on 25/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\abylonsoft\SAPDrive\SAPCtrlSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ma-config.com\maconfservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\oopmagentts.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Aide mémoire\TrayIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Encarta\Collection Encarta 2003 DVD\EDICT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\Documents and Settings\Malige\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Malige.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ooquickpdfv7] "C:\WINDOWS\system32\oopmagentts.exe"
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [L03FXLRD_6513656] C:\Program Files\Microsoft Encarta\Collection Encarta 2003 DVD\EDICT.EXE -m
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Aide mémoire.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: apm - SAP control service (apmSAPCtrl) - abylonsoft - Dr. Thomas Klabunde GbR - C:\Program Files\abylonsoft\SAPDrive\SAPCtrlSer.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9885be8750c5a) (gupdate1c9885be8750c5a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Malige/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
0
Réponse 8 / 73
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
25 juin 2009 à 23:22
bien ....


on continue .... dans l'ordre :



1- Tu as CCleaner , mais peut-être pas la dernière version . Donc télécharge la et lance l'installe directement ( cela écrasera automatiquement l'ancienne ) :

Télécharge CCleaner :
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
ou https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "français" en langue .
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm


---> Utilisation:
*Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures .

! déconnecte toi et ferme toutes applications en cours !

* va dans "nettoyeur" : fais -analyse- puis -nettoyage-
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )


================


2- Télécharge SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Installe le soft sur ton bureau ( et pas ailleurs! ) .

!! Déconnecte toi, ferme toutes tes applications et désactives tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !!


Tuto ( aide ) : http://siri.urz.free.fr/Fix/SmitfraudFix.php
Autre tuto animé ( merci balltrapp34 ;) ) : http://pagesperso-orange.fr/rginformatique/section%20virus/smitfraudfix.htm

Utilisation ---> option 1 / Recherche :
Double-clique sur l'icône "Smitfraudfix.exe" et sélectionne 1 (et pas sur autre chose sans notre accord !) pour créer un rapport des fichiers responsables de l'infection.

Poste le rapport ( "rapport.txt" qui se trouve sous C\: ) et attends la suite ...

(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool". Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)


0
Réponse 9 / 73
Manu
26 juin 2009 à 00:00
Voilà j'ai fait ce que vous m'avez dit mais depuis un certain temps dans le registre ces pas nouveau CCleaner trouve cette erreur la supprime est elle revien dirrectement après
Extension de fichiers inutilisée {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}
Et sinon voici le rapport

SmitFraudFix v2.422

Rapport fait à 0:05:56,87, 26/06/2009
Executé à partir de C:\Program Files\Mozilla Firefox 3.5 Beta 4\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\abylonsoft\SAPDrive\SAPCtrlSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ma-config.com\maconfservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\oopmagentts.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Aide mémoire\TrayIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Malige


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Malige\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Malige\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Malige\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/Malige/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/Malige/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~3\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Atheros L2 Fast Ethernet 10/100 Base-T Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{83074B23-89FE-4787-AE34-E2083345B759}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{83074B23-89FE-4787-AE34-E2083345B759}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{83074B23-89FE-4787-AE34-E2083345B759}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 10 / 73
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
26 juin 2009 à 00:56
re,


pour CCleaner , c'est normal ... j'ai la même chose chez moi ... ^^

on continue, dans l'ordre :


1- Suite de la manipe ( nettoyage ), fais exactement ce qui suit :

!! Déconnecte toi, ferme toutes tes applications et désactives tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !!


* Double-clique sur SmitfraudFix.exe

* Sélectionne 2 et presse "Entrée" dans le menu pour supprimer les fichiers responsables de l'infection.

--> Si besion :

* A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et presser Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection.

( Le correctif déterminera si le fichier wininet.dll est infecté.)

* A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée
pour remplacer le fichier corrompu.

* Un redémarrage sera demandé pour terminer la procédure de nettoyage .
Si le redémarrage ne se fais pas , fais le manuellement ( c'est important ! ) .

Le rapport se trouve à la racine de disque dur C .
( dans le fichier C:\rapport.txt )

Poste moi ce dernier rapport pour analyse et fait la suite ...


( PS : l'arrière plan du bureau sera devu bleu , c'est normal . tu remettras un fond d'écran une fois qu'on aura terminé )

=========================


2- Avoir accès aux fichiers cachés :

Va dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )



3- Rends toi sur ce site :

https://www.virustotal.com/gui/

Copies ce qui suit et colles le dans l'espace pour la recherche ( ou clique sur "parcourir" et va jusqu'au fichier demandé ) :
C:\Documents and Settings\All Users\Application Data\xml7.tmp

Clique sur Send File ( = " Envoyer le fichier " ).

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )


Fais de même pour :
C:\Documents and Settings\All Users\Application Data\xml24.tmp
C:\Documents and Settings\All Users\Application Data\xml172.tmp
C:\Documents and Settings\All Users\Application Data\xml16F.tmp
C:\Documents and Settings\All Users\Application Data\xml170.tmp
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP

Poste moi donc ces 6 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) .


Une fois ces rapports postés , tu enchaines :

========================

4- Télécharge MalwareByte's :
ici http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
ou ici : http://www.malwarebytes.org/mbam.php

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'instale ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Rapide" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date),
accompagné d'un nouveau rapport RSIT pour analyse ...


0
Réponse 11 / 73
Manu
26 juin 2009 à 06:32
Voici le rapport de SmitfraudFix

SmitFraudFix v2.422

Rapport fait à 6:35:56,04, 26/06/2009
Executé à partir de C:\Documents and Settings\Malige\Mes documents\Downloads\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Atheros L2 Fast Ethernet 10/100 Base-T Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{83074B23-89FE-4787-AE34-E2083345B759}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{83074B23-89FE-4787-AE34-E2083345B759}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{83074B23-89FE-4787-AE34-E2083345B759}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 12 / 73
Manu
26 juin 2009 à 06:58
Voici les diférrent rapport et encore un grand merci


Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virus Total
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File xml7.tmp received on 2009.06.26 04:45:33 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.26 -
AhnLab-V3 5.0.0.2 2009.06.25 -
AntiVir 7.9.0.196 2009.06.25 -
Antiy-AVL 2.0.3.1 2009.06.26 -
Authentium 5.1.2.4 2009.06.25 -
Avast 4.8.1335.0 2009.06.25 -
AVG 8.5.0.339 2009.06.25 -
BitDefender 7.2 2009.06.26 -
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.26 -
Comodo 1425 2009.06.26 -
DrWeb 5.0.0.12182 2009.06.26 -
eSafe 7.0.17.0 2009.06.25 -
eTrust-Vet 31.6.6580 2009.06.26 -
F-Prot 4.4.4.56 2009.06.25 -
F-Secure 8.0.14470.0 2009.06.25 -
Fortinet 3.117.0.0 2009.06.26 -
GData 19 2009.06.26 -
Ikarus T3.1.1.59.0 2009.06.26 -
Jiangmin 11.0.706 2009.06.25 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.26 -
McAfee 5657 2009.06.25 -
McAfee+Artemis 5657 2009.06.25 -
McAfee-GW-Edition 6.7.6 2009.06.25 -
Microsoft 1.4803 2009.06.26 -
NOD32 4190 2009.06.26 -
Norman 6.01.09 2009.06.25 -
nProtect 2009.1.8.0 2009.06.26 -
Panda 10.0.0.16 2009.06.26 -
PCTools 4.4.2.0 2009.06.25 -
Prevx 3.0 2009.06.26 -
Rising 21.35.40.00 2009.06.26 -
Sophos 4.43.0 2009.06.26 -
Sunbelt 3.2.1858.2 2009.06.25 -
Symantec 1.4.4.12 2009.06.26 -
TheHacker 6.3.4.3.354 2009.06.25 -
TrendMicro 8.950.0.1094 2009.06.26 -
VBA32 3.12.10.7 2009.06.26 -
ViRobot 2009.6.25.1804 2009.06.25 -
VirusBuster 4.6.5.0 2009.06.25 -
Additional information
File size: 13380 bytes
MD5...: e378ba44ce0542b4c53db38f23afb824
SHA1..: 3c35be28ff2bcff395d48fc83305398ff2aca578
SHA256: f25bdefe7bdf97606c6f5537dc237c9100d10ed8acaa012e3ea73b5ff8020a15
ssdeep: 96:khlu+s+Yk7ABUmWgM8VAqM3A2wfwsETAMUkQqHUGhMHgV0jg3lSczrptUmrAs
AAx:qjshotlPXe2IwYk
PEiD..: -
TrID..: File type identification
Generic XML (ASCII) (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Scan another file
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy



Pour ceci C:\Documents and Settings\All Users\Application Data\xml24.tmp cela m'a affiché cela 0 bytes size received / Se ha recibido un archivo vacio


Pour le troisième


Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virus Total
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File xml172.tmp received on 2009.06.26 04:50:13 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.26 -
AhnLab-V3 5.0.0.2 2009.06.25 -
AntiVir 7.9.0.196 2009.06.25 -
Antiy-AVL 2.0.3.1 2009.06.26 -
Authentium 5.1.2.4 2009.06.25 -
Avast 4.8.1335.0 2009.06.25 -
AVG 8.5.0.339 2009.06.25 -
BitDefender 7.2 2009.06.26 -
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.26 -
Comodo 1425 2009.06.26 -
DrWeb 5.0.0.12182 2009.06.26 -
eSafe 7.0.17.0 2009.06.25 -
eTrust-Vet 31.6.6580 2009.06.26 -
F-Prot 4.4.4.56 2009.06.25 -
F-Secure 8.0.14470.0 2009.06.25 -
Fortinet 3.117.0.0 2009.06.26 -
GData 19 2009.06.26 -
Ikarus T3.1.1.59.0 2009.06.26 -
Jiangmin 11.0.706 2009.06.25 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.26 -
McAfee 5657 2009.06.25 -
McAfee+Artemis 5657 2009.06.25 -
McAfee-GW-Edition 6.7.6 2009.06.25 -
Microsoft 1.4803 2009.06.26 -
NOD32 4190 2009.06.26 -
Norman 6.01.09 2009.06.25 -
nProtect 2009.1.8.0 2009.06.26 -
Panda 10.0.0.16 2009.06.26 -
PCTools 4.4.2.0 2009.06.25 -
Prevx 3.0 2009.06.26 -
Rising 21.35.40.00 2009.06.26 -
Sophos 4.43.0 2009.06.26 -
Sunbelt 3.2.1858.2 2009.06.25 -
Symantec 1.4.4.12 2009.06.26 -
TheHacker 6.3.4.3.354 2009.06.25 -
TrendMicro 8.950.0.1094 2009.06.26 -
VBA32 3.12.10.7 2009.06.26 -
ViRobot 2009.6.25.1804 2009.06.25 -
VirusBuster 4.6.5.0 2009.06.25 -
Additional information
File size: 1801 bytes
MD5...: b4e8483f093c72642a4251cc1a169ba3
SHA1..: 1e5aa5a75d92796f3aebb2db815855057bb4bbb9
SHA256: 5aa981dd067f8e0b14e77826f2e002ed546010d23c90a6f6eafea62aaf1dd9b0
ssdeep: 48:cLvND8jguAqI6nLaA/KMH/HMX5Mw+SUAztan:IlD8guATOLaefsXuw+Sdztan
PEiD..: -
TrID..: File type identification
Generic XML (ASCII) (62.5%)
HyperText Markup Language (37.5%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Scan another file
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy


Pour le 4ième


Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virus Total
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File xml16F.tmp received on 2009.06.26 04:52:47 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.26 -
AhnLab-V3 5.0.0.2 2009.06.25 -
AntiVir 7.9.0.196 2009.06.25 -
Antiy-AVL 2.0.3.1 2009.06.26 -
Authentium 5.1.2.4 2009.06.25 -
Avast 4.8.1335.0 2009.06.25 -
AVG 8.5.0.339 2009.06.25 -
BitDefender 7.2 2009.06.26 -
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.26 -
Comodo 1425 2009.06.26 -
DrWeb 5.0.0.12182 2009.06.26 -
eSafe 7.0.17.0 2009.06.25 -
eTrust-Vet 31.6.6580 2009.06.26 -
F-Prot 4.4.4.56 2009.06.25 -
F-Secure 8.0.14470.0 2009.06.25 -
Fortinet 3.117.0.0 2009.06.26 -
GData 19 2009.06.26 -
Ikarus T3.1.1.59.0 2009.06.26 -
Jiangmin 11.0.706 2009.06.25 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.26 -
McAfee 5657 2009.06.25 -
McAfee+Artemis 5657 2009.06.25 -
McAfee-GW-Edition 6.7.6 2009.06.25 -
Microsoft 1.4803 2009.06.26 -
NOD32 4190 2009.06.26 -
Norman 6.01.09 2009.06.25 -
nProtect 2009.1.8.0 2009.06.26 -
Panda 10.0.0.16 2009.06.26 -
PCTools 4.4.2.0 2009.06.25 -
Prevx 3.0 2009.06.26 -
Rising 21.35.40.00 2009.06.26 -
Sophos 4.43.0 2009.06.26 -
Sunbelt 3.2.1858.2 2009.06.25 -
Symantec 1.4.4.12 2009.06.26 -
TheHacker 6.3.4.3.354 2009.06.25 -
TrendMicro 8.950.0.1094 2009.06.26 -
VBA32 3.12.10.7 2009.06.26 -
ViRobot 2009.6.25.1804 2009.06.25 -
VirusBuster 4.6.5.0 2009.06.25 -
Additional information
File size: 8519 bytes
MD5...: 35d318c98a2320ebdd7da8f1d1b52ee5
SHA1..: 20aba6cafcd18835d60532cf9dd72d6f8ef241fd
SHA256: bc7b80d9c5f87935be666a6b3f70910d2f67db420245d12fea01d7ba9875e7b2
ssdeep: 96:qiE+PAp84mGTY3/M0Oy+mHMHELNSKrMv1i+4md+ySEyv1a+BZd+fSEI3Rg+r+
NYM:3lPApE/hHLNNS1XrA7B1vs6jnCxpZIuF
PEiD..: -
TrID..: File type identification
file seems to be plain text/ASCII (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Scan another file
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy


Pour le 5ième C:\Documents and Settings\All Users\Application Data\xml170.tmp 0 bytes size received / Se ha recibido un archivo vacio

Et pour le dernier

C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP ces pas ce fichier qui à été analisez car il ne contenez rien mais ce que ce dossier contenez.**


Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virus Total
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File WiseCustomCalla.dll received on 2009.06.26 04:58:14 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.26 -
AhnLab-V3 5.0.0.2 2009.06.25 -
AntiVir 7.9.0.196 2009.06.25 -
Antiy-AVL 2.0.3.1 2009.06.26 -
Authentium 5.1.2.4 2009.06.25 -
Avast 4.8.1335.0 2009.06.25 -
AVG 8.5.0.339 2009.06.25 -
BitDefender 7.2 2009.06.26 -
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.26 -
Comodo 1425 2009.06.26 -
DrWeb 5.0.0.12182 2009.06.26 -
eSafe 7.0.17.0 2009.06.25 -
eTrust-Vet 31.6.6580 2009.06.26 -
F-Prot 4.4.4.56 2009.06.25 -
F-Secure 8.0.14470.0 2009.06.25 -
Fortinet 3.117.0.0 2009.06.26 -
GData 19 2009.06.26 -
Ikarus T3.1.1.59.0 2009.06.26 -
Jiangmin 11.0.706 2009.06.25 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.26 -
McAfee 5657 2009.06.25 -
McAfee+Artemis 5657 2009.06.25 -
McAfee-GW-Edition 6.7.6 2009.06.25 -
Microsoft 1.4803 2009.06.26 -
NOD32 4190 2009.06.26 -
Norman 6.01.09 2009.06.25 -
nProtect 2009.1.8.0 2009.06.26 -
Panda 10.0.0.16 2009.06.26 -
PCTools 4.4.2.0 2009.06.25 -
Prevx 3.0 2009.06.26 -
Rising 21.35.40.00 2009.06.26 -
Sophos 4.43.0 2009.06.26 -
Sunbelt 3.2.1858.2 2009.06.25 -
Symantec 1.4.4.12 2009.06.26 -
TheHacker 6.3.4.3.354 2009.06.25 -
TrendMicro 8.950.0.1094 2009.06.26 -
VBA32 3.12.10.7 2009.06.26 -
ViRobot 2009.6.25.1804 2009.06.25 -
VirusBuster 4.6.5.0 2009.06.25 -
Additional information
File size: 200704 bytes
MD5...: 4bdad33a6edf1dcede6381a9bf235157
SHA1..: 4893650b15b90f4a36c2a4d3aa750c17140e7974
SHA256: 304fa0e881662e727cc920a8e5891af67953cf8df8de6054f6426005b2f92388
ssdeep: 3072:b6Qyc61N27wk79lV0V7K10YMsA8rDeruCNVA6z3t+KaDKTCu/:bBSN2l79l
V0V7OPi8rDcmKUK
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xdf33
timedatestamp.....: 0x493e26ce (Tue Dec 09 08:05:34 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1ded5 0x1e000 6.68 b9c9579e39e592690732c3fe27a3c184
.rdata 0x1f000 0x6df0 0x7000 5.12 d2b5ccfa1dcfe567de406c47f2bfbfd2
.data 0x26000 0x593c 0x2000 3.82 b2bf7c01eec5675ee935f8d978e81b43
.rsrc 0x2c000 0x3b9c 0x4000 3.90 6e4a936c9476fe797f4c1ba4c0634fbc
.reloc 0x30000 0x4848 0x5000 3.44 cd852862cb7eea0cdc38be9f5dc7b33e

( 8 imports )
> KERNEL32.dll: GetVersionExA, lstrcmpW, GlobalFindAtomA, GlobalGetAtomNameA, GetThreadLocale, ReadFile, WriteFile, SetFilePointer, FlushFileBuffers, GetCurrentProcess, CreateFileA, GetCPInfo, GetOEMCP, InterlockedIncrement, HeapAlloc, HeapFree, HeapReAlloc, VirtualAlloc, RtlUnwind, GetCommandLineA, GetProcessHeap, ExitProcess, RaiseException, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetACP, IsValidCodePage, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GlobalFlags, WritePrivateProfileStringA, SetErrorMode, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, InterlockedDecrement, GetModuleFileNameW, GlobalFree, GlobalUnlock, GetCurrentProcessId, SetLastError, GlobalAddAtomA, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, GetModuleFileNameA, EnumResourceLanguagesA, GetLocaleInfoA, LoadLibraryA, FindResourceA, LoadResource, LockResource, SizeofResource, GlobalLock, lstrcmpA, GlobalAlloc, FreeLibrary, GetModuleHandleA, GetProcAddress, lstrlenA, CompareStringA, GetVersion, WideCharToMultiByte, MultiByteToWideChar, InterlockedExchange, CreateProcessA, WaitForSingleObject, Sleep, DeleteFileA, RemoveDirectoryA, CloseHandle, GetLastError, FormatMessageA, LocalFree
> USER32.dll: GetSysColorBrush, LoadCursorA, DestroyMenu, RegisterWindowMessageA, LoadIconA, WinHelpA, GetCapture, GetClassLongA, SetPropA, GetPropA, RemovePropA, IsWindow, GetForegroundWindow, GetDlgItem, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, GetClientRect, GetMenu, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, CopyRect, ShowWindow, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetSystemMetrics, GetWindow, GetDlgCtrlID, GetWindowRect, GetClassNameA, PtInRect, SetWindowTextA, GetSysColor, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, UnregisterClassA, UnhookWindowsHookEx, GetMenuItemID, MessageBoxA, GetMenuItemCount, GetSubMenu, GetWindowThreadProcessId, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, EnableWindow, PostQuitMessage, PostMessageA, CheckMenuItem, EnableMenuItem, GetMenuState, ModifyMenuA, SendMessageA, GetParent, GetFocus, LoadBitmapA, GetMenuCheckMarkDimensions, SetCursor, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, SetMenuItemBitmaps, GetWindowTextA
> ADVAPI32.dll: RegSetValueExA, RegCreateKeyExA, RegQueryValueA, RegOpenKeyA, RegEnumKeyA, RegDeleteKeyA, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyExA, RegCloseKey
> SHLWAPI.dll: PathFindExtensionA, PathFindFileNameA
> OLEACC.dll: LresultFromObject, CreateStdAccessibleObject
> GDI32.dll: DeleteDC, ExtTextOutA, GetStockObject, GetDeviceCaps, SaveDC, RestoreDC, SetBkColor, ScaleWindowExtEx, SetWindowExtEx, SetTextColor, SetMapMode, GetClipBox, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, CreateBitmap, TextOutA, RectVisible, PtVisible, DeleteObject, Escape
> WINSPOOL.DRV: DocumentPropertiesA, OpenPrinterA, ClosePrinter
> OLEAUT32.dll: -, -, -

( 2 exports )
GetExistingPhysXInformation, UnInstallExistingPhysX
PDFiD.: -
RDS...: NSRL Reference Data Set
-

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Scan another file
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy
0
Réponse 13 / 73
Manu
26 juin 2009 à 07:10
Et voici le scan de malwarrebit je l'utilise déjà depuis 2 ans pour info

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2335
Windows 5.1.2600 Service Pack 3

26/06/2009 07:19:25
mbam-log-2009-06-26 (07-19-25).txt

Type de recherche: Examen rapide
Eléments examinés: 97795
Temps écoulé: 6 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)



ET Le sann de RSIT

Logfile of random's system information tool 1.05 (written by random/random)
Run by Malige at 2009-06-26 07:21:21
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 73 GB (72%) free of 102 GB
Total RAM: 3071 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:21:28, on 26/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\abylonsoft\SAPDrive\SAPCtrlSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ma-config.com\maconfservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\oopmagentts.exe
C:\WINDOWS\system32\mobsync.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Aide mémoire\TrayIcon.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Malige\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Malige.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ooquickpdfv7] "C:\WINDOWS\system32\oopmagentts.exe"
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Aide mémoire.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: apm - SAP control service (apmSAPCtrl) - abylonsoft - Dr. Thomas Klabunde GbR - C:\Program Files\abylonsoft\SAPDrive\SAPCtrlSer.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9885be8750c5a) (gupdate1c9885be8750c5a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 14 / 73
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
26 juin 2009 à 08:38
Salut,


MBAM passe au travers ... fais ceci stp :



Télécharge ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note : pour XP, bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ...
--------------------------------------------------------------------------------------------


Ensuite :
double-clique sur l'icône "combofix.exe" pour lancer l'outil .


-- Pour XP > laisse toi guider pour faire l'installe de la console de récupération . reconnecte toi uniquement le temps de cette manipulation . une fois le console installée ,re-déconnecte toi avant de poursuivre --

Appuie sur la touche Y (Yes) pour démarrer le scan .

Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée ici : C:\Combofix.txt

Réactive bien tes défenses .


Poste le rapport Combofix pour analyse ...
0
Réponse 15 / 73
Manu
26 juin 2009 à 09:23
Voici le rapport de Combix et merci de m'accorder un peu de votre temps ces super simpa

ComboFix 09-06-25.01 - Malige 26/06/2009 9:19.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3071.2500 [GMT 2:00]
Lancé depuis: c:\documents and settings\Malige\Mes documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2009-05-26 au 2009-06-26 ))))))))))))))))))))))))))))))))))))
.

2009-06-22 11:08 . 2009-06-22 11:08 390664 ----a-w- c:\documents and settings\Malige\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-21 15:44 . 2009-06-21 15:56 -------- d-----w- c:\program files\PDF Editeur 2
2009-06-21 15:44 . 2009-06-21 15:44 73216 ----a-w- c:\windows\cadkasdeinst01f.exe
2009-06-15 16:30 . 2009-06-21 16:32 -------- d-----w- c:\program files\Incomplete
2009-06-15 16:12 . 2007-11-06 23:00 356352 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-15 16:11 . 2007-11-06 16:59 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-15 13:00 . 2009-06-15 15:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-11 10:28 . 2008-12-17 05:55 195096 ----a-w- c:\windows\system32\lvci11901262.dll
2009-06-11 10:26 . 2009-06-11 10:26 -------- d-----w- c:\program files\Logitech
2009-06-11 10:07 . 2009-06-11 10:11 -------- d-----w- c:\program files\UrbanTerror
2009-06-11 09:46 . 2009-06-11 09:46 -------- d-----w- c:\program files\ma-config.com
2009-06-11 09:46 . 2009-06-11 09:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-06-10 07:25 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 07:25 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-04 05:26 . 2009-06-04 05:26 286720 ------w- c:\windows\Setup1.exe
2009-06-03 16:33 . 2009-06-03 16:33 387456 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-03 13:04 . 2009-06-03 13:14 -------- d-----w- c:\documents and settings\Malige\Local Settings\Application Data\AA2DeployClient
2009-06-03 13:04 . 2009-06-03 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AA2DeployClient
2009-06-03 13:03 . 2009-06-11 10:19 -------- d-----w- c:\documents and settings\Malige\Local Settings\Application Data\Deployment
2009-06-01 15:48 . 2009-06-01 15:48 766 ----a-r- c:\documents and settings\Malige\Application Data\Microsoft\Installer\{6F49D427-5E1D-47CC-944D-5D85299DC889}\_6eb526a8.exe
2009-06-01 15:09 . 2007-11-06 23:00 290816 ----a-w- c:\windows\system32\nvwrsth.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 07:28 . 2009-03-07 12:28 21145632 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-26 07:24 . 2009-03-07 12:28 251816 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-26 04:49 . 2009-05-25 18:12 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2009-06-25 22:40 . 2009-03-07 10:38 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-06-25 22:05 . 2009-03-05 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-25 21:50 . 2008-04-29 17:59 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-25 21:48 . 2001-09-28 12:00 94956 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-25 21:48 . 2001-09-28 12:00 535550 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-25 21:38 . 2008-09-28 15:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 21:37 . 2008-10-17 17:08 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-25 19:58 . 2009-02-09 16:20 -------- d-----w- c:\documents and settings\Malige\Application Data\teamspeak2
2009-06-25 08:56 . 2008-04-26 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-23 06:32 . 2008-05-24 18:07 1480 ----a-w- c:\windows\AUTOLNCH.REG
2009-06-21 16:34 . 2008-12-11 09:25 -------- d-----w- c:\documents and settings\Malige\Application Data\FrostWire
2009-06-21 16:32 . 2008-12-11 09:23 -------- d-----w- c:\program files\FrostWire
2009-06-18 09:34 . 2009-06-18 09:35 2208256 ----a-w- c:\windows\Internet Logs\xDB3F.tmp
2009-06-17 09:27 . 2008-09-28 15:20 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2008-09-28 15:20 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 04:54 . 2009-03-09 09:19 5000723 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-06-15 16:32 . 2009-03-18 13:01 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 3
2009-06-15 11:31 . 2008-08-22 14:30 -------- d-----w- c:\program files\BoontyGames
2009-06-15 06:49 . 2009-06-15 09:16 2184704 ----a-w- c:\windows\Internet Logs\xDB3E.tmp
2009-06-15 06:49 . 2009-06-15 09:16 49152 ----a-w- c:\windows\Internet Logs\xDB3D.tmp
2009-06-14 19:32 . 2009-06-14 19:32 56559 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_06_14_21_23_18_small.dmp.zip
2009-06-14 19:32 . 2009-06-14 19:32 16179955 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_06_14_21_23_09_full.dmp.zip
2009-06-14 19:25 . 2009-06-14 19:27 2183680 ----a-w- c:\windows\Internet Logs\xDB3C.tmp
2009-06-14 19:25 . 2009-06-14 19:27 55808 ----a-w- c:\windows\Internet Logs\xDB3B.tmp
2009-06-14 17:40 . 2009-06-14 17:40 42805 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_06_13_22_38_30_small.dmp.zip
2009-06-13 12:47 . 2009-06-13 12:47 53128 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_06_13_13_54_25_small.dmp.zip
2009-06-13 12:47 . 2009-06-13 12:47 50053 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_06_13_13_54_31_small.dmp.zip
2009-06-13 11:55 . 2009-06-13 12:42 151040 ----a-w- c:\windows\Internet Logs\xDB3A.tmp
2009-06-12 18:02 . 2009-06-12 18:02 46038 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_06_12_13_21_35_small.dmp.zip
2009-06-12 18:02 . 2009-06-12 18:02 43188 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_06_12_13_21_31_small.dmp.zip
2009-06-12 09:23 . 2009-06-12 09:23 55908 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_06_12_07_25_15_small.dmp.zip
2009-06-12 09:23 . 2009-06-12 09:23 43797 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_06_12_07_25_13_small.dmp.zip
2009-06-12 05:15 . 2009-06-12 05:15 48373 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_06_11_21_22_02_small.dmp.zip
2009-06-11 11:42 . 2008-04-26 14:22 -------- d-----w- c:\program files\Fichiers communs\logishrd
2009-06-11 10:57 . 2009-06-11 10:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-06-11 10:54 . 2008-04-24 09:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-11 10:43 . 2008-09-02 11:24 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-06-11 10:42 . 2008-10-05 13:47 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-11 10:26 . 2008-04-27 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-06-11 09:23 . 2008-05-28 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-06-10 16:56 . 2009-06-11 06:43 238592 ----a-w- c:\windows\Internet Logs\xDB38.tmp
2009-06-10 16:56 . 2009-06-11 06:43 2095616 ----a-w- c:\windows\Internet Logs\xDB39.tmp
2009-06-10 11:50 . 2009-03-06 19:51 -------- d-----w- c:\documents and settings\Malige\Application Data\drivers
2009-06-10 07:53 . 2008-04-26 23:15 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-06 19:35 . 2009-06-07 04:25 124416 ----a-w- c:\windows\Internet Logs\xDB36.tmp
2009-06-06 19:35 . 2009-06-07 04:25 2078720 ----a-w- c:\windows\Internet Logs\xDB37.tmp
2009-06-05 09:46 . 2009-06-05 09:47 2072576 ----a-w- c:\windows\Internet Logs\xDB35.tmp
2009-06-05 04:02 . 2009-06-05 09:22 117760 ----a-w- c:\windows\Internet Logs\xDB34.tmp
2009-06-04 05:26 . 2009-03-16 19:10 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-03 21:36 . 2009-06-04 03:59 124416 ----a-w- c:\windows\Internet Logs\xDB33.tmp
2009-06-03 16:43 . 2009-06-03 16:43 13380 ----a-w- c:\documents and settings\All Users\Application Data\xml7.tmp
2009-06-03 16:43 . 2008-12-30 16:05 1801 ----a-w- c:\documents and settings\All Users\Application Data\xml172.tmp
2009-06-03 16:43 . 2008-12-30 16:05 8519 ----a-w- c:\documents and settings\All Users\Application Data\xml16F.tmp
2009-06-01 20:14 . 2009-06-02 10:05 61952 ----a-w- c:\windows\Internet Logs\xDB31.tmp
2009-06-01 20:14 . 2009-06-02 10:05 2043904 ----a-w- c:\windows\Internet Logs\xDB32.tmp
2009-06-01 15:48 . 2008-11-04 18:22 -------- d-----w- c:\program files\khi3
2009-06-01 06:16 . 2009-06-01 10:45 84992 ----a-w- c:\windows\Internet Logs\xDB30.tmp
2009-05-30 18:16 . 2008-05-13 19:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-30 18:16 . 2009-03-07 16:48 -------- d-----w- c:\program files\SpywareBlaster
2009-05-30 15:00 . 2009-05-30 16:59 94208 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2009-05-30 15:00 . 2009-05-30 16:59 2032128 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2009-05-28 19:16 . 2009-05-29 07:03 195584 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2009-05-25 19:26 . 2009-05-25 19:27 220160 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2009-05-25 18:11 . 2009-04-13 15:01 -------- d-----w- c:\documents and settings\Malige\Application Data\GetRightToGo
2009-05-24 22:24 . 2008-05-26 20:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-24 13:50 . 2008-12-18 10:38 -------- d-----w- c:\program files\Microsoft
2009-05-22 16:08 . 2009-05-22 16:09 1959424 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-05-20 15:54 . 2008-04-26 23:18 -------- d-----w- c:\program files\Google
2009-05-19 19:38 . 2009-05-19 19:44 1952256 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2009-05-19 19:38 . 2009-05-19 19:44 294912 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2009-05-14 09:44 . 2009-04-01 12:49 -------- d-----w- c:\program files\H2O-ScRipT
2009-05-13 13:11 . 2009-05-13 13:11 2840 ----a-w- c:\documents and settings\Malige\master.dat
2009-05-13 05:04 . 2008-04-23 17:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 13:12 . 2008-04-24 09:25 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-11 20:11 . 2009-05-12 05:30 1911808 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2009-05-11 20:11 . 2009-05-12 05:30 159232 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2009-05-11 19:04 . 2009-05-11 19:04 -------- d-----w- c:\program files\FusionSoft DVD Player XP
2009-05-07 21:27 . 2009-05-08 08:43 227328 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2009-05-07 15:33 . 2004-08-19 14:09 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 15:13 . 2008-04-26 14:26 -------- d-----w- c:\program files\HP DeskJet 810C Series
2009-05-02 14:13 . 2009-05-02 14:13 -------- d-----w- c:\program files\Avira
2009-05-02 14:13 . 2009-05-02 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-02 14:01 . 2009-05-02 14:02 585216 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-05-02 13:59 . 2009-05-02 13:59 -------- d-----w- c:\program files\Fichiers communs\xing shared
2009-05-02 13:58 . 2008-09-22 16:39 -------- d-----w- c:\program files\Fichiers communs\Real
2009-05-02 13:27 . 2009-05-02 13:27 0 ----a-w- c:\documents and settings\All Users\Application Data\xml24.tmp
2009-05-02 13:27 . 2008-12-30 16:05 0 ----a-w- c:\documents and settings\All Users\Application Data\xml170.tmp
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-30 19:21 . 2009-03-20 18:50 -------- d-----w- c:\documents and settings\Malige\Application Data\NetStat Agent
2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-19 19:50 . 2008-04-23 17:45 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-19 18:31 . 2008-04-24 11:37 229624 ----a-w- c:\documents and settings\Malige\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 10:02 . 2009-04-18 10:58 138240 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-04-18 10:02 . 2009-04-18 10:58 1726464 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-04-15 20:12 . 2009-04-16 03:13 300544 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2009-04-15 20:12 . 2009-04-16 03:13 1721856 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-04-15 14:53 . 2008-04-23 17:44 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2007-07-26 15:01 . 2009-01-13 13:48 114688 ----a-w- c:\program files\internet explorer\plugins\ChimeShim.dll
2009-03-05 14:47 . 2009-03-05 14:24 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-10-22 09:15 . 2008-04-29 18:11 88 --sh--r- c:\windows\system32\452FD47A68.sys
2006-05-03 09:06 . 2008-12-14 14:19 163328 --sh--r- c:\windows\system32\flvDX.dll
2008-10-22 09:16 . 2008-04-29 18:11 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2008-12-14 14:19 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2008-12-14 14:19 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ooquickpdfv7"="c:\windows\system32\oopmagentts.exe" [2008-04-24 69632]
"hplampc"="c:\windows\system32\hplampc.exe" [2002-01-17 40448]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-13 143872]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-05 30192]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-05-02 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-25 148888]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-04-04 1822720]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-11-06 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\Malige\Menu D‚marrer\Programmes\D‚marrage\
Aide m‚moire.lnk - c:\program files\Aide m‚moire\TrayIcon.exe [2008-4-27 34816]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"d:\\Program Files\\BitDownload\\BitDownload.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\ProgDVB\\ProgDvbNet.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 APMDRIVE;APMPDRIVE DRIVER;c:\windows\system32\drivers\APMDrive.sys [24/03/2009 18:47 49200]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [02/05/2009 16:14 108289]
R2 apmSAPCtrl;apm - SAP control service;c:\program files\abylonsoft\SAPDrive\SAPCtrlSer.EXE [24/03/2009 18:29 231760]
R2 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592]
S2 gupdate1c9885be8750c5a;Google Update Service (gupdate1c9885be8750c5a);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2009 15:07 133104]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [05/03/2009 16:23 30192]
S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [26/04/2008 17:53 9312]
S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [21/08/2008 13:13 466048]
S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\drivers\Ltn_stkrc.sys [21/08/2008 13:13 13440]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [30/12/2008 18:04 98488]
S3 USBTINSP;TI-Nspire(TM) Handheld Device Driver;c:\windows\system32\drivers\tinspusb.sys [24/02/2009 20:22 123392]
S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [07/03/2009 15:30 9728]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-06-26 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-03-07 16:10]

2009-06-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-26 20:01]

2009-06-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 13:07]

2009-06-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-06-26 c:\windows\Tasks\User_Feed_Synchronization-{8EF20294-B744-466D-9894-C59208BB3263}.job
- c:\windows\system32\msfeedssync.exe [2008-04-23 02:31]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath -

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 09:26
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\TEMP\TMP0000002C7A30ADB71B810777 524288 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,e5,90,84,df,00,
8e,59,cb,e2,63,26,f1,3f,c8,ff,68,05,20,cd,6d,97,85,39,6f,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,57,16,9a,4f,47,
ae,4d,69,6a,9c,d6,61,af,45,84,18,61,30,b6,7a,fa,d2,f0,40,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,81,4f,04,cf,55,
27,64,41,ff,7c,85,e0,43,d4,0e,fe,7f,52,d6,f2,b3,3e,65,e3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,86,1c,57,15,e8,
d2,0d,e4,86,8c,21,01,be,91,eb,e7,1c,9e,6a,3f,d3,cc,7c,86,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,73,ac,da,a2,b7,
65,e1,77,f5,1d,4d,73,a8,13,5c,05,b9,f3,2b,fd,4d,92,a7,db,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,3d,a7,f4,8b,80,
11,74,1d,df,20,58,62,78,6b,cf,c8,d2,29,0a,69,2a,83,2c,ea,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,6e,0c,f6,5c,ba,
39,3f,8d,fb,a7,78,e6,12,2f,9a,ea,ab,d2,21,a4,86,a5,87,f9,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,d6,4c,d7,e1,27,
e3,99,ac,01,3a,48,fc,e8,04,4a,f1,a0,6e,15,0c,7d,a3,7d,0f,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,a7,6b,46,d1,23,
0f,db,cc,f6,0f,4e,58,98,5b,89,c9,1a,4f,58,b8,33,c6,0a,73,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,fa,ae,a7,88,16,
a8,78,4f,3d,ce,ea,26,2d,45,aa,78,ca,93,9a,08,de,c4,e6,9a,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,d4,fa,ca,60,26,
d3,41,cc,2a,b7,cc,b5,b9,7f,41,e7,82,b6,7f,d4,5b,40,79,2d,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,b0,9e,93,0c,63,
92,8a,63,6c,43,2d,1e,aa,22,2f,9c,85,db,88,b4,85,8f,c5,fd,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•9~*]
"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(7608)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\VisualTaskTips\VttHooks.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Aide mémoire\TrayIcon.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Heure de fin: 2009-06-26 9:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-26 07:32

Avant-CF: 76 824 477 696 octets libres
Après-CF: 76 824 133 632 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

424 --- E O F --- 2009-06-26 04:31
0
Réponse 16 / 73
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
26 juin 2009 à 09:34
bon ...


tu peux analyser cela sur VirusTotal stp :

c:\windows\system32\lvci11901262.dll


poste moi le rapport obtenu ...



0
Réponse 17 / 73
Manu
26 juin 2009 à 09:40
Il ma sembler voire positif au début de l'analyse mais mon immagination ma peut étre trompé


Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virus Total
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File lvci11901262.dll received on 2009.06.26 07:42:02 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.26 -
AhnLab-V3 5.0.0.2 2009.06.25 -
AntiVir 7.9.0.196 2009.06.25 -
Antiy-AVL 2.0.3.1 2009.06.26 -
Authentium 5.1.2.4 2009.06.25 -
Avast 4.8.1335.0 2009.06.25 -
AVG 8.5.0.339 2009.06.25 -
BitDefender 7.2 2009.06.26 -
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.26 -
Comodo 1427 2009.06.26 -
DrWeb 5.0.0.12182 2009.06.26 -
eSafe 7.0.17.0 2009.06.25 -
eTrust-Vet 31.6.6580 2009.06.26 -
F-Prot 4.4.4.56 2009.06.25 -
F-Secure 8.0.14470.0 2009.06.25 -
Fortinet 3.117.0.0 2009.06.26 -
GData 19 2009.06.26 -
Ikarus T3.1.1.59.0 2009.06.26 -
Jiangmin 11.0.706 2009.06.26 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.26 -
McAfee 5657 2009.06.25 -
McAfee+Artemis 5657 2009.06.25 -
McAfee-GW-Edition 6.7.6 2009.06.25 -
Microsoft 1.4803 2009.06.26 -
NOD32 4190 2009.06.26 -
Norman 6.01.09 2009.06.25 -
nProtect 2009.1.8.0 2009.06.26 -
Panda 10.0.0.16 2009.06.26 -
PCTools 4.4.2.0 2009.06.25 -
Prevx 3.0 2009.06.26 -
Rising 21.35.40.00 2009.06.26 -
Sophos 4.43.0 2009.06.26 -
Sunbelt 3.2.1858.2 2009.06.25 -
Symantec 1.4.4.12 2009.06.26 -
TheHacker 6.3.4.3.354 2009.06.25 -
TrendMicro 8.950.0.1094 2009.06.26 -
VBA32 3.12.10.7 2009.06.26 -
ViRobot 2009.6.25.1804 2009.06.25 -
VirusBuster 4.6.5.0 2009.06.25 -
Additional information
File size: 195096 bytes
MD5...: 2505566a4b34a3e990c51994fbcff57b
SHA1..: f1693bd0d137a5129aa6d7755f1a36295f424b03
SHA256: 48603c12c2d28d0f907be046d61be423d1fb3c39442e0c78e85115b2aec63710
ssdeep: 3072:yUTfB9tAKzOewg5RpdO4DWN9LirnPPsNJpbu5TlJb9gttYllYlE/gbeI:nf
B9tACO5g5R+NUnOQ5N0
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xa46c
timedatestamp.....: 0x494890f7 (Wed Dec 17 05:41:11 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x21bba 0x22000 6.66 7f8f4d89bf7b7743abfa4d430bb98ef0
.rdata 0x23000 0x5c37 0x6000 5.57 eac788144b940d77ebb574e545feff04
.data 0x29000 0x2d8c 0x2000 1.56 79baa67a7eb8422d2646b3f7e354558e
.rsrc 0x2c000 0xa04 0x1000 4.17 1a01f9c2fcad969672bf5f97b7808ea5
.reloc 0x2d000 0x17fe 0x2000 5.67 97e89b1b6a6eadbb89e5404c8b2514b6

( 8 imports )
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
> SETUPAPI.dll: SetupDiOpenClassRegKey, SetupDiGetDriverInfoDetailA, SetupDiGetSelectedDriverA, SetupCloseInfFile, SetupGetLineTextA, SetupOpenInfFileA, SetupDiGetDeviceRegistryPropertyA, SetupDiGetDeviceInstallParamsA, SetupDiOpenDevRegKey, SetupDiSetDeviceInstallParamsA, SetupFindFirstLineA, SetupGetStringFieldA, SetupGetSourceInfoA
> SHLWAPI.dll: SHDeleteValueA
> KERNEL32.dll: EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, GetDateFormatA, GetTimeFormatA, GetStringTypeW, CreateMutexA, CloseHandle, ReleaseMutex, WaitForMultipleObjectsEx, GetLastError, GetFileAttributesA, GetSystemDirectoryA, GetPrivateProfileStringA, GetVersionExA, CreateProcessA, GlobalFree, GetFullPathNameA, GlobalAlloc, lstrcmpiA, lstrcpynA, GetSystemWindowsDirectoryA, IsValidLocale, WaitForMultipleObjects, GetLocalTime, InterlockedDecrement, InterlockedIncrement, SetErrorMode, ExpandEnvironmentStringsA, SetEnvironmentVariableA, GetProcAddress, LoadLibraryA, GetPrivateProfileSectionA, GetWindowsDirectoryA, GetVersion, FindClose, FindNextFileA, FindFirstFileA, MoveFileA, DeleteFileA, CopyFileA, SetFileAttributesA, GetStringTypeA, InitializeCriticalSection, GetConsoleCP, GetConsoleMode, SetConsoleCtrlHandler, FreeLibrary, InterlockedExchange, SetStdHandle, FlushFileBuffers, CreateFileA, GetTimeZoneInformation, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, FormatMessageA, CompareStringW, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, CompareStringA, SetEndOfFile, GetLocaleInfoW, GetEnvironmentStringsW, HeapAlloc, HeapFree, GetCurrentThreadId, GetCommandLineA, GetProcessHeap, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThread, LCMapStringA, WideCharToMultiByte, MultiByteToWideChar, LCMapStringW, FatalAppExitA, VirtualFree, VirtualAlloc, HeapReAlloc, HeapDestroy, HeapCreate, ExitProcess, WriteFile, GetModuleFileNameA, RtlUnwind, SetFilePointer, ReadFile, Sleep, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, HeapSize
> USER32.dll: CharLowerA
> ADVAPI32.dll: RegEnumValueA, RegDeleteKeyA, RegCreateKeyExA, RegOpenKeyExA, RegEnumKeyA, RegQueryValueExA, RegDeleteValueA, RegCloseKey, RegSetValueExA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, RegOpenKeyA
> SHELL32.dll: ShellExecuteExA, SHGetSpecialFolderPathA, SHFileOperationA
> ole32.dll: CoFreeLibrary, CoUninitialize, CoInitialize

( 2 exports )
LvCoInstaller, SetupEntryPoint
PDFiD.: -
RDS...: NSRL Reference Data Set
-

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Scan another file
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy
0
Réponse 18 / 73
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
26 juin 2009 à 09:52
oki ...

c'est clean de ce côté ...


fais ceci stp :


Télécharge UsbFix ( de C_XX, Chimay8 & Chiquitine29 ) sur ton bureau :

> http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

! Déconnecte toi d'internet et ferme toutes applications en cours !

--> Double-clique sur l' .exe pour lancer l'installation de l'outil ( ne touche pas aux paramètres d'installe ) .


IMPERATIF :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .


# Double clique sur le raccourci UsbFix présent sur ton bureau pour lancer l'outil.

# Choisis l' option 1 ( Recherche )

# Laisse travailler l'outil et ne touche à rien pendant le scan .

# Une fois terminé, poste le rapport UsbFix.txt qui apparaitra.

Le rapport est en outre sauvegardé à la racine du disque maitre ( C:\UsbFix.txt ).

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


Site de l'auteur > http://pagesperso-orange.fr/NosTools/usbfix.html
0
Réponse 19 / 73
Manu
26 juin 2009 à 09:58
Es ce que je laisse les antivirus actif spywar et les dossier de windows en mode caché
0
Réponse 20 / 73
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
26 juin 2009 à 10:12
tu peux laisser les av et compagnie ...

pour les dossier caché , tu remettras à l'origine une fois qu'on aura finit .... ^^

0

Discussions similaires

Mot de passe perdu et pas de disque de réinitialisation
Matthos37 -
pistouri -

3 réponses