|
 Posté le 03/07/2011 @ 15:20 |
Astucien
| Bonjour tout le monde,
Depuis quelques temps, je constate un decalage de caracteres entre ce que je tape et ce qui apparait sur les forums : ma machine serait-elle atteinte de virus ?
Merci. |
|
|
|
|
|
Posté le 03/07/2011 à 15:33 |
Astucien
| Voici, je vous prie, le rapport RSIT :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Manager at 2011-07-03 15:27:28
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (10%) free of 25 GB
Total RAM: 1015 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:32 PM, on 7/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\AOL\1263316154\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\RAM Idle LE\RAM_XP.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
C:\Documents and Settings\Manager\Desktop\RSIT.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\1-CLIC~1\agtserv.exe
C:\Program Files\Common Files\aol\1263316154\ee\aolsoftware.exe
C:\Program Files\trend micro\Manager.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://java.com/download
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Softpedia
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Answers.com Toolbar - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\prxtbAns0.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: (no name) - {416ae1cb-7257-484a-b912-aebc7fdad4ce} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Answers.com - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\prxtbAns0.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: Answers.com Toolbar - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\prxtbAns0.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Show Xmlbar Toolbar - {6B896ADB-4A82-46e2-858C-13134782CE34} - C:\Program Files\Xmlbar\Video Joiner\IEBar\xbietb.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1263316154\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
O8 - Extra context menu item: Answers... - file://C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: SYSTRAN Lookup - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Translate - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Video Joiner - {C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
O9 - Extra 'Tools' menuitem: Video Joiner - {C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_1_3.cab
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 16494 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{416ae1cb-7257-484a-b912-aebc7fdad4ce}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6341761b-babe-406d-b0d6-8d99b81c2ee5}]
Answers.com Toolbar - C:\Program Files\Answers.com\prxtbAns0.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll [2010-10-26 262144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
ZoneAlarm Toolbar - C:\Program Files\ZoneAlarm\tbZon1.dll [2010-08-17 2734688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll [2010-08-10 253368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]
Locked
{6341761b-babe-406d-b0d6-8d99b81c2ee5} - Answers.com Toolbar - C:\Program Files\Answers.com\prxtbAns0.dll [2011-01-17 175912]
{95daa571-4def-4a6d-97d8-98a346672a24} - SYSTRAN Toolbar - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]
{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - ZoneAlarm Toolbar - C:\Program Files\ZoneAlarm\tbZon1.dll [2010-08-17 2734688]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{6B896ADB-4A82-46e2-858C-13134782CE34} - Show Xmlbar Toolbar - C:\Program Files\Xmlbar\Video Joiner\IEBar\xbietb.dll [2009-12-15 413696]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll [2010-10-26 217088]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-24 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-24 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-24 137752]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2010-01-10 1945600]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1028096]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2007-09-20 61440]
"PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-06-03 177456]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-09-12 5048488]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-09-12 357384]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-11-06 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-12-02 2221352]
"BootSkin Startup Jobs"=C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe [2004-04-26 270336]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"HostManager"=C:\Program Files\Common Files\AOL\1263316154\ee\AOLSoftware.exe [2009-07-20 41264]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"RAM Idle Professional"=C:\Program Files\RAM Idle LE\RAM_XP.exe [2006-01-17 135168]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-17 281768]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2010-05-26 730600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-08-10 421888]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]
"Babylon Client"=C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [2010-08-10 3824056]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-10-18 455968]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-12-12 1840424]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
1-Click Answers.lnk - C:\Program Files\1-Click Answers\answers.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Spyder3Utility.lnk - C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-09-18 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Common Files\aol\acs\AOLDial.exe"="C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe"="C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Common Files\aol\1263316154\ee\aolsoftware.exe"="C:\Program Files\Common Files\aol\1263316154\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\AOL 9.5\waol.exe"="C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\aol\Loader\aolload.exe"="C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\aol\System Information\sinf.exe"="C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"D:\Téléchargements\3gp_converter_setup.exe"="D:\Téléchargements\3gp_converter_setup.exe:*:Enabled:3GP Converter"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Downloads\utorrent.exe"="D:\Downloads\utorrent.exe:*:Enabled:µTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2011-07-03 15:26:34 ----D---- C:\Documents and Settings\Manager\Application Data\facemoods.com
2011-06-28 01:02:14 ----D---- C:\Program Files\Lame For Audacity
2011-06-28 00:38:06 ----D---- C:\Program Files\facemoods.com
2011-06-28 00:37:56 ----D---- C:\Program Files\FoxTabMP3Converter
2011-06-28 00:11:21 ----D---- C:\Program Files\GoldWave
2011-06-27 23:45:00 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2011-06-19 16:01:00 ----D---- C:\Program Files\Mozilla Firefox
2011-06-15 12:31:44 ----D---- C:\Program Files\Common Files\Java
2011-06-15 12:30:53 ----A---- C:\WINDOWS\system32\javaws.exe
2011-06-15 12:30:53 ----A---- C:\WINDOWS\system32\javaw.exe
2011-06-15 12:30:53 ----A---- C:\WINDOWS\system32\java.exe
2011-06-10 13:51:06 ----D---- C:\Program Files\Xmlbar
======List of files/folders modified in the last 1 months======
2011-07-03 15:28:07 ----D---- C:\WINDOWS\Prefetch
2011-07-03 15:28:07 ----D---- C:\WINDOWS\Internet Logs
2011-07-03 15:28:01 ----D---- C:\Program Files\trend micro
2011-07-03 15:26:38 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2011-07-03 15:26:29 ----D---- C:\WINDOWS\Temp
2011-07-03 12:46:28 ----A---- C:\WINDOWS\win.ini
2011-07-03 12:40:49 ----SD---- C:\WINDOWS\Tasks
2011-07-03 12:40:45 ----D---- C:\WINDOWS
2011-07-03 12:40:26 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-03 12:33:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-03 12:19:49 ----D---- C:\WINDOWS\system32\NtmsData
2011-07-03 12:04:02 ----D---- C:\WINDOWS\Registration
2011-07-02 10:57:01 ----A---- C:\WINDOWS\NeroDigital.ini
2011-06-29 13:12:17 ----D---- C:\WINDOWS\system32\drivers
2011-06-28 01:02:14 ----RD---- C:\Program Files
2011-06-26 13:11:45 ----SHD---- C:\System Volume Information
2011-06-25 19:03:28 ----D---- C:\WINDOWS\system32
2011-06-19 16:47:09 ----D---- C:\WINDOWS\system32\Restore
2011-06-19 15:49:52 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-06-19 15:21:02 ----D---- C:\Temp
2011-06-15 12:31:47 ----SHD---- C:\WINDOWS\Installer
2011-06-15 12:31:44 ----D---- C:\Program Files\Common Files
2011-06-15 12:30:41 ----D---- C:\Program Files\Java
2011-06-10 13:53:48 ----D---- C:\Program Files\Answers.com
2011-06-10 13:53:26 ----D---- C:\Program Files\ConduitEngine
2011-06-10 13:53:23 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp
2011-06-06 13:27:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-04-02 137656]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2010-01-16 223440]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-12-22 61960]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-02-05 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 afcdp;afcdp; C:\WINDOWS\system32\DRIVERS\afcdp.sys [2010-01-11 159168]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2010-01-10 1391104]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-12 250776]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-09-18 5779296]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-01-18 220640]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 RkHit;RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys []
S3 Spyder3;Datacolor Spyder3; C:\WINDOWS\system32\DRIVERS\Spyder3.sys [2008-09-08 12288]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-09-12 660520]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-01-11 2326920]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-04-02 269480]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-10-18 79136]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2010-01-10 24576]
R3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-12 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2010-08-13 259440]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF----------------- |
|
Posté le 03/07/2011 à 19:06 |
|  Bonsoir
... Tu es infecté, dont un très méchant " RootKit "
Attention, plus de place sur ton disque dur !!! ===>
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (10%) free of 25 GB
... Je préfère travailler avec ZHPDiag + MalwareBytes
Pour une meilleure réponse, clique dans ma signature " Aide au diag d'un PC infecté "
Reviens dans ta réponse avec les deux rapports demandés =>
- MBAM
- ZHPDiag
A te lire  Modifié par Evasion60 le 03/07/2011 19:12 |
|
Posté le 03/07/2011 à 20:47 |
Astucien
| Merci Evasion60 ! Je me mets au boulot !
|
|
Posté le 03/07/2011 à 21:07 |
Astucien
| |
|
Posté le 03/07/2011 à 21:28 |
Astucien
| Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 7012
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/3/2011 9:27:09 PM
mbam-log-2011-07-03 (21-27-08).txt
Scan type: Quick scan
Objects scanned: 192422
Time elapsed: 14 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected) |
|
Posté le 04/07/2011 à 13:15 |
|  Bonjour
Bien confirmé, belles infections 
- Télécharge Ad Remover d'El Desaparecido , C_XX & Chimay8 sur ton Bureau. Autre lien de téléchargement possible.
- Double-clique sur l'outil pour l'exécuter (Sous Vista ou windows 7, il faut faire un clic droit et l'exécuter en tant qu'administrateur),
- Lance la recherche et édite le rapport généré par l'outil dans ta prochaine réponse.
- Double-clique sur Ad Remover pour exécuter l'outil (ou clic droit>Exécuter en tant qu'administrateur sous Vista et windows 7),
- Lance le nettoyage et édite le rapport généré par l'outil dans ta prochaine réponse.
Reviens dans ta réponse avec les deux rapports demandés  |
|
Posté le 04/07/2011 à 21:14 |
Astucien
| Merci beaucoup Evasion60 : je viens juste d'arriver à la maison. Je vais me changer et revenir dire quelque chose qui parait inquiétante constatée sur le site web que j'administre. @+  |
|
Posté le 04/07/2011 à 22:12 |
Astucien
| Voici ce que j'ai constaté depuis quelques jours, pour le moment à deux reprises, la première fois : il y a une semaine ; puis ce soir à mon arrivée.
Tout d'abord, il faut savoir que j'administre depuis un an un compte Facebook regroupant environ 400 diplômés de mon établissement.
Depuis plusieurs mois, je gère ce compte à partir de deux ordinateurs portables
- un à clavier azerty
- un à clavier qwerty : c'est celui qui est infecté
Qu'observe-je ?
Deux messages ont été postés sur le mur de ce compte comme si c'est l'administrateur du compte qui l'a fait: un premier avec un lien vers un site porno, celui de ce soir avec un lien vers un article de journal à sonorité politique qui n'a rien à voir avec l'objet de notre groupe qui est strictement apolitique pour maintenir la cohésion et l'esprit de camaraderie.
Le lien pornographique peut gêner des membres de la communauté, surtout si ceux-ci pensent que ce sont les administrateurs qui s'amusent avec ce genre de blagues douteuses. Les administrateurs peuvent être montés du doigt si cela recommence et on peut redouter que des gens quittent la communauté.
Chercherait-on à déstabiliser le groupe ?
Pour le moment, ne dramatisons pas.
Mais l'idée que notre compte soit sous contrôle par des gens malveillants m'inquiètent au plus haut point.
D'autant plus que l'existence d'une infection importante fait pencher la balance vers une intention de nuire.
J'espère que je me suis exprimé assez clairement 
Que dois-je faire ?
Merci beaucoup.
Modifié par Bruno_K le 04/07/2011 23:12 |
|
Posté le 04/07/2011 à 23:09 |
Astucien
| Premier rapport Ad Remover
======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 22:57:19 on 04/07/2011, Normal boot
Microsoft Windows XP Professional Service Pack 3 (X86)
Manager@PANDA ( )
============== SEARCH ==============
File found: C:\WINDOWS\system32\ConduitEngine.tmp
Folder found: C:\Documents and Settings\Manager\Local Settings\Application Data\Conduit
Folder found: C:\Program Files\Conduit
Folder found: C:\Documents and Settings\Manager\Local Settings\Application Data\ConduitEngine
Folder found: C:\Program Files\ConduitEngine
Folder found: C:\Documents and Settings\Photo\Application Data\freeTVRadio
Folder found: C:\Program Files\freeTVRadio
Folder found: C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder found: C:\Program Files\Viewpoint
Key found: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key found: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key found: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key found: HKLM\Software\Classes\CLSID\{5A508BDE-B0CB-4C33-9399-9F898771EED8}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5A508BDE-B0CB-4C33-9399-9F898771EED8}
Key found: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key found: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key found: HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key found: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key found: HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key found: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
Key found: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
Key found: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
Key found: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key found: HKLM\Software\Classes\Conduit.Engine
Key found: HKLM\Software\Classes\Toolbar.CT1401021
Key found: HKLM\Software\Classes\Toolbar.CT2611275
Key found: HKLM\Software\Conduit
Key found: HKLM\Software\conduitEngine
Key found: HKLM\Software\MetaStream
Key found: HKLM\Software\Viewpoint
Key found: HKCU\Software\Conduit
Key found: HKCU\Software\conduitEngine
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3584B20C-62C0-4FB6-9396-78020B5B7D9B}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key found: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key found: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key found: HKLM\Software\MozillaPlugins\@viewpoint.com/VMP
Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
============== ADDITIONNAL SCAN ==============
**** Mozilla Firefox Version [5.0 (fr)] ****
HKLM_MozillaPlugins\@checkpoint.com/FFApi (x)
HKLM_MozillaPlugins\@pages.tvunetworks.com/WebPlayer (x)
HKLM_MozillaPlugins\@viewpoint.com/VMP (x)
Components\browsercomps.dll (Mozilla Foundation)
-- C:\Documents and Settings\Photo\Application Data\Mozilla\FireFox\Profiles\tf3frknf.default --
Prefs.js - browser.download.lastDir, D:\\Téléchargements
Prefs.js - browser.search.defaultenginename, Facemoods Search
Prefs.js - browser.search.selectedEngine, Facemoods Search
Prefs.js - browser.startup.homepage, hxxp://www.google.com/
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0
========================================
**** Internet Explorer Version [8.0.6001.18702] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKLM_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
AboutUrls|Tabs - hxxp://start.facemoods.com/?a=ironto&f=2
HKCU_URLSearchHooks|{6341761b-babe-406d-b0d6-8d99b81c2ee5} - "Answers.com Toolbar" (C:\Program Files\Answers.com\prxtbAns0.dll)
HKCU_SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - "Search the web (Babylon)" (hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627)
HKCU_SearchScopes\{2D2697B7-C3DF-4A29-9F94-1D328A5820D9} - "Softpedia Scripts" (hxxp://webscripts.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{4B113050-1FB0-4858-9D26-AB962747EF4C} - "Softpedia" (hxxp://www.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Answers.com Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKCU_SearchScopes\{CCDF30FA-12A5-4909-816D-1C7B90A29F79} - "Softpedia Games" (hxxp://games.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{D85318CA-1D82-464B-8237-5B442E5B322F} - "Softpedia Drivers" (hxxp://drivers.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{FB06C153-1999-4120-981E-DC6C405F84DA} - "Softpedia News" (hxxp://news.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_Toolbar\WebBrowser|{6341761B-BABE-406D-B0D6-8D99B81C2EE5} (C:\Program Files\Answers.com\prxtbAns0.dll)
HKCU_Toolbar\WebBrowser|{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} (C:\Program Files\ZoneAlarm\tbZon1.dll)
HKLM_Toolbar|{6341761b-babe-406d-b0d6-8d99b81c2ee5} (C:\Program Files\Answers.com\prxtbAns0.dll)
HKLM_Toolbar|{95daa571-4def-4a6d-97d8-98a346672a24} (mscoree.dll) (x)
HKLM_Toolbar|{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} (C:\Program Files\ZoneAlarm\tbZon1.dll)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\prxConduitEngine.dll)
HKLM_Toolbar|{6B896ADB-4A82-46e2-858C-13134782CE34} (C:\Program Files\Xmlbar\Video Joiner\IEBar\xbietb.dll)
HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll)
HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (x)
HKLM_ElevationPolicy\1335b25e-d30f-4051-9262-80eedadf7402 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\33d7dc3b-2ffa-4bf6-94e5-a296b6e39835 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\42afff86-b1f8-4f35-a843-4a0748bc0bbd - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\737ea483-032c-4b75-bb4f-6e35e2d22405 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\aecac859-dc3e-4751-a17d-db1efb197e54 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\bdf07c5c-a917-4e7e-941d-a6a00f854fec - C:\Program Files\ZoneAlarm\ZoneAlarmToolbarHelper.exe (?)
HKLM_ElevationPolicy\{3584B20C-62C0-4FB6-9396-78020B5B7D9B} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?)
HKLM_ElevationPolicy\{7227D034-D236-4D33-AA20-007A39ADF4D6} - C:\Documents and Settings\Photo\Local Settings\Application Data\Conduit\CT1401021\Answers.comAutoUpdaterHelper.exe (?)
HKLM_ElevationPolicy\{ac9c0f03-79be-4d91-a151-4126b6743a38} - c:\program files\systran\6\SystranTranslationProjectManager.exe (?)
HKLM_ElevationPolicy\{ae97b170-166e-4c51-92c8-5553bdc0fc84} - c:\program files\systran\6\SystranToolbar.exe (SYSTRAN)
HKLM_ElevationPolicy\{C676939D-C86E-4f8f-B1EB-4641F9ACD474} - C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe (?)
HKLM_ElevationPolicy\{F9EA8322-EC48-44E9-8A6F-4581F655705E} - C:\Program Files\Answers.com\Answers.comToolbarHelper1.exe (?)
HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe (x)
HKLM_Extensions\{C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - "Video Joiner" (C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe,128)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
HKLM_Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - "Translate this web page with Babylon" (C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll,202)
BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine " (C:\Program Files\ConduitEngine\prxConduitEngine.dll)
BHO\{416ae1cb-7257-484a-b912-aebc7fdad4ce} (?)
BHO\{6341761b-babe-406d-b0d6-8d99b81c2ee5} - "Answers.com Toolbar" (C:\Program Files\Answers.com\prxtbAns0.dll)
BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll)
BHO\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - "ZoneAlarm Toolbar" (C:\Program Files\ZoneAlarm\tbZon1.dll)
BHO\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - "Babylon IE plugin" (C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 1 File(s)
C:\Ad-Report-SCAN[1].txt - 04/07/2011 22:58:06 (9168 Byte(s))
End at: 22:59:24, 04/07/2011
============== E.O.F ============== |
|
Posté le 04/07/2011 à 23:41 |
Astucien
| 2e rapport
======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 23:11:49 on 04/07/2011, Normal boot
Microsoft Windows XP Professional Service Pack 3 (X86)
Manager@PANDA ( )
============== ACTION(S) ==============
File deleted: C:\WINDOWS\system32\ConduitEngine.tmp
Folder deleted: C:\Documents and Settings\Manager\Local Settings\Application Data\Conduit
Folder deleted: C:\Program Files\Conduit
Folder deleted: C:\Documents and Settings\Manager\Local Settings\Application Data\ConduitEngine
Folder deleted: C:\Program Files\ConduitEngine
Folder deleted: C:\Documents and Settings\Photo\Application Data\freeTVRadio
Folder deleted: C:\Program Files\freeTVRadio
Folder deleted: C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder deleted: C:\Program Files\Viewpoint
(!) -- Temporary files deleted.
Key deleted: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key deleted: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKLM\Software\Classes\CLSID\{5A508BDE-B0CB-4C33-9399-9F898771EED8}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5A508BDE-B0CB-4C33-9399-9F898771EED8}
Key deleted: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key deleted: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key deleted: HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key deleted: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key deleted: HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key deleted: HKLM\Software\Classes\Conduit.Engine
Key deleted: HKLM\Software\Classes\Toolbar.CT1401021
Key deleted: HKLM\Software\Classes\Toolbar.CT2611275
Key deleted: HKLM\Software\Conduit
Key deleted: HKLM\Software\conduitEngine
Key deleted: HKLM\Software\MetaStream
Key deleted: HKLM\Software\Viewpoint
Key deleted: HKCU\Software\Conduit
Key deleted: HKCU\Software\conduitEngine
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3584B20C-62C0-4FB6-9396-78020B5B7D9B}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key deleted: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key deleted: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key deleted: HKLM\Software\MozillaPlugins\@viewpoint.com/VMP
Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
============== ADDITIONNAL SCAN ==============
**** Mozilla Firefox Version [5.0 (fr)] ****
HKLM_MozillaPlugins\@checkpoint.com/FFApi (x)
HKLM_MozillaPlugins\@pages.tvunetworks.com/WebPlayer (x)
Components\browsercomps.dll (Mozilla Foundation)
-- C:\Documents and Settings\Photo\Application Data\Mozilla\FireFox\Profiles\tf3frknf.default --
Prefs.js - browser.download.lastDir, D:\\Téléchargements
Prefs.js - browser.search.defaultenginename, Facemoods Search
Prefs.js - browser.search.selectedEngine, Facemoods Search
Prefs.js - browser.startup.homepage, hxxp://www.google.com/
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0
========================================
**** Internet Explorer Version [8.0.6001.18702] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{6341761b-babe-406d-b0d6-8d99b81c2ee5} - "Answers.com Toolbar" (C:\Program Files\Answers.com\prxtbAns0.dll)
HKCU_SearchScopes\{2D2697B7-C3DF-4A29-9F94-1D328A5820D9} - "Softpedia Scripts" (hxxp://webscripts.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{4B113050-1FB0-4858-9D26-AB962747EF4C} - "Softpedia" (hxxp://www.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{CCDF30FA-12A5-4909-816D-1C7B90A29F79} - "Softpedia Games" (hxxp://games.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{D85318CA-1D82-464B-8237-5B442E5B322F} - "Softpedia Drivers" (hxxp://drivers.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{FB06C153-1999-4120-981E-DC6C405F84DA} - "Softpedia News" (hxxp://news.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_Toolbar\WebBrowser|{6341761B-BABE-406D-B0D6-8D99B81C2EE5} (C:\Program Files\Answers.com\prxtbAns0.dll)
HKCU_Toolbar\WebBrowser|{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} (C:\Program Files\ZoneAlarm\tbZon1.dll)
HKLM_Toolbar|{6341761b-babe-406d-b0d6-8d99b81c2ee5} (C:\Program Files\Answers.com\prxtbAns0.dll)
HKLM_Toolbar|{95daa571-4def-4a6d-97d8-98a346672a24} (mscoree.dll) (x)
HKLM_Toolbar|{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} (C:\Program Files\ZoneAlarm\tbZon1.dll)
HKLM_Toolbar|{6B896ADB-4A82-46e2-858C-13134782CE34} (C:\Program Files\Xmlbar\Video Joiner\IEBar\xbietb.dll)
HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll)
HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (x)
HKLM_ElevationPolicy\1335b25e-d30f-4051-9262-80eedadf7402 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\33d7dc3b-2ffa-4bf6-94e5-a296b6e39835 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\42afff86-b1f8-4f35-a843-4a0748bc0bbd - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\737ea483-032c-4b75-bb4f-6e35e2d22405 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\aecac859-dc3e-4751-a17d-db1efb197e54 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\bdf07c5c-a917-4e7e-941d-a6a00f854fec - C:\Program Files\ZoneAlarm\ZoneAlarmToolbarHelper.exe (?)
HKLM_ElevationPolicy\{7227D034-D236-4D33-AA20-007A39ADF4D6} - C:\Documents and Settings\Photo\Local Settings\Application Data\Conduit\CT1401021\Answers.comAutoUpdaterHelper.exe (?)
HKLM_ElevationPolicy\{ac9c0f03-79be-4d91-a151-4126b6743a38} - c:\program files\systran\6\SystranTranslationProjectManager.exe (?)
HKLM_ElevationPolicy\{ae97b170-166e-4c51-92c8-5553bdc0fc84} - c:\program files\systran\6\SystranToolbar.exe (SYSTRAN)
HKLM_ElevationPolicy\{C676939D-C86E-4f8f-B1EB-4641F9ACD474} - C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe (?)
HKLM_ElevationPolicy\{F9EA8322-EC48-44E9-8A6F-4581F655705E} - C:\Program Files\Answers.com\Answers.comToolbarHelper1.exe (?)
HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe (x)
HKLM_Extensions\{C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - "Video Joiner" (C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe,128)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
HKLM_Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - "Translate this web page with Babylon" (C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll,202)
BHO\{416ae1cb-7257-484a-b912-aebc7fdad4ce} (?)
BHO\{6341761b-babe-406d-b0d6-8d99b81c2ee5} - "Answers.com Toolbar" (C:\Program Files\Answers.com\prxtbAns0.dll)
BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll)
BHO\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - "ZoneAlarm Toolbar" (C:\Program Files\ZoneAlarm\tbZon1.dll)
BHO\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - "Babylon IE plugin" (C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 70 File(s)
C:\Program Files\Ad-Remover\Backup: 14 File(s)
C:\Ad-Report-CLEAN[1].txt - 04/07/2011 23:12:02 (7962 Byte(s))
C:\Ad-Report-SCAN[1].txt - 04/07/2011 22:58:06 (10665 Byte(s))
End at: 23:13:29, 04/07/2011
============== E.O.F ==============
|
|
Posté le 04/07/2011 à 23:51 |
| Re
Pour le moment, ne dramatisons pas.
Mais l'idée que notre compte soit sous contrôle par des gens malveillants m'inquiètent au plus haut point.
D'autant plus que l'existence d'une infection importante fait pencher la balance vers une intention de nuire.
J'espère que je me suis exprimé assez clairement 
Que dois-je faire ? ===> Aucune idée avec les Réseaux Sociaux, c'est la jungle !!! Un des 400 membres suffit, pour " publier ", sur votre " Mur de FaceBook ", des liens divers
Tu reprends AD-Remover dans le " nettoyage ", et tu publies son rapport / STP
A te lire demain // 
Edité => Ns ns sommes croisés 
Relance ZHPDiag, et héberge son rapport
Modifié par Evasion60 le 04/07/2011 23:53 |
|
Posté le 04/07/2011 à 23:56 |
Astucien
| Evasion60 a écrit :
Re
.... Un des 400 membres suffit, pour " publier ", sur votre " Mur de FaceBook ", des liens divers
Ce qui m'inquiète, ce n'est pas le fait que des membres publient sur le mur (tant mieux pour le dynamisme de la communaute), c'est l'usurpation d'identité : que quelqu'un (pas sûr que ce soit un inscrit), ait publié sur le mur des bêtises avec notre identité (identite des administrateurs).
Merci encore Evasion60 
A demain
et Bonne Nuit Modifié par Bruno_K le 05/07/2011 07:43 |
|
Posté le 05/07/2011 à 07:42 |
Astucien
| Bonjour Evasion60
Fichier joint : ZHPDiag.txt Modifié par Bruno_K le 05/07/2011 07:42 |
|
Posté le 05/07/2011 à 13:03 |
| Bonjour
... Bien nous allons essayer en premier de sauter le RootKit
-
Télécharger TDSSkiller de Kaspersky,
- Extraire de l'archive téléchargée le fichier TDSSKiller.exe et le placer sur le Bureau,
- Faire un double clic sur TDSSKiller.exe pour le lancer.
- Cliquer sur Start scan pour lancer l'analyse,
- Lorsque l'outil a terminé son travail d'inspection, si des nuisibles
 ("Malicious objects") ont été trouvés, vérifier que l'option  (Cure) est sélectionnée,
- Si des objects suspects ("Suspicious objects") ont été détectés, sur l'écran de demande de confirmation, modifier l'action à entreprendre et indiquer Quarantine (au lieu de Skip),
- Puis cliquer sur le bouton
 (Continue),
- Attendre l'affichage du fichier rapport.
- Si l'outil a besoin d'un redémarrage pour finaliser le nettoyage, cliquer sur le bouton
 (Reboot computer).
- Envoyer en réponse : le rapport de TDSSKiller (contenu du fichier SystemDrive\TDSSKiller.Version_Date_Heure_log.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
Info : http://support.kaspersky.com/fr/faq/?qid=208280685
A te lire Modifié par Evasion60 le 05/07/2011 13:05 |
|
Posté le 05/07/2011 à 14:13 |
Astucien
| Rapport :
2011/07/05 14:02:41.0328 6124 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/05 14:02:43.0328 6124 ================================================================================
2011/07/05 14:02:43.0328 6124 SystemInfo:
2011/07/05 14:02:43.0328 6124
2011/07/05 14:02:43.0328 6124 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/05 14:02:43.0328 6124 Product type: Workstation
2011/07/05 14:02:43.0328 6124 ComputerName: PANDA
2011/07/05 14:02:43.0328 6124 UserName: Manager
2011/07/05 14:02:43.0328 6124 Windows directory: C:\WINDOWS
2011/07/05 14:02:43.0328 6124 System windows directory: C:\WINDOWS
2011/07/05 14:02:43.0328 6124 Processor architecture: Intel x86
2011/07/05 14:02:43.0328 6124 Number of processors: 2
2011/07/05 14:02:43.0328 6124 Page size: 0x1000
2011/07/05 14:02:43.0328 6124 Boot type: Normal boot
2011/07/05 14:02:43.0328 6124 ================================================================================
2011/07/05 14:02:46.0281 6124 Initialize success
2011/07/05 14:02:55.0562 1656 ================================================================================
2011/07/05 14:02:55.0562 1656 Scan started
2011/07/05 14:02:55.0562 1656 Mode: Manual;
2011/07/05 14:02:55.0562 1656 ================================================================================
2011/07/05 14:02:57.0281 1656 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/05 14:02:57.0359 1656 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/05 14:02:57.0406 1656 ADIHdAudAddService (4e12c97cbfe99be15d7680918f9899ec) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/07/05 14:02:57.0468 1656 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/07/05 14:02:57.0515 1656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/05 14:02:57.0562 1656 afcdp (f132d0bfde7c5ea1ab42325c5694a969) C:\WINDOWS\system32\DRIVERS\afcdp.sys
2011/07/05 14:02:57.0609 1656 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/07/05 14:02:57.0687 1656 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/07/05 14:02:58.0109 1656 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/05 14:02:58.0187 1656 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/05 14:02:58.0281 1656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/05 14:02:58.0312 1656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/05 14:02:58.0375 1656 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/07/05 14:02:58.0406 1656 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/07/05 14:02:58.0437 1656 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/07/05 14:02:58.0515 1656 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/07/05 14:02:58.0609 1656 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/07/05 14:02:58.0750 1656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/05 14:02:58.0812 1656 BootScreen (dcf90c70933881f3e9dee7744b4e5b77) C:\WINDOWS\System32\drivers\vidstub.sys
2011/07/05 14:02:58.0921 1656 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/07/05 14:02:59.0015 1656 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/07/05 14:02:59.0078 1656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/05 14:02:59.0187 1656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/05 14:02:59.0250 1656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/05 14:02:59.0296 1656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/05 14:02:59.0609 1656 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/05 14:02:59.0718 1656 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/05 14:02:59.0875 1656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/05 14:02:59.0968 1656 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/05 14:03:00.0093 1656 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/05 14:03:00.0125 1656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/05 14:03:00.0203 1656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/05 14:03:00.0578 1656 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
2011/07/05 14:03:00.0859 1656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/05 14:03:00.0921 1656 e1express (ed91f1042071a36f54e7c430e130e4cd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/07/05 14:03:00.0968 1656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/05 14:03:01.0015 1656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/05 14:03:01.0031 1656 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/05 14:03:01.0062 1656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/05 14:03:01.0125 1656 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/05 14:03:01.0156 1656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/05 14:03:01.0234 1656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/05 14:03:01.0296 1656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/05 14:03:01.0359 1656 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/07/05 14:03:01.0390 1656 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/05 14:03:01.0437 1656 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/05 14:03:01.0546 1656 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2011/07/05 14:03:01.0609 1656 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/05 14:03:01.0687 1656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/05 14:03:02.0234 1656 ialm (42caa789a21014aa809a8ff59b3ccfd9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/07/05 14:03:02.0562 1656 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/05 14:03:02.0687 1656 intelppm (b10739a343fc754d0c34eaa7c5843893) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/05 14:03:02.0687 1656 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\intelppm.sys. Real md5: b10739a343fc754d0c34eaa7c5843893, Fake md5: 8c953733d8f36eb2133f5bb58808b66b
2011/07/05 14:03:02.0687 1656 intelppm - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/05 14:03:02.0734 1656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/05 14:03:02.0796 1656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/05 14:03:02.0843 1656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/05 14:03:02.0906 1656 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/05 14:03:02.0968 1656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/05 14:03:03.0000 1656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/05 14:03:03.0046 1656 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/05 14:03:03.0093 1656 ISWKL (2e41433579de4381f1b0f7b30b013ddc) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/07/05 14:03:03.0250 1656 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/05 14:03:03.0296 1656 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/05 14:03:03.0359 1656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/05 14:03:03.0406 1656 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/05 14:03:03.0531 1656 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/07/05 14:03:03.0656 1656 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/07/05 14:03:03.0796 1656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/05 14:03:03.0859 1656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/05 14:03:03.0890 1656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/05 14:03:03.0937 1656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/05 14:03:03.0984 1656 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/05 14:03:04.0031 1656 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/05 14:03:04.0062 1656 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/05 14:03:04.0140 1656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/05 14:03:04.0171 1656 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/05 14:03:04.0281 1656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/05 14:03:04.0468 1656 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/05 14:03:04.0578 1656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/05 14:03:04.0718 1656 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/05 14:03:04.0765 1656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/05 14:03:04.0781 1656 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/05 14:03:04.0796 1656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/05 14:03:04.0828 1656 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/05 14:03:04.0859 1656 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/05 14:03:04.0890 1656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/05 14:03:04.0921 1656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/05 14:03:04.0953 1656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/05 14:03:05.0015 1656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/05 14:03:05.0109 1656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/05 14:03:05.0187 1656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/05 14:03:05.0234 1656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/05 14:03:05.0328 1656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/05 14:03:05.0375 1656 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/05 14:03:05.0421 1656 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/05 14:03:05.0468 1656 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/05 14:03:05.0562 1656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/05 14:03:05.0625 1656 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/05 14:03:05.0937 1656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/05 14:03:05.0968 1656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/05 14:03:06.0000 1656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/05 14:03:06.0046 1656 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/05 14:03:06.0140 1656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/05 14:03:06.0187 1656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/05 14:03:06.0218 1656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/05 14:03:06.0234 1656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/05 14:03:06.0265 1656 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/05 14:03:06.0296 1656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/05 14:03:06.0359 1656 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/05 14:03:06.0390 1656 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/05 14:03:06.0453 1656 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/05 14:03:06.0562 1656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/05 14:03:06.0625 1656 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/05 14:03:06.0687 1656 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/05 14:03:06.0937 1656 snapman (ffd9b64db2cd7b74b766c3a8452a5816) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/07/05 14:03:07.0046 1656 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/05 14:03:07.0109 1656 Spyder3 (1c63fe706ab797bc3c24813ff969b4de) C:\WINDOWS\system32\DRIVERS\Spyder3.sys
2011/07/05 14:03:07.0140 1656 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/05 14:03:07.0203 1656 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/05 14:03:07.0328 1656 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/07/05 14:03:07.0406 1656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/05 14:03:07.0453 1656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/05 14:03:07.0718 1656 SynTP (13e0d1974ce03e88c265a68325cb16de) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/05 14:03:07.0781 1656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/05 14:03:07.0843 1656 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/05 14:03:07.0906 1656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/05 14:03:08.0000 1656 tdrpman251 (3630f5b8181554deecfe2e4252bc4c4c) C:\WINDOWS\system32\DRIVERS\tdrpm251.sys
2011/07/05 14:03:08.0062 1656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/05 14:03:08.0125 1656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/05 14:03:08.0203 1656 timounter (c820bfc70feb25ec877c49e81cd477c1) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/07/05 14:03:08.0296 1656 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys
2011/07/05 14:03:08.0359 1656 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/05 14:03:08.0468 1656 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/07/05 14:03:08.0734 1656 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/05 14:03:08.0812 1656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/05 14:03:08.0843 1656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/05 14:03:08.0906 1656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/05 14:03:09.0078 1656 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/05 14:03:09.0265 1656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/05 14:03:09.0359 1656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/05 14:03:09.0390 1656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/05 14:03:09.0468 1656 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/07/05 14:03:09.0609 1656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/05 14:03:09.0765 1656 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/07/05 14:03:09.0906 1656 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/07/05 14:03:10.0187 1656 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/05 14:03:10.0687 1656 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/07/05 14:03:10.0812 1656 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/05 14:03:11.0171 1656 Boot (0x1200) (e0d30c9c8d297c837ea0d3a9002c1e4f) \Device\Harddisk0\DR0\Partition0
2011/07/05 14:03:11.0203 1656 Boot (0x1200) (15dca291e1522fd76f02a3d4bf79bf7c) \Device\Harddisk0\DR0\Partition1
2011/07/05 14:03:11.0203 1656 ================================================================================
2011/07/05 14:03:11.0203 1656 Scan finished
2011/07/05 14:03:11.0203 1656 ================================================================================
2011/07/05 14:03:11.0218 2528 Detected object count: 1
2011/07/05 14:03:11.0218 2528 Actual detected object count: 1
2011/07/05 14:04:04.0875 2528 intelppm (b10739a343fc754d0c34eaa7c5843893) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/05 14:04:04.0875 2528 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\intelppm.sys. Real md5: b10739a343fc754d0c34eaa7c5843893, Fake md5: 8c953733d8f36eb2133f5bb58808b66b
2011/07/05 14:04:07.0843 2528 Backup copy found, using it..
2011/07/05 14:04:08.0062 2528 C:\WINDOWS\system32\DRIVERS\intelppm.sys - will be cured after reboot
2011/07/05 14:04:08.0062 2528 Rootkit.Win32.TDSS.tdl3(intelppm) - User select action: Cure
2011/07/05 14:04:51.0968 4588 Deinitialize success |
 | Soutenez PC Astuces |
. Nos conseils et astuces vous ont aidé ? Vous avez résolu un problème sur votre ordinateur ? Vous avez profité de nos bons plans ? Aidez-nous en retour avec un abonnement de soutien mensuel.
5 € par mois
10 € par mois
20 € par mois
|
|
Posté le 05/07/2011 à 14:50 |
| Re
... Bien joué avec TDSSKiller 
La machine a bien rebootée ?
Relance ZHPDiag, pour voir si je l'ai bien mangé ce TDL3 , et le reste à traiter, car c'est pas terminé !
Héberge son rapport / STP
A te lire |
|
Posté le 05/07/2011 à 15:18 |
Astucien
|
Oui la machine a bien reboote  |
|
Posté le 05/07/2011 à 15:20 |
Astucien
| |
|
Posté le 05/07/2011 à 19:03 |
| Bonsoir
Applique ce correctif =>
Procédure permettant d'établir un correctif :
- Ouvre le bloc-note (Démarrer>programmes>Accessoires>Bloc-notes),
- Sélectionne et copie ces lignes. Pour les copier, tu cliques sur CTRL+C après les avoir sélectionnées. Elles sont présentées entre quotes comme ceci :
R3 - URLSearchHook: Answers.com Toolbar - {6341761b-babe-406d-b0d6-8d99b81c2ee5} . (.Conduit Ltd. - Conduit Toolbar.) (6.3.2.0) -- C:\Program Files\Answers.com\prxtbAns0.dll
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 => Internet Explorer Allows Proxy Settings Remotely
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0 => Internet Explorer Proxy GET HTTP1.1 Disabled
O2 - BHO: (no name) - {416ae1cb-7257-484a-b912-aebc7fdad4ce} Orphean Key => Orphean Key not necessary
O2 - BHO: Answers.com - {6341761b-babe-406d-b0d6-8d99b81c2ee5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Answers.com\prxtbAns0.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} . (.facemoods.com BHO - No comment.) -- C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\ZoneAlarm\tbZon1.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} . (.Babylon Ltd. - Babylon Internet Explorer Addin.) -- C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll => Infection BT
O3 - Toolbar: Answers.com Toolbar - {6341761b-babe-406d-b0d6-8d99b81c2ee5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Answers.com\prxtbAns0.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\ZoneAlarm\tbZon1.dll
O3 - Toolbar: Show Xmlbar Toolbar - {6B896ADB-4A82-46e2-858C-13134782CE34} . (.Xmlbar.com - Xmlbar Toolbar Module.) -- C:\Program Files\Xmlbar\Video Joiner\IEBar\xbietb.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} . (.facemoods.com - No comment.) -- C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] . (.Acronis - Acronis True Image Monitor.) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe => Acronis®True Image
O4 - HKLM\..\Run: [Babylon Client] . (.Babylon Ltd. - Babylon Information Tool.) -- C:\Program Files\Babylon\Babylon-Pro\Babylon.exe => Infection BT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe => Safer Net Working®Spybot S&D
O4 - HKUS\S-1-5-21-507921405-725345543-839522115-1003\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe => Safer Net Working®Spybot S&D
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Babylon.lnk . (.Babylon Ltd..) -- C:\Program Files\Babylon\Babylon-Pro\Babylon.exe => Infection BT
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Moyea Software Gallery.lnk - Orphean Key => Orphean Key not necessary
O8 - Extra context menu item: Answers... - (.not file.) - file:\\C:\Program Files\1-Click Answers\Html\atiemenu.htm => Fichier absent
O8 - Extra context menu item: Translate this web page with Babylon . (.Babylon Ltd. - Babylon Internet Explorer Addin.) -- C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll => Infection BT
O8 - Extra context menu item: Translate with Babylon . (.Babylon Ltd. - Babylon Internet Explorer Addin.) -- C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll => Infection BT
O9 - Extra button: Video Joiner - {C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} . (.Unknown owner - YouTubeDownload Module.) -- C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} . (.Babylon Ltd. - Babylon Internet Explorer Addin.) -- C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll => Infection BT
O42 - Logiciel: Babylon - (.Babylon.) [HKLM] -- Babylon => Infection BT
O42 - Logiciel: Facemoods Toolbar - (.Unknown owner.) [HKLM] -- facemoods => Toolbar.Facemoods
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 => Safer Networking Limited Spybot - S&D
[HKCU\Software\Babylon] => Infection BT
[HKLM\Software\facemoods.com] => Toolbar.Facemoods
O43 - CFD: 10/27/2010 - 10:59:52 AM - [47663336] ----D- C:\Program Files\Babylon => Infection BT
O43 - CFD: 6/28/2011 - 12:38:08 AM - [1474498] ----D- C:\Program Files\facemoods.com => Toolbar.Facemoods
O43 - CFD: 1/12/2010 - 10:24:28 PM - [70129265] ----D- C:\Program Files\Spybot - Search & Destroy => Spybot - Search & Destroy
O43 - CFD: 3/10/2011 - 12:03:46 AM - [986710] ----D- C:\Documents and Settings\Manager\Application Data\Babylon => Infection BT
O43 - CFD: 12/19/2010 - 12:58:08 PM - [7291] ----D- C:\Documents and Settings\Manager\Local Settings\Application Data\Babylon => Infection BT
O43 - CFD: 12/19/2010 - 12:58:08 PM - [7291] ----D- C:\Documents and Settings\Manager\Local Settings\Application Data\Babylon => Infection BT
O44 - LFC:[MD5.5251CA229DF4C3714529FAAB4A54F93C] - 7/4/2011 - 10:13:30 PM ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [10093]
O44 - LFC:[MD5.FF94158A7E01B24F340BA5C35970798C] - 7/4/2011 - 9:59:24 PM ---A- . (...) -- C:\Ad-Report-SCAN[1].txt [10665]
O47 - AAKE:Key Export SP - "C:\Program Files\Bonjour\mDNSResponder.exe" [Enabled] .(.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O47 - AAKE:Key Export SP - "D:\Téléchargements\3gp_converter_setup.exe" [Enabled] .(...) -- D:\Téléchargements\3gp_converter_setup.exe (.not file.) => Fichier absent
O47 - AAKE:Key Export SP - "D:\Downloads\utorrent.exe" [Enabled] .(.BitTorrent, Inc. - µTorrent.) -- D:\Downloads\utorrent.exe
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\59936265.sys . (...) -- C:\WINDOWS\System32\Drivers\59936265.sys (.not file.) => Fichier absent
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\59936265.sys . (...) -- C:\WINDOWS\System32\Drivers\59936265.sys (.not file.) => Fichier absent
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine] => Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer] => Infection PUP (Adware.MetaStream))
[HKLM\Software\Classes\esrv.escrtSrvc] => Toolbar.Facemood
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}] => Toolbar.Facemoods
[HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}] => Toolbar.Facemoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}] => Toolbar.Facemoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}] => Toolbar.Facemoods
[HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}] => Toolbar.Facemoods
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] => Infection BT (Adware.AskSBar)
[HKLM\Software\facemoods.com] => Toolbar.Facemoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:Babylon Client => Infection BT (Toolbar.Babylon)
C:\Program Files\Babylon => Infection BT
C:\Documents and Settings\Manager\Application Data\Babylon => Infection BT
C:\Documents and Settings\Manager\Local Settings\Application Data\Babylon => Infection BT
C:\Documents and Settings\Manager\Local Settings\Application Data\Babylon => Infection BT
- Enregistre le fichier dans le dossier C:\Program Files\ZHPDiag en choisisissant Fichiers>Enregistrer sous.... En nom de fichier, tu indiques ZHPDiag.txt. Une demande de confirmation est demandée car tu vas écraser l'ancien rapport. Tu acceptes.
- Lance ZHPFix de Nicolas Coolman qui se trouve lui aussi dans le dossier ZHPDiag. Pour XP, double-clique sur ZHPFix ; pour Vista, fais un clic droit sur l'icône et exécute en tant qu'administrateur.
- Le logiciel s'ouvre. Il doit contenir dans la fenêtre de rapport uniquement les lignes que tu as sélectionnées au-dessus. Si ça ne correspond pas, tu interromps la procédure et tu me préviens.
- Clique sur OK comme indiqué ci-dessous :
- Les lignes du rapport apparaissent alors avec des cases à cocher.
- Clique sur le bouton "Tous" après avoir vérifié une dernière fois que ces lignes sont conformes à celles sélectionnées au-dessus puis clique sur "Nettoyer" comme ceci :
- Ceci va avoir pour effet de réaliser un correctif.
- Dans la fenêtre du programme, celui-ci t'indique que le script a été effectué.
- Si un redémarrage est demandé, effectue-le.
- Copie-colle le contenu du rapport situé dans le dossier ZHPDiag et qui se nomme ZHPFixreport.txt
|
|
Posté le 05/07/2011 à 19:49 |
Astucien
| A l'étape : "Le logiciel s'ouvre. Il doit contenir dans la fenêtre de rapport uniquement les lignes que tu as sélectionnées au-dessus. Si ça ne correspond pas, tu interromps la procédure et tu me préviens."
Quand le logiciel s'ouvre, je ne vois rien dans la fenetre de rapport : vide.
Modifié par Bruno_K le 05/07/2011 22:18 |
|
Posté le 06/07/2011 à 11:19 |
| Bonjour
Colle mon script proposé, dans la grande fenêtre de ZHPFix
Continu avec le tutp d'aide
@+ |
|
Posté le 06/07/2011 à 11:41 |
Astucien
| Evasion60,
Par prudence, face à l'étrange situation, j'ai arrêté toute opération. J'attends tes instructions.
Merci 
PS On s'est croisés Modifié par Bruno_K le 06/07/2011 11:41 |
|
Posté le 06/07/2011 à 12:42 |
Astucien
|
Rapport de ZHPFix
Rapport de ZHPFix 1.12.3333 par Nicolas Coolman, Update du 02/07/2011
Fichier d'export Registre :
Run by Manager at 7/6/2011 12:21:21 PM
Windows XP Professional Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Software ==========
NOT FOUND Uninstall Process: c:\program files\babylon\babylon-pro\utils\uninstbb.exe
NOT FOUND Uninstall Process: c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe
NOT FOUND Uninstall Process: c:\program files\spybot - search & destroy\unins000.exe
========== Registry Key ==========
DELETED [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon]
DELETED [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods]
DELETED [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1]
DELETED Key: CLSID BHO: {416ae1cb-7257-484a-b912-aebc7fdad4ce}
DELETED Key: CLSID BHO: {6341761b-babe-406d-b0d6-8d99b81c2ee5}
DELETED Key: CLSID BHO: {64182481-4F71-486b-A045-B233BD0DA8FC}
DELETED Key: CLSID BHO: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
DELETED Key: CLSID BHO: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
DELETED Key: Menu Contextuel: Answers...
NOT FOUND Key: Menu Contextuel: Translate this web page with Babylon . (.Babylon Ltd.
NOT FOUND Key: Menu Contextuel: Translate with Babylon . (.Babylon Ltd.
DELETED Key: CLSID Extra Buttons: {C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9}
DELETED Key: CLSID Extra Buttons: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}
DELETED Key: HKCU\Software\Babylon
DELETED Key: HKLM\Software\facemoods.com
DELETED O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\59936265.sys . (...) -- C:\WINDOWS\System32\Drivers\59936265.sys (.not file.)
DELETED O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\59936265.sys . (...) -- C:\WINDOWS\System32\Drivers\59936265.sys (.not file.)
DELETED Key: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
DELETED Key: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
DELETED Key: HKLM\Software\Classes\esrv.escrtSrvc
DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}
DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B}
DELETED Key: HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
DELETED Key: HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
DELETED Key: HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
DELETED Key: HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}
NOT FOUND Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}
DELETED Key: HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
DELETED Key: HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
DELETED Key: HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}
DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}
DELETED Key: HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
DELETED Key: HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
DELETED Key: HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}
DELETED Key: HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
DELETED Key: HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
DELETED Key: HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
NOT FOUND Key: HKLM\Software\facemoods.com
========== Registry Value ==========
DELETED URLSearchHook: {6341761b-babe-406d-b0d6-8d99b81c2ee5}
DELETED Toolbar: {6341761b-babe-406d-b0d6-8d99b81c2ee5}
DELETED Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
DELETED Toolbar: {6B896ADB-4A82-46e2-858C-13134782CE34}
DELETED Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9}
DELETED RunValue: TrueImageMonitor.exe
DELETED RunValue: Babylon Client
DELETED RunValue: SpybotSD TeaTimer
NOT FOUND RunValue: SpybotSD TeaTimer
DELETED AAKE KeyValue: C:\Program Files\Bonjour\mDNSResponder.exe
DELETED AAKE KeyValue: D:\Téléchargements\3gp_converter_setup.exe
DELETED AAKE KeyValue: D:\Downloads\utorrent.exe
NOT FOUND [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:Babylon Client
========== Registry Data Items ==========
REMOVED R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy
REMOVED R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1
========== Repertory ==========
DELETE on Reboot Folder**: C:\Program Files\Babylon
NOT FOUND C:\Program Files\facemoods.com
DELETE on Reboot Folder**: C:\Program Files\Spybot - Search & Destroy
DELETE on Reboot Folder**: C:\Documents and Settings\Manager\Application Data\Babylon
DELETED Folder*: C:\Documents and Settings\Manager\Local Settings\Application Data\Babylon
NOT FOUND C:\Documents and Settings\Manager\Local Settings\Application Data\Babylon
========== File ==========
DELETED c:\program files\answers.com
NOT FOUND File: c:\program files\answers.com
DELETED c:\program files\facemoods.com
DELETED c:\program files\zonealarm\tbzon1.dll
DELETED c:\program files\babylon\babylon-pro\utils\babyloniepi.dll
NOT FOUND File: c:\program files\zonealarm\tbzon1.dll
DELETED c:\program files\xmlbar\video joiner\iebar\xbietb.dll
NOT FOUND File: c:\program files\facemoods.com
DELETE on Reboot c:\program files\acronis\trueimagehome\trueimagemonitor.exe
DELETED c:\program files\babylon\babylon-pro\babylon.exe
DELETED c:\program files\spybot - search & destroy\teatimer.exe
NOT FOUND File: c:\program files\spybot - search & destroy\teatimer.exe
DELETED c:\documents and settings\all users\desktop\babylon.lnk
NOT FOUND File: c:\program files\babylon\babylon-pro\babylon.exe
DELETED c:\documents and settings\all users\desktop\moyea software gallery.lnk
NOT FOUND File: e:\\c:\program files\1-click answers\html\atiemenu.htm
NOT FOUND File: c:\program files\babylon\babylon-pro\utils\babyloniepi.dll
DELETED c:\program files\xmlbar\video joiner\flvjoiner(xmlbar).exe
DELETED c:\ad-report-clean[1].txt
DELETED c:\ad-report-scan[1].txt
DELETED c:\program files\bonjour\mdnsresponder.exe
NOT FOUND File: d:\téléchargements\3gp_converter_setup.exe
DELETED d:\downloads\utorrent.exe
NOT FOUND File: c:\windows\system32\drivers\59936265.sys
NOT FOUND Folder/File: c:\documents and settings\manager\local settings\application data\babylon
========== Summary ==========
39 : Registry Key
13 : Registry Value
2 : Registry Data Items
6 : Repertory
25 : File
3 : Software
========== Report File ==========
C:\Program Files\ZHPDiag\ZHPFixReport.txt
End of the scan in 23mn AMs |
|
Posté le 06/07/2011 à 16:10 |
| |
|
Posté le 06/07/2011 à 16:28 |
Astucien
| Hello Evasion60,
Voici la situation
1/
Comment se comporte ta machine?
Depuis la fin de la dernière opération, la machine fonctionne très bien. Avant le lancement de la dernière opération, un écran bleu est survenu il y a quelques heures. Mais c'était avant le lancement de ZHPFixi.
2/
Et votre page Web, sur FaceBook ?
Ce qui n'a rien à voir avec l'infection => RootKit + Babylone
Pas d'usurpation d'identité depuis la dernière constatation le 4 juillet. Ce qui ne signifie pas que la machine ne soit pas sous sontrôle de hackers... d'autant plus qu'il sert à gérer une communauté (on peut les atteindre via ma machine)
Question : c'est quoi Babylone s'il te plaît ?
3/
Passe moi ce scanner en ligne =>
https://forum.pcastuces.com/eset_online_scanner___tutoriel-f31s56.htm
Poste moi son rapport / STP
Je vais le lancer
4/
Il faut aussi faire de la place sur ton disque dur hyper saturé !
Je suis en train de chercher un DD portable pour faire de la place.
Merci beaucoup
Modifié par Bruno_K le 06/07/2011 16:44 |
|
Posté le 06/07/2011 à 16:58 |
|
Question : c'est quoi Babylone s'il te plaît ?
Re
Une ToolBarre indésirée
|
|
Posté le 06/07/2011 à 20:30 |
Astucien
| Evasion60 a écrit :
Re
Une ToolBarre indésirée 
Merci Evasion60 |
|
Posté le 06/07/2011 à 20:31 |
Astucien
| - Rapport ESET
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=ce89bbc101c6f841a46494cb476aa808
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-06 06:24:19
# local_time=2011-07-06 08:24:19 (+0100, Romance Standard Time)
# country="United States"
# lang=1036
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 271699 271699 0 0
# compatibility_mode=768 16777215 100 0 46809029 46809029 0 0
# compatibility_mode=1797 16775145 100 94 974248 75453204 703426 0
# compatibility_mode=5893 16776574 0 7 28101384 28101384 0 0
# compatibility_mode=8192 67108863 100 0 791 791 0 0
# compatibility_mode=9217 16777214 75 70 28104782 32679058 0 0
# scanned=98362
# found=8
# cleaned=0
# scan_time=5279
C:\Documents and Settings\Photo\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application (impossible de nettoyer) 00000000000000000000000000000000 I
C:\Documents and Settings\Photo\Desktop\eBay.lnk Win32/Adware.ADON application (impossible de nettoyer) 00000000000000000000000000000000 I
C:\Documents and Settings\Photo\Start Menu\eBay.lnk Win32/Adware.ADON application (impossible de nettoyer) 00000000000000000000000000000000 I
C:\Program Files\3GPConverter\VideoConverter.exe une variante de Win32/InstallCore.A application (impossible de nettoyer) 00000000000000000000000000000000 I
C:\Program Files\FoxTabMP3Converter\AudioConverter.exe une variante de Win32/InstallCore.A application (impossible de nettoyer) 00000000000000000000000000000000 I
C:\Program Files\FoxTabMP3Converter\Uninstall\Uninstall.exe une variante de Win32/InstallCore.A application (impossible de nettoyer) 00000000000000000000000000000000 I
D:\Downloads\Spydig_Setup.exe menaces multiples (impossible de nettoyer) 00000000000000000000000000000000 I
D:\Téléchargements\Mp3ConverterSetup.exe une variante de Win32/InstallCore.A application (impossible de nettoyer) 00000000000000000000000000000000 I |
|
Posté le 07/07/2011 à 12:03 |
| Bonjour
Cherche et supprime si présents les fichiers en gras ci dessous
Vide ta corbeille ( important )
C:\Documents and Settings\Photo\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
C:\Documents and Settings\Photo\Desktop\eBay.lnk
C:\Documents and Settings\Photo\Start Menu\eBay.lnk
C:\Program Files\3GPConverter\VideoConverter.exe
C:\Program Files\FoxTabMP3Converter\AudioConverter.exe
C:\Program Files\FoxTabMP3Converter\Uninstall\Uninstall.exe
D:\Downloads\Spydig_Setup.exe
D:\Téléchargements\Mp3ConverterSetup.exe
Ensuite =>
 Nettoyage des outils utilisés pour la désinfection; inutile de les garder sur le PC, puisque constamment mis à jour.
* Ferme toutes les applications en cours, puis télécharge ToolsCleaner (de A.Rothstein et Dj Quiou) sur ton Bureau :
- Double clique sur ToolsCleaner2.exe -> clique sur -> Recherche et laisse le scan se terminer.
- Clique sur -> Suppression pour finaliser
- Clique sur -> Quitter, pour que le rapport puisse se créer.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
- Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :
- Ctrl+Alt+Supp pour ouvrir le Gestionnaire des tâches.
- Puis rends toi à l'onglet "Processus", clique en haut à gauche sur "Fichiers" et choisis "Exécuter"
- Tape : explorer.exe et valide. Cela fera ré-apparaître ton Bureau.
.
** Tu peux par contre, garder Malwarebytes'Anti-malware et CCleaner. Utilise CCleaner tous les soirs avant de couper le PC (ne prends que quelques secondes!)
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
.
Vaccination des clés USB, disques durs externes, etc.
Cela permet d'éviter un certain nombre d'infections utilisant ce moyen pour se propager.
Tu peux lire cet article et télécharger l'application pour vacciner tes supports USB LÀ . Il faut placer le vaccin sur le support et exécuter le programme.
.
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
 Il est fortement recommandé d'avoir tous ses logiciels de sécurité à jour, afin d'éviter les failles par lesquelles s'engouffrent les infections.
Celà englobe les mises à jour de Windows, du navigateur, de Java, des lecteurs PDF, et notamment AdobeReader.
Pour Java, il est possible d'utiliser Javara. Cela permet d'installer la dernière version de Java et d'effacer les anciennes versions.
Pour le lecteur pdf, on peut utiliser des lecteurs alternatifs plus légers, comme Sumatra pdf, à la place de Reader.
Pour tester les vulnérabilités et les logiciels non à jour, il est possible de se rendre sur le site de Secunia et de faire une analyse de la machine.
* Pour suivre l'évolution des mises à jour de quelques logiciels de protection, ainsi que de Java : https://forum.pcastuces.com/sujet.asp?f=25&s=25842
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
Maintenant que ton PC n'est plus infecté, désactive la "Restauration du système" afin de créer un point de restauration sain.
Pour désactiver ou activer la Restauration du système, tu dois ouvrir une session Administrateur sous Windows XP.
Désactivation :
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok.
Ré-activation :
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok. Redémarre l'ordinateur.
 Comment faire pour désactiver la Restauration du système sous XP
Vider les points de Restauration système sous Vista
Activer ou désactiver la Restauration du système sous Windows 7
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
Je te conseille de défragmenter ton PC :
Défragmenter tous ses disques durs en un clic - Windows Vista
Procédure de défragmentation de vos disques durs dans Windows XP
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
Pour améliorer la sécurité de ton PC, prends quelques instants pour lire...
Sécuriser son PC +WIFI (versions "hot" & "light") : https://forum.pcastuces.com/sujet.asp?f=25&s=25892
Prévention et protection - Comment vous prémunir : https://forum.pcastuces.com/sujet.asp?f=25&s=36131
Les risques sécuritaires du peer-to-peer en 10 points : http://www.libellules.ch/phpBB2/les-risques-securitaires-du-peer-to-peer-en-10-points-t28947.html
Pourquoi éviter le P2P ? Point législatif et dangers : http://www.speedweb1.org/forum-tesgaz/viewtopic.php?t=1793
LE CRACK dans toute sa splendeur : http://www.speedweb1.org/forum-tesgaz/viewtopic.php?t=65
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
S'il te plait, note ton sujet [Résolu] en cliquant sur  Marquer comme résolu, à gauche, en bas de la page ou
dans la barre de titre de ton sujet. Merci !
Prudence sur Internet et parle de PC Astuces autour de toi!
Bonne continuation |
|
Posté le 07/07/2011 à 17:01 |
Astucien
| Evasion60
Je te prie de trouver le rapport :
[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\TB.txt: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Ad-remover: trouvé !
C:\Documents and Settings\Manager\Desktop\Rsit.exe: trouvé !
C:\Documents and Settings\Manager\Desktop\catchme.log: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\ZHPDiag: trouvé !
C:\Program Files\Ad-Remover\Backup\Ad-R.exe: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\Program Files\ZHPDiag\ZHPdiag.exe: trouvé !
C:\Program Files\ZHPDiag\catchme.exe: trouvé !
C:\Program Files\ZHPDiag\mbr.log: trouvé !
C:\Program Files\ZHPDiag\mbr.exe: trouvé !
---------------------------------
--> Suppression:
C:\Program Files\Ad-Remover\Backup\Ad-R.exe: supprimé !
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Program Files\ZHPDiag\ZHPdiag.exe: supprimé !
C:\Program Files\ZHPDiag\catchme.exe: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\Manager\Desktop\Rsit.exe: supprimé !
C:\Documents and Settings\Manager\Desktop\catchme.log: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Program Files\ZHPDiag\mbr.log: supprimé !
C:\Program Files\ZHPDiag\mbr.exe: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Ad-remover: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\ZHPDiag: supprimé ! |
|
Posté le 07/07/2011 à 17:47 |
Astucien
| Vaccination d'un DD portable
(J'ai place le vaccin sur le DD et execute le programme)
______
Thu 07/07/2011 - 17:41:02.90 - Vaccin USB - Gof
Lecteur détectés :
Volume in drive C has no label.
Volume Serial Number is 1086-5F62
Volume in drive D has no label.
Volume Serial Number is 0C63-96E2
Volume in drive G is Expansion Drive
Volume Serial Number is DCD7-6A49
Répertoires et fichiers vaccins :
c:\autorun.inf - Vaccin Ok
c:\adober.exe - Vaccin Ok
c:\copy.exe - Vaccin Ok
c:\comment.htt - Vaccin Ok
c:\host.exe - Vaccin Ok
c:\info.exe - Vaccin Ok
c:\msvcr71.dll - Vaccin Ok
c:\ravmon.exe - Vaccin Ok
c:\ravmon.log - Vaccin Ok
c:\sqlserv.exe - Vaccin Ok
c:\start.exe - Vaccin Ok
c:\temp.exe - Vaccin Ok
c:\temp1.exe - Vaccin Ok
c:\temp2.exe - Vaccin Ok
c:\winfile.exe - Vaccin Ok
c:\ntdelect.com - Vaccin Ok
d:\autorun.inf - Vaccin Ok
d:\adober.exe - Vaccin Ok
d:\copy.exe - Vaccin Ok
d:\comment.htt - Vaccin Ok
d:\host.exe - Vaccin Ok
d:\info.exe - Vaccin Ok
d:\msvcr71.dll - Vaccin Ok
d:\ravmon.exe - Vaccin Ok
d:\ravmon.log - Vaccin Ok
d:\sqlserv.exe - Vaccin Ok
d:\start.exe - Vaccin Ok
d:\temp.exe - Vaccin Ok
d:\temp1.exe - Vaccin Ok
d:\temp2.exe - Vaccin Ok
d:\winfile.exe - Vaccin Ok
d:\ntdelect.com - Vaccin Ok
g:\autorun.inf Present
g:\autorun.inf - Vaccin Ok
g:\adober.exe - Vaccin Ok
g:\copy.exe - Vaccin Ok
g:\comment.htt - Vaccin Ok
g:\host.exe - Vaccin Ok
g:\info.exe - Vaccin Ok
g:\msvcr71.dll - Vaccin Ok
g:\ravmon.exe - Vaccin Ok
g:\ravmon.log - Vaccin Ok
g:\sqlserv.exe - Vaccin Ok
g:\start.exe - Vaccin Ok
g:\temp.exe - Vaccin Ok
g:\temp1.exe - Vaccin Ok
g:\temp2.exe - Vaccin Ok
g:\winfile.exe - Vaccin Ok
g:\ntdelect.com - Vaccin Ok
Examen fonctions Autorun BDR :
Thu 07/07/2011 - 17:41:07.68 : Fin.
Modifié par Bruno_K le 07/07/2011 18:07 |
|
Posté le 07/07/2011 à 18:06 |
Astucien
| Vaccination d'une clef USB
_________
Thu 07/07/2011 - 18:04:11.35 - Vaccin USB - Gof
Lecteur détectés :
Volume in drive C has no label.
Volume Serial Number is 1086-5F62
Volume in drive D has no label.
Volume Serial Number is 0C63-96E2
Volume in drive F has no label.
Volume Serial Number is A83A-5A3C
Répertoires et fichiers vaccins :
c:\autorun.inf Present
c:\autorun.inf - Vaccin Ok
c:\adober.exe Present
c:\adober.exe - Vaccin Ok
c:\copy.exe Present
c:\copy.exe - Vaccin Ok
c:\comment.htt Present
c:\comment.htt - Vaccin Ok
c:\host.exe Present
c:\host.exe - Vaccin Ok
c:\info.exe Present
c:\info.exe - Vaccin Ok
c:\msvcr71.dll Present
c:\msvcr71.dll - Vaccin Ok
c:\ravmon.exe Present
c:\ravmon.exe - Vaccin Ok
c:\ravmon.log Present
c:\ravmon.log - Vaccin Ok
c:\sqlserv.exe Present
c:\sqlserv.exe - Vaccin Ok
c:\start.exe Present
c:\start.exe - Vaccin Ok
c:\temp.exe Present
c:\temp.exe - Vaccin Ok
c:\temp1.exe Present
c:\temp1.exe - Vaccin Ok
c:\temp2.exe Present
c:\temp2.exe - Vaccin Ok
c:\winfile.exe Present
c:\winfile.exe - Vaccin Ok
c:\ntdelect.com Present
c:\ntdelect.com - Vaccin Ok
d:\autorun.inf Present
d:\autorun.inf - Vaccin Ok
d:\adober.exe Present
d:\adober.exe - Vaccin Ok
d:\copy.exe Present
d:\copy.exe - Vaccin Ok
d:\comment.htt Present
d:\comment.htt - Vaccin Ok
d:\host.exe Present
d:\host.exe - Vaccin Ok
d:\info.exe Present
d:\info.exe - Vaccin Ok
d:\msvcr71.dll Present
d:\msvcr71.dll - Vaccin Ok
d:\ravmon.exe Present
d:\ravmon.exe - Vaccin Ok
d:\ravmon.log Present
d:\ravmon.log - Vaccin Ok
d:\sqlserv.exe Present
d:\sqlserv.exe - Vaccin Ok
d:\start.exe Present
d:\start.exe - Vaccin Ok
d:\temp.exe Present
d:\temp.exe - Vaccin Ok
d:\temp1.exe Present
d:\temp1.exe - Vaccin Ok
d:\temp2.exe Present
d:\temp2.exe - Vaccin Ok
d:\winfile.exe Present
d:\winfile.exe - Vaccin Ok
d:\ntdelect.com Present
d:\ntdelect.com - Vaccin Ok
f:\autorun.inf - Vaccin Ok
f:\adober.exe - Vaccin Ok
f:\copy.exe - Vaccin Ok
f:\comment.htt - Vaccin Ok
f:\host.exe - Vaccin Ok
f:\info.exe - Vaccin Ok
f:\msvcr71.dll - Vaccin Ok
f:\ravmon.exe - Vaccin Ok
f:\ravmon.log - Vaccin Ok
f:\sqlserv.exe - Vaccin Ok
f:\start.exe - Vaccin Ok
f:\temp.exe - Vaccin Ok
f:\temp1.exe - Vaccin Ok
f:\temp2.exe - Vaccin Ok
f:\winfile.exe - Vaccin Ok
f:\ntdelect.com - Vaccin Ok
Examen fonctions Autorun BDR :
Thu 07/07/2011 - 18:04:20.21 : Fin. |
|
Posté le 07/07/2011 à 18:38 |
Astucien
| Evasion60
J'ai un second portable qui a peut etre ete aussi infecte via la clef usb. Dois-je ouvrir un nouveau fil pour soumettre des rapports ZHPDiag + MalwareBytes ?
Merci infiniment.
|
|
Posté le 07/07/2011 à 18:44 |
| Bruno_K a écrit :
Evasion60
J'ai un second portable qui a peut etre ete aussi infecte via la clef usb. Dois-je ouvrir un nouveau fil pour soumettre des rapports ZHPDiag + MalwareBytes ?
Merci infiniment.
Hello
... Non, nous continuons ici, sur ce topic déjà ouvert 
Donc rebelotte avec les rapports du portable =>
-MBAM
-ZHPDiag
Bonne réception, et à te lire |
|
Posté le 07/07/2011 à 19:08 |
Astucien
| Merci Evasion60.
Je termine la serie d'operations de securite prescrites et je lance la procedure sur l'autre machine |
|
Posté le 08/07/2011 à 12:08 |
Astucien
| Début des opérations pour le second laptop soupçonné atteint d'infections via clef usb par le premier laptop...
Ce message sert à créer une césure avec la précédente opération par souci de clarté. |
|
Posté le 08/07/2011 à 12:08 |
Astucien
| Bonjour Evasion60,
Je te prie de trouver le Rapport ZHPDiag de Nicolas Coolman du 2e laptop
Fichier joint : ZHPDiag.txt Modifié par Bruno_K le 08/07/2011 12:11 |
|
Posté le 08/07/2011 à 12:44 |
| Bonjour
En attente du rapport de MBAM
Bien des scories qui trainent ( Ask + Conduit + PrinceGong )
- Télécharge Ad Remover d'El Desaparecido , C_XX & Chimay8 sur ton Bureau. Autre lien de téléchargement possible.
- Double-clique sur l'outil pour l'exécuter (Sous Vista ou windows 7, il faut faire un clic droit et l'exécuter en tant qu'administrateur),
- Lance la recherche et édite le rapport généré par l'outil dans ta prochaine réponse.
- Double-clique sur Ad Remover pour exécuter l'outil (ou clic droit>Exécuter en tant qu'administrateur sous Vista et windows 7),
- Lance le nettoyage et édite le rapport généré par l'outil dans ta prochaine réponse.
Tu as deux rapports à publier |
|
Posté le 08/07/2011 à 13:49 |
Astucien
| Désolé Evasion60 pour le retard du rapport MBAM : j'ai eu un empêchement soudain. Merci
Voici donc le rapport :
Malwarebytes' Anti-Malware
www.malwarebytes.org
Database version:
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
08/07/2011 13:44:21
mbam-log-2011-07-08 (13-44-21).txt
Scan type: Quick scan
Objects scanned: 181105
Time elapsed: 6 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
|
|
Posté le 08/07/2011 à 14:26 |
Astucien
| Premier rapport
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 14:25:09 le 08/07/2011, Mode normal
Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
Administration@MAN-HP (Hewlett-Packard Presario CQ56 Notebook PC)
============== RECHERCHE ==============
Fichier trouvé: C:\Windows\SysWOW64\ConduitEngine.tmp
Dossier trouvé: C:\Users\Man\AppData\Roaming\Mozilla\FireFox\Profiles\4j6cca8o.default\conduit
Dossier trouvé: C:\Program Files (x86)\Conduit
Dossier trouvé: C:\Program Files (x86)\ConduitEngine
-- Fichier ouvert: C:\Users\Man\AppData\Roaming\Mozilla\FireFox\Profiles\4j6cca8o.default\Prefs.js --
Ligne trouvée: user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/FR", "\"0\"");
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", ...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3....
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5....
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"...
Ligne trouvée: user_pref("CommunityToolbar.EngineOwner", "");
Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Ligne trouvée: user_pref("CommunityToolbar.IsEngineShown", true);
Ligne trouvée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Ligne trouvée: user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Man\\AppData\\Roaming\\Mozilla\\Fir...
Ligne trouvée: user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Ligne trouvée: user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.applian.com/freecorder-gadget/loader....
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Ligne trouvée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Ligne trouvée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Jun 09 2011 13:36:49 GMT+02...
Ligne trouvée: user_pref("CommunityToolbar.alert.alertEnabled", false);
Ligne trouvée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.alert.locale", "en");
Ligne trouvée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 28 2011 21:36:41 GMT+0200");
Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Ligne trouvée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Ligne trouvée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Ligne trouvée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Ligne trouvée: user_pref("CommunityToolbar.alert.userId", "9670f4e3-462f-4229-b903-4af7c8c89f22");
Ligne trouvée: user_pref("CommunityToolbar.globalUserId", "20e94e44-b18d-4adb-8714-07dcbfea8f53");
Ligne trouvée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Ligne trouvée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Ligne trouvée: user_pref("CommunityToolbar.killedEngine", true);
Ligne trouvée: user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Jul 07 2011 07:32:4...
Ligne trouvée: user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Ligne trouvée: user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jul 08 2011 08:33:00 GMT+020...
Ligne trouvée: user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.notifications.locale", "en");
Ligne trouvée: user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Ligne trouvée: user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 08 2011 08:17:06 GMT+0200");
Ligne trouvée: user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Ligne trouvée: user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Ligne trouvée: user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Ligne trouvée: user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Ligne trouvée: user_pref("CommunityToolbar.notifications.userId", "af56f799-8549-4f52-8b76-039b5280bb99");
Ligne trouvée: user_pref("CommunityToolbar.undefined", "");
-- Fichier Fermé --
Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Classes\CLSID\{70D4604B-DBD0-48C7-AD24-217F5F8D8013}
Clé trouvée: HKLM\Software\Classes\CLSID\{9054891D-DC4E-4A87-AF03-84E299E93ABD}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9054891D-DC4E-4A87-AF03-84E299E93ABD}
Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\Toolbar.CT1060933
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2645238
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\conduitEngine
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A13D2781-696B-4CB7-AEC6-04A1665050C8}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
============== SCAN ADDITIONNEL ==============
**** Mozilla Firefox Version [5.0 (fr)] ****
Plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
HKLM_MozillaPlugins\@checkpoint.com/FFApi (x)
HKLM_MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf (x)
HKLM_MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
HKLM_Extensions|msntoolbar@msn.com - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox
-- C:\Users\Administration\AppData\Roaming\Mozilla\FireFox\Profiles\h3tftvju.default --
Prefs.js - browser.startup.homepage, hxxp://www.google.com/
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0
-- C:\Users\Man\AppData\Roaming\Mozilla\FireFox\Profiles\4j6cca8o.default --
Extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} (Freecorder Community Toolbar)
User.js - keyword.URL, hxxp://redirecterror.sfr.fr/?q=
Prefs.js - browser.download.lastDir, F:\\Images
Prefs.js - browser.startup.homepage, hxxp://www.google.com.vn/
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0
Prefs.js - keyword.URL, hxxp://redirecterror.sfr.fr/?q=
========================================
**** Internet Explorer Version [9.0.8112.16421] ****
HKCU_Main|Default_Page_URL - hxxp://g.uk.msn.com/CQNOT/3
HKCU_Main|First Home Page - hxxp://g.uk.msn.com/CQNOT/3
HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU_Main|Start Page - hxxp://g.uk.msn.com/CQNOT/3
HKLM_Main|Default_Page_URL - hxxp://g.uk.msn.com/CQNOT/3
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://g.uk.msn.com/CQNOT/3
HKLM_URLSearchHooks|{1392b8d2-5c05-419f-a8f6-b9f15a596612} - "Freecorder Toolbar" (C:\Program Files (x86)\Freecorder\prxtbFre0.dll)
HKLM_SearchScopes\{AC3E15E3-5374-435E-9829-3217E6D68726} - "Wikipedia" (hxxp://fr.wikipedia.org/wiki/Special:Search?search={searchTerms})
HKLM_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "ZoneAlarm Security Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll)
HKLM_Toolbar|{1392b8d2-5c05-419f-a8f6-b9f15a596612} (C:\Program Files (x86)\Freecorder\prxtbFre0.dll)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll)
HKLM_Toolbar|{6B896ADB-4A82-46e2-858C-13134782CE34} (C:\Program Files (x86)\Xmlbar\Video Joiner\IEBar\xbietb.dll)
HKLM_ElevationPolicy\eb5b812f-6f00-4381-9d1f-d22435860167 - C:\Program Files (x86)\ZoneAlarm_Security\ZoneAlarm_SecurityToolbarHelper.exe (x)
HKLM_ElevationPolicy\fdef61e3-a9dc-4fe9-895b-19beac0f716a - C:\Program Files (x86)\ZoneAlarm_Security\ZoneAlarm_SecurityToolbarHelper.exe (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{558036EE-80D9-4A11-B636-89A642869AE0} - C:\Program Files (x86)\Freecorder\FreecorderToolbarHelper1.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{9953E111-BC78-4119-9305-E910C1431ADE} - C:\Users\Man\AppData\Local\Conduit\CT1060933\FreecorderAutoUpdaterHelper.exe (?)
HKLM_ElevationPolicy\{A13D2781-696B-4CB7-AEC6-04A1665050C8} - C:\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe (?)
HKLM_ElevationPolicy\{B2321D2F-1154-4d97-AD3E-2FE0BAE2897B} - C:\Program Files (x86)\SFR\Kit\9launch.exe (SFR)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{C676939D-C86E-4f8f-B1EB-4641F9ACD474} - C:\Program Files (x86)\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe (?)
HKLM_ElevationPolicy\{F714027E-66D4-4335-9935-4A96469F6EA2} - C:\Program Files (x86)\Xmlbar\Youku Downloader\YoukuDownloader(xmlbar).exe (Xmlbar.com, Inc.)
HKLM_Extensions\{612F6E5C-B314-4bab-93D1-D266AAFBE700} - "Run YoukuDownloader" (C:\Program Files (x86)\Xmlbar\Youku Downloader\YoukuDownloader(xmlbar).exe,128)
HKLM_Extensions\{C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - "Video Joiner" (C:\Program Files (x86)\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe,128)
BHO\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - "Objet d'aide à la navigation SFR" (C:\Program Files (x86)\SFR\Kit\SFRNavErrorHelper.dll)
BHO\{1392b8d2-5c05-419f-a8f6-b9f15a596612} - "Freecorder Toolbar" (C:\Program Files (x86)\Freecorder\prxtbFre0.dll)
BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine " (C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
========================================
C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 1 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 08/07/2011 14:25:25 (14102 Octet(s))
Fin à: 14:26:14, 08/07/2011
============== E.O.F ============== Modifié par Bruno_K le 08/07/2011 14:38 |
|
Alerte VIRUS sur mon PC ?
À LA UNE
PRATIQUE
LOGITHÈQUE
TABLETTE ET MOBILE
BONS PLANS
FONDS D'ÉCRAN
JEUX
FORUM
