Re.
j’ai trouvé un dossier dans le C/ ce dossier s’appel QOOBOX,
il y a 2 sous-dossiers:
-Back Env
-Quarantine.
il y a aussi 2 doc texte:
-Add-remove programs.
-Combofix-quarantined-files.
et un fichier data:
-SNAPshot
Veux tu que je te poste ce qu’il y a dedans, ou je supprime?
QOOBOX, c est celui de ComboFix donc tu peux supprimer le dossier C:\ComboFix - Qoobox
quand à ==>SNAPshot ==> ça est en rapport avec un logiciel Photo ou Capture d écran ??,
quand aux Utilitaitre utilisés pour ton Topic on verra à la fin
PS Tu me diras si ta connection fonctionne et si tu arrives à Surfer
@++ cricri58
Edité le 28/12/2009 à 20:10
Re.
je crois qu’il y a quelque chose qui cloche!
a la fin du scan, j’ai vu aucun pop-up, ya juste la fenetre du scan qui etait affiché, donc je sais plus quoi faire, il y a eu ces deux rapport que te poste
1)
Results of system analysis
Kaspersky Virus Removal Tool 2010 9.0.0.722 (database released 25/12/2009; 06:53)
List of processes
File name PID Description Copyright MD5 Information
c:\windows\explorer.exe
Script: Quarantine, Delete, BC delete, Terminate 832 Explorateur Windows © Microsoft Corporation. Tous droits r?serv?s. ?? 1013.50 kb, rsah,
created: 13/04/2008 17:34:04,
modified: 13/04/2008 17:34:04
Command line:
C:\WINDOWS\Explorer.EXE
c:\windows\system32\winlogon.exe
Script: Quarantine, Delete, BC delete, Terminate 244 Application d’ouverture de session Windows NT © Microsoft Corporation. Tous droits r?serv?s. ?? 500.00 kb, rsah,
created: 13/04/2008 17:34:30,
modified: 13/04/2008 17:34:30
Command line:
winlogon.exe
Detected:12, recognized as trusted 12
Module name Handle Description Copyright MD5 Used by processes
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
Script: Quarantine, Delete, BC delete 29229056 PDF Shell Extension Copyright 2000-2007 Adobe Systems, Inc. – 832
C:\WINDOWS\system32\WgaLogon.dll
Script: Quarantine, Delete, BC delete 17891328 Windows Genuine Advantage Notifications © 1995-2008 Microsoft Corporation – 244
Modules detected:231, recognized as trusted 229
Kernel Space Modules Viewer
Module Base address Size in memory Description Manufacturer
C:\WINDOWS\System32\Drivers\dump_atapi.sys
Script: Quarantine, Delete, BC delete BACEF000 018000 (98304)
C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Script: Quarantine, Delete, BC delete F79B5000 002000 (8192)
Modules detected - 74, recognized as trusted - 72
Services
Service Description Status File Group Dependencies
gusvc
Service: Stop, Delete, Disable Google Software Updater Not started C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Script: Quarantine, Delete, BC delete RPCSS
NMIndexingService
Service: Stop, Delete, Disable NMIndexingService Not started C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Script: Quarantine, Delete, BC delete RPCSS
NVSvc
Service: Stop, Delete, Disable NVIDIA Display Driver Service Not started C:\WINDOWS\system32\nvsvc32.exe
Script: Quarantine, Delete, BC delete
WMPNetworkSvc
Service: Stop, Delete, Disable Service Partage r?seau du Lecteur Windows Media Not started C:\Program Files\Windows Media Player\WMPNetwk.exe
Script: Quarantine, Delete, BC delete upnphost
Detected - 110, recognized as trusted - 106
Drivers
Service Description Status File Group Dependencies
Abiosdsk
Driver: Unload, Delete, Disable Abiosdsk Not started Abiosdsk.sys
Script: Quarantine, Delete, BC delete Primary disk
abp480n5
Driver: Unload, Delete, Disable abp480n5 Not started abp480n5.sys
Script: Quarantine, Delete, BC delete SCSI miniport
adpu160m
Driver: Unload, Delete, Disable adpu160m Not started adpu160m.sys
Script: Quarantine, Delete, BC delete SCSI miniport
Aha154x
Driver: Unload, Delete, Disable Aha154x Not started Aha154x.sys
Script: Quarantine, Delete, BC delete SCSI miniport
aic78u2
Driver: Unload, Delete, Disable aic78u2 Not started aic78u2.sys
Script: Quarantine, Delete, BC delete SCSI miniport
aic78xx
Driver: Unload, Delete, Disable aic78xx Not started aic78xx.sys
Script: Quarantine, Delete, BC delete SCSI miniport
AliIde
Driver: Unload, Delete, Disable AliIde Not started AliIde.sys
Script: Quarantine, Delete, BC delete System Bus Extender
amsint
Driver: Unload, Delete, Disable amsint Not started amsint.sys
Script: Quarantine, Delete, BC delete SCSI miniport
asc
Driver: Unload, Delete, Disable asc Not started asc.sys
Script: Quarantine, Delete, BC delete SCSI miniport
asc3350p
Driver: Unload, Delete, Disable asc3350p Not started asc3350p.sys
Script: Quarantine, Delete, BC delete SCSI miniport
asc3550
Driver: Unload, Delete, Disable asc3550 Not started asc3550.sys
Script: Quarantine, Delete, BC delete SCSI miniport
Atdisk
Driver: Unload, Delete, Disable Atdisk Not started Atdisk.sys
Script: Quarantine, Delete, BC delete Primary disk
catchme
Driver: Unload, Delete, Disable catchme Not started C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
Script: Quarantine, Delete, BC delete Base
cd20xrnt
Driver: Unload, Delete, Disable cd20xrnt Not started cd20xrnt.sys
Script: Quarantine, Delete, BC delete SCSI miniport
Changer
Driver: Unload, Delete, Disable Changer Not started Changer.sys
Script: Quarantine, Delete, BC delete Filter
CmdIde
Driver: Unload, Delete, Disable CmdIde Not started CmdIde.sys
Script: Quarantine, Delete, BC delete System Bus Extender
Cpqarray
Driver: Unload, Delete, Disable Cpqarray Not started Cpqarray.sys
Script: Quarantine, Delete, BC delete SCSI miniport
dac960nt
Driver: Unload, Delete, Disable dac960nt Not started dac960nt.sys
Script: Quarantine, Delete, BC delete SCSI miniport
dpti2o
Driver: Unload, Delete, Disable dpti2o Not started dpti2o.sys
Script: Quarantine, Delete, BC delete SCSI miniport
GPU-Z
Driver: Unload, Delete, Disable GPU-Z Not started GPU-Z.sys
Script: Quarantine, Delete, BC delete
hpn
Driver: Unload, Delete, Disable hpn Not started hpn.sys
Script: Quarantine, Delete, BC delete SCSI miniport
i2omgmt
Driver: Unload, Delete, Disable i2omgmt Not started i2omgmt.sys
Script: Quarantine, Delete, BC delete SCSI Class
i2omp
Driver: Unload, Delete, Disable i2omp Not started i2omp.sys
Script: Quarantine, Delete, BC delete SCSI miniport
ini910u
Driver: Unload, Delete, Disable ini910u Not started ini910u.sys
Script: Quarantine, Delete, BC delete SCSI miniport
IntelIde
Driver: Unload, Delete, Disable IntelIde Not started IntelIde.sys
Script: Quarantine, Delete, BC delete System Bus Extender
lbrtfdc
Driver: Unload, Delete, Disable lbrtfdc Not started lbrtfdc.sys
Script: Quarantine, Delete, BC delete System Bus Extender
mraid35x
Driver: Unload, Delete, Disable mraid35x Not started mraid35x.sys
Script: Quarantine, Delete, BC delete SCSI miniport
nv
Driver: Unload, Delete, Disable nv Not started C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Script: Quarantine, Delete, BC delete Video
PCIDump
Driver: Unload, Delete, Disable PCIDump Not started PCIDump.sys
Script: Quarantine, Delete, BC delete PCI Configuration
PDCOMP
Driver: Unload, Delete, Disable PDCOMP Not started PDCOMP.sys
Script: Quarantine, Delete, BC delete
PDFRAME
Driver: Unload, Delete, Disable PDFRAME Not started PDFRAME.sys
Script: Quarantine, Delete, BC delete
PDRELI
Driver: Unload, Delete, Disable PDRELI Not started PDRELI.sys
Script: Quarantine, Delete, BC delete
PDRFRAME
Driver: Unload, Delete, Disable PDRFRAME Not started PDRFRAME.sys
Script: Quarantine, Delete, BC delete
perc2
Driver: Unload, Delete, Disable perc2 Not started perc2.sys
Script: Quarantine, Delete, BC delete SCSI miniport
perc2hib
Driver: Unload, Delete, Disable perc2hib Not started perc2hib.sys
Script: Quarantine, Delete, BC delete Filter
ql1080
Driver: Unload, Delete, Disable ql1080 Not started ql1080.sys
Script: Quarantine, Delete, BC delete SCSI miniport
Ql10wnt
Driver: Unload, Delete, Disable Ql10wnt Not started Ql10wnt.sys
Script: Quarantine, Delete, BC delete SCSI miniport
ql12160
Driver: Unload, Delete, Disable ql12160 Not started ql12160.sys
Script: Quarantine, Delete, BC delete SCSI miniport
ql1240
Driver: Unload, Delete, Disable ql1240 Not started ql1240.sys
Script: Quarantine, Delete, BC delete SCSI miniport
ql1280
Driver: Unload, Delete, Disable ql1280 Not started ql1280.sys
Script: Quarantine, Delete, BC delete SCSI miniport
Simbad
Driver: Unload, Delete, Disable Simbad Not started Simbad.sys
Script: Quarantine, Delete, BC delete Filter
Sparrow
Driver: Unload, Delete, Disable Sparrow Not started Sparrow.sys
Script: Quarantine, Delete, BC delete SCSI miniport
sym_hi
Driver: Unload, Delete, Disable sym_hi Not started sym_hi.sys
Script: Quarantine, Delete, BC delete SCSI miniport
sym_u3
Driver: Unload, Delete, Disable sym_u3 Not started sym_u3.sys
Script: Quarantine, Delete, BC delete SCSI miniport
symc810
Driver: Unload, Delete, Disable symc810 Not started symc810.sys
Script: Quarantine, Delete, BC delete SCSI miniport
symc8xx
Driver: Unload, Delete, Disable symc8xx Not started symc8xx.sys
Script: Quarantine, Delete, BC delete SCSI miniport
TosIde
Driver: Unload, Delete, Disable TosIde Not started TosIde.sys
Script: Quarantine, Delete, BC delete System Bus Extender
ultra
Driver: Unload, Delete, Disable ultra Not started ultra.sys
Script: Quarantine, Delete, BC delete SCSI miniport
ViaIde
Driver: Unload, Delete, Disable ViaIde Not started ViaIde.sys
Script: Quarantine, Delete, BC delete System Bus Extender
WDICA
Driver: Unload, Delete, Disable WDICA Not started WDICA.sys
Script: Quarantine, Delete, BC delete
ZD1211BU(Atheros)
Driver: Unload, Delete, Disable ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros) Not started C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
Script: Quarantine, Delete, BC delete NDIS
Detected - 208, recognized as trusted - 157
Autoruns
File name Status Startup method Description
C:\Program Files\Alwil Software\Avast4\aswRes.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Antivirus\avast!, EventMessageFile
Delete
C:\Program Files\Bonjour\mDNSResponder.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Bonjour Service, EventMessageFile
Delete
C:\Program Files\FlashFXP\FlashFXP.exe
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch, C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashFXP.lnk,
C:\Program Files\Free 3GP Converter\Free3GPConverter.exe
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch, C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Free 3GP Converter.lnk,
C:\Program Files\Free Video Converter\FreeVideoConverter.exe
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch, C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk,
C:\Program Files\Mobile Partner\Mobile Partner.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_USERS, S-1-5-21-1275210071-1202660629-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Run, Mobile Partner
Delete
C:\Program Files\MyPlayCity.com\Need For Extreme 3D\NFE3D.exe
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch, C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Need For Extreme 3D.lnk,
C:\Program Files\SABnzbd\SABnzbd.exe
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch, C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\SABnzbd.lnk,
C:\Program Files\Videos To DVD\VideosToDVD.exe
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch, C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Videos To DVD.lnk,
C:\Program Files\WinAVI MP4 Converter\WinAVI MP4 Converter.exe
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch, C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\WinAVI MP4 Converter.lnk,
C:\Program Files\WinMover\WinMover.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_USERS, S-1-5-21-1275210071-1202660629-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Run, WinMover
Delete
C:\Program Files\Windows Media Player\WMPNetwk.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WMPNetworkSvc, EventMessageFile
Delete
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fr\aspnet_rc.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ASP.NET 2.0.50727.0, EventMessageFile
Delete
C:\WINDOWS\System32\PrintFilterPipelineSvc.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc, EventMessageFile
Delete
C:\WINDOWS\System32\hidserv.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HidServ\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\igmpv2.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile
Delete
C:\WINDOWS\System32\ipbootp.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile
Delete
C:\WINDOWS\System32\iprip2.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile
Delete
C:\WINDOWS\System32\ospf.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF, EventMessageFile
Delete
C:\WINDOWS\System32\ospfmib.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib, EventMessageFile
Delete
C:\WINDOWS\System32\polagent.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent, EventMessageFile
Delete
C:\WINDOWS\System32\tssdis.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir, EventMessageFile
Delete
C:\WINDOWS\system32\DivX.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.DIVX
Delete
C:\WINDOWS\system32\DivX.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.yv12
Delete
C:\WINDOWS\system32\JKDEFR~1.SCR
Script: Quarantine, Delete, BC delete Active Registry key HKEY_USERS, S-1-5-20\Control Panel\Desktop, scrnsave.exe
Delete
C:\WINDOWS\system32\MsSip1.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1, $DLL
Delete
C:\WINDOWS\system32\MsSip2.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2, $DLL
Delete
C:\WINDOWS\system32\MsSip3.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3, $DLL
Delete
C:\WINDOWS\system32\NvCpl.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, NvCplDaemon
Delete
C:\WINDOWS\system32\NvMcTray.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, NvMediaCenter
Delete
C:\WINDOWS\system32\stisvc.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System, EventMessageFile
Delete
D:\Picasa2\Picasa2.exe
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch, C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa2.lnk,
WgaLogon.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon, DLLName
Delete
kbd101.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver JPN
Delete
kbd101a.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver KOR
Delete
mvfs32.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_USERS, .DEFAULT\Control Panel\IOProcs, MVB
Delete
mvfs32.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_USERS, S-1-5-20\Control Panel\IOProcs, MVB
Delete
mvfs32.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_USERS, S-1-5-18\Control Panel\IOProcs, MVB
Delete
mvfs32.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_USERS, S-1-5-21-1275210071-1202660629-1177238915-500\Control Panel\IOProcs, MVB
Delete
nvoglnt.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers\RIVATNT, DLL
Delete
vgafix.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon
Delete
vgaoem.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon
Delete
vgasys.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon
Delete
Autoruns items detected - 633, recognized as trusted - 590
Microsoft Internet Explorer extension modules (BHOs, Toolbars …)
File name Type Description Manufacturer CLSID
C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
Script: Quarantine, Delete, BC delete BHO Epson Easy Photo Print (TBL) Copyright © SEIKO EPSON CORPORATION 2008, All rights reserved. {9421DD08-935F-4701-A9CA-22DF90AC4EA6}
Delete
Extension module {2670000A-7350-4f3c-8081-5663EE0C6C49}
Delete
Extension module {92780B25-18CC-41C8-B9BE-3C9C571A8263}
Delete
Extension module {B205A35E-1FC4-4CE3-818B-899DBBB3388C}
Delete
Elements detected - 19, recognized as trusted - 15
Windows Explorer extension modules
File name Destination Description Manufacturer CLSID
Extensions de l’environnement de compression de fichiers {764BF0E1-F219-11ce-972D-00AA00A14F56}
Delete
Menu contextuel de cryptage {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
Delete
C:\WINDOWS\system32\ShellExt\CmdOpen.dll
Script: Quarantine, Delete, BC delete CmdOpen Shell Extension Open Command Prompt Shell Extension Copyright © Kai Liu. All rights reserved. {693B08DA-DA1F-4f2b-A145-C06BDF01868A}
Delete
Barre des t?ches et menu D?marrer {0DF44EAA-FF21-4412-828E-260A8728E7F1}
Delete
rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}
Script: Quarantine, Delete, BC delete Autoplay for SlideShow {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}
Delete
Comptes d’utilisateurs {7A9D77BD-5403-11d2-8785-2E0420524153}
Delete
C:\WINDOWS\system32\Audiodev.dll
Script: Quarantine, Delete, BC delete Portable Media Devices Portable Media Devices Shell Extension Copyright © Microsoft Corporation. All rights reserved. {640167b4-59b0-47a6-b335-a6b3c0695aea}
Delete
QuickPar ContextMenu extension {D120D80B-BD26-4A74-8E43-2C2AF0966139}
Delete
NeroDigitalIconHandler {B327765E-D724-4347-8B16-78AE18552FC3}
Delete
NeroDigitalPropSheetHandler {7F1CF152-04F8-453A-B34C-E609530A9DC8}
Delete
Glary Utilities Context Menu Shell Extension {72923739-5A47-40A3-9895-25AF0DFBB9E4}
Delete
“C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe” /PhotoViewerComServer {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}
Script: Quarantine, Delete, BC delete Windows Live Photo Gallery Autoplay Drop Target {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}
Delete
“C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe” /PhotoViewerComServer {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}
Script: Quarantine, Delete, BC delete Windows Live Photo Gallery Viewer Drop Target {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}
Delete
“C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe” /PhotoViewerComServer {00F374B7-B390-4884-B372-2FC349F2172B}
Script: Quarantine, Delete, BC delete Windows Live Photo Gallery Editor Drop Target {00F374B7-B390-4884-B372-2FC349F2172B}
Delete
deskpan.dll
Script: Quarantine, Delete, BC delete Extension Affichage Panorama du Panneau de configuration {42071714-76d4-11d1-8b24-00a0c9068ff3}
Delete
C:\WINDOWS\system32\nvcpl.dll
Script: Quarantine, Delete, BC delete NvCpl DesktopContext Class NVIDIA Display Properties Extension © NVIDIA Corporation. All rights reserved. {A70C977A-BF00-412C-90B7-034C51DA2439}
Delete
C:\WINDOWS\system32\nvshell.dll
Script: Quarantine, Delete, BC delete Desktop Explorer {1CDB2949-8F65-4355-8456-263E7C208A5D}
Delete
C:\WINDOWS\system32\nvshell.dll
Script: Quarantine, Delete, BC delete Desktop Explorer Menu {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
Delete
C:\WINDOWS\system32\nvshell.dll
Script: Quarantine, Delete, BC delete nView Desktop Context Menu {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
Delete
C:\WINDOWS\system32\nvcpl.dll
Script: Quarantine, Delete, BC delete Play on my TV helper NVIDIA Display Properties Extension © NVIDIA Corporation. All rights reserved. {FFB699E0-306A-11d3-8BD1-00104B6F7516}
Delete
ColumnHandler {7D4D6379-F301-4311-BEBA-E26EB0561882}
Delete
Elements detected - 248, recognized as trusted - 227
Printing system extensions (print monitors, providers)
File name Type Name Description Manufacturer
Elements detected - 9, recognized as trusted - 9
Task Scheduler jobs
File name Job name Job status Description Manufacturer
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Script: Quarantine, Delete, BC delete Google Software Updater.job The task has not yet run.
C:\WINDOWS\tasks\JkDefragTask.cmd
Script: Quarantine, Delete, BC delete JkDefrag.job The task has not yet run.
C:\WINDOWS\system32\OGAEXEC.exe
Script: Quarantine, Delete, BC delete OGALogon.job The task has not yet run.
Elements detected - 7, recognized as trusted - 4
SPI/LSP settings
Namespace providers (NSP) Provider Status EXE file Description GUID
Detected - 4, recognized as trusted - 4
Transport protocol providers (TSP, LSP) Provider EXE file Description
Detected - 28, recognized as trusted - 28
Results of automatic SPI settings check LSP settings checked. No errors detected
TCP/UDP ports
Port Status Remote Host Remote Port Application Notes
TCP ports
UDP ports
Downloaded Program Files (DPF)
File name Description Manufacturer CLSID Source URL
Elements detected - 4, recognized as trusted - 4
Control Panel Applets (CPL)
File name Description Manufacturer
C:\WINDOWS\system32\cttune.cpl
Script: Quarantine, Delete, BC delete ClearType Tuning Applet Copyright © 2002 - 2004 Microsoft Corp.
C:\WINDOWS\system32\javacpl.cpl
Script: Quarantine, Delete, BC delete Java™ Control Panel Copyright © 2004
C:\WINDOWS\system32\nvtuicpl.cpl
Script: Quarantine, Delete, BC delete
Elements detected - 31, recognized as trusted - 28
Active Setup
File name Description Manufacturer CLSID
Elements detected - 17, recognized as trusted - 17
HOSTS file
Hosts file record
127.0.0.1 localhost
Protocols and handlers
File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Elements detected - 34, recognized as trusted - 31
Suspicious objects
File Description Type
Main script of analysis
Windows version: Microsoft Windows XP, Build=2600, SP=“Service Pack 3”
System Restore: enabled
System booted in Safe Mode
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
IAT modification detected: CreateProcessA - 00B60010<>7C80236B
IAT modification detected: GetModuleFileNameA - 00B60080<>7C80B56F
IAT modification detected: GetModuleFileNameW - 00B600F0<>7C80B475
IAT modification detected: CreateProcessW - 00B60160<>7C802336
IAT modification detected: LoadLibraryW - 00B60240<>7C80AEEB
IAT modification detected: LoadLibraryA - 00B60320<>7C801D7B
IAT modification detected: GetProcAddress - 00B60390<>7C80AE40
IAT modification detected: FreeLibrary - 00B60400<>7C80AC7E
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
Driver communication failure [00000002] - [1]
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
Driver communication failure [00000002] - [1]
Services: potentially dangerous service allowed: RemoteRegistry (Acc?s ? distance au Registre)
Services: potentially dangerous service allowed: TermService (Services Terminal Server)
Services: potentially dangerous service allowed: Schedule (Planificateur de t?ches)
Services: potentially dangerous service allowed: mnmsrvc (Partage de Bureau ? distance NetMeeting)
Services: potentially dangerous service allowed: RDSessMgr (Gestionnaire de session d’aide sur le Bureau ? distance)
Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
Security: disk drives’ autorun is enabled
Security: administrative shares (C$, D$ …) are enabled
Security: anonymous user access is enabled
Security: automatic logon is enabled
Connecting and disconnecting network drives blocked
Elements of Start menu blocked
Process termination timeout is out of admissible values
Service termination timeout is out of admissible values
Timeout of “Not Responding” verdict for processes is out of admissible values
Disable HDD autorun
Disable autorun from network drives
Disable CD/DVD autorun
Disable removable media autorun
Windows Explorer - show extensions of known file types
System Analysis in progress
System Analysis - complete
Script commands
Add commands to script:Blocking hooks using Anti-RootkitEnable AVZGuardOperations with AVZPM (true=enable,false=disable)BootCleaner - import list of deleted filesRegistry cleanup after deleting filesBootCleaner - activateRebootInsert template for QuarantineFile() - quarantining fileInsert template for BC_QrFile() - quarantining file via BootCleanerInsert template for DeleteFile() - deleting fileInsert template for DelCLSID() - deleting CLSID item from registryAdditional operations:Performance tweaking: disable service RemoteRegistry (Acc?s ? distance au Registre)Performance tweaking: disable service TermService (Services Terminal Server)Performance tweaking: disable service Schedule (Planificateur de t?ches)Performance tweaking: disable service mnmsrvc (Partage de Bureau ? distance NetMeeting)Performance tweaking: disable service RDSessMgr (Gestionnaire de session d’aide sur le Bureau ? distance)Security tweaking: disable CD autorunSecurity tweaking: disable administrative sharesSecurity tweaking: disable anonymous user accessSecurity tweaking: disable automatic logon--------------------------------------------------------------------------------
File list
re.
je constate une nette amélioration…on a fait des progrés l’ami, plutot c toi.
Ca commence a donnee du jus .
G juste un probléme de connection, des fois c haut des fois c bas.
Salut
Fais ceci tu as du boulot
Bien entendu tu me poste tous les rapports et si une étape coince ,tu me le signale avec quoi comme erreur et tu passes à la suite
Ok !! Respectes l ordre et la façon d éxécuter
Cliques sur ==> Do a System Scan Only
coches ces Lignes
Fermes tes autres applications sauf ==> hijackthis ( bien sûr )
et Cliques sur ==> Fix Checked
aprés
2)Désactives ton antivirus
Telecharge et install UsbFix (de C_XX & Chiquitine29)
==>UsbFix (de C_XX & Chiquitine29)
Déconnectes toi et fermes toutes applications en cours
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc…) susceptibles d avoir été infectés sans les ouvrir
Double clic sur le raccourci UsbFix présent sur ton bureau .
Choisi ==> l option 2 (Suppression)
Laisse travailler l outil.
Ensuite poste le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Réactives ton antivirus
Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved
Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.
Poste le rapport de OTMoveIt qui se trouve dans C:_OTMoveIt\MovedFiles.
ensuite
télécharges Smitfraudfix :
==>smitfraudfix
Redémarre en mode sans échec :
Pour cela, tu tapotes la touche F8 à lallumage du pc sans tarrêter.
Une fenêtre va souvrir. Choisis démarrer en mode sans échec puis tape entrée.
Choisis ton compte.
Relance le programme SmitfraudFix
tu vas dans le dossier SmitFraudFix crée sur ton bureau et tu doubles-cliques sur SmitFraudFix.cmd.
Cette fois choisis loption 2, réponds oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal,
copie/colle le rapport ici
ensuite
tu le relanceras SmitfraudFix ==> mais en Mode Normal ce coup-çi
Choisis cette fois l’option :5
Copie/colle le rapport
@+ cricri58
slt l’ami, oui, apparement j’ai du boulot!
Concernant
[/quote]
Tu as une version légale de Windows Toi ??? ==>Sweet ???[quote=""]
, Franchement je crois que non, quand j’ai acheter mon PC, j’ai demander au vendeur de me le remettre en etat de fonction, donc c lui qui m’a tout installer, et j’ai pa eu le refléxe de lui demandé… bref
Voici le 1er rapport:
############################## | UsbFix V6.068 |
User : Administrateur (Administrateurs) # SWEET-D42179DC8
Update on 28/12/2009 by El Desaparecido , C_XX & Chimay8
Start at: 18:47:44 | 29/12/2009
Website : pagesperso-orange.fr…
Contact : FindyKill.Contact@gmail.com
Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 091229-0] 4.8.1368 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 49,1 Go (30,73 Go free) # NTFS
D:\ -> Disque fixe local # 49,16 Go (36,99 Go free) # FAT32
E:\ -> Disque fixe local # 50,77 Go (36,89 Go free) # FAT32
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM # 11,86 Mo (0 Mo free) [Mobile Partner] # CDFS
H:\ -> Disque amovible # 957,49 Mo (739,69 Mo free) [HACENE] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 1200
C:\WINDOWS\system32\csrss.exe 1320
C:\WINDOWS\system32\winlogon.exe 1416
C:\WINDOWS\system32\services.exe 1460
C:\WINDOWS\system32\lsass.exe 1472
C:\WINDOWS\system32\svchost.exe 1672
C:\WINDOWS\system32\svchost.exe 1740
C:\WINDOWS\System32\svchost.exe 1780
C:\WINDOWS\system32\svchost.exe 2004
C:\WINDOWS\system32\svchost.exe 2032
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 188
C:\Program Files\Alwil Software\Avast4\ashServ.exe 240
C:\WINDOWS\system32\logonui.exe 272
C:\WINDOWS\system32\userinit.exe 624
C:\WINDOWS\Explorer.EXE 676
C:\WINDOWS\system32\ctfmon.exe 688
C:\WINDOWS\system32\spoolsv.exe 1068
C:\WINDOWS\system32\svchost.exe 1140
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1236
C:\WINDOWS\system32\svchost.exe 1268
C:\WINDOWS\System32\svchost.exe 1344
C:\Program Files\Google\Update\GoogleUpdate.exe 1372
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 1704
C:\WINDOWS\system32\nvsvc32.exe 1820
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1856
C:\WINDOWS\system32\svchost.exe 1928
C:\Program Files\Google\Update\GoogleUpdate.exe 1936
C:\Program Files\Google\Update\GoogleUpdate.exe 1996
C:\WINDOWS\system32\KB905474\wgasetup.exe 964
C:\WINDOWS\system32\KB905474\wgasetup.exe 1168
C:\WINDOWS\system32\wuauclt.exe 300
C:\WINDOWS\system32\wbem\wmiprvse.exe 2192
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2460
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2580
################## | Elements infectieux |
Supprimé ! C:\Recycler\S-1-5-21-1275210071-1202660629-1177238915-500
Supprimé ! C:\System Volume Information_restore{ECEED8BA-9870-4469-8CC6-5D2662A8D776}\RP8\A0003550.exe
Supprimé ! D:\System Volume Information_restore{ECEED8BA-9870-4469-8CC6-5D2662A8D776}\RP8\A0003979.exe
Non supprimé ! G:\autorun.inf
################## | Registre |
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] “DisableRegistryTools”
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] “NoDrives”
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] “NoDrives”
################## | Mountpoints2 |
Supprimé ! HKCU…\Explorer\MountPoints2\G\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[19/03/2009 17:48|–a------|0] C:\AUTOEXEC.BAT
[28/12/2009 15:53|-rahs----|282] C:\boot.ini
[28/08/2001 12:00|-rahs----|4952] C:\Bootfont.bin
[19/03/2009 17:48|–a------|0] C:\CONFIG.SYS
[19/03/2009 17:48|-rahs----|0] C:\IO.SYS
[04/05/2009 19:07|–ah-----|1330] C:\IPH.PH
[19/03/2009 17:48|-rahs----|0] C:\MSDOS.SYS
[13/04/2008 07:43|-rahs----|47564] C:\NTDETECT.COM
[13/04/2008 09:31|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[29/12/2009 18:51|–a------|3875] C:\UsbFix.txt
[28/12/2009 18:59|–a------|11164696] D:\dap93.exe
[02/12/2009 22:57|–a------|1120] D:\My DAP Downloads.lnk
[25/12/2009 09:51|–a------|4046348288] E:\2012.Doomsday.2008.VOSTFR.DVDRiP.vob
[04/09/2008 13:27|-r-------|114688] G:\AutoRun.exe
[26/05/2008 09:48|-r-------|47] G:\AUTORUN.INF
[04/09/2008 13:27|-r-------|114688] G:\DataCard_Setup.exe
[04/09/2008 13:27|-r-------|152576] G:\DataCard_Setup64.exe
[04/09/2008 13:29|-r-------|7168] G:\ResetDevice.exe
[15/10/2008 15:49|-r-------|4286] G:\Startup.ico
[12/11/2008 14:46|-r-------|1186] G:\SysConfig.dat
################## | Vaccination |
################## | Crack > Keygen > Serial |
“D:\Jardinains!\u torrent\Magic Photo Editor v4.9\crack\MagicPhoto.exe”
11/10/2009 01:17 |Size 5046784 |Crc32 e7554347 |Md5 daf6dcd9f3c0a38fe6f0a1284cadcb20
################## | Upload |
Veuillez envoyer le fichier : C:\DOCUME~1\ADMINI~1\Bureau\UsbFix_Upload_Me_SWEET-D42179DC8.zip : chiquitine.changelog.fr…
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.068 ! |
re l ami coolman16
Bon UsbFix à fait son Travail impecc !!
et
Non en effet ==>tu as un Windows illégal
Car tu étais déja venu en LogicielGénéral pour une désinfection il y à un mois pour ==>Search Settings,nettoyé par moi même
et ce sera ainsi ,tant que ton Windows ne sera légal !!!
Fais encore OTM et SmitFraudFix Option2 en mode sans echec ,puis en mode normal option 5
poste les rapports et te donne la suite
cricri58
Edité le 29/12/2009 à 20:06
re.
tu m’en apprend des nouvelles l’ami cricri ! donc là, je ss hors-la-loi ! loll, j’ai intéret a changer alors.ok
je viens de terminer avec OTM, mais je l’es fait sans le mode sans echec…
All processes killed
========== FILES ==========
C:\WINDOWS\PEV.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7c29535d-f273-11de-8053-001bf62ab251}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{7c29535d-f273-11de-8053-001bf62ab251}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 8966707 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 57695473 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Ricoh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: ouss
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: sarah
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 76377317 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 34137 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2070460 bytes
Total Files Cleaned = 139,00 mb
OTM by OldTimer - Version 3.1.4.0 log created on 12292009_200719
Files moved on Reboot…
File C:\WINDOWS\temp_avast4_\unp181759459.tmp not found!
File C:\WINDOWS\temp_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_f0.dat moved successfully.
Registry entries deleted on Reboot…
Fais le reste
et on verra en fin de Topic ce qui concerne ton Windows
ok, voici le 1er rapport:
SmitFraudFix v2.424
Rapport fait à 22:27:01,09, 29/12/2009
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri’s WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip…{B3129F3F-CABC-408C-84A9-45B2C5E1E58E}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip…{B3129F3F-CABC-408C-84A9-45B2C5E1E58E}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip…{B3129F3F-CABC-408C-84A9-45B2C5E1E58E}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip…{B3129F3F-CABC-408C-84A9-45B2C5E1E58E}: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
“System”=""
»»»»»»»»»»»»»»»»»»»»»»»» RK.2
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.424
Rapport fait à 22:45:28,10, 29/12/2009
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 172.25.1.53
DNS Server Search Order: 172.25.1.54
Description: Périphérique Bluetooth (réseau personnel) #4
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip…{A15A9F33-A60E-40A7-BA87-615387CE9568}: NameServer=172.25.1.53 172.25.1.54
HKLM\SYSTEM\CCS\Services\Tcpip…{B3129F3F-CABC-408C-84A9-45B2C5E1E58E}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip…{B3129F3F-CABC-408C-84A9-45B2C5E1E58E}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip…{A15A9F33-A60E-40A7-BA87-615387CE9568}: NameServer=172.25.1.53 172.25.1.54
HKLM\SYSTEM\CS2\Services\Tcpip…{B3129F3F-CABC-408C-84A9-45B2C5E1E58E}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip…{B3129F3F-CABC-408C-84A9-45B2C5E1E58E}: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 172.25.1.53
DNS Server Search Order: 172.25.1.54
Description: Périphérique Bluetooth (réseau personnel) #4
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip…{A15A9F33-A60E-40A7-BA87-615387CE9568}: NameServer=172.25.1.53 172.25.1.54
HKLM\SYSTEM\CCS\Services\Tcpip…{B3129F3F-CABC-408C-84A9-45B2C5E1E58E}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip…{B3129F3F-CABC-408C-84A9-45B2C5E1E58E}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip…{A15A9F33-A60E-40A7-BA87-615387CE9568}: NameServer=172.25.1.53 172.25.1.54
HKLM\SYSTEM\CS2\Services\Tcpip…{B3129F3F-CABC-408C-84A9-45B2C5E1E58E}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip…{B3129F3F-CABC-408C-84A9-45B2C5E1E58E}: DhcpNameServer=192.168.1.254
Mon ami cricri…
Je constate une grande amélioration pour l’ouverture de mes pages, je t’en remercie infiniment.
Ya t’il d’autre manoeuvre a faire???
Et pour les logiciels que j’ai télécharger, je les supprimes comment?
Salut
Surtout n arrête pas maintenant jusqu a que je te dise que c est Fini ok !!
Fais ceci ,lis bien
Sélectionne le texte suivant avec ta souris :
==> Copie-colle le ensuite dans le bloc-note que tu as ouvert.
Enregistre le sous ==< CFScript.txt
Tu peux alors fermer le bloc-note.
Fais glisser le fichier CFScript sur l’icône ComboFix, comme présentée ici:
http://i34.tinypic.com/sy80n7.gif
une fenêtre bleue va apparaître >> au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
patiente le temps du scan. Le bureau va disparaître à plusieurs reprises,c’est normal!
ne touche à rien tant que le scan n’est pas terminé
une fois le scan achevé, un rapport va s’afficher,poste son contenu .
si le rapport ne s’ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt
et pour
T inquiéte ca viendra
une fois le rapport de ComboFix posté et bien sur seulement aprés ,nous allons changer ton Antivirus ,tu liras bien à la maniére
Pour ce faire
=>Avira AntiVir Personal Free V9 ==>Français ==>Md5: dc29289305e5689e5d1c93e4065470ae
==>Ccleaner
-> Mais avant de cliquer sur le bouton “installer”, décoche toutes les “[b]options supplémentaires”.(install de la barre yahoo,etc…)
une fois installé fais la suite
==> Utilitaire de désinstallation d’avast
fais ceci
A)dans les “Réglages du programme”, section “Dépannage” ? coches y l´option==> “Désactiver le module self-defense davast!”.
B) Exécute l’utilitaire aswClear.exe téléchargé
aprés
–>Ensuite, clique sur “Options”, “Avancé” et décoche la case
–>“Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”.
–>Clique sur l’onglet “Nettoyeur” puis sur “Lancer le Nettoyage”.
–> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.
Accepte la sauvegarde, de la BDR (base de registre )qu’il propose .
Je te conseille de le repasser au moins deux fois,(ou + jusqu’à qu’il ne trouve plus d’erreurs.)
Redémarres ton Pc- important
Cliques sur ==> Démarrer ==>Poste de travail== Disque local ==> vas dans program Files et supprimes le dossier d Avast ALWIL
Maintenant ==>installes Avira + mise à jour
Une fois Avira Installé et à jour,tu le Configure comme sur le tuto çi-dessous
==>Tutoriel Configuration Antivir Personal Free
Voila et maintanant tu fais une analyse de ton PC et à la fin tu cliques sur rapport et poste le
Au boulot!! lol !!
@+ cricri58
cricri58
Edité le 30/12/2009 à 06:30
Par Belzebuth!!!..dixit;???:whistle:, j’ai oublier qui:(?!.
Eh bien je vois que je vais encore passer une soirée…a dresser les cheveux de…Belzebuth! lol
trés bien, présentement je suis au boulot, donc je peux pas faire grand chose…
Alors a ce soir ami cri cri .
Et Bonne et agreable journée…
Salut
Faut souffrir pour être " belle " :lol:
Bonne Journée également !!!
@++ cricri58
Salut l’ami cricri…
Et bien, ca fait plaisir de voir autre chose que du "télécharge ceci, fait celà…
En faite je pensais que j’avais a faire a un robot qui a le sens de l’humour…lol.:sarcastic:,
Ok, voici la rapport de Combofix.
ComboFix 09-12-29.06 - Administrateur 30/12/2009 19:25:44.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1256.213.1036.18.2047.1420 [GMT 0:00]
Running from: c:\documents and settings\Administrateur\Bureau\coolman16.exe
Command switches used :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091230-0] On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.
2009-12-29 20:07 . 2009-12-29 20:07 -------- d-----w- C:_OTM
2009-12-29 18:45 . 2009-12-29 22:10 -------- d-----w- C:\UsbFix
2009-12-28 22:18 . 2009-12-28 22:37 7168 ----a-w- c:\windows\system32\drivers\utexntq2.sys
2009-12-28 19:15 . 2009-12-28 19:16 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-12-28 19:12 . 2009-12-28 19:12 2169880 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\spo3.exe
2009-12-28 19:12 . 2009-12-28 19:09 3496472 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA31_DapSo.exe
2009-12-27 11:53 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-26 19:53 . 2008-06-14 17:33 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-26 19:53 . 2009-06-10 09:21 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-12-26 19:52 . 2009-10-29 07:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-26 19:52 . 2009-10-29 07:42 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-26 19:52 . 2009-10-29 07:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-26 19:52 . 2009-10-29 07:42 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-26 19:52 . 2009-10-29 07:42 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-26 19:52 . 2009-10-29 07:42 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-26 19:52 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-26 19:52 . 2009-08-04 22:58 2191232 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-26 19:52 . 2009-08-04 17:28 2068096 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-26 19:52 . 2009-08-04 17:27 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-26 19:52 . 2009-08-04 17:27 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-26 10:53 . 2009-12-26 10:54 -------- d-----w- c:\program files\Navilog1
2009-12-25 23:38 . 2008-04-13 17:33 45056 -c–a-w- c:\windows\system32\dllcache\nsepm.dll
2009-12-25 23:37 . 2008-04-13 17:33 24064 -c–a-w- c:\windows\system32\dllcache\compfilt.dll
2009-12-25 23:31 . 2008-04-13 19:34 153088 ----a-w- c:\windows\system32\irftp.exe
2009-12-25 23:31 . 2008-04-13 19:33 29184 ----a-w- c:\windows\system32\irmon.dll
2009-12-25 23:31 . 2008-04-13 19:33 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-12-25 23:27 . 2001-08-28 12:00 24661 -c–a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-25 23:27 . 2001-08-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-25 23:27 . 2001-08-28 12:00 13312 -c–a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-25 23:27 . 2001-08-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-25 14:14 . 2008-08-12 03:34 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-12-25 13:02 . 2008-08-12 03:34 446464 ----a-r- c:\windows\system32\nvuninst.exe
2009-12-25 10:59 . 2009-12-25 10:59 -------- d-s—w- c:\documents and settings\Administrateur\UserData
2009-12-20 00:01 . 2009-12-25 12:47 -------- d-----w- c:\windows\ie8updates
2009-12-19 22:43 . 2009-12-19 22:43 -------- d-----w- c:\documents and settings\sarah\Application Data\vlc
2009-12-17 14:12 . 2009-12-17 14:12 -------- d-sh–w- c:\documents and settings\sarah\PrivacIE
2009-12-16 23:32 . 2009-12-26 19:49 -------- d-----w- c:\program files\COMODO
2009-12-16 23:30 . 2009-12-16 23:30 -------- d-sh–w- c:\documents and settings\Administrateur\IECompatCache
2009-12-16 23:29 . 2009-12-16 23:29 -------- d-sh–w- c:\documents and settings\Administrateur\PrivacIE
2009-12-16 23:17 . 2009-12-16 23:17 -------- d-sh–w- c:\documents and settings\Administrateur\IETldCache
2009-12-16 23:05 . 2009-12-25 23:54 -------- dc-h–w- c:\windows\ie8
2009-12-16 22:56 . 2009-12-25 23:29 -------- d-----w- c:\windows\nvidia icons
2009-12-16 20:23 . 2009-12-25 23:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-16 19:24 . 2009-12-16 19:24 -------- d-----w- c:\windows\system32\xircom
2009-12-16 19:24 . 2009-12-16 19:24 -------- d-----w- c:\windows\system32\wbem\snmp
2009-12-16 19:24 . 2009-12-16 19:24 -------- d-----w- c:\program files\microsoft frontpage
2009-12-16 19:23 . 2009-12-16 19:23 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2009-12-16 19:22 . 2001-08-28 12:00 16384 -c–a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-16 16:00 . 2009-12-16 19:20 -------- d–h--w- c:\documents and settings\Default User\Modèles
2009-12-16 16:00 . 2009-12-16 16:00 -------- d–h--w- c:\documents and settings\Default User\Voisinage réseau
2009-12-16 16:00 . 2009-12-16 16:00 -------- d–h--w- c:\documents and settings\Default User\Voisinage d’impression
2009-12-16 16:00 . 2009-12-16 16:00 -------- d-----w- c:\documents and settings\Default User\Mes documents
2009-12-16 16:00 . 2009-12-16 16:00 -------- d-----w- c:\documents and settings\Default User\Favoris
2009-12-16 16:00 . 2009-12-16 16:00 -------- d-----w- c:\documents and settings\Default User\Bureau
2009-12-16 16:00 . 2009-12-16 16:00 -------- d-----r- c:\documents and settings\Default User\Menu Démarrer
2009-12-15 22:50 . 2009-12-15 22:50 -------- d-----w- c:\program files\ma-config.com
2009-12-15 22:50 . 2009-12-15 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-12-11 23:43 . 2009-12-11 23:43 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-11 23:33 . 2009-12-11 23:33 79488 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-11 19:54 . 2009-12-11 19:54 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes’ Anti-Malware\mbam-setup.exe
2009-12-09 19:07 . 2009-12-09 19:10 249856 ------w- c:\windows\Setup1.exe
2009-12-09 19:07 . 2009-12-09 19:10 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-04 20:36 . 2009-12-04 20:36 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Mchid
2009-12-04 20:36 . 2009-12-04 20:36 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Livestation
2009-12-04 17:16 . 2009-12-16 08:09 302624 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-04 17:16 . 2009-12-16 08:09 18868256 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-04 16:46 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-04 16:46 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-04 16:46 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-04 16:46 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-04 16:46 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-04 16:46 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-04 16:46 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-04 16:46 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-04 16:46 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-04 16:46 . 2009-12-04 16:46 -------- d-----w- c:\program files\Alwil Software
2009-12-04 15:53 . 2009-12-28 11:34 -------- d-----w- c:\documents and settings\Administrateur\Tracing
2009-12-04 15:40 . 2009-12-04 15:40 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-12-04 15:40 . 2009-08-05 22:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-12-04 15:39 . 2009-12-04 15:39 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-12-04 15:37 . 2009-12-04 15:37 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-04 15:33 . 2009-12-04 15:33 -------- d-----w- c:\program files\Microsoft
2009-12-04 15:33 . 2009-12-04 15:33 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-04 11:53 . 2009-12-04 11:53 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-11-30 22:46 . 2009-12-25 11:16 -------- d-----w- c:\program files\uTorrent
2009-11-30 22:46 . 2009-12-30 19:18 -------- d-----w- c:\documents and settings\Administrateur\Application Data\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 19:30 . 2009-04-05 20:26 -------- d—a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-30 18:34 . 2008-04-14 12:00 81804 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-30 18:34 . 2008-04-14 12:00 503590 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-29 18:23 . 2009-03-19 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-28 18:59 . 2009-04-05 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-12-28 18:29 . 2009-11-27 19:26 -------- d-----w- c:\program files\trend micro
2009-12-28 07:46 . 2009-04-16 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-28 00:01 . 2009-04-16 17:34 -------- d-----w- c:\program files\Google
2009-12-27 22:36 . 2009-03-20 19:23 89488 -c–a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-27 13:20 . 2009-10-25 14:32 -------- d-----w- c:\program files\Free Video Converter
2009-12-26 20:28 . 2009-03-19 18:42 -------- d-----w- c:\program files\Microsoft Encarta
2009-12-26 00:20 . 2009-04-08 07:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2009-12-25 23:34 . 2009-03-19 17:44 23096 -c–a-w- c:\windows\system32\emptyregdb.dat
2009-12-25 15:58 . 2009-04-09 08:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype
2009-12-17 00:08 . 2009-03-19 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-12-16 22:59 . 2009-03-19 18:17 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-12-16 20:48 . 2009-03-19 17:47 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-16 20:01 . 2009-03-19 18:08 -------- d-----w- c:\program files\XnView
2009-12-16 08:09 . 2009-12-04 17:16 28988 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-16 08:09 . 2009-12-04 17:16 218900 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-12 23:22 . 2009-05-04 18:30 -------- d-----w- c:\program files\Viewpoint
2009-12-12 14:29 . 2009-11-27 20:19 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-12-11 23:44 . 2009-08-10 18:00 -------- d-----w- c:\program files\Java
2009-12-10 00:03 . 2009-03-19 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-04 15:40 . 2009-03-19 17:52 -------- d-----w- c:\program files\Windows Live
2009-12-03 16:14 . 2009-11-27 20:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-11-27 20:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-27 20:19 . 2009-11-27 20:19 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-11-27 20:19 . 2009-11-27 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-27 19:27 . 2009-11-27 19:27 -------- d-----w- c:\program files\CCleaner
2009-11-26 21:11 . 2009-11-02 21:49 -------- d-----w- c:\program files\Spyware Doctor
2009-11-26 21:11 . 2009-11-02 21:49 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2009-11-26 21:11 . 2009-10-25 16:29 -------- d-----w- c:\program files\Videos To DVD
2009-11-26 21:11 . 2009-03-19 18:09 -------- d-----w- c:\program files\Real Alternative
2009-11-26 21:11 . 2009-03-19 18:09 -------- d-----w- c:\program files\QT Lite
2009-11-26 21:11 . 2009-11-21 09:26 -------- d-----w- c:\program files\DivX
2009-11-26 21:11 . 2009-03-19 18:10 -------- d-----w- c:\program files\Elaborate Bytes
2009-11-26 21:11 . 2009-03-19 18:08 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-11-26 21:11 . 2009-05-20 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-11-26 21:11 . 2009-03-19 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-11-21 11:53 . 2009-11-21 09:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DivX
2009-11-21 10:14 . 2009-11-21 10:14 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-11-17 13:42 . 2009-11-17 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-11-17 13:39 . 2009-11-17 13:24 -------- dcsh–w- c:\program files\Fichiers communs\WindowsLiveInstaller
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-10 20:56 . 2009-08-21 15:59 -------- d-----w- c:\program files\Mobile Partner
2009-11-07 10:26 . 2009-11-07 10:20 -------- d-----w- c:\program files\CaTrain
2009-11-06 15:04 . 2009-11-06 15:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GlarySoft
2009-10-29 07:42 . 2008-04-13 17:33 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2008-04-13 17:33 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2008-04-13 17:33 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-13 09:53 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 18:05 . 2009-10-11 05:34 36864 -c–a-w- c:\documents and settings\All Users\Application Data\TEMP{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2009-10-14 18:58 . 2009-03-19 18:27 95259 -c–a-w- c:\windows\system32\drivers\klick.dat
2009-10-14 18:58 . 2009-03-19 18:27 108059 -c–a-w- c:\windows\system32\drivers\klin.dat
2009-10-13 10:33 . 2008-04-13 17:33 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2008-04-13 17:33 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2008-04-13 17:33 150528 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 04:17 . 2009-08-10 18:00 411368 -c–a-w- c:\windows\system32\deploytk.dll
2009-10-09 21:13 . 2009-04-22 19:24 47360 -c–a-w- c:\documents and settings\Administrateur\Application Data\pcouffin.sys
2009-10-09 21:13 . 2009-04-22 19:24 47360 -c–a-w- c:\documents and settings\Administrateur\Application Data\pcouffin.sys
2009-10-08 11:31 . 2009-11-02 21:50 149456 -c–a-w- c:\windows\SGDetectionTool.dll
2009-10-08 11:31 . 2009-11-02 21:50 165840 -c–a-w- c:\windows\PCTBDRes.dll
2009-10-08 11:31 . 2009-11-02 21:50 1636304 -c–a-w- c:\windows\PCTBDCore.dll
2009-10-08 11:31 . 2009-11-02 21:50 767952 -c–a-w- c:\windows\BDTSupport.dll
2009-10-06 16:31 . 2009-11-02 21:50 87784 -c–a-w- c:\windows\system32\drivers\PCTAppEvent.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“WinMover”=“c:\program files\WinMover\WinMover.exe” [2005-12-02 10240]
“E09FXLRD_550265”=“c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE” [2008-05-28 351000]
“Yahoo! Pager”=“c:\program files\Yahoo!\Messenger\YahooMessenger.exe” [2007-11-06 3810544]
“LightScribe Control Panel”=“c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe” [2008-06-09 2363392]
“Mobile Partner”=“c:\program files\Mobile Partner\Mobile Partner.exe” [2009-11-10 114688]
“ccleaner”=“c:\program files\CCleaner\CCleaner.exe” [2009-11-24 1738040]
“uTorrent”=“c:\program files\uTorrent\uTorrent.exe” [2009-12-25 289584]
“DownloadAccelerator”=“d:\dap\DAP.EXE” [2009-12-28 2803200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-11-24 81000]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-08-12 13570048]
“BluetoothAuthenticationAgent”=“bthprops.cpl” [2008-04-13 110592]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-08-12 86016]
“QuickTime Task”=“c:\program files\QT Lite\qttask.exe” [2009-09-04 417792]
c:\documents and settings\Administrateur\Menu D?marrer\Programmes\D?marrage
OneNote 2007 - Capture d’?cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“HonorAutoRunSetting”= 0 (0x0)
“HideRunAsVerb”= 0 (0x0)
“NoNetConnectDisconnect”= 1 (0x1)
“NoResolveTrack”= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoResolveTrack”= 1 (0x1)
“NoSMBalloonTip”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
“NoStrCmpLogical”= 0 (0x0)
“NoWelcomeScreen”= 1 (0x1)
“HonorAutoRunSetting”= 0 (0x0)
[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]
“ForceClassicControlPanel”= 1 (0x1)
“NoResolveTrack”= 1 (0x1)
“NoSMBalloonTip”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
“NoSMHelp”= 1 (0x1)
“NoStrCmpLogical”= 0 (0x0)
“NoWelcomeScreen”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
“QuickTime Task”=“c:\program files\QT Lite\qttask.exe” -atboottime
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\uTorrent\uTorrent.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
“d:\DAP\DAP.exe”=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [02/11/2009 21:50 207280]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/12/2009 16:46 114768]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15/05/2008 11:07 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/12/2009 16:46 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [04/12/2009 15:40 54752]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 12:28 24592]
S2 gupdate1c9eaba729b6cd8;Service Google Update (gupdate1c9eaba729b6cd8);c:\program files\Google\Update\GoogleUpdate.exe [11/06/2009 17:31 133104]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 GPU-Z;GPU-Z; [x]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [11/12/2009 15:43 238960]
S3 utexntq2;AVZ Kernel Driver;c:\windows\system32\drivers\utexntq2.sys [28/12/2009 22:18 7168]
S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [19/03/2009 18:28 500736]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [02/11/2009 21:50 112592]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [04/05/2009 18:30 24652]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 -c–a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
2009-03-08 04:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the ‘Scheduled Tasks’ folder
2009-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5bfcf7ec1b54.job
2009-12-29 c:\windows\Tasks\JkDefrag.job
2009-12-30 c:\windows\Tasks\User_Feed_Synchronization-{3A3336BF-F96D-4E4D-AB9A-14203AC337ED}.job
2009-12-30 c:\windows\Tasks\WGASetup.job
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-12-30 19:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
“ImagePath”="??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1275210071-1202660629-1177238915-500\Software\SecuROM\License information*]
“datasecu”=hex:15,4c,1e,5b,22,6b,84,c3,65,9d,fe,15,ce,30,01,50,28,b5,37,41,0e,
85,d6,29,65,aa,a7,9e,d9,2d,2f,d3,c8,e5,90,8c,9f,0e,21,80,44,07,4a,d4,2c,94,
“rkeysecu”=hex:81,13,7c,56,38,30,a3,a7,31,c6,9a,d2,bd,34,58,c3
.
--------------------- DLLs Loaded Under Running Processes ---------------------
‘winlogon.exe’(1376)
c:\windows\system32\klogon.dll
‘explorer.exe’(2416)
c:\program files\WinMover\WinMover.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
.
Completion time: 2009-12-30 19:32:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-30 19:32
Pre-Run: 32 958 758 912 octets libres
Post-Run: 32 925 036 544 octets libres
Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
voila mon ami, j’ai fait toute les étapes.
Maintenant voila ce qui s’affiche depuis plus de 2h00, est ce normal?
Sinon, tout est impeccable.
[Photo supprimée]
Salut
Avais tu bien désinstallé Avast et redémarré ton PC avant
Sinon télécharge un nouveau Fichier d Avira sur ton Bureau sans l Executer ,supprimes l ancien avant
aprés fais dans l ordre
1)Tu le desinstalles Avira avec ccleaner ou RevoUninstaller dispo sur Clubic
–>Ensuite, clique sur “Options”, “Avancé” et décoche la case
–>“Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”.
–>Clique sur l’onglet Nettoyeur puis sur “Lancer le Nettoyage”.
–> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.
Accepte la sauvegarde, de la BDR (base de registre )qu’il propose
.
Je te conseille de le repasser au moins deux fois,(ou + jusqu’à qu’il ne trouve plus d’erreurs.)
Important ==>Redémarres ton Pc-
une fois redémarré
cliques => démarrer ==>poste de travail ==> Disque local==>vas dans Programes files ==>cherche et supprimes le dossier ==> D avira
essayes d installer à nouveau + mise à jour
Bonjour ami cricri.:hello:
C’est vrai que j’avais oublier :(de redémarrer le PC et de supprimer le dossier d Avast ALWIL , ce dossier je l’es supprimer aprés avoir essayer d’ouvrir Avast mais il refuser:@, c la que je me ss rappeler qu’il fallait supprimer. Ca doit être ça le probléme.
Donc est-ce que je reinstalle a nouveau ou ca se dépanne?
Et biensur pas avec celui-çi…lui il n’est pas malade! lol:ouch:
@+
tu n as pas respecté ce que j avais marqué ça se complique
tu refais comme marqué çi- dessous ,mais tu supprimes l ancien setup d Avira
comme tu as encore Avast d installé
donc
une fois redémarré tu fais ainsi
@+
Edité le 31/12/2009 à 10:24
[Photo supprimée]
Bon voila, aprés moult tentation, j’ai pu instaler Avira. Et il a commencer le scan de mon system, mais a un moment donner j’ai voulu ouvrir un programme sur mon pc, et là le scan c’est bloqué. Ci-joint la capture.
