> Tous les forumsSécurité

 Rogue XP Defender ProSujet résolu
2 pages : [1] 2 ... Fin
Bas de la page Page Précédente Page Suivante 
Statut du sujet : RESOLU Imprimer
 delseb11
  Posté le 17/03/2010 @ 17:36  
 Petit astucien

18 Messages

bonjour.

comme demande, je deplace donc mon message et j'en cree un nouveau, comme ca avait l'air d'etre le meme probleme, je m'etais permis de poster dessus. bref,

j'ai eu le meme probleme qu'un de vos forumeurs concernant "xp defender pro" et impossible d'ouvrir IE, pour Mozilla, j'ai pu car je restaurai les anciennes sessions ..

j'ai voulu lancer une analyse anti virus pour voir si ca le supprimait (j'ai "kaspersky"), la premiere analyse a echoue carrement a 27% et la 2eme a fonctionne, il m'as trouve pas mal de virus.

depuis, je n'ai pus ce logo "xp defender pro" mais j'ai d'autre problemes:

- mon msn n'est plus sur le bureau.

- dans les icones en bas de mon pc, je ne vois plus le logo kaspersky, j'ai ete sur la session de ma copine et elle elle l'as encore donc impossible de relancer une analyse sur ma session.

- quand je veux ouvrir Mozilla ou IE, il me demande "ouvrir avec" et faut que je choisisse avec quoi je veux l'ouvrir.

- et je viens meme de voir que je ne pouvais plus ouvrir powerpoint, word, ... ca me met "application introuvable"

j'avoue que je suis un peu perdu et j'ai grand besoin de votre aide. si il vous faut plus d'infos, dites le moi

merci d'avance, cordialement

Delseb11

 
 Aller en bas de la page  
 
Publicité
 Fill  Posté le 17/03/2010 à 18:28  
  Groupe Sécurité


25514 Messages

Bonjour,

  • Télécharge DDS de sUBs sur ton Bureau,
  • L'outil ne nécessite pas d'installation,
  • Lance l'outil en double-cliquant sur dds.scr (Si tu utilises Vista, fais un clic dorit, et choisis d'exécuter en tant qu'administrateur) :

  • Cette fenêtre DOS va apparaître ;:

  • L'analyse ne devrait pas dépasser 3 minutes,
  • Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau,
  • Il te sera demandé si tu veux faire le scan optionnel,
  • Accepte par Oui,
  • Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau,
  • Tu ne le fourniras que si nécessaire,
  • Poste le rapport DDS.txt

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Fill  Posté le 21/03/2010 à 09:32  
  Groupe Sécurité


25514 Messages

Salut,

Où en es-tu ?

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 delseb11  Posté le 21/03/2010 à 16:53  
Petit astucien

18 Messages

bonjour Fill et surtout merci de m'aider

milles excuses de ne pas l'avoir posté plus tot mais j'ai ete en manque de temps cette semaine.

j'ai donc fait ce que tu m'as demandé, par contre il ne m'as pas demande de faire un scann optionnel et voici le rapport dds :


DDS (Ver_10-03-17.01) - NTFSx86
Run by seb at 16:47:11,96 on 21/03/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.511.79 [GMT 1:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MioNet\MioNetManager.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTADE.EXE
C:\Documents and Settings\seb\Mes documents\Téléchargements\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.fr/
uSearch Page = hxxp://search.live.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: ShopperReports: {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\program files\shopperreports3\bin\3.0.227.0\ShopperReports.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: ShopperReports: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shopperreports3\bin\3.0.227.0\ShopperReports.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [udkyhwv] "c:\documents and settings\seb\local settings\application data\udkyhwv.exe" udkyhwv
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [BigDogPath] c:\windows\VM_STI.EXE Philips SPC210NC Webcam
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shopperreports3\bin\3.0.227.0\ShopperReports.dll
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shopperreports3\bin\3.0.227.0\ShopperReports.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - hxxp://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - hxxp://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab
DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - hxxp://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll,c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\seb\applic~1\mozilla\firefox\profiles\7rnh0e55.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Searcheo
FF - prefs.js: browser.startup.homepage - hxxp://www.searcheo.fr/france
FF - prefs.js: keyword.URL - hxxp://www.searcheo.fr/france?search&q=
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [2006-3-24 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [2006-3-24 5248]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-6-7 226832]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 208616]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-16 54752]
R2 MioNet;MioNet Service;c:\program files\mionet\MioNetManager.exe [2005-7-15 139264]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-3-25 24592]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2006-5-25 402432]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 naecd;naecd;c:\docume~1\propri~1\locals~1\temp\naecd.sys [2004-11-14 15872]
S3 SNDP202;Dual Mode Camera (8008 VGA);c:\windows\system32\drivers\sndp202.sys [2006-11-23 245120]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\zdcndis5.sys --> c:\windows\system32\ZDCndis5.SYS [?]
S4 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-2 217600]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================


==================== Find3M ====================

2010-03-20 22:32:11 720928 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-20 22:32:11 46356 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-20 22:32:11 3544 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-20 22:32:10 5795360 --sha-w- c:\windows\system32\drivers\fidbox.dat
2004-12-01 18:08:40 0 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 16:48:34,40 ===============

dans l'attente de ta reponse, cordialement

Delseb11

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Fill  Posté le 21/03/2010 à 18:21  
  Groupe Sécurité


25514 Messages

Salut,

  • Télécharge Navilog1 de Il-Mafioso,
  • Installe-le en cliquant sur le fichier Navilog1.exe,
  • Une fois l'installation terminée, le fix s'exécutera automatiquement. Si ce n'est pas le cas, double-cliquer dans ce cas sur le raccourci Navilog1 présent sur le bureau.
  • Laisse-toi guider par les indications qui apparaissent.
  • Au menu principal, choisis 1 et valide par Entrée. Ne fais pas le choix 2,3 ou 4 sans l'avis de la personne qui t'aide.
  • Patiente jusqu'au message : *** Analyse terminée le ..... ***
  • Appuie sur une touche comme demandé, le bloc-note va s'ouvrir.
  • Copie-colle l'intégralité dans ta prochaine réponse.
  • Referme le bloc-note.
  • Le rapport sera sauvegardé dans le dossier sous fixnavi.txt.

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 delseb11  Posté le 23/03/2010 à 14:49  
Petit astucien

18 Messages

bonjour fill

je viens d'essayer a l'instant de telecharger navilog1, et quand j'essaie d'executer le programme, une fenetre s'ouvre et il me dit que le fichier "document and settings/ ..../navilog1 est "aplication introuvable" (comme quand j'essaie d'ouvrir "powerpoint" ou autre d'aileurs)

ce qui est etonnant, c'est que ca a marche pour dds et ca ne marche pas pour ca ...

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 Fill  Posté le 23/03/2010 à 17:20  
  Groupe Sécurité


25514 Messages

Re,

  • Télécharge SREng (de Smallfrogs).
  • Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
  • Ouvre le dossier SReng2 et double-clique sur SREngPS.exe.
  • Clique sur "smart scan".
  • Clique sur le bouton "scan".
  • Quand l'analyse est terminée, clique sur le bouton "save reports".
  • Sauvegarde alors le rapport sur ton bureau.
  • Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 delseb11  Posté le 23/03/2010 à 20:38  
Petit astucien

18 Messages

re bonjour ^^

une petite idee sur le probleme ? j'esssaierais demain ce que tu viens de me de demander de faire

je te tient au courant demain, merci encore

delseb11

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Fill  Posté le 24/03/2010 à 18:51  
  Groupe Sécurité


25514 Messages

Re,

1/ Étape 1: rkill (de Grinler), téléchargement
Télécharger rkill depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3
Lien 4

Enregistrer le fichier sur le Bureau.


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 3: rkill (de Grinler), exécution
Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.
Pour Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des quatre liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les quatre liens ci-dessus ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

2/ Relance SREng comme indiqué au-dessus et édite le rapport.

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 delseb11  Posté le 24/03/2010 à 21:11  
Petit astucien

18 Messages


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.

euh, desole mais la j'ai besoin d'explication.

comment on desactive l'antivirus et l'antispyware ? d'autant que je n'ai plus de lien pour kaspersky, alors je sais pas comment le desactiver.


 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Fill  Posté le 24/03/2010 à 21:17  
  Groupe Sécurité


25514 Messages
delseb11 a écrit :


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.

euh, desole mais la j'ai besoin d'explication.

comment on desactive l'antivirus et l'antispyware ? d'autant que je n'ai plus de lien pour kaspersky, alors je sais pas comment le desactiver.


Re,

Dans ce cas, tu passes à la suite

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 delseb11  Posté le 24/03/2010 à 21:36  
Petit astucien

18 Messages

re fill,

et encore merci d'etre aussi patient ^^

a priori, apres RKILL, j'ai pu relance SRENG

voici donc le rapport :

[CODE]

2010-03-24,21:32:59

System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Scheduled Tasks
Windows Security Update Check
API HOOK
Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<msnmsgr><"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<udkyhwv><"c:\documents and settings\seb\local settings\application data\udkyhwv.exe" udkyhwv> [File is missing]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<PS2><C:\WINDOWS\system32\ps2.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<AlcxMonitor><ALCXMNTR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<AGRSMMSG><AGRSMMSG.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><nwiz.exe /installquiet /keeploaded /nodetect> []
<BigDogPath><C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam> [File is missing]
<Logitech Hardware Abstraction Layer><KHALMNPR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"> [(Verified)Kaspersky Lab]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<Personnalisation du navigateur><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Mise à jour du Bureau Windows><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\logon.scr> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Acme.PCHButton><; C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\pchbutton.exe> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<AGRSMMSG><; AGRSMMSG.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<AlcxMonitor><; ALCXMNTR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<BigDogPath><; C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam> [File is missing]
<EPSON Stylus DX4800 Series><; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<hpsysdrv><; c:\windows\system\hpsysdrv.exe> [Hewlett-Packard Company]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Instant Access><; C:\WINDOWS\System32\prodsrvs.exe /res> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<iTunesHelper><; C:\Program Files\iTunes\iTunesHelper.exe> [Apple Computer, Inc.]
<KBD><; C:\HP\KBD\KBD.EXE> [Hewlett-Packard Company]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<LDM><; C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe> [Logitech Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Logitech Hardware Abstraction Layer><; KHALMNPR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<mmtask><; "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"> [Musicmatch Inc.]
<MMTray><; C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe> [Musicmatch, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows Publisher]
<msnmsgr><; ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><; nwiz.exe /install> []
<ORAHSSStartup><; "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp> [File is missing]
<PS2><; C:\WINDOWS\system32\ps2.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<Recguard><; C:\WINDOWS\SMINST\RECGUARD.EXE> []
<SunJavaUpdateSched><; C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SweetIM><; C:\Program Files\Macrogaming\SweetIM\SweetIM.exe> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SystrayORAHSS><; "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"> [File is missing]
<VTTimer><; VTTimer.exe> [N/A]
<WinampAgent><; "C:\Program Files\Winamp\Winampa.exe"> []

==================================
Startup Folders
N/A

==================================
Services
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Kaspersky Anti-Virus / AVP][Running/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r><Kaspersky Lab>
[France Telecom Routing Table Service / FTRTSVC][Running/Auto Start]
<"C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe"><France Telecom SA>
[Service de sécurité matérielle / GEARSecurity][Running/Auto Start]
<C:\WINDOWS\System32\gearsec.exe><GEAR Software>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[iPod Service / iPodService][Stopped/Manual Start]
<C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[MioNet Service / MioNet][Running/Auto Start]
<"C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf"><N/A>
[NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[StarWind iSCSI Service / StarWindService][Stopped/Disabled]
<C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>

==================================
Drivers
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
<System32\DRIVERS\AGRSM.sys><Agere Systems>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AnyDVD / AnyDVD][Running/Manual Start]
<System32\Drivers\AnyDVD.sys><SlySoft, Inc.>
[Pilote de la carte EtherLink XL 90XB/C 3Com / EL90XBC][Stopped/Manual Start]
<System32\DRIVERS\el90xbc5.sys><3Com Corporation>
[ElbyCDIO Driver / ElbyCDIO][Running/Auto Start]
<System32\Drivers\ElbyCDIO.sys><Elaborate Bytes AG>
[ElbyDelay / ElbyDelay][Running/Manual Start]
<System32\Drivers\ElbyDelay.sys><Elaborate Bytes AG>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
<System32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software>
[hwpsgt / hwpsgt][Running/Auto Start]
<System32\DRIVERS\hwpsgt.sys><N/A>
[ialm / ialm][Stopped/Manual Start]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IVI ASPI Shell / Iviaspi][Running/Manual Start]
<system32\drivers\iviaspi.sys><InterVideo, Inc.>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
<\SystemRoot\system32\drivers\klbg.sys><Kaspersky Lab>
[Kaspersky Lab KLFltDev / KLFLTDEV][Running/Manual Start]
<system32\DRIVERS\klfltdev.sys><Kaspersky Lab>
[Kaspersky Lab Driver / KLIF][Running/System Start]
<system32\DRIVERS\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
<system32\DRIVERS\klim5.sys><Kaspersky Lab>
[Logitech SetPoint PS/2 Mouse Filter Driver / L8042mou][Stopped/Manual Start]
<System32\DRIVERS\L8042mou.Sys><Logitech, Inc.>
[lemsgt / lemsgt][Running/Auto Start]
<System32\DRIVERS\lemsgt.sys><N/A>
[Logitech SetPoint HID Mouse Filter Driver / LHidKe][Running/Manual Start]
<System32\DRIVERS\LHidKE.Sys><Logitech, Inc.>
[Logitech SetPoint Mouse Filter Driver / LMouKE][Running/Manual Start]
<System32\DRIVERS\LMouKE.Sys><Logitech, Inc.>
[naecd / naecd][Stopped/Manual Start]
<\??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\naecd.sys><N/A>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\PCAMPR5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Padus ASPI Shell / Pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
<\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
<\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Ps2 / Ps2][Running/Manual Start]
<System32\DRIVERS\PS2.sys><Hewlett-Packard Company>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Stopped/Manual Start]
<System32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[Prolific Serial port driver / Ser2pl][Stopped/Manual Start]
<system32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[SAGEM 802.11g XG762 1211B Driver / SG762_XP][Running/Manual Start]
<System32\DRIVERS\WlanBZXP.sys><ZyDAS Technology Corporation>
[SiS315 / SiS315][Stopped/Manual Start]
<System32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / SISAGP][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
<System32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[Dual Mode Camera (8008 VGA) / SNDP202][Stopped/Manual Start]
<System32\DRIVERS\sndp202.sys><>
[Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Vax347b / Vax347b][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\Vax347b.sys><>
[Vax347s / Vax347s][Running/Boot Start]
<\SystemRoot\System32\Drivers\Vax347s.sys><>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[viagfx / viagfx][Stopped/Manual Start]
<System32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics, Inc.>
[ZDCndis5 Protocol Driver / ZDCndis5][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\ZDCndis5.SYS><N/A>
[ZDPSp50 NDIS Protocol Driver / ZDPSp50][Stopped/Manual Start]
<System32\Drivers\ZDPSp50.sys><Printing Communications Assoc., Inc. (PCAUSA)>
[Philips SPC210NC Webcam / ZSMC301b][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[ShopperReports]
{100EB1FD-D03E-47FD-81F3-EE91287F9465} <C:\Program Files\ShopperReports3\bin\3.0.227.0\ShopperReports.dll, SmartShopper Inc.>
[IEVkbdBHO Class]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[]
{5C255C8A-E604-49b4-9D64-90988571CECB} <, >
[Search Helper]
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} <C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll, (Signed) Microsoft Corp.>
[Programme d'aide de l'Assistant de connexion Windows Live]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Windows Live Toolbar Helper]
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[EpsonToolBandKicker Class]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, N/A>
[Statistiques de la protection du trafic Internet]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll, (Signed) Kaspersky Lab>
[BlogThisToolbarButton Class]
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} <C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll, (Signed) Microsoft Corporation>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[ShopperReports]
{C5428486-50A0-4a02-9D20-520B59A9F9B2} <C:\Program Files\ShopperReports3\bin\3.0.227.0\ShopperReports.dll, SmartShopper Inc.>
[ShopperReports]
{C5428486-50A0-4a02-9D20-520B59A9F9B3} <C:\Program Files\ShopperReports3\bin\3.0.227.0\ShopperReports.dll, SmartShopper Inc.>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[EPSON Web-To-Page]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[&Windows Live Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, (Signed) Microsoft® Corporation>
[]
{5F4D3335-3194-4167-85AE-E7325F2695EF} <, >
[]
{71DA2A4E-ACB3-4065-9E41-8BC42EABE427} <, >
[]
{AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} <, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, N/A>
[ShopperReports]
{100EB1FD-D03E-47FD-81F3-EE91287F9465} <C:\Program Files\ShopperReports3\bin\3.0.227.0\ShopperReports.dll, SmartShopper Inc.>
[]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[]
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600} <, >
[&Windows Live Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[IEVkbdBHO Class]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[]
{5C255C8A-E604-49B4-9D64-90988571CECB} <, >
[Search Helper]
{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B} <C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll, (Signed) Microsoft Corp.>
[Programme d'aide de l'Assistant de connexion Windows Live]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[]
{C5428486-50A0-4A02-9D20-520B59A9F9B2} <, >
[]
{C5428486-50A0-4A02-9D20-520B59A9F9B3} <, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[Windows Live Toolbar Helper]
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[EpsonToolBandKicker Class]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[EPSON Web-To-Page]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 1268 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1396 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1420 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 8.0.0.506]
[PID: 1468 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[PID: 1488 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[PID: 1640 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[PID: 1704 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[PID: 1748 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[PID: 1888 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[PID: 436 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[C:\WINDOWS\system32\E_FLMADE.DLL] [SEIKO EPSON CORPORATION, 5, 7, 0, 0]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FUICADE.DLL] [SEIKO EPSON CORP., 0. 3. 40, 37]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FMAIADE.DLL] [SEIKO EPSON Corporation, 0. 3. 1. 22]
[PID: 604 / SYSTEM][C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe] [France Telecom SA, 12.1.42.48 ]
[C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\IfHelper.dll] [France Telecom SA, 12.1.42.48 ]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[PID: 672 / SYSTEM][C:\WINDOWS\System32\gearsec.exe] [GEAR Software, 1, 0, 0, 6]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[PID: 708 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\1036\mdmui.dll] [Microsoft Corporation, 7.00.9466]
[PID: 764 / SYSTEM][C:\Program Files\MioNet\MioNetManager.exe] [N/A, ]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[PID: 956 / SYSTEM][C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe] [Microsoft Corp., 1.2.123.0]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[PID: 1024 / SYSTEM][C:\Program Files\MioNet\jvm\bin\MioNet.exe] [N/A, ]
[C:\Program Files\MioNet\jvm\bin\client\jvm.dll] [Sun Microsystems, Inc., 1.4.2.50]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[C:\Program Files\MioNet\jvm\bin\hpi.dll] [N/A, ]
[C:\Program Files\MioNet\jvm\bin\verify.dll] [N/A, ]
[C:\Program Files\MioNet\jvm\bin\java.dll] [N/A, ]
[C:\Program Files\MioNet\jvm\bin\zip.dll] [N/A, ]
[C:\Program Files\MioNet\jvm\bin\awt.dll] [N/A, ]
[C:\Program Files\MioNet\jvm\bin\fontmanager.dll] [N/A, ]
[C:\WINDOWS\resources\Themes\luna\luna.msstyles] [Microsoft, 1, 0, 0, 1]
[C:\Program Files\MioNet\WindowsUtil.dll] [, 1, 0, 0, 1]
[C:\Program Files\MioNet\RouterDll.dll] [N/A, ]
[C:\WINDOWS\system32\ndisapi.dll] [NT Kernel Resources, 2, 4, 0, 1]
[C:\Program Files\MioNet\TrayIconDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\MioNet\wrapper.dll] [N/A, ]
[C:\Program Files\MioNet\jvm\bin\net.dll] [N/A, ]
[C:\Program Files\MioNet\RegistryDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\MioNet\ProxySettings.dll] [N/A, ]
[PID: 1036 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[C:\WINDOWS\System32\escwiad.dll] [SEIKO EPSON CORP., 1.10]
[PID: 1080 / SERVICE LOCAL][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[PID: 1712 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[PID: 2128 / seb][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.9.1.8]
[C:\Program Files\Mozilla Firefox\xul.dll] [Mozilla Foundation, 1.9.1.8]
[C:\Program Files\Mozilla Firefox\sqlite3.dll] [sqlite.org, 3.6.16.1]
[C:\Program Files\Mozilla Firefox\MOZCRT19.dll] [Mozilla Foundation, 8.00.0000]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Mozilla Foundation, 4.8.3]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.12.4.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.12.4.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssutil3.dll] [Mozilla Foundation, 3.12.4.5]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Mozilla Foundation, 4.8.3]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Mozilla Foundation, 4.8.3]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.12.4.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.9.1.8]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll] [Kaspersky Lab, 8.0.0.522]
[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll] [Mozilla Foundation, 1.9.1.8]
[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll] [Mozilla Foundation, 1.9.1.8]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.12.4.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssdbm3.dll] [Mozilla Foundation, 3.12.4.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.12.4.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.77]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FUICADE.DLL] [SEIKO EPSON CORP., 0. 3. 40, 37]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FMAIADE.DLL] [SEIKO EPSON Corporation, 0. 3. 1. 22]
[C:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 484 / seb][C:\PROGRA~1\IZArc\IZArc.exe] [IZSoftware, 3.4.1.6]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[C:\PROGRA~1\IZArc\unrar.dll] [N/A, ]
[C:\PROGRA~1\IZArc\cabinet.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\PROGRA~1\IZArc\TAR32.DLL] [ , 2, 26, 0, 1]
[C:\PROGRA~1\IZArc\7-ZIP32.DLL] [, 3, 13, 00, 04]
[C:\PROGRA~1\IZArc\BGA32.DLL] [Kim Personal, 0, 3, 7, 0]
[C:\PROGRA~1\IZArc\UNGCA32.DLL] [AMA Soft, 0, 1, 1, 0]
[C:\PROGRA~1\IZArc\YZ1.DLL] [Common Archivers Project, 0.24]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 3744 / seb][C:\WINDOWS\explorer.exe] [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll] [Kaspersky Lab, 8.0.0.357]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 2708 / seb][C:\Documents and Settings\seb\Bureau\SREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321]
[PID: 1808 / seb][C:\Documents and Settings\seb\Bureau\SRE18af55ab.EXE] [Smallfrogs Studio, 2.8.2.1321]
[C:\Documents and Settings\seb\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
[E:\]
[AUTORUN]
OPEN=Info.exe folder.htt 480 480

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 484, C:\PROGRA~1\IZARC\IZARC.EXE]

==================================
Scheduled Tasks
N/A

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
[565] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

==================================


[/CODE]

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Fill  Posté le 24/03/2010 à 21:47  
  Groupe Sécurité


25514 Messages

Re,

1/

  • Télécharge OTM (de Old_Timer) sur ton bureau,
  • Double-clique sur OTM.exe pour lancer le programme,
  • Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Instructions for Items to be Moved" :

Begin copying here:

:Services
naecd


:Files
C:\Program Files\ShopperReports3

:Reg
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
[-HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
[-HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]

:Commands
[EmptyTemp]
[Start Explorer]

  • Clique sur MoveIt! pour lancer la suppression,
  • Le résultat appraraîtra dans le cadre Results.
  • Clique sur Exit pour fermer le programme.
  • Poste le rapport qui est situé ici : C:\\\_OTM\MovedFiles
  • Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

2/ Utilise malwarebyte's en suivant ce tuto et édite le rapport.

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 delseb11  Posté le 24/03/2010 à 22:45  
Petit astucien

18 Messages

re moi

a priori, on est en tres bonne voie, j'ai recupere le logo kaspersky, j'ouvre mozilla et IE correctement, ....

voici donc le rapport :

j'attend votre analyse pour la phase 3 du nettoyage

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3910
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

24/03/2010 22:39:10
mbam-log-2010-03-24 (22-38-27).txt

Type de recherche: Examen rapide
Eléments examinés: 160707
Temps écoulé: 7 minute(s), 9 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 30
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 30
Fichier(s) infecté(s): 33

Processus mémoire infecté(s):
C:\documents and settings\seb\local settings\application data\udkyhwv.exe (Adware.Navipromo.H) -> No action taken.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\shopperreports.hbax (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shopperreports.hbax.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shopperreports.hbinfoband (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shopperreports.hbinfoband.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shopperreports.iebutton (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shopperreports.iebutton.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shopperreports.iebuttona (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shopperreports.iebuttona.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shopperreports.rprtctrl (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shopperreports.rprtctrl.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\udkyhwv (Adware.Navipromo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\instant access (Adware.EGDAccess) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\seb\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\seb\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\seb\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\Montorgueil (Trojan.Dialer) -> No action taken.
C:\Program Files\Montorgueil\archives-stars-nues (Trojan.Dialer) -> No action taken.
C:\Program Files\Montorgueil\bleger (Trojan.Dialer) -> No action taken.
C:\Program Files\Montorgueil\nolwenn (Trojan.Dialer) -> No action taken.
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> No action taken.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3 (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\db (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\dwld (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\report (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\res2 (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3 (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3\cs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3\cs\dwld (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\db (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\dwld (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\report (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\res1 (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3 (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\db (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\dwld (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\report (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\res1 (Adware.ShopperReports) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\seb\Local Settings\Application Data\udkyhwv_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\seb\Local Settings\Application Data\udkyhwv_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\seb\Local Settings\Application Data\udkyhwv.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\seb\Local Settings\Application Data\udkyhwv.exe (Adware.Navipromo.H) -> No action taken.
C:\Program Files\Montorgueil\14.05608 (Trojan.Dialer) -> No action taken.
C:\Program Files\Montorgueil\archives-stars-nues\archives-stars-nues.ico (Trojan.Dialer) -> No action taken.
C:\Program Files\Montorgueil\bleger\bleger.ico (Trojan.Dialer) -> No action taken.
C:\Program Files\Montorgueil\nolwenn\nolwenn.ico (Trojan.Dialer) -> No action taken.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\Config.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\res2\WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\Config.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\Config.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:\WINDOWS\system32\bnlebd_nav.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\bnlebd_navps.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> No action taken.

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Fill  Posté le 24/03/2010 à 22:47  
  Groupe Sécurité


25514 Messages

Re,

Il me faut aussi le rapport OTM.

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 delseb11  Posté le 24/03/2010 à 22:52  
Petit astucien

18 Messages

je pense que c'est celui la :

All processes killed
Error: Unable to interpret <Begin copying here:> in the current context!
========== SERVICES/DRIVERS ==========
Service naecd stopped successfully!
Service naecd deleted successfully!
========== FILES ==========
C:\Program Files\ShopperReports3\bin\3.0.227.0\firefox\firefoxtoolbar\extensions\components folder moved successfully.
C:\Program Files\ShopperReports3\bin\3.0.227.0\firefox\firefoxtoolbar\extensions\chrome folder moved successfully.
C:\Program Files\ShopperReports3\bin\3.0.227.0\firefox\firefoxtoolbar\extensions folder moved successfully.
C:\Program Files\ShopperReports3\bin\3.0.227.0\firefox\firefoxtoolbar folder moved successfully.
C:\Program Files\ShopperReports3\bin\3.0.227.0\firefox folder moved successfully.
C:\Program Files\ShopperReports3\bin\3.0.227.0 folder moved successfully.
C:\Program Files\ShopperReports3\bin folder moved successfully.
C:\Program Files\ShopperReports3 folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Delphine
->Temp folder emptied: 75472980 bytes
->Temporary Internet Files folder emptied: 86354935 bytes
->Java cache emptied: 4866949 bytes
->FireFox cache emptied: 60017055 bytes
->Flash cache emptied: 1888384 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 40621 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Propriétaire
->Temp folder emptied: 903258646 bytes
->Temporary Internet Files folder emptied: 1045647627 bytes
->Java cache emptied: 7611851 bytes
->FireFox cache emptied: 38725439 bytes
->Flash cache emptied: 1936758 bytes

User: seb
->Temp folder emptied: 584830019 bytes
->Temporary Internet Files folder emptied: 741902111 bytes
->Java cache emptied: 2292103 bytes
->FireFox cache emptied: 68793313 bytes
->Flash cache emptied: 1963723 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 25253064 bytes
->Flash cache emptied: 2198 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2128586 bytes
%systemroot%\System32 .tmp files removed: 466944 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9185679202 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 43951 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12 245,00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 03242010_215227

Files moved on Reboot...

Registry entries deleted on Reboot...

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 Fill  Posté le 24/03/2010 à 22:56  
  Groupe Sécurité


25514 Messages

Re,

1/

  • Télécharge Navilog1 de Il-Mafioso,
  • Installe-le en cliquant sur le fichier Navilog1.exe,
  • Une fois l'installation terminée, le fix s'exécutera automatiquement. Si ce n'est pas le cas, double-cliquer dans ce cas sur le raccourci Navilog1 présent sur le bureau.
  • Laisse-toi guider par les indications qui apparaissent.
  • Au menu principal, choisis 1 et valide par Entrée. Ne fais pas le choix 2,3 ou 4 sans l'avis de la personne qui t'aide.
  • Patiente jusqu'au message : *** Analyse terminée le ..... ***
  • Appuie sur une touche comme demandé, le bloc-note va s'ouvrir.
  • Copie-colle l'intégralité dans ta prochaine réponse.
  • Referme le bloc-note.
  • Le rapport sera sauvegardé dans le dossier sous fixnavi.txt.

2/

  • Télécharge Toolbar-S&D d'Eric71, AngelDark, Sham_Rock et XmichouX sur ton Bureau,
  • Double-clique sur Toolbar-S&D afin de lancer l'installation, un raccourci sera ajouté sur le Bureau.
  • Double-clique dessus pour démarrer l'outil; choisis la langue.
  • Sous Vista, faire un clic droit et "Exécuter en tant qu'administrateur" (Elévation des privilèges), puis -> Continuer.
  • Tape 2 puis sur la touche [Entrée] afin de lancer le nettoyage.
  • A la fin, le pc va peut-être redémarrer.
  • À la fin du scan, le rapport s'ouvrira dans le Bloc-notes.
  • Poste ce rapport, par copier/coller, dans ta prochaine réponse.
  • Le rapport se trouve également sous : C:\TB.txt
Aide en image : http://toolbarsd.googlepages.com/aideenimages

3/ Supprime la sélection de malwarebyte's, en le relançant au besoin. Edite le rapport.

4/ Fais une analyse avec Eset en suivant ce tuto et édite le rapport.

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 delseb11  Posté le 24/03/2010 à 22:59  
Petit astucien

18 Messages

petite question avant

l'etape 3, c'est le nettoyage via mawarebytes, l'etape 3 du tuto ?

moi qui pensait que c'etait fini ^^lol

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Fill  Posté le 24/03/2010 à 23:02  
  Groupe Sécurité


25514 Messages

Re,

l'etape 3, c'est le nettoyage via mawarebytes, l'etape 3 du tuto ?

Oui, c'est bien ça. Dans le rapport précédent, il y a "no action taken". La suppression n'a pas été faite.

moi qui pensait que c'etait fini ^^lol

La désinfection est toujours beaucoup plus longue que l'infection, pour laquelle un mauvais clic suffit.

Fill



Modifié par Fill le 24/03/2010 23:02
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 delseb11  Posté le 25/03/2010 à 00:55  
Petit astucien

18 Messages

re bonsoir

voici le rapport navilog :

Fix Navipromo version 4.0.8 commencé le 24/03/2010 23:05:38,12

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\navilog1

Mise à jour le 09.03.2010 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
BIOS : Phoenix - Award BIOS v6.00PG
USER : seb ( Administrator )
BOOT : Normal boot

Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:108 Go (Free:59 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - FAT32 - Total:3 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
L:\ (CD or DVD)
N:\ (USB)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


C:\Program Files\Montorgueil supprimé !
C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !
C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !
C:\WINDOWS\system32\bnlebd.dat supprimé !
C:\WINDOWS\system32\bnlebd_nav.dat supprimé !
C:\WINDOWS\system32\bnlebd_navps.dat supprimé !
C:\WINDOWS\prefetch\udkyhwv*.pf supprimé !
c:\docume~1\seb\locals~1\applic~1\udkyhwv.exe supprimé !
c:\docume~1\seb\locals~1\applic~1\udkyhwv.dat supprimé !
c:\docume~1\seb\locals~1\applic~1\udkyhwv_nav.dat supprimé !
c:\docume~1\seb\locals~1\applic~1\udkyhwv_navps.dat supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\seb\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok




*** Scan terminé 24/03/2010 23:11:29,65 ***

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 delseb11  Posté le 25/03/2010 à 00:56  
Petit astucien

18 Messages

le rapport toolbar :


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
BIOS : Phoenix - Award BIOS v6.00PG
USER : seb ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:108 Go (Free:59 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - FAT32 - Total:3 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
L:\ (CD or DVD)
N:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 24/03/2010|23:17 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\ShopperReports
Supprime! - C:\DOCUME~1\seb\Cookies\seb@cs.shopperreports[1].txt
Supprime! - C:\Program Files\ShoppingReport\Bin
Supprime! - C:\Program Files\ShoppingReport\Uninst.exe
Supprime! - C:\Program Files\ShoppingReport

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Delphine) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Propri‚taire) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.google.fr/"
"Search Page"="http://search.live.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.msn.com/"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 24/03/2010|23:20 - Option : [2]

-----------\\ Fin du rapport a 23:20:10,73

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 delseb11  Posté le 25/03/2010 à 00:58  
Petit astucien

18 Messages

et le rapport malwarebyte's apres l'etape 3 du nettoyage :

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3910
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

25/03/2010 00:29:53
mbam-log-2010-03-25 (00-29-53).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 313064
Temps écoulé: 56 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 23
Fichier(s) infecté(s): 23

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\shopperreports.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\seb\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\seb\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\seb\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\Delphine\Application Data\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\res2 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\MioNet\cmdow.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Setup Jeux\Keygen Jeux EA.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Delphine\Application Data\ShopperReports3\IE\cs\res2\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\seb\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\TEMP\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 delseb11  Posté le 25/03/2010 à 01:04  
Petit astucien

18 Messages

par contre, j'ai un petit doute pour l'etape 4 et je prefere poser la question avant.

apres l'installation de "eset", je n'ai pas eu exactement la meme page qui est presente avec :

1 installation

2 computer scan

3 scan results

voila ce qu'il me propose : step 1 of 4

" please click the start button to start initialization and scanning. after the scan completes, a detailled scan summary will be displayed.

- remove found threats (case cochée)

- scan archives (case non cochée)

et j'ai un lien "advanced settings"

comme il est dit dans l'etape suivante "faites attention de ne cocher que la 2eme case, je prefere poser la question avant

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Fill  Posté le 25/03/2010 à 08:10  
  Groupe Sécurité


25514 Messages

Bonjour,

remove found threats => Doit être décoché.

scan archives => Doit être coché.

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 delseb11  Posté le 25/03/2010 à 18:34  
Petit astucien

18 Messages

bonsoir,

voici le dernier rapport de eset :

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=957e2deef3d7a443a13ef2cd1a5500fd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-25 01:37:30
# local_time=2010-03-25 02:37:30 (+0100, Paris, Madrid)
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1280 16777175 100 0 25115082 25115082 0 0
# compatibility_mode=8192 67108863 100 0 44272 44272 0 0
# scanned=146599
# found=7
# cleaned=0
# scan_time=8928
C:\Documents and Settings\Propriétaire\Mes documents\Mes logiciels\compresseur\winzip81fr.zip probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Propriétaire\Mes documents\Mes logiciels\compresseur\winzip81fr\CRK-WinZip32.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Propriétaire\Mes documents\Mes logiciels\compresseur\winzip81fr\CRK-Wzsepe32.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Propriétaire\Mes documents\Mes logiciels\internet\telechargeur music\kazaa.exe probably a variant of Win32/TrojanDownloader.Agent trojan 00000000000000000000000000000000 I
C:\Navilog1\Backupnavi\udkyhwv.exe a variant of Win32/Skintrim.GJ trojan 00000000000000000000000000000000 I
C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe probably a variant of Win32/TrojanDownloader.Agent trojan 00000000000000000000000000000000 I
C:\ToolBar SD\Backup-TB\Program Files\ShoppingReport\Uninst.exe probably a variant of Win32/Adware.Agent application 00000000000000000000000000000000 I

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Fill  Posté le 25/03/2010 à 18:47  
  Groupe Sécurité


25514 Messages

Bonsoir,

1/

  • Double-clique sur OTM.exe pour lancer le programme,
  • Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Instructions for Items to be Moved" :

Begin copying here:

:Files
C:\Documents and Settings\Propriétaire\Mes documents\Mes logiciels\compresseur\winzip81*.*
C:\Documents and Settings\Propriétaire\Mes documents\Mes logiciels\internet\telechargeur music\kazaa*.*


:Commands
[EmptyTemp]
[Start Explorer]

  • Clique sur MoveIt! pour lancer la suppression,
  • Le résultat appraraîtra dans le cadre Results.
  • Clique sur Exit pour fermer le programme.
  • Poste le rapport qui est situé ici : C:\\\_OTM\MovedFiles
  • Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

2/ Comment se porte le pc ?

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Haut de la page 
2 pages : [1] 2 ... Fin
Haut de la page Page Précédente Page Suivante 

Inscrivez-vous au Forum PC Astuces !
  • Posez vos questions
  • Résolvez vos problèmes
  • Aidez les autres
  • Participez et créez vos discussions
  • Dialoguez en privé avec d'autres membres
  • Suivez vos sujets préférés
  • Affichez les signatures des membres
  • Suivez les mises à jour des logiciels proposés sur PC Astuces
  • Uploadez et partagez vos images
TOUT EST GRATUIT !

>> Je crée mon compte <<


Sur PC Astuces


 > Tous les forumsSécurité

 
Forum PC Astuces© 1997-2014 WebastucesAller en haut de la page