[OK]Log HijackThis pour décontamination Win32Pakes-AKM [Trj]

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede flo666 » 12 Juil 2008, 09:10

Bonjour,

Rapport de The Avenger :

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600)
Wed Jul 09 20:00:12 2008

20:00:12: Error: Could not open RunOnce key to register cleanup.
Aborting execution! (error 0: opération réussie.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600)
Wed Jul 09 20:00:24 2008

20:00:24: Error: Could not open RunOnce key to register cleanup.
Aborting execution! (error 0: opération réussie.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600)
Wed Jul 09 20:01:28 2008

20:01:28: Error: Could not open RunOnce key to register cleanup.
Aborting execution! (error 0: opération réussie.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600)
Fri Jul 11 19:11:49 2008

19:11:49: Error: Could not open RunOnce key to register cleanup.
Aborting execution! (error 183: impossible de créer un fichier déjà existant.)


//////////////////////////////////////////
flo666
 
Messages: 31
Inscription: 07 Juil 2008, 22:56

Messagede flo666 » 12 Juil 2008, 09:11

main.txt de Deckard's System Scanner :

Deckard's System Scanner v20071014.68
Run by mel on 2008-07-12 10:06:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Performed disk cleanup.



-- HijackThis (run as mel.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06, on 2008-07-12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\mel\Bureau\dss.exe
C:\PROGRA~1\HIJACK~1\mel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: (no name) - {E066FB99-2E3B-477A-91AE-80C045A3DB79} - c:\windows\system32\dbmsrpcnf.dll
O2 - BHO: (no name) - {E28B868A-09DA-4234-833C-63982C7166E1} - C:\WINDOWS\System32\catsrvf.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [4xyn] C:\WINDOWS\system32\4xyn.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 20-20 Shortcut Bar.lnk = C:\Program Files\cuisine\Mswin\60\SCBar.Exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O20 - Winlogon Notify: rzlywkbj - C:\WINDOWS\SYSTEM32\dbmsrpcnf.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6068 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080709-195704-327 O4 - HKCU\..\Run: [4xyn] C:\WINDOWS\system32\4xyn.exe

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe - exefile - shell\open\command - %1 %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 dwazjein - c:\windows\system32\drivers\czyjfmhd.dat
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not>
R2 KeyP - c:\windows\system32\drivers\keyp.sys <Not>
R3 AR5211 (NETGEAR WPN311 V1H3 Wireless Adapter Service) - c:\windows\system32\drivers\wpn311.sys <Not>
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not>

S3 alcan5ln (SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS)) - c:\windows\system32\drivers\alcan5ln.sys <Not>
S3 catchme - c:\docume~1\mel\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Contrôleur de bus USB
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_80A11043&REV_82\3&61AAA01&0&83
Manufacturer:
Name: Contrôleur de bus USB
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_80A11043&REV_82\3&61AAA01&0&83
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Carte Fast Ethernet compatible VIA
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_80A11043&REV_74\3&61AAA01&0&90
Manufacturer: VIA Technologies, Inc.
Name: Carte Fast Ethernet compatible VIA
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_80A11043&REV_74\3&61AAA01&0&90
Service: FETNDIS

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Miniport de pont MAC
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: Miniport de pont MAC
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 544)
2002-11-06 20:00:38 40820 --a------ C:\WINDOWS\system32\Syncor11.dll <Not>

C:\WINDOWS\system32\svchost.exe (pid 764)
2002-11-06 20:00:38 40820 --a------ C:\WINDOWS\system32\Syncor11.dll <Not>

C:\WINDOWS\system32\svchost.exe (pid 788)
2002-11-06 20:00:38 40820 --a------ C:\WINDOWS\system32\Syncor11.dll <Not>
2002-05-23 09:34:28 310272 --a------ C:\WINDOWS\system32\winhttp.dll <Not>

C:\WINDOWS\explorer.exe (pid 1220)
2002-11-06 20:00:38 40820 --a------ C:\WINDOWS\system32\Syncor11.dll <Not>
2003-05-15 14:43:24 119808 --a------ C:\Program Files\WinRAR\RarExt.dll
2006-09-12 12:10:00 53248 --a------ C:\Program Files\UltraEdit-32\ue32ctmn.dll <Not>


-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-09 20:02:30 61440 --a------ C:\WINDOWS\System32\drivers\ixqx.sys
2008-07-07 23:44:50 0 d-------- C:\Program Files\Navilog1
2008-07-06 11:28:21 0 d--h----- C:\Documents and Settings\Administrateur.MEL.000\Voisinage réseau
2008-07-06 11:28:21 0 d--h----- C:\Documents and Settings\Administrateur.MEL.000\Voisinage d'impression
2008-07-06 11:28:21 0 dr-h----- C:\Documents and Settings\Administrateur.MEL.000\SendTo
2008-07-06 11:28:21 0 d--h----- C:\Documents and Settings\Administrateur.MEL.000\Recent
2008-07-06 11:28:21 237568 --ah----- C:\Documents and Settings\Administrateur.MEL.000\NTUSER.DAT
2008-07-06 11:28:21 0 d--h----- C:\Documents and Settings\Administrateur.MEL.000\Modèles
2008-07-06 11:28:21 0 d-------- C:\Documents and Settings\Administrateur.MEL.000\Mes documents
2008-07-06 11:28:21 0 dr------- C:\Documents and Settings\Administrateur.MEL.000\Menu Démarrer
2008-07-06 11:28:21 0 d--h----- C:\Documents and Settings\Administrateur.MEL.000\Local Settings
2008-07-06 11:28:21 0 d-------- C:\Documents and Settings\Administrateur.MEL.000\Favoris
2008-07-06 11:28:21 0 d---s---- C:\Documents and Settings\Administrateur.MEL.000\Cookies
2008-07-06 11:28:21 0 d-------- C:\Documents and Settings\Administrateur.MEL.000\Bureau
2008-07-06 11:28:21 0 dr-h----- C:\Documents and Settings\Administrateur.MEL.000\Application Data
2008-07-06 11:28:21 0 d---s---- C:\Documents and Settings\Administrateur.MEL.000\Application Data\Microsoft
2008-07-06 11:28:11 0 d--hs---- C:\WINDOWS\CSC
2008-07-06 11:11:54 0 d-------- C:\VundoFix Backups
2008-07-06 11:10:57 0 dr-h----- C:\Documents and Settings\mel\Recent
2008-07-06 11:03:51 0 d-------- C:\Program Files\CCleaner
2008-07-06 09:35:50 0 d-------- C:\KILLTROJANs <KILLTR>
2008-07-03 20:07:30 0 d-------- C:\Program Files\Audacity


-- Find3M Report ---------------------------------------------------------------

2008-07-12 09:53:24 0 d-------- C:\Program Files\eMule
2008-07-11 19:11:32 91136 --a------ C:\WINDOWS\System32\catsrvf.dll
2008-07-09 20:02:30 1298 --a------ C:\Program Files\mvtf.txt
2008-07-06 14:08:42 0 d-------- C:\Program Files\Java
2008-07-06 11:24:32 0 d-------- C:\Program Files\Yahoo!
2008-07-06 11:24:00 0 d-------- C:\Program Files\Fichiers communs
2008-07-06 11:23:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 11:22:51 0 d-------- C:\Program Files\Panda Security
2008-06-16 19:09:01 4861 --a----c- C:\WINDOWS\mozver.dat
2008-06-10 23:07:16 0 d-------- C:\Program Files\IKEA HomePlanner
2008-06-10 23:05:36 0 d-------- C:\Program Files\Cuisine Astuce
2008-05-25 15:58:38 0 d-------- C:\Program Files\Avant Browser


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E066FB99-2E3B-477A-91AE-80C045A3DB79}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E28B868A-09DA-4234-833C-63982C7166E1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-01-13 14:05]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]
"msnappau"="C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe" [2004-07-22 22:53]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 21:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-02 22:49]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-05-03 10:40]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-07-15 22:52]
"CloneCDTray"="C:\Program Files\CloneCD\CloneCDTray.exe" [2004-09-02 23:57]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"4xyn"="C:\WINDOWS\system32\4xyn.exe" []
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-11-01 02:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rzlywkbj]
dbmsrpcnf.dll 2001-08-28 14:00 83968 C:\WINDOWS\system32\dbmsrpcnf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-BP]
"C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kyrreyam




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7840 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-12 10:08:00 ------------
flo666
 
Messages: 31
Inscription: 07 Juil 2008, 22:56

Messagede flo666 » 12 Juil 2008, 09:11

extra.txt de Deckard's System Scanner :

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- User Profiles ---------------------------------------------------------------

mel (admin)


-- Application Event Log -------------------------------------------------------

Event Record #/Type3817 / Error
Event Submitted/Written: 07/11/2008 06:47:47 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante wlancfg5.exe, version 1.2.14.306, module défaillant wcapi.dll, version 4.1.0.161, adresse de défaillance 0x0000dd60.

Event Record #/Type3793 / Error
Event Submitted/Written: 07/06/2008 11:32:10 AM
Event ID/Source: 8193 / VSS
Event Description:
Erreur du service de cliché instantané des volumes : erreur lors de l'appel de la routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type3792 / Error
Event Submitted/Written: 07/06/2008 11:32:10 AM
Event ID/Source: 4609 / EventSystem
Event Description:
Le système d'événements de COM+ a détecté un code de renvoi erroné lors de son traitement interne. Le HRESULT est 8007043C à partir de la ligne 44 de d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services du Support Technique Microsoft pour signaler cette erreur.

Event Record #/Type3786 / Error
Event Submitted/Written: 07/05/2008 11:53:16 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante wlancfg5.exe, version 1.2.14.306, module défaillant wcapi.dll, version 4.1.0.161, adresse de défaillance 0x0000dd60.

Event Record #/Type3751 / Error
Event Submitted/Written: 06/25/2008 01:02:08 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante iexplore.exe, version 6.0.2600.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x61eb77e0.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type43364 / Error
Event Submitted/Written: 07/12/2008 09:30:05 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Le service AGP Bus ka4e0 Controller s'est arrêté avec l'erreur :
%%193

Event Record #/Type43327 / Error
Event Submitted/Written: 07/11/2008 06:48:57 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Le service AGP Bus ka4e0 Controller s'est arrêté avec l'erreur :
%%193

Event Record #/Type43312 / Error
Event Submitted/Written: 07/10/2008 06:56:29 PM
Event ID/Source: 10000 / DCOM
Event Description:
Le démarrage d'un serveur DCOM : {E0B8F398-BB08-4298-87F0-34502693902E} n'est pas possible.
L'erreur :
"%{E0B8F398-BB08-4298-87F0-34502693902E}"
s'est produite lors du démarrage de la commande :
"C:\Program Files\Messenger\msmsgs.exe" -Embedding

Event Record #/Type43293 / Error
Event Submitted/Written: 07/10/2008 06:52:42 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Le service AGP Bus ka4e0 Controller s'est arrêté avec l'erreur :
%%193

Event Record #/Type43264 / Error
Event Submitted/Written: 07/10/2008 00:26:01 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Le service AGP Bus ka4e0 Controller s'est arrêté avec l'erreur :
%%193



-- End of Deckard's System Scanner: finished at 2008-07-12 10:08:00 ------------
flo666
 
Messages: 31
Inscription: 07 Juil 2008, 22:56

Messagede nickW » 13 Juil 2008, 00:39

Bonsoir,

Utilisation d'un autre outil, puisque The Avenger ne fonctionne pas correctement:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.



Étape 1: OTScanIt (de OldTimer), installation
Télécharger OTScanIt.exe depuis http://download.bleepingcomputer.com/ol ... ScanIt.exe
Enregistrer ce fichier sur le Bureau.
S'il y a une alerte du module résident de l'antivirus, il faut ignorer cette alerte puis désactiver le module résident en temps réel de l'antivirus jusqu'à la fin de cette étape.
Pour lancer l'extraction de l'outil dans un dossier OTScanIt (qui sera créé sur le Bureau), faire un double clic sur OTScanIt.exe:
Image
puis cliquer sur le bouton Extract:
Image


Étape 2: OTScanIt (de OldTimer), création d'un rapport (log)
Fermer toutes les fenêtres de programme ouvertes.
Désactiver le module résident en temps réel de l'antivirus jusqu'à la fin de cette étape.
Dans l'Explorateur, ouvrir le dossier OTScanIt qui a été créé sur le Bureau.
Faire un double clic sur OTScanIt.exe pour lancer l'outil:

Image

L'écran principal de OTScanIt s'affiche:

Dans le paragraphe Drivers, cocher le bouton-radio Non-Microsoft
Dans le paragraphe Rootkit Search, cocher le bouton-radio Yes

Dans le paragraphe Additional Scans, cocher les cases situées devant:
Reg - BotCheck
File - Additional Folder Scans

Image


Cocher (en haut) la case située devant Scan All Users

Puis cliquer sur le bouton Run Scan.
Laisser l'outil travailler, sans rien faire d'autre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant le rapport.
Note: Dans le Bloc-notes, vérifier dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.
Fermer la fenêtre de OTScanIt.


Étape 3: Résultats
Envoyer en réponse:
*- le rapport de OTScanIt (contenu du fichier OTScanIt.Txt situé dans le dossier OTScanIt).
Note: Si dans le message ainsi envoyé sur le forum la dernière ligne de la zone Code n'est pas <End>, cela signifie que le rapport est trop grand pour tenir dans un seul message. Dans ce cas, il faut le couper en plusieurs messages.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede flo666 » 13 Juil 2008, 09:38

Bonjour, voici le rapport de OTScanIt, que j'ai dû effectivement couper en deux :

[code]
OTScanIt logfile created on: 2008-07-13 10:35:10
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\mel\Bureau\OTScanIt
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: yyyy-MM-dd

511.53 Mb Total Physical Memory | 276.48 Mb Available Physical Memory | 54.05% Memory free
1.22 Gb Paging File | 0.98 Gb Available in Paging File | 80.38% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 1.77 Gb Free Space | 18.15% Space Free | Partition Type: NTFS
Drive D: | 76.33 Gb Total Space | 0.38 Gb Free Space | 0.50% Space Free | Partition Type: NTFS
Drive E: | 18.87 Gb Total Space | 0.41 Gb Free Space | 2.16% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 124.94 Mb Total Space | 116.00 Mb Free Space | 92.85% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: MEL
Current User Name: mel
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 2008-05-16 01:06:57 | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 2008-05-16 01:19:24 | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 79224 bytes | Modified Date = 2008-05-16 01:19:31 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 2008-03-25 04:28:02 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 278528 bytes | Modified Date = 2005-12-20 21:54:48 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 2006-07-15 22:52:57 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 2007-03-09 01:02:00 | Attr = ]
gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 2005-07-15 23:48:33 | Attr = ]
wlancfg5.exe -> %ProgramFiles%\NETGEAR\WPN311\wlancfg5.exe -> [Ver = 1, 2, 14, 306 | Size = 1486848 bytes | Modified Date = 2006-02-22 14:49:28 | Attr = ]
acs.exe -> %SystemRoot%\system32\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 2006-01-25 12:30:42 | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 2002-09-20 16:50:10 | Attr = ]
vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 2007-03-09 01:01:58 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 323584 bytes | Modified Date = 2005-12-20 21:54:34 | Attr = ]
otscanit.exe -> %UserProfile%\Bureau\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 2008-07-12 09:29:54 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(ACS) Atheros Configuration Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 2006-01-25 12:30:42 | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 2008-05-16 01:06:57 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 2008-05-16 01:19:24 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 247160 bytes | Modified Date = 2008-05-16 01:19:00 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 2008-05-16 01:16:59 | Attr = ]
(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 205312 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-04 01:41:10 | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 323584 bytes | Modified Date = 2005-12-20 21:54:34 | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 2002-09-20 16:50:10 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 2007-03-09 01:01:58 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 26944 bytes | Modified Date = 2008-05-16 01:13:26 | Attr = ]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 2002-04-01 08:15:00 | Attr = ]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 2007-08-16 15:16:45 | Attr = ]
(alcan5ln) SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\alcan5ln.sys -> THOMSON [Ver = 301.0.0.12 | Size = 36256 bytes | Modified Date = 2003-12-08 12:53:50 | Attr = ]
(alcan5wn) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\alcan5wn.sys -> Alcatel Bell [Ver = V161.5R | Size = 54256 bytes | Modified Date = 2002-05-03 10:41:30 | Attr = ]
(alcaudsl) Alcatel Speed Touch ADSL Modem ATM Transport [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\alcaudsl.sys -> Alcatel Bell [Ver = V161.5R | Size = 735568 bytes | Modified Date = 2002-05-03 10:41:04 | Attr = ]
(AR5211) NETGEAR WPN311 V1H3 Wireless Adapter Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\WPN311.sys -> Atheros Communications, Inc. [Ver = 4.0.0.167 | Size = 456768 bytes | Modified Date = 2005-11-18 05:31:36 | Attr = R ]
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 94416 bytes | Modified Date = 2008-05-16 01:18:33 | Attr = ]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 23152 bytes | Modified Date = 2008-05-16 01:15:29 | Attr = ]
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | Modified Date = 2008-05-16 01:20:32 | Attr = ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 42912 bytes | Modified Date = 2008-05-16 01:14:11 | Attr = ]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\mel\LOCALS~1\Temp\catchme.sys -> File not found
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Modified Date = 2006-08-25 05:47:00 | Attr = ]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\System32\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Modified Date = 2006-08-25 05:47:00 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 781440 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
(dmio) Pilote de Gestionnaire de disque logique [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 147456 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
(dwazjein) dwazjein [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\czyjfmhd.dat -> [Ver = | Size = 19584 bytes | Modified Date = 2007-12-25 23:52:10 | Attr = ]
(ElbyCDFL) ElbyCDFL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ElbyCDFL.sys -> SlySoft, Inc. [Ver = 5, 0, 0, 1 | Size = 26240 bytes | Modified Date = 2004-08-31 20:07:08 | Attr = ]
(ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 4, 3, 1, 1 | Size = 9856 bytes | Modified Date = 2004-07-21 23:45:25 | Attr = ]
(FETNDIS) Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Modified Date = 2001-08-17 21:13:08 | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 2005-02-02 02:21:04 | Attr = ]
(KeyP) KeyP [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\KeyP.sys -> EUTRON [Ver = 6.0.0.0 | Size = 10446 bytes | Modified Date = 2002-07-17 11:00:36 | Attr = ]
(nv4) nv4 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4.sys -> NVIDIA Corporation [Ver = 5.01.2001.1240 (ReleasedBinaries.010717-0141) | Size = 731648 bytes | Modified Date = 2001-08-17 21:50:26 | Attr = ]
(Ptilink) Pilote de liaison parallèle directe [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.33a | Size = 36528 bytes | Modified Date = 2006-08-25 05:47:00 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3663 | Size = 578368 bytes | Modified Date = 2003-07-15 16:00:00 | Attr = ]
(SONYPVU1) Pilote de filtrage Sony USB (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 2001-08-17 22:56:16 | Attr = ]
(srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 162, 0 | Size = 50416 bytes | Modified Date = 2007-01-18 06:39:20 | Attr = ]
(vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 394192 bytes | Modified Date = 2007-03-09 01:02:10 | Attr = ]

[Registry - Non-Microsoft Only]
<Run> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe [C:\Program Files\Google\Gmail Notifier\gnotify.exe] -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 2005-07-15 23:48:33 | Attr = ]
4xyn -> %SystemRoot%\system32\4xyn.exe [C:\WINDOWS\system32\4xyn.exe] -> File not found
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 79224 bytes | Modified Date = 2008-05-16 01:19:31 | Attr = ]
CloneCDTray -> %ProgramFiles%\CloneCD\CloneCDTray.exe ["C:\Program Files\CloneCD\CloneCDTray.exe" /s] -> SlySoft, Inc. [Ver = 5, 0, 0, 1 | Size = 57344 bytes | Modified Date = 2004-09-02 23:57:25 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 278528 bytes | Modified Date = 2005-12-20 21:54:48 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 2006-02-02 22:49:17 | Attr = ]
RoxioEngineUtility -> %CommonProgramFiles%\Roxio Shared\System\EngUtil.exe ["C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"] -> Roxio [Ver = 6.0.0.3 | Size = 69632 bytes | Modified Date = 2003-01-13 14:05:42 | Attr = ]
SpeedTouch USB Diagnostics -> %ProgramFiles%\Alcatel\SpeedTouch USB\dragdiag.exe ["C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon] -> Alcatel Bell [Ver = V161_5R | Size = 4341760 bytes | Modified Date = 2002-05-03 10:40:38 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 2008-03-25 04:28:02 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 2006-07-15 22:52:57 | Attr = ]
Zone Labs Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe [C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe] -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 2007-03-09 01:02:00 | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 2007-03-09 01:02:00 | Attr = ]
<OptionalComponents> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
<Run> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BitTorrent -> %ProgramFiles%\BitTorrent\bittorrent.exe ["C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized] -> [Ver = | Size = 43008 bytes | Modified Date = 2006-11-01 02:34:54 | Attr = ]
<Run> -> HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BitTorrent -> %ProgramFiles%\BitTorrent\bittorrent.exe ["C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized] -> [Ver = | Size = 43008 bytes | Modified Date = 2006-11-01 02:34:54 | Attr = ]
<Administrateur> -> C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage ->
<Administrateur> -> C:\Documents and Settings\Administrateur.MEL\Menu Démarrer\Programmes\Démarrage ->
<Administrateur> -> C:\Documents and Settings\Administrateur.MEL.000\Menu Démarrer\Programmes\Démarrage ->
<All> -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage ->
%AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\20-20 Shortcut Bar.lnk -> %ProgramFiles%\cuisine\Mswin\60\SCBar.Exe -> File not found
%AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 2005-09-23 22:05:26 | Attr = ]
%AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\NETGEAR WPN311 Smart Wizard.lnk -> %ProgramFiles%\NETGEAR\WPN311\wlancfg5.exe -> [Ver = 1, 2, 14, 306 | Size = 1486848 bytes | Modified Date = 2006-02-22 14:49:28 | Attr = ]
<Default> -> C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage ->
<mel> -> C:\Documents and Settings\mel\Menu Démarrer\Programmes\Démarrage ->
<SecurityProviders> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
<Winlogon> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 1005056 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 22016 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 505344 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2600.115 (xpclnt_qfe.021108-2107) | Size = 8280576 bytes | Modified Date = 2003-06-11 13:58:24 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 277504 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
*MultiFile Done* -> ->
<Winlogon> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
<Winlogon> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
<Winlogon> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
<Winlogon> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
<Winlogon> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
<Winlogon> -> HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
<Winlogon> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
rzlywkbj -> %SystemRoot%\system32\dbmsrpcnf.dll -> [Ver = | Size = 83968 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
<CurrentVersion> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
<CurrentVersion> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
<CurrentVersion> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
<CurrentVersion> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
<CurrentVersion> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
<CurrentVersion> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
<CurrentVersion> -> HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
<CDROM> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Pilote de CD-ROM ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 47488 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
flo666
 
Messages: 31
Inscription: 07 Juil 2008, 22:56

Messagede flo666 » 13 Juil 2008, 09:40

*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPIONEER_DVD-RW__DVR-111D________________1.23____\46_044483250313639345735204c202020202020 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomSAMSUNG_CD-R/RW_SW-252F_________________R802____\5&28f5ec1f&0&0.1.0 ->
<Drives> -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 2006-12-31 14:43:26 | Attr = ]
<HOSTS> (222272 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
<Internet> -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
<Internet> -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
<Internet> -> ->
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
<Internet> -> ->
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
<Internet> -> ->
HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 ->
<Internet> -> ->
HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 ->
<Internet> -> ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\: Main\\Start Page -> http://www.msn.com/ ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[] ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\: ProxyEnable -> 0 ->
<Trusted> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
<Trusted> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
<Trusted> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4162 domain(s) found. ->
.[msn] -> Poste de travail ->
32 domain(s) and sub-domain(s) not assigned to a zone.
<Trusted> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
<Trusted> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
<Trusted> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
<Trusted> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
<Trusted> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
<Trusted> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
<Trusted> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
<Trusted> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
<Trusted> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
<Trusted> -> HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4162 domain(s) found. ->
.[msn] -> Poste de travail ->
32 domain(s) and sub-domain(s) not assigned to a zone.
<Trusted> -> HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1715567821-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
<BHO>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11477 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.137 (xpclnt_qfe.021108-2107) | Size = 456192 bytes | Modified Date = 2004-03-30 03:26:55 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation de mises à jour Windows critiques. Si le service est désactivé, le système d'exploitation peut être mis à jour manuellement sur le site Web de Windows Update. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\System32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.2600.0 (XPClient.010817-1148) | Size = 4096 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Permet aux utilisateurs à distance de modifier les paramètres du Registre sur cet ordinateur. Si ce service est arrêté, le Registre ne pourra être modifié que par les utilisateurs de cet ordinateur. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.135 (xpclnt_qfe.021108-2107) | Size = 214528 bytes | Modified Date = 2004-03-06 04:07:47 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Accès à distance au Registre ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 51712 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 62976 bytes | Modified Date = 2001-08-28 14:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.135 (xpclnt_qfe.021108-2107) | Size = 214528 bytes | Modified Date = 2004-03-06 04:07:47 | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Permet à un utilisateur distant de se connecter au système et d'exécuter des programmes, et prend en charge divers clients Telnet TCP/IP dont les ordinateurs sous UNIX et sous Windows. Si ce service est arrêté, l'utilisateur peut ne plus avoir accès à distance aux programmes. Si ce service est désactivé, les services qui en dépendent explicitement ne pourront pas démarrer. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->


[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2008-07-08 22:39:05 | Attr = ]
1 C:\*.tmp files -> C:\*.tmp ->
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536449024 bytes | Created Date = 2008-07-06 13:56:16 | Attr = HS]
KILLTROJANs -> %SystemDrive%\KILLTROJANs -> [Folder | Created Date = 2008-07-06 09:35:50 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 2008-07-06 11:11:54 | Attr = ]
ixqx.sys -> %SystemRoot%\System32\drivers\ixqx.sys -> [Ver = | Size = 61440 bytes | Created Date = 2008-07-09 20:02:30 | Attr = ]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 2008-07-06 14:08:43 | Attr = ]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Created Date = 2008-07-06 14:08:43 | Attr = ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 2008-07-06 14:08:43 | Attr = ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Created Date = 2008-07-06 14:08:43 | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 2008-07-06 11:28:11 | Attr = HS]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Navilog1.lnk -> %AllUsersProfile%\Bureau\Navilog1.lnk -> [Ver = | Size = 630 bytes | Created Date = 2008-07-07 23:44:50 | Attr = ]
2008-07-15.pdf -> %UserProfile%\Bureau\2008-07-15.pdf -> [Ver = | Size = 34195 bytes | Created Date = 2008-07-12 19:24:19 | Attr = ]
2008-07-22.pdf -> %UserProfile%\Bureau\2008-07-22.pdf -> [Ver = | Size = 34038 bytes | Created Date = 2008-07-12 19:24:23 | Attr = ]
2120495726_resize.jpg -> %UserProfile%\Bureau\2120495726_resize.jpg -> [Ver = | Size = 21525 bytes | Created Date = 2008-07-04 20:30:18 | Attr = ]
Audacity.lnk -> %UserProfile%\Bureau\Audacity.lnk -> [Ver = | Size = 630 bytes | Created Date = 2008-07-03 20:07:34 | Attr = ]
avenger.exe -> %UserProfile%\Bureau\avenger.exe -> [Ver = | Size = 731136 bytes | Created Date = 2008-07-09 19:52:26 | Attr = ]
avg75f_523a1323.exe -> %UserProfile%\Bureau\avg75f_523a1323.exe -> [Ver = | Size = 69164008 bytes | Created Date = 2008-07-06 09:45:10 | Attr = ]
batterie -> %UserProfile%\Bureau\batterie -> [Folder | Created Date = 2008-07-08 20:11:47 | Attr = ]
CCleaner.lnk -> %UserProfile%\Bureau\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Created Date = 2008-07-06 11:03:51 | Attr = ]
digitick684368t.jpg -> %UserProfile%\Bureau\digitick684368t.jpg -> [Ver = | Size = 516323 bytes | Created Date = 2008-06-20 18:53:12 | Attr = ]
dineur2008.pdf -> %UserProfile%\Bureau\dineur2008.pdf -> [Ver = | Size = 3608677 bytes | Created Date = 2008-07-12 18:11:06 | Attr = ]
dss.exe -> %UserProfile%\Bureau\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 2008-07-08 22:37:50 | Attr = ]
Facture_30245966.pdf -> %UserProfile%\Bureau\Facture_30245966.pdf -> [Ver = | Size = 9049 bytes | Created Date = 2008-07-01 20:56:06 | Attr = ]
HijackThis.lnk -> %UserProfile%\Bureau\HijackThis.lnk -> [Ver = | Size = 1590 bytes | Created Date = 2008-07-06 10:45:24 | Attr = ]
jxpiinstall.exe -> %UserProfile%\Bureau\jxpiinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.90 | Size = 382352 bytes | Created Date = 2008-07-06 14:03:56 | Attr = ]
KILLTROJANs -> %UserProfile%\Bureau\KILLTROJANs -> [Folder | Created Date = 2008-06-29 11:22:13 | Attr = ]
Numériser0001.jpg -> %UserProfile%\Bureau\Numériser0001.jpg -> [Ver = | Size = 1555834 bytes | Created Date = 2008-07-12 19:24:04 | Attr = ]
OTScanIt -> %UserProfile%\Bureau\OTScanIt -> [Folder | Created Date = 2008-07-13 10:31:43 | Attr = ]
OTScanIt.exe -> %UserProfile%\Bureau\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 2008-07-13 10:28:52 | Attr = ]
pinard_bicougnoux.pdf -> %UserProfile%\Bureau\pinard_bicougnoux.pdf -> [Ver = | Size = 28633 bytes | Created Date = 2008-06-25 13:11:02 | Attr = ]
Proposed Jacques Espinasse T-GCAS Engineering Support Statement of Work.doc -> %UserProfile%\Bureau\Proposed Jacques Espinasse T-GCAS Engineering Support Statement of Work.doc -> [Ver = | Size = 147456 bytes | Created Date = 2008-06-24 18:57:38 | Attr = ]
Raccourci vers vasyjackgogo.lnk -> %UserProfile%\Bureau\Raccourci vers vasyjackgogo.lnk -> [Ver = | Size = 716 bytes | Created Date = 2008-07-06 10:54:28 | Attr = ]
set_list_st_lys_05_07_08.doc -> %UserProfile%\Bureau\set_list_st_lys_05_07_08.doc -> [Ver = | Size = 68096 bytes | Created Date = 2008-07-04 20:31:43 | Attr = ]
spybot_registre.doc -> %UserProfile%\Bureau\spybot_registre.doc -> [Ver = | Size = 30208 bytes | Created Date = 2008-06-24 12:34:46 | Attr = ]
streamaudio(2).m3u -> %UserProfile%\Bureau\streamaudio(2).m3u -> [Ver = | Size = 85 bytes | Created Date = 2008-07-12 11:38:57 | Attr = ]
streamaudio(3).m3u -> %UserProfile%\Bureau\streamaudio(3).m3u -> [Ver = | Size = 85 bytes | Created Date = 2008-07-12 11:39:12 | Attr = ]
streamaudio(4).m3u -> %UserProfile%\Bureau\streamaudio(4).m3u -> [Ver = | Size = 99 bytes | Created Date = 2008-07-12 11:41:41 | Attr = ]
VundoFix.exe -> %UserProfile%\Bureau\VundoFix.exe -> Atribune.org [Ver = 7.00.0006 | Size = 119808 bytes | Created Date = 2008-07-06 11:11:50 | Attr = ]
zaSetup_fr.exe -> %UserProfile%\Bureau\zaSetup_fr.exe -> Check Point Software Technologies LTD [Ver = 7.1.100.000 | Size = 210416 bytes | Created Date = 2008-07-12 15:19:03 | Attr = ]
Audacity -> %ProgramFiles%\Audacity -> [Folder | Created Date = 2008-07-03 20:07:30 | Attr = ]
CCleaner -> %ProgramFiles%\CCleaner -> [Folder | Created Date = 2008-07-06 11:03:51 | Attr = ]
HijackThis -> %ProgramFiles%\HijackThis -> [Folder | Created Date = 2008-07-06 10:45:23 | Attr = ]
Navilog1 -> %ProgramFiles%\Navilog1 -> [Folder | Created Date = 2008-07-07 23:44:50 | Attr = ]

[Files/Folders - Modified Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2008-07-08 22:39:05 | Attr = ]
1 C:\*.tmp files -> C:\*.tmp ->
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2008-07-06 11:28:21 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536449024 bytes | Modified Date = 2008-07-13 10:08:54 | Attr = HS]
KILLTROJANs -> %SystemDrive%\KILLTROJANs -> [Folder | Modified Date = 2008-07-06 09:36:39 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-07-12 15:19:44 | Attr = ]
tmp_zic -> %SystemDrive%\tmp_zic -> [Folder | Modified Date = 2008-07-09 19:51:56 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 2008-07-06 11:11:54 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008-07-11 19:11:49 | Attr = ]
ixqx.sys -> %SystemRoot%\System32\drivers\ixqx.sys -> [Ver = | Size = 61440 bytes | Modified Date = 2008-07-09 20:02:30 | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008-07-12 10:05:08 | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
catsrvf.dll -> %SystemRoot%\System32\catsrvf.dll -> [Ver = | Size = 91136 bytes | Modified Date = 2008-07-11 19:11:32 | Attr = ]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008-07-11 19:11:49 | Attr = ]
vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [Ver = | Size = 55080 bytes | Modified Date = 2008-07-13 10:10:47 | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2184 bytes | Modified Date = 2008-07-01 18:32:37 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008-07-13 10:08:55 | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 2008-07-06 11:30:01 | Attr = HS]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2008-07-13 10:09:17 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2008-07-08 22:39:23 | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-07-06 14:08:48 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 2008-07-13 10:27:14 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2008-07-06 11:11:00 | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 4861 bytes | Modified Date = 2008-06-16 19:09:01 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-07-13 10:34:03 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2008-07-09 22:47:32 | Attr = H ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 2008-07-06 10:40:23 | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008-07-12 09:28:26 | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 2008-07-13 10:12:45 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-07-13 10:09:10 | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2004-05-27 11:24:53 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 14503 bytes | Modified Date = 2008-07-13 10:24:07 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 15641 bytes | Modified Date = 2008-07-13 10:24:03 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [Folder | Modified Date = 2004-05-25 15:45:59 | Attr = ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 2004-05-25 15:45:59 | Attr = ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\TEMP -> [Folder | Modified Date = 2008-07-13 10:12:45 | Attr = ]
Perflib_Perfdata_474.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_474.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-07-12 09:28:57 | Attr = ]
Perflib_Perfdata_478.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_478.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-07-13 10:09:16 | Attr = ]
Perflib_Perfdata_4e8.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_4e8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-07-12 15:51:45 | Attr = ]
6 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2008-07-06 11:23:17 | Attr = ]
Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2008-07-07 21:44:11 | Attr = S]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 237568 bytes | Modified Date = 2008-07-08 18:02:02 | Attr = ]
MAISON -> %UserProfile%\Mes documents\MAISON -> [Folder | Modified Date = 2008-06-28 17:01:10 | Attr = ]
Mes images -> %UserProfile%\Mes documents\Mes images -> [Folder | Modified Date = 2008-06-20 18:45:32 | Attr = R ]
Thumbs.db -> %UserProfile%\Mes documents\Thumbs.db -> [Ver = | Size = 28672 bytes | Modified Date = 2008-06-28 17:01:07 | Attr = HS]
Navilog1.lnk -> %AllUsersProfile%\Bureau\Navilog1.lnk -> [Ver = | Size = 630 bytes | Modified Date = 2008-07-07 23:44:50 | Attr = ]
2008-07-15.pdf -> %UserProfile%\Bureau\2008-07-15.pdf -> [Ver = | Size = 34195 bytes | Modified Date = 2008-07-12 19:24:21 | Attr = ]
2008-07-22.pdf -> %UserProfile%\Bureau\2008-07-22.pdf -> [Ver = | Size = 34038 bytes | Modified Date = 2008-07-12 19:24:24 | Attr = ]
2120495726_resize.jpg -> %UserProfile%\Bureau\2120495726_resize.jpg -> [Ver = | Size = 21525 bytes | Modified Date = 2008-07-04 20:30:18 | Attr = ]
Audacity.lnk -> %UserProfile%\Bureau\Audacity.lnk -> [Ver = | Size = 630 bytes | Modified Date = 2008-07-03 20:07:34 | Attr = ]
avg75f_523a1323.exe -> %UserProfile%\Bureau\avg75f_523a1323.exe -> [Ver = | Size = 69164008 bytes | Modified Date = 2008-07-06 09:54:24 | Attr = ]
batterie -> %UserProfile%\Bureau\batterie -> [Folder | Modified Date = 2008-07-08 20:11:47 | Attr = ]
CCleaner.lnk -> %UserProfile%\Bureau\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 2008-07-06 11:03:51 | Attr = ]
comptes.xls -> %UserProfile%\Bureau\comptes.xls -> [Ver = | Size = 19456 bytes | Modified Date = 2008-07-10 22:22:08 | Attr = ]
cuisines_comparaison.xls -> %UserProfile%\Bureau\cuisines_comparaison.xls -> [Ver = | Size = 18944 bytes | Modified Date = 2008-07-09 22:46:14 | Attr = ]
digitick684368t.jpg -> %UserProfile%\Bureau\digitick684368t.jpg -> [Ver = | Size = 516323 bytes | Modified Date = 2008-06-20 18:53:15 | Attr = ]
dineur2008.pdf -> %UserProfile%\Bureau\dineur2008.pdf -> [Ver = | Size = 3608677 bytes | Modified Date = 2008-07-12 18:11:23 | Attr = ]
dss.exe -> %UserProfile%\Bureau\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2008-07-08 22:37:59 | Attr = ]
Facture_30245966.pdf -> %UserProfile%\Bureau\Facture_30245966.pdf -> [Ver = | Size = 9049 bytes | Modified Date = 2008-07-01 20:56:05 | Attr = ]
HijackThis.lnk -> %UserProfile%\Bureau\HijackThis.lnk -> [Ver = | Size = 1590 bytes | Modified Date = 2008-07-12 11:57:23 | Attr = ]
jxpiinstall.exe -> %UserProfile%\Bureau\jxpiinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.90 | Size = 382352 bytes | Modified Date = 2008-07-06 14:04:01 | Attr = ]
KILLTROJANs -> %UserProfile%\Bureau\KILLTROJANs -> [Folder | Modified Date = 2008-07-09 19:53:21 | Attr = ]
Numériser0001.jpg -> %UserProfile%\Bureau\Numériser0001.jpg -> [Ver = | Size = 1555834 bytes | Modified Date = 2008-07-12 19:24:09 | Attr = ]
OTScanIt -> %UserProfile%\Bureau\OTScanIt -> [Folder | Modified Date = 2008-07-13 10:31:43 | Attr = ]
OTScanIt.exe -> %UserProfile%\Bureau\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 2008-07-13 10:29:05 | Attr = ]
pinard_bicougnoux.pdf -> %UserProfile%\Bureau\pinard_bicougnoux.pdf -> [Ver = | Size = 28633 bytes | Modified Date = 2008-06-25 13:11:02 | Attr = ]
Proposed Jacques Espinasse T-GCAS Engineering Support Statement of Work.doc -> %UserProfile%\Bureau\Proposed Jacques Espinasse T-GCAS Engineering Support Statement of Work.doc -> [Ver = | Size = 147456 bytes | Modified Date = 2008-06-24 18:57:36 | Attr = ]
Raccourci vers vasyjackgogo.lnk -> %UserProfile%\Bureau\Raccourci vers vasyjackgogo.lnk -> [Ver = | Size = 716 bytes | Modified Date = 2008-07-06 10:54:28 | Attr = ]
set_list_st_lys_05_07_08.doc -> %UserProfile%\Bureau\set_list_st_lys_05_07_08.doc -> [Ver = | Size = 68096 bytes | Modified Date = 2008-07-04 21:25:27 | Attr = ]
spybot_registre.doc -> %UserProfile%\Bureau\spybot_registre.doc -> [Ver = | Size = 30208 bytes | Modified Date = 2008-06-24 12:34:47 | Attr = ]
streamaudio(2).m3u -> %UserProfile%\Bureau\streamaudio(2).m3u -> [Ver = | Size = 85 bytes | Modified Date = 2008-07-12 11:38:52 | Attr = ]
streamaudio(3).m3u -> %UserProfile%\Bureau\streamaudio(3).m3u -> [Ver = | Size = 85 bytes | Modified Date = 2008-07-12 11:39:02 | Attr = ]
streamaudio(4).m3u -> %UserProfile%\Bureau\streamaudio(4).m3u -> [Ver = | Size = 99 bytes | Modified Date = 2008-07-12 11:41:39 | Attr = ]
Thumbs.db -> %UserProfile%\Bureau\Thumbs.db -> [Ver = | Size = 93184 bytes | Modified Date = 2008-07-04 20:30:39 | Attr = HS]
VundoFix.exe -> %UserProfile%\Bureau\VundoFix.exe -> Atribune.org [Ver = 7.00.0006 | Size = 119808 bytes | Modified Date = 2008-06-29 11:21:59 | Attr = ]
zaSetup_fr.exe -> %UserProfile%\Bureau\zaSetup_fr.exe -> Check Point Software Technologies LTD [Ver = 7.1.100.000 | Size = 210416 bytes | Modified Date = 2008-07-12 15:19:00 | Attr = ]

[CatchMe Rootkit Scan by GMER]
<Windows>
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
<Document>
scanning hidden files ...
scan completed successfully
hidden files: 0

<End>
[/code]
flo666
 
Messages: 31
Inscription: 07 Juil 2008, 22:56

Messagede nickW » 14 Juil 2008, 13:05

Bonjour,


La suite .....

Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
avast!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Arrêter la protection résidente"


Étape 2: OTScanIt (de OldTimer), correction
Fermer toutes les fenêtres de programme ouvertes.
Dans l'Explorateur, ouvrir le dossier OTScanIt qui a été créé sur le Bureau.
Faire un double clic sur OTScanIt.exe pour lancer l'outil:

Image

Sélectionner la totalité des lignes inscrites dans la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C du clavier:
Code: Tout sélectionner
[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (dwazjein) dwazjein [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\czyjfmhd.dat
[Registry - Non-Microsoft Only]
YN -> 4xyn -> %SystemRoot%\system32\4xyn.exe [C:\WINDOWS\system32\4xyn.exe]
YY -> rzlywkbj -> %SystemRoot%\system32\dbmsrpcnf.dll
YN -> 32 domain(s) and sub-domain(s) not assigned to a zone. ->
YN -> 32 domain(s) and sub-domain(s) not assigned to a zone. ->
YN -> 32 domain(s) and sub-domain(s) not assigned to a zone. ->
YN -> 32 domain(s) and sub-domain(s) not assigned to a zone. ->
YN -> 32 domain(s) and sub-domain(s) not assigned to a zone. ->
YN -> 32 domain(s) and sub-domain(s) not assigned to a zone. ->
YN -> 32 domain(s) and sub-domain(s) not assigned to a zone. ->
[Files/Folders - Modified Within 30 days]
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> catsrvf.dll -> %SystemRoot%\System32\catsrvf.dll
NY -> 6 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
[Empty Temp Folders]
[Start Explorer]



Revenir dans la fenêtre de OTScanIt, faire un clic droit dans la zone blanche du paragraphe Paste Fix Here puis choisir Coller:
Image
Note: Le texte de la zone Code doit ainsi être copié dans la fenêtre de OTScanIt. Si ce n'est pas le cas, recommencer l'opération.

Cliquer alors sur le bouton Run Fix:
Image

Lorsque l'outil a fini de travailler, il y a ouverture d'une petite fenêtre "Information" annonçant "Fix Complete! Click OK to open the fix log". Cliquer sur le bouton OK:
Image

Il y a ensuite ouverture d'une fenêtre du Bloc-notes contenant le rapport de correction.
Note: Dans le Bloc-notes, vérifier dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.
Fermer la fenêtre de OTScanIt.


Étape 3: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 4: Résultats
Envoyer en réponse:
*- le rapport de correction de OTScanIt (contenu du fichier ********_******.log situé dans le dossier OTScanIt\MovedFiles - les *** sont des chiffres représentant la date [moisjourannée] et l'heure).
Note: Si dans le message ainsi envoyé sur le forum la dernière ligne de la zone Code n'est pas <End>, cela signifie que le rapport est trop grand pour tenir dans un seul message. Dans ce cas, il faut le couper en plusieurs messages.
*- un nouveau log HijackThis

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede flo666 » 14 Juil 2008, 13:42

Bonjour,

Voici le log obtenu après nettoyage (un reboot a été demandé et effectué) :

Explorer killed successfully
[Driver Services - Non-Microsoft Only]
Unable to stop service dwazjein .
Service dwazjein deleted successfully.
File C:\WINDOWS\system32\drivers\czyjfmhd.dat not found.
[Registry - Non-Microsoft Only]
Registry key \ not found.
Registry key \ not found.
LoadLibrary failed for C:\WINDOWS\system32\dbmsrpcnf.dll
C:\WINDOWS\system32\dbmsrpcnf.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\dbmsrpcnf.dll scheduled to be moved on reboot.
Registry key \ not found.
Registry key \ not found.
Registry key \ not found.
Registry key \ not found.
Registry key \ not found.
Registry key \ not found.
Registry key \ not found.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\System32\catsrvf.dll unregistered successfully.
File move failed. C:\WINDOWS\System32\catsrvf.dll scheduled to be moved on reboot.
File delete failed. C:\WINDOWS\Temp\ZLT03893.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Temp\ZLT038b0.TMP scheduled to be deleted on reboot.
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_438.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT03893.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT038b0.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
<End>
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 07142008_143311

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\dbmsrpcnf.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\System32\catsrvf.dll scheduled to be moved on reboot.
File C:\WINDOWS\Temp\ZLT03893.TMP not found!
File C:\WINDOWS\Temp\ZLT038b0.TMP not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_438.dat not found!


Je n'ai plus le message de détection du Trojan Pakes dans Avast lorsque j'ouvre un explorateur.
Par contre, une icône "point d'excalamation jaune" + systeme message apparaît dans la barre des icônes en bas à droite.
Lorsque je clique dessus deux fenêtres internet explorer s'ouvrent avec les liens ci-dessous :
http://yourprivacyguard.com/?cmpname=radc&air=swp_gdc&lir=2822&afr=pp_955546876&eu=http%3A%2F%2Fadvancedcleaner.com%2F.cleaner%2Findex.php%3Ftmn%3Dadctmp%26clone_name%3Dswpadcex%26led%3D2822%26afr%3Dpp_955546876&
http://gomyron.com/MTk2OTY=/2/2822/cf0b13/
flo666
 
Messages: 31
Inscription: 07 Juil 2008, 22:56

Messagede nickW » 15 Juil 2008, 23:31

Bonsoir,

Nouvel outil:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)


Étape 1: Affichage tous fichiers
Vérifier que ton PC affiche bien tous les fichiers
http://assiste.com.free.fr/p/comment/co ... aches.html


Étape 2: Ccleaner
Lancer le programme.
Note: il est inutile de modifier les paramètres autres que ceux décrits ci-dessous:
Si nécessaire, aller dans Options et choisir le langage: Français.
*- Dans le menu Nettoyeur - onglet Windows, cocher:
Internet Explorer: Fichiers Internet Temporaires, Cookies
Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
Avancé: Vieilles données du Prefetch
*- Dans le menu Options - sous-menu Avancé, décocher:
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
*- Dans le menu Nettoyeur - onglet Applications, cocher:
Internet: Sun Java
*- Si cela est possible, dans le menu Nettoyeur - onglet Applications, cocher:
Firefox/Mozilla: Cache Internet, Cookies

Cliquer sur Analyse
Dans le menu Options - sous-menu Cookies, faire passer dans le panneau de droite les cookies que tu veux absolument conserver.
Puis dans le menu Nettoyeur, cliquer sur le bouton Lancer le nettoyage.
Fermer le programme.


Étape 3: SmitFraudFix (de S!ri), option 1: Recherche
Télécharger SmitFraudFix depuis http://siri.urz.free.fr/Fix/SmitfraudFix.exe
ou http://siri.geekstogo.com/SmitfraudFix.exe
Enregistrer ce fichier sur le Bureau.

Faire un double clic sur SmitfraudFix.exe pour lancer l'outil.
Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.
Notes:
1/ Il faut autoriser l'exécution de l'intégralité du scipt Visual Basic (fichier de type vbs) une seule fois en cas d'alerte par ton antivirus.
2/ process.exe, Reboot.exe, restart.exe sont détectés par certains antivirus/antispyware comme étant des RiskTools (outils dangereux).
Il s'agit d'utilitaires destinés à mettre fin à des processus, faire redémarrer le système, ou relancer un processus. Mis entre de mauvaises mains, ces utilitaires pourraient avoir des actions néfastes.
Dans le cas de SmitFraudFix, il faut les laisser s'exécuter (si nécessaire, arrêter momentanément la protection en temps réel de l'antivirus/antispyware).



Étape 4: Résultat
Envoyer en réponse le rapport de SmitFraudFix (contenu du fichier SystemDrive\rapport.txt) ainsi qu'un nouveau log HijackThis.
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
Note importante:
Si ce rapport de SmitFraudFix contient des dizaines de lignes commençant par "127.0.0.1", il ne faut pas toutes les envoyer sur le forum.
Il ne faut envoyer que les 15 premières lignes commençant par "127.0.0.1" avec le reste du log.


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede flo666 » 16 Juil 2008, 20:05

Bonsoir,

Voilà le rapport SmitFraudFix :

SmitFraudFix v2.329

Rapport fait à 21:02:51.96, 2008-07-16
Executé à partir de C:\Documents and Settings\mel\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mel


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\mel\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WPN311 RangeMax(TM) Wireless PCI Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8B66B1FB-49B7-436F-9381-3333F8AEB4C7}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8B66B1FB-49B7-436F-9381-3333F8AEB4C7}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8B66B1FB-49B7-436F-9381-3333F8AEB4C7}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
flo666
 
Messages: 31
Inscription: 07 Juil 2008, 22:56

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 9 invités