Tom's Guide > Forum > Sécurité - Virus > Helpppppp virus iEXPLORE.eXE

Helpppppp virus iEXPLORE.eXE

Forum Sécurité - Virus : Helpppppp virus iEXPLORE.eXE

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
iliasjackie   29-08-2009 à 16:07:06

Depuis quelque temps javais eu plein de virus mais je men suis debarraser grace a la reparation mais maintenant jai le virus IEXPLORE.EXE qui prend une grande partie dela mémoir et du proseseur et le pc devien trop lent et tous les jeux deviennetn lesnt genre Counter strike etc jai esseyer avec combofix mais il est toujours voila le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:59, on 29/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Protector Plus\PPAVMon.exe
C:\Protector Plus\PPServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROTEC~1\PPTbc.EXE
C:\PROTEC~1\PPInupdt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Menara\dslmon.exe
C:\Protector Plus\POPSCAN.EXE
C:\Documents and Settings\Ilias\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.menara.ma
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Protector Plus Taskbar Control] C:\PROTEC~1\PPTbc.EXE
O4 - HKLM\..\Run: [Protector Plus InstaUpdate] C:\PROTEC~1\PPInupdt.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {63308B48-F435-42FD-AB0A-3564C7BEF9D7} - https://iplay.fr.toontown.com/downl [...] french.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 0599556288
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Protector Plus Anti-virus Monitor Service (ProtectorPlusAVMonitor) - Proland Software - C:\Protector Plus\PPAVMon.exe
O23 - Service: Protector Plus Service (ProtectorPlusService) - Proland Software - C:\Protector Plus\PPServ.exe
O24 - Desktop Component 0: (no name) - http://www.anglaisfacile.com/free/images/supertop.gif

--
End of file - 4654 bytes

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Destrio5   29-08-2009 à 16:33:03
- 0 +

Bonjour,

(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).


Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Répondre à Destrio5
iliasjackie   29-08-2009 à 16:58:30
- 0 +

info.txt logfile of random's system information tool 1.06 2009-08-29 16:56:25

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CounterStrike 1.6 from VSI (Version 1.02)-->D:\PROGRA~1\Valve\CSTRIK~1.6\UNWISE.EXE D:\PROGRA~1\Valve\CSTRIK~1.6\ins_cs16_vsi102.log
HijackThis 2.0.2-->"C:\Documents and Settings\Ilias\Bureau\HijackThis.exe" /uninstall
HP Software Update-->MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
Intel(R) Extreme Graphics Driver Software-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
J2SE Development Kit 5.0 Update 11-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150110}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kit de Connexion MENARA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB25E068-C7A2-482F-A3BC-588A5869844D}\setup.exe" -l0x40c ControlPanel
Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 3.57-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
Protector Plus for Windows-->C:\Protector Plus\Setup.exe /DEINSTALL
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Vimicro USB PC Camera -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\setup.exe" -l0x9
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Protector Plus Anti-virus Software

======System event log======

Computer Name: 3WMDIN2P0DH2LJ2
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Protector Plus Driver.

Record Number: 190
Source Name: Service Control Manager
Time Written: 20090819152029.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: 3WMDIN2P0DH2LJ2
Event Code: 7036
Message: Le service Protector Plus Service est entré dans l'état : en cours d'exécution.

Record Number: 189
Source Name: Service Control Manager
Time Written: 20090819152029.000000+120
Event Type: Informations
User:

Computer Name: 3WMDIN2P0DH2LJ2
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Protector Plus Service.

Record Number: 188
Source Name: Service Control Manager
Time Written: 20090819152029.000000+120
Event Type: Informations
User: 3WMDIN2P0DH2LJ2\Ilias

Computer Name: 3WMDIN2P0DH2LJ2
Event Code: 7036
Message: Le service Service Messenger Sharing Folders USN Journal Reader est entré dans l'état : en cours d'exécution.

Record Number: 187
Source Name: Service Control Manager
Time Written: 20090819131245.000000+120
Event Type: Informations
User:

Computer Name: 3WMDIN2P0DH2LJ2
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service Messenger Sharing Folders USN Journal Reader.

Record Number: 186
Source Name: Service Control Manager
Time Written: 20090819131241.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

=====Application event log=====

Computer Name: 3WMDIN2P0DH2LJ2
Event Code: 101
Message: wuauclt (2296) Le moteur de base de données est arrêté.

Record Number: 5
Source Name: ESENT
Time Written: 20090818183814.000000+120
Event Type: Informations
User:

Computer Name: 3WMDIN2P0DH2LJ2
Event Code: 103
Message: wuaueng.dll (2296) SUS20ClientDataStore: Le moteur de base de données a arrêté une instance (0).

Record Number: 4
Source Name: ESENT
Time Written: 20090818183814.000000+120
Event Type: Informations
User:

Computer Name: 3WMDIN2P0DH2LJ2
Event Code: 102
Message: wuaueng.dll (2296) SUS20ClientDataStore: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 3
Source Name: ESENT
Time Written: 20090818183305.000000+120
Event Type: Informations
User:

Computer Name: 3WMDIN2P0DH2LJ2
Event Code: 100
Message: wuauclt (2296) Le moteur de base de données 5.01.2600.2180 est démarré.

Record Number: 2
Source Name: ESENT
Time Written: 20090818183305.000000+120
Event Type: Informations
User:

Computer Name: 3WMDIN2P0DH2LJ2
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 1
Source Name: SecurityCenter
Time Written: 20090818183229.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\WINDOWS\System32
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ilias at 2009-08-29 16:55:35
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 7 GB (39%) free of 19 GB
Total RAM: 375 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:09, on 29/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Protector Plus\PPAVMon.exe
C:\Protector Plus\PPServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROTEC~1\PPTbc.EXE
C:\PROTEC~1\PPInupdt.exe
C:\Program Files\Menara\dslmon.exe
C:\Protector Plus\POPSCAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ilias\Mes documents\RSIT.exe
C:\Documents and Settings\Ilias\Bureau\Ilias.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.menara.ma
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Protector Plus Taskbar Control] C:\PROTEC~1\PPTbc.EXE
O4 - HKLM\..\Run: [Protector Plus InstaUpdate] C:\PROTEC~1\PPInupdt.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 0599556288
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/bina [...] b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3192EA5F-B1D0-431C-B5E2-4A77C4D81B29}: NameServer = 62.251.229.223 62.251.229.237
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Protector Plus Anti-virus Monitor Service (ProtectorPlusAVMonitor) - Proland Software - C:\Protector Plus\PPAVMon.exe
O23 - Service: Protector Plus Service (ProtectorPlusService) - Proland Software - C:\Protector Plus\PPServ.exe
O24 - Desktop Component 0: (no name) - http://www.anglaisfacile.com/free/images/supertop.gif

--
End of file - 4420 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Protector Plus Taskbar Control"=C:\PROTEC~1\PPTbc.EXE [2009-08-19 1278640]
"Protector Plus InstaUpdate"=C:\PROTEC~1\PPInupdt.exe [2009-08-19 1159856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe [2005-04-25 36040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2
"Avg7UpdSvc"=2
"Avg7Alrt"=2
"AntiVirService"=2
"AntiVirSchedulerService"=2

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
DSLMON.lnk - C:\Program Files\Menara\dslmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-10-15 315392]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoChangeAnimation"=
"NoStrCmpLogical"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\System32\61.scr"="C:\WINDOWS\System32\61.scr:*:C:\WINDOWS\mslsrv32.exe"
"C:\WINDOWS\System32\20.scr"="C:\WINDOWS\System32\20.scr:*:C:\WINDOWS\mslsrv32.exe"
"C:\WINDOWS\System32\70.scr"="C:\WINDOWS\System32\70.scr:*:C:\WINDOWS\waw32.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-08-29 16:55:35 ----D---- C:\rsit
2009-08-29 16:11:10 ----A---- C:\lopR.txt
2009-08-29 16:10:38 ----D---- C:\Lop SD
2009-08-29 15:38:24 ----A---- C:\cleannavi.txt
2009-08-29 15:37:22 ----D---- C:\Program Files\Navilog1
2009-08-29 03:05:49 ----D---- C:\WINDOWS\temp
2009-08-29 03:05:47 ----A---- C:\ComboFix.txt
2009-08-22 01:36:00 ----A---- C:\WINDOWS\zip.exe
2009-08-22 01:36:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-22 01:36:00 ----A---- C:\WINDOWS\SWSC.exe
2009-08-22 01:36:00 ----A---- C:\WINDOWS\SWREG.exe
2009-08-22 01:36:00 ----A---- C:\WINDOWS\sed.exe
2009-08-22 01:36:00 ----A---- C:\WINDOWS\PEV.exe
2009-08-22 01:36:00 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-22 01:36:00 ----A---- C:\WINDOWS\grep.exe
2009-08-22 01:35:45 ----D---- C:\WINDOWS\ERDNT
2009-08-22 01:35:08 ----D---- C:\Qoobox
2009-08-20 19:25:34 ----A---- C:\WINDOWSsc.txt
2009-08-20 12:35:04 ----RSH---- C:\WINDOWS\waw32.exe
2009-08-20 12:33:49 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-20 12:33:05 ----RSH---- C:\WINDOWS\msdrive32.exe
2009-08-19 15:23:03 ----D---- C:\WINDOWS\system32\PreInstall
2009-08-19 15:23:01 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-08-19 15:22:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-19 15:20:03 ----A---- C:\WINDOWS\system32\_PPCXM_.DLL
2009-08-19 15:19:47 ----D---- C:\Protector Plus
2009-08-19 15:19:47 ----A---- C:\WINDOWS\_SETUPD_.EXE
2009-08-19 12:25:23 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-08-18 21:53:53 ----A---- C:\WINDOWS\IsUn040c.exe
2009-08-18 19:57:55 ----RSH---- C:\WINDOWS\mscth32.exe
2009-08-18 19:57:06 ----RSH---- C:\WINDOWS\mslsrv32.exe
2009-08-18 19:49:53 ----D---- C:\WINDOWS\twain_32
2009-08-18 19:49:53 ----D---- C:\WINDOWS\Provisioning
2009-08-18 19:49:53 ----D---- C:\WINDOWS\PeerNet
2009-08-18 19:49:53 ----D---- C:\WINDOWS\ehome
2009-08-18 19:49:53 ----D---- C:\WINDOWS\Connection Wizard
2009-08-18 19:49:53 ----D---- C:\WINDOWS\Config
2009-08-18 19:49:53 ----D---- C:\WINDOWS\addins
2009-08-18 19:39:04 ----D---- C:\backreg
2009-08-18 18:28:07 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-08-18 18:25:43 ----D---- C:\WINDOWS\Prefetch
2009-08-18 18:18:21 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-08-18 18:16:41 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-08-18 18:16:12 ----D---- C:\Program Files\Services en ligne
2009-08-18 18:15:50 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-08-18 18:15:49 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-08-18 18:15:48 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-08-18 18:15:48 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-08-18 18:15:37 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-08-18 18:15:37 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-08-18 18:13:50 ----D---- C:\Program Files\ComPlus Applications
2009-08-18 17:58:57 ----D---- C:\Program Files\Fichiers communs\ODBC
2009-08-18 17:58:45 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-08-18 17:58:45 ----A---- C:\WINDOWS\system32\irclass.dll
2009-08-18 17:58:16 ----RA---- C:\WINDOWS\SET68.tmp
2009-08-18 17:58:13 ----RA---- C:\WINDOWS\SET5C.tmp
2009-08-18 17:58:12 ----RA---- C:\WINDOWS\SET5B.tmp
2009-08-18 17:40:04 ----D---- C:\WINDOWS\RestoreSafeDeleted
2009-08-18 17:40:04 ----D---- C:\Program Files\Greatis
2009-08-18 17:40:01 ----D---- C:\Program Files\Fichiers communs\Services
2009-08-18 17:29:26 ----D---- C:\WINDOWS\CSC
2009-08-18 14:47:22 ----A---- C:\WINDOWS\system32\wups2.dll
2009-08-18 14:47:22 ----A---- C:\WINDOWS\system32\wups.dll
2009-08-18 14:47:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-08-18 14:47:19 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-08-18 14:46:13 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-18 14:39:57 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-08-18 14:39:46 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-08-18 14:39:30 ----A---- C:\WINDOWS\system32\wgatray.exe.old
2009-08-18 14:39:30 ----A---- C:\WINDOWS\system32\WgaTray.exe
2009-08-18 14:39:30 ----A---- C:\WINDOWS\system32\wgalogon.dll.old
2009-08-18 14:39:30 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2009-08-18 14:39:30 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2009-08-18 12:56:03 ----A---- C:\WINDOWS\DUMP6997.tmp
2009-08-18 12:56:03 ----A---- C:\WINDOWS\DUMP6764.tmp
2009-08-18 12:56:03 ----A---- C:\WINDOWS\DUMP5ae1.tmp
2009-08-18 12:56:03 ----A---- C:\WINDOWS\DUMP5a93.tmp
2009-08-18 12:56:03 ----A---- C:\WINDOWS\DUMP5890.tmp
2009-08-18 12:56:03 ----A---- C:\WINDOWS\DUMP56dc.tmp
2009-08-18 12:56:03 ----A---- C:\WINDOWS\DUMP5592.tmp
2009-08-18 12:56:03 ----A---- C:\WINDOWS\DUMP5330.tmp
2009-08-18 12:56:03 ----A---- C:\WINDOWS\DUMP4de1.tmp
2009-08-18 12:56:03 ----A---- C:\WINDOWS\DUMP4c4b.tmp
2009-08-18 12:56:03 ----A---- C:\WINDOWS\DUMP271f.tmp
2009-08-14 20:12:23 ----A---- C:\WINDOWS\wininit.ini
2009-08-14 20:07:40 ----A---- C:\logfile32.txt
2009-08-14 19:19:26 ----D---- C:\WINDOWS\ERUNT
2009-08-13 13:46:20 ----A---- C:\WINDOWS\system32\irot.exe
2009-08-13 13:46:20 ----A---- C:\WINDOWS\system32\gsdvjki.exe
2009-08-12 19:16:37 ----D---- C:\SDFix
2009-08-05 15:08:31 ----RASH---- C:\WINDOWS\msath32.exe
2009-07-31 21:09:53 ----A---- C:\WINDOWS\lsoon.ini
2009-07-31 19:04:16 ----RASHOT---- C:\WINDOWS\winstart.bat
2009-07-31 19:02:45 ----D---- C:\Documents and Settings\Ilias\Application Data\Regrun
2009-07-31 13:53:28 ----A---- C:\WINDOWS\log32.txt

======List of files/folders modified in the last 1 months======

2009-08-29 16:53:40 ----D---- C:\Program Files\Mozilla Firefox
2009-08-29 16:22:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-29 15:37:22 ----RD---- C:\Program Files
2009-08-29 14:59:47 ----D---- C:\WINDOWS
2009-08-29 14:59:12 ----D---- C:\WINDOWS\Debug
2009-08-29 03:52:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-29 03:05:51 ----D---- C:\WINDOWS\system32\drivers
2009-08-29 03:05:51 ----D---- C:\WINDOWS\system32
2009-08-29 02:59:27 ----A---- C:\WINDOWS\system.ini
2009-08-29 02:57:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-29 02:05:31 ----SH---- C:\boot.ini
2009-08-29 02:05:31 ----A---- C:\WINDOWS\win.ini
2009-08-29 02:04:42 ----D---- C:\WINDOWS\pss
2009-08-28 20:42:24 ----D---- C:\WINDOWS\Minidump
2009-08-27 21:00:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-27 20:53:50 ----D---- C:\WINDOWS\AppPatch
2009-08-27 20:53:13 ----D---- C:\Program Files\Fichiers communs
2009-08-25 18:32:07 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-25 18:32:07 ----D---- C:\WINDOWS\system
2009-08-25 16:40:33 ----SHD---- C:\WINDOWS\Installer
2009-08-25 16:40:33 ----SHD---- C:\Config.Msi
2009-08-25 16:39:13 ----A---- C:\WINDOWS\hpdj3840.ini
2009-08-25 16:38:57 ----D---- C:\Program Files\HP
2009-08-25 16:38:56 ----D---- C:\Program Files\Hewlett-Packard
2009-08-25 16:38:28 ----HD---- C:\WINDOWS\inf
2009-08-23 02:35:09 ----D---- C:\Documents and Settings\Ilias\Application Data\SecondLife
2009-08-23 02:28:22 ----D---- C:\Documents and Settings\Ilias\Application Data\Mozilla
2009-08-22 01:51:22 ----D---- C:\WINDOWS\system32\config
2009-08-21 17:48:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-21 17:43:24 ----D---- C:\WINDOWS\system32\wbem
2009-08-20 22:24:44 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-20 14:41:01 ----D---- C:\Program Files\Dofus
2009-08-19 15:20:06 ----A---- C:\AUTOEXEC.BAT
2009-08-19 12:25:41 ----D---- C:\WINDOWS\Help
2009-08-18 19:55:14 ----D---- C:\WINDOWS\system32\Setup
2009-08-18 19:55:04 ----D---- C:\WINDOWS\system32\usmt
2009-08-18 19:54:49 ----D---- C:\WINDOWS\ime
2009-08-18 19:54:47 ----D---- C:\WINDOWS\Media
2009-08-18 19:54:18 ----D---- C:\WINDOWS\system32\npp
2009-08-18 19:54:09 ----D---- C:\WINDOWS\msagent
2009-08-18 19:52:00 ----D---- C:\WINDOWS\system32\1036
2009-08-18 19:51:34 ----D---- C:\WINDOWS\system32\icsxml
2009-08-18 19:51:00 ----D---- C:\WINDOWS\system32\1033
2009-08-18 19:49:53 ----D---- C:\WINDOWS\Driver Cache
2009-08-18 19:46:40 ----RSD---- C:\WINDOWS\Fonts
2009-08-18 18:34:16 ----SD---- C:\Documents and Settings\Ilias\Application Data\Microsoft
2009-08-18 18:30:21 ----D---- C:\WINDOWS\security
2009-08-18 18:29:29 ----SHD---- C:\System Volume Information
2009-08-18 18:29:29 ----D---- C:\WINDOWS\system32\Restore
2009-08-18 18:29:08 ----D---- C:\Program Files\MSN Messenger
2009-08-18 18:27:52 ----D---- C:\WINDOWS\Registration
2009-08-18 18:17:56 ----AC---- C:\WINDOWS\ODBCINST.INI
2009-08-18 18:17:28 ----D---- C:\WINDOWS\system32\ias
2009-08-18 18:16:45 ----RD---- C:\WINDOWS\Web
2009-08-18 18:16:30 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-08-18 18:16:02 ----D---- C:\WINDOWS\system32\oobe
2009-08-18 18:15:57 ----D---- C:\WINDOWS\srchasst
2009-08-18 18:15:54 ----D---- C:\Program Files\Windows Media Player
2009-08-18 18:15:46 ----D---- C:\Program Files\Movie Maker
2009-08-18 18:15:35 ----D---- C:\Program Files\NetMeeting
2009-08-18 18:15:32 ----D---- C:\Program Files\Outlook Express
2009-08-18 18:15:32 ----D---- C:\Program Files\Fichiers communs\System
2009-08-18 18:15:20 ----D---- C:\Program Files\Internet Explorer
2009-08-18 18:14:07 ----D---- C:\WINDOWS\system32\Com
2009-08-18 18:13:26 ----D---- C:\Program Files\Messenger
2009-08-18 18:13:22 ----D---- C:\Program Files\Windows NT
2009-08-18 18:09:19 ----A---- C:\WINDOWS\adidsl.ini
2009-08-18 18:02:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-18 17:58:27 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-08-18 17:57:43 ----D---- C:\WINDOWS\WinSxS
2009-08-18 17:39:20 ----D---- C:\WINDOWS\BDOSCAN8
2009-08-18 17:38:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-18 17:35:40 ----D---- C:\Documents and Settings\Ilias\Application Data\dvdcss
2009-08-18 17:19:19 ----D---- C:\Documents and Settings
2009-08-18 14:47:33 ----HD---- C:\Program Files\WindowsUpdate
2009-08-16 20:33:30 ----A---- C:\WINDOWS\DUMP5776.tmp
2009-08-16 20:32:28 ----A---- C:\WINDOWS\DUMP57c4.tmp
2009-08-16 20:31:37 ----A---- C:\WINDOWS\DUMP57f4.tmp
2009-08-16 20:30:47 ----A---- C:\WINDOWS\DUMP5718.tmp
2009-08-16 20:29:59 ----A---- C:\WINDOWS\DUMP570a.tmp
2009-08-16 20:29:07 ----A---- C:\WINDOWS\DUMP5795.tmp
2009-08-16 20:28:17 ----A---- C:\WINDOWS\DUMP5747.tmp
2009-08-16 20:27:28 ----A---- C:\WINDOWS\DUMP56db.tmp
2009-08-16 20:26:38 ----A---- C:\WINDOWS\DUMP5709.tmp
2009-08-16 20:25:47 ----A---- C:\WINDOWS\DUMP5091.tmp
2009-08-16 20:24:33 ----A---- C:\WINDOWS\DUMP57b5.tmp
2009-08-16 20:23:44 ----A---- C:\WINDOWS\DUMP5dee.tmp
2009-08-15 23:14:32 ----A---- C:\WINDOWS\DUMP56ab.tmp
2009-08-15 23:13:40 ----A---- C:\WINDOWS\DUMP5d91.tmp
2009-08-15 20:32:36 ----A---- C:\WINDOWS\DUMP5d04.tmp
2009-08-15 20:21:59 ----A---- C:\WINDOWS\DUMP5498.tmp
2009-08-15 20:21:09 ----A---- C:\WINDOWS\DUMP542a.tmp
2009-08-15 20:20:20 ----A---- C:\WINDOWS\DUMP5033.tmp
2009-08-15 19:29:04 ----A---- C:\WINDOWS\DUMP536f.tmp
2009-08-14 22:42:23 ----A---- C:\WINDOWS\DUMP5563.tmp
2009-08-14 22:41:24 ----A---- C:\WINDOWS\DUMP5459.tmp
2009-08-14 22:35:33 ----A---- C:\WINDOWS\DUMP58be.tmp
2009-08-14 22:34:26 ----A---- C:\WINDOWS\DUMP5bac.tmp
2009-08-14 22:33:28 ----A---- C:\WINDOWS\DUMP5852.tmp
2009-08-14 22:32:24 ----A---- C:\WINDOWS\DUMP593b.tmp
2009-08-14 21:58:54 ----A---- C:\WINDOWS\DUMP594b.tmp
2009-08-14 21:57:56 ----A---- C:\WINDOWS\DUMP56da.tmp
2009-08-14 21:56:54 ----A---- C:\WINDOWS\DUMP588f.tmp
2009-08-14 21:55:55 ----A---- C:\WINDOWS\DUMP535f.tmp
2009-08-14 21:54:39 ----A---- C:\WINDOWS\DUMP5e4c.tmp
2009-08-14 20:52:43 ----A---- C:\WINDOWS\system32\Ms12x.exe
2009-08-14 20:34:51 ----A---- C:\WINDOWS\DUMP5729.tmp
2009-08-14 20:33:54 ----A---- C:\WINDOWS\DUMP5851.tmp
2009-08-14 20:32:54 ----A---- C:\WINDOWS\DUMP57f3.tmp
2009-08-14 20:31:57 ----A---- C:\WINDOWS\DUMP5786.tmp
2009-08-14 20:31:00 ----A---- C:\WINDOWS\DUMP5728.tmp
2009-08-14 20:23:09 ----A---- C:\WINDOWS\DUMP5c39.tmp
2009-08-14 20:06:03 ----A---- C:\WINDOWS\DUMP5294.tmp
2009-08-14 20:05:11 ----A---- C:\WINDOWS\DUMP4c1c.tmp
2009-08-14 20:03:58 ----A---- C:\WINDOWS\DUMP515d.tmp
2009-08-14 20:03:02 ----A---- C:\WINDOWS\DUMP514c.tmp
2009-08-14 20:02:14 ----A---- C:\WINDOWS\DUMP515c.tmp
2009-08-14 20:01:17 ----A---- C:\WINDOWS\DUMP4bdd.tmp
2009-08-05 11:06:31 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-02 10:47:25 ----RASH---- C:\WINDOWS\msudp32.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-10-25 91774]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-04-28 4224]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-04-28 10760]
R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2009-02-13 45416]
R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-04-28 4960]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-10-25 71514]
R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [2005-06-21 125913]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2002-10-25 80283]
R3 PPDrv;Protector Plus Driver; \??\C:\Protector Plus\PPDrv.sys []
R3 PPEMSCAN;Protector Plus Email Scan Driver; \??\C:\Protector Plus\PPEMSCAN.sys []
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-04-28 821856]
S1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-04-28 27776]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007]
S2 srwsvc;srwsvc; \??\C:\WINDOWS\system32\drivers\srwsvc.sys []
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Ilias\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\System32\DRIVERS\hamachi.sys [2008-03-16 10345]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-07 9600]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-07 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\System32\npptNT2.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-02-01 176128]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 ZSMC302;VIMICRO USB PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2004-09-07 90568]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ProtectorPlusAVMonitor;Protector Plus Anti-virus Monitor Service; C:\Protector Plus\PPAVMon.exe [2009-08-19 62128]
R2 ProtectorPlusService;Protector Plus Service; C:\Protector Plus\PPServ.exe [2009-08-19 78512]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S4 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe []
S4 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe []
S4 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe []
S4 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe []
S4 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe []

-----------------EOF-----------------

Répondre à iliasjackie
Destrio5   29-08-2009 à 17:05:30
- 0 +

Ok, il est infecté.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.


  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Répondre à Destrio5
iliasjackie   29-08-2009 à 17:18:27
- 0 +

Je voudrais te demander ou se trouve le rapport de mbam il senregistre ou ???

Répondre à iliasjackie
Destrio5   29-08-2009 à 17:22:15
- 0 +

Tu peux le retrouver dans l'onglet Rapports/Logs de MBAM.

Répondre à Destrio5
iliasjackie   29-08-2009 à 17:30:36
- 0 +

Ok merci il est en train d'analyser la*

Répondre à iliasjackie
iliasjackie   29-08-2009 à 17:45:09
- 0 +

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 5.1.2600 Service Pack 2

29/08/2009 17:43:11
mbam-log-2009-08-29 (17-43-11).txt

Type de recherche: Examen rapide
Eléments examinés: 126278
Temps écoulé: 17 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srwsvc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\SYSMGR.del (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\SYSTEMNTMI.del (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\KSI32SK.del (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ATI64SI.del (Rootkit.Agent) -> Quarantined and deleted successfully.

Répondre à iliasjackie
Destrio5   29-08-2009 à 17:53:31
- 0 +

Citation :

C:\ComboFix.txt


--> Poste ce rapport.

Répondre à Destrio5
iliasjackie   29-08-2009 à 17:56:30
- 0 +

ComboFix 09-08-20.07 - Ilias 29/08/2009 2:58.4.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.375.221 [GMT 2:00]
Running from: c:\documents and settings\Ilias\Bureau\ComboFix.exe
AV: Protector Plus Anti-virus Software *On-access scanning enabled* (Updated) {2BA05D34-0674-49A3-8DDA-DC7C8007484B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-29 )))))))))))))))))))))))))))))))
.

2009-08-28 23:47 . 2009-08-28 23:47 -------- d-----w- c:\documents and settings\Ilias\Local Settings\Application Data\PCHealth
2009-08-27 18:45 . 2009-08-28 20:15 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft
2009-08-23 00:34 . 2009-08-25 14:31 -------- d-----w- c:\documents and settings\Ilias\Local Settings\Application Data\SecondLife
2009-08-20 10:35 . 2009-08-20 10:35 88064 --sh--r- c:\windows\waw32.exe
2009-08-20 10:33 . 2009-08-20 10:33 -------- d-----w- c:\windows\ServicePackFiles
2009-08-20 10:33 . 2009-08-20 10:33 81408 --sh--r- c:\windows\msdrive32.exe
2009-08-19 19:25 . 2009-08-19 19:25 57344 ----a-w- c:\windows\system32\20.scr
2009-08-19 13:23 . 2008-07-09 07:40 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-08-19 13:22 . 2009-08-21 10:23 -------- d--h--w- c:\windows\$hf_mig$
2009-08-19 13:20 . 2009-08-19 13:19 45056 ----a-w- c:\windows\system32\_PPCXM_.DLL
2009-08-19 13:19 . 2009-08-28 23:50 -------- d-----w- C:\Protector Plus
2009-08-19 13:19 . 2009-08-19 13:19 29360 ----a-w- c:\windows\_SETUPD_.EXE
2009-08-18 20:04 . 2004-08-03 22:54 116736 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-08-18 20:04 . 2001-08-23 15:47 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-08-18 20:04 . 2001-08-23 15:47 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-08-18 20:04 . 2001-08-23 15:47 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-08-18 20:04 . 2001-08-23 15:47 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-08-18 20:04 . 2001-08-23 15:47 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-08-18 20:04 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-08-18 20:03 . 2004-08-03 20:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-08-18 20:03 . 2004-08-03 20:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-08-18 20:03 . 2004-08-03 22:54 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-08-18 20:02 . 2004-08-03 21:07 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2009-08-18 20:02 . 2004-08-03 20:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-08-18 20:02 . 2001-08-23 15:05 35402 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-08-18 20:00 . 2001-08-17 19:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2009-08-18 19:59 . 2001-08-17 18:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2009-08-18 19:58 . 2001-08-23 15:47 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2009-08-18 19:57 . 2001-08-17 18:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2009-08-18 19:56 . 2001-08-23 15:21 161664 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-08-18 19:55 . 2001-08-17 18:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2009-08-18 19:54 . 2001-08-17 19:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2009-08-18 19:53 . 2001-08-23 15:15 44297 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2009-08-18 19:52 . 2004-08-03 22:47 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2009-08-18 19:51 . 2004-08-03 21:10 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2009-08-18 19:51 . 2001-08-17 19:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2009-08-18 19:51 . 2001-08-17 20:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2009-08-18 19:51 . 2004-08-03 21:00 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2009-08-18 19:50 . 2001-08-17 20:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-08-18 19:50 . 2001-08-17 19:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-08-18 19:50 . 2001-08-17 19:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-08-18 19:49 . 2001-08-17 19:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-08-18 19:49 . 2001-08-17 19:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-08-18 19:49 . 2001-08-23 15:03 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2009-08-18 19:49 . 2001-08-23 15:46 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2009-08-18 19:49 . 2004-08-03 21:00 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2009-08-18 19:49 . 2001-08-23 15:47 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2009-08-18 19:49 . 2001-08-17 19:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2009-08-18 19:49 . 2001-08-23 15:02 165066 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2009-08-18 19:49 . 2001-08-17 19:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2009-08-18 19:47 . 2004-08-03 22:45 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-08-18 19:46 . 2001-08-23 15:47 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-08-18 19:44 . 2004-08-03 20:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2009-08-18 19:43 . 2004-08-03 21:08 15104 -c--a-w- c:\windows\system32\dllcache\hidir.sys
2009-08-18 19:42 . 2001-08-17 18:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2009-08-18 19:41 . 2001-08-17 18:11 69194 -c--a-w- c:\windows\system32\dllcache\el656cd5.sys
2009-08-18 19:40 . 2001-08-17 18:13 91305 -c--a-w- c:\windows\system32\dllcache\dimaint.sys
2009-08-18 19:39 . 2001-08-17 18:19 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys
2009-08-18 19:38 . 2001-08-23 15:03 49182 -c--a-w- c:\windows\system32\dllcache\cem56n5.sys
2009-08-18 19:37 . 2004-08-03 21:10 38016 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
2009-08-18 19:36 . 2004-08-03 22:54 516768 -c--a-w- c:\windows\system32\dllcache\ativvaxx.dll
2009-08-18 19:35 . 2004-08-03 22:54 3775 -c--a-w- c:\windows\system32\dllcache\adv11nt5.dll
2009-08-18 19:33 . 2001-08-23 15:46 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-08-18 19:33 . 2009-02-09 11:50 2138112 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-18 18:07 . 2009-08-18 18:07 75264 ----a-w- c:\windows\system32\45.scr
2009-08-18 18:00 . 2009-08-18 18:00 75264 ----a-w- c:\windows\system32\28.scr
2009-08-18 17:58 . 2009-08-18 17:58 75264 ----a-w- c:\windows\system32\85.scr
2009-08-18 17:57 . 2009-08-18 17:57 75264 --sh--r- c:\windows\mscth32.exe
2009-08-18 17:57 . 2009-08-18 18:06 75264 ----a-w- c:\windows\system32\18.scr
2009-08-18 17:57 . 2009-08-19 19:25 57344 --sh--r- c:\windows\mslsrv32.exe
2009-08-18 17:57 . 2009-08-18 17:57 57344 ----a-w- c:\windows\system32\61.scr
2009-08-18 17:49 . 2009-08-18 17:54 -------- d-----w- c:\windows\ehome
2009-08-18 17:49 . 2009-08-18 17:54 -------- d-----w- c:\windows\PeerNet
2009-08-18 17:49 . 2009-08-18 17:51 -------- d-----w- c:\windows\twain_32
2009-08-18 17:49 . 2009-08-18 17:49 -------- d-----w- c:\windows\Provisioning
2009-08-18 17:49 . 2009-08-18 17:49 -------- d-----w- c:\windows\Connection Wizard
2009-08-18 17:49 . 2009-08-18 17:49 -------- d-----w- c:\windows\Config
2009-08-18 17:49 . 2009-08-18 17:49 -------- d-----w- c:\windows\addins
2009-08-18 17:39 . 2009-08-18 17:51 -------- d-----w- C:\backreg
2009-08-18 16:28 . 2005-06-21 15:49 167936 ----a-w- c:\windows\system32\igfxres.dll
2009-08-18 16:21 . 2004-08-04 04:54 9728 -c--a-w- c:\windows\system32\dllcache\rwnh.dll
2009-08-18 16:20 . 2004-08-04 04:54 23040 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll
2009-08-18 16:19 . 2004-08-04 04:54 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
2009-08-18 16:18 . 2004-08-04 04:54 189440 -c--a-w- c:\windows\system32\dllcache\smtpadm.dll
2009-08-18 16:16 . 2009-08-18 16:16 -------- d-----w- c:\program files\Services en ligne
2009-08-18 16:14 . 2009-08-18 16:17 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-08-18 15:58 . 2002-09-07 00:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-08-18 15:58 . 2002-09-07 00:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-08-18 15:58 . 2002-09-07 00:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-08-18 15:58 . 2002-09-07 00:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-08-18 15:19 . 2009-08-18 15:35 -------- d--h--w- c:\documents and settings\Administrateur.3WMDIN2P0DH2LJ2\Modèles
2009-08-18 15:19 . 2009-08-18 15:35 -------- d-----w- c:\documents and settings\Administrateur.3WMDIN2P0DH2LJ2
2009-08-18 12:47 . 2008-10-16 12:12 323608 -c--a-w- c:\windows\system32\dllcache\wucltui.dll
2009-08-18 12:47 . 2008-10-16 12:12 323608 ----a-w- c:\windows\system32\wucltui.dll
2009-08-18 12:47 . 2008-10-16 12:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-08-18 12:47 . 2008-10-16 12:08 34328 -c--a-w- c:\windows\system32\dllcache\wups.dll
2009-08-18 12:47 . 2008-10-16 12:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-08-18 12:47 . 2008-10-16 12:12 561688 -c--a-w- c:\windows\system32\dllcache\wuapi.dll
2009-08-18 12:47 . 2008-10-16 12:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-08-18 12:39 . 2009-08-18 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-08-18 10:59 . 2009-08-18 10:59 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-14 18:54 . 2009-08-14 18:54 77824 ----a-w- c:\windows\system32\42.scr
2009-08-14 18:53 . 2009-08-14 18:53 77824 ----a-w- c:\windows\system32\80.scr
2009-08-14 18:53 . 2009-08-14 18:53 77824 ----a-w- c:\windows\system32\36.scr
2009-08-14 18:52 . 2009-08-18 18:04 75264 ----a-w- c:\windows\system32\07.scr
2009-08-14 18:51 . 2009-08-18 18:06 75264 ----a-w- c:\windows\system32\06.scr
2009-08-14 17:19 . 2009-08-14 17:19 -------- d-----w- c:\windows\ERUNT
2009-08-14 17:18 . 2009-08-18 15:36 -------- d-----w- c:\documents and settings\Administrateur\Modèles
2009-08-14 17:18 . 2009-08-14 17:21 -------- d-----w- c:\documents and settings\Administrateur\Bureau
2009-08-14 17:18 . 2009-08-18 15:40 -------- d-s---w- c:\documents and settings\Administrateur
2009-08-13 11:46 . 2009-08-13 11:46 71168 ----a-w- c:\windows\system32\irot.exe
2009-08-13 11:46 . 2009-08-13 11:46 26935 ----a-w- c:\windows\system32\gsdvjki.exe
2009-08-12 17:16 . 2009-08-18 15:40 -------- d-----w- C:\SDFix
2009-08-05 13:08 . 2009-08-14 18:41 77824 --sha-r- c:\windows\msath32.exe
2009-08-05 13:08 . 2009-08-05 13:08 77824 ----a-w- c:\windows\system32\66.scr
2009-08-02 08:47 . 2009-08-20 10:35 88064 ----a-w- c:\windows\system32\70.scr
2009-07-31 17:04 . 2009-08-18 17:41 2 --shatr- c:\windows\winstart.bat
2009-07-31 17:02 . 2009-08-18 15:38 -------- d-----w- c:\documents and settings\Ilias\Application Data\Regrun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 16:32 . 2007-08-31 18:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 15:41 . 2007-08-31 18:11 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-08-25 14:38 . 2008-08-12 16:04 -------- d-----w- c:\program files\HP
2009-08-25 14:38 . 2008-08-12 16:04 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-23 00:35 . 2008-07-28 22:37 -------- d-----w- c:\documents and settings\Ilias\Application Data\SecondLife
2009-08-21 15:48 . 2001-08-28 12:00 62914 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-21 15:48 . 2001-08-28 12:00 396830 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-20 16:09 . 2004-08-04 03:14 212480 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-08-20 12:41 . 2009-05-08 22:29 -------- d-----w- c:\program files\Dofus
2009-08-18 16:29 . 2007-08-31 19:01 -------- d-----w- c:\program files\MSN Messenger
2009-08-18 16:14 . 2007-08-31 18:09 23660 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-18 15:44 . 2009-08-18 10:56 65536 ----a-w- c:\windows\DUMP4c4b.tmp
2009-08-18 15:43 . 2009-08-18 10:56 65536 ----a-w- c:\windows\DUMP4de1.tmp
2009-08-18 15:42 . 2009-08-18 10:56 65536 ----a-w- c:\windows\DUMP5330.tmp
2009-08-18 15:40 . 2009-08-18 15:40 -------- d-----w- c:\program files\Greatis
2009-08-18 15:38 . 2009-06-12 13:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 15:35 . 2009-03-18 12:40 -------- d-----w- c:\documents and settings\Ilias\Application Data\dvdcss
2009-08-18 15:25 . 2009-08-18 10:56 65536 ----a-w- c:\windows\DUMP56dc.tmp
2009-08-18 14:20 . 2009-08-18 10:56 65536 ----a-w- c:\windows\DUMP6764.tmp
2009-08-18 14:18 . 2009-08-18 10:56 65536 ----a-w- c:\windows\DUMP6997.tmp
2009-08-18 14:17 . 2009-08-18 10:56 65536 ----a-w- c:\windows\DUMP5ae1.tmp
2009-08-18 14:16 . 2009-08-18 10:56 65536 ----a-w- c:\windows\DUMP5890.tmp
2009-08-18 14:15 . 2009-08-18 10:56 65536 ----a-w- c:\windows\DUMP5a93.tmp
2009-08-18 11:15 . 2009-08-18 10:56 65536 ----a-w- c:\windows\DUMP271f.tmp
2009-08-18 11:01 . 2009-08-18 10:56 65536 ----a-w- c:\windows\DUMP5592.tmp
2009-08-16 18:33 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5776.tmp
2009-08-16 18:32 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP57c4.tmp
2009-08-16 18:31 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP57f4.tmp
2009-08-16 18:30 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5718.tmp
2009-08-16 18:29 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP570a.tmp
2009-08-16 18:29 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5795.tmp
2009-08-16 18:28 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5747.tmp
2009-08-16 18:27 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP56db.tmp
2009-08-16 18:26 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5709.tmp
2009-08-16 18:25 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5091.tmp
2009-08-16 18:24 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP57b5.tmp
2009-08-16 18:23 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5dee.tmp
2009-08-15 21:14 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP56ab.tmp
2009-08-15 21:13 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5d91.tmp
2009-08-15 18:32 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5d04.tmp
2009-08-15 18:21 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5498.tmp
2009-08-15 18:21 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP542a.tmp
2009-08-15 18:20 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5033.tmp
2009-08-15 17:29 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP536f.tmp
2009-08-14 20:42 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5563.tmp
2009-08-14 20:41 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5459.tmp
2009-08-14 20:35 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP58be.tmp
2009-08-14 20:34 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5bac.tmp
2009-08-14 20:33 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5852.tmp
2009-08-14 20:32 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP593b.tmp
2009-08-14 19:58 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP594b.tmp
2009-08-14 19:57 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP56da.tmp
2009-08-14 19:56 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP588f.tmp
2009-08-14 19:55 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP535f.tmp
2009-08-14 19:54 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5e4c.tmp
2009-08-14 18:52 . 2009-07-27 17:22 76288 ----a-w- c:\windows\system32\Ms12x.exe
2009-08-14 18:34 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5729.tmp
2009-08-14 18:33 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5851.tmp
2009-08-14 18:32 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP57f3.tmp
2009-08-14 18:31 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5786.tmp
2009-08-14 18:31 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5728.tmp
2009-08-14 18:23 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5c39.tmp
2009-08-14 18:14 . 2009-08-14 18:14 141454 ----a-w- c:\windows\Fonts\UNWISE_.EXE.del
2009-08-14 18:06 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP5294.tmp
2009-08-14 18:05 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP4c1c.tmp
2009-08-14 18:03 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP515d.tmp
2009-08-14 18:03 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP514c.tmp
2009-08-14 18:02 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP515c.tmp
2009-08-14 18:01 . 2009-06-28 19:40 65536 ----a-w- c:\windows\DUMP4bdd.tmp
2009-08-05 09:06 . 2004-08-04 04:54 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 09:42 . 2007-09-03 13:25 40576 ----a-w- c:\windows\system32\drivers\SYSTEMNTMI.del
2009-08-02 15:35 . 2007-09-03 13:25 40576 ----a-w- c:\windows\system32\drivers\KSI32SK.del
2009-08-02 13:41 . 2007-09-03 13:25 40576 ----a-w- c:\windows\system32\drivers\ATI64SI.del
2009-08-02 08:47 . 2009-07-27 17:11 53248 --sha-r- c:\windows\msudp32.exe
2009-07-28 17:14 . 2009-07-28 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-06-17 12:46 . 2009-06-17 12:47 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 12:45 . 2009-06-17 12:45 152576 ----a-w- c:\documents and settings\Ilias\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-11 19:40 . 2009-06-10 09:59 111105 --sha-w- c:\windows\system32\srsc.dat
2009-06-09 15:09 . 2009-06-09 15:09 95744 ----a-w- c:\windows\system32\fuck2.exe
2009-06-05 07:46 . 2007-08-31 18:08 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-05-31 15:20 . 2009-05-31 15:20 129 ----a-w- c:\windows\system32\kjzdpqk.bat
.

------- Sigcheck -------

[-] 2009-08-20 16:09 212480 C0E2814C4E7E746B4F1CBA54D752C256 c:\windows\system32\dllcache\ndis.sys
[-] 2009-08-20 16:09 212480 C0E2814C4E7E746B4F1CBA54D752C256 c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-27_18.57.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-28 22:00 . 2009-08-29 00:52 49152 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012009082920090830\index.dat
+ 2009-08-27 22:06 . 2009-08-28 21:56 49152 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012009082820090829\index.dat
- 2009-08-27 17:46 . 2009-08-27 18:45 49152 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012009082720090828\index.dat
+ 2009-08-27 17:46 . 2009-08-27 18:59 49152 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012009082720090828\index.dat
+ 2007-08-31 18:15 . 2009-08-29 00:56 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-08-31 18:15 . 2009-08-27 18:46 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-08-31 18:15 . 2009-08-29 00:56 376832 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-31 18:15 . 2009-08-29 00:56 180224 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Protector Plus Taskbar Control"="c:\protec~1\PPTbc.EXE" [2009-08-19 1278640]
"Protector Plus InstaUpdate"="c:\protec~1\PPInupdt.exe" [2009-08-19 1159856]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\Menara\dslmon.exe [2009-3-6 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\System32\\61.scr"=
"c:\\WINDOWS\\System32\\20.scr"=
"c:\\WINDOWS\\System32\\70.scr"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"9999:TCP"= 9999:TCP:PORT1
"9991:TCP"= 9991:TCP:PORT2
"1013:TCP"= 1013:TCP:BS
"57282:TCP"= 57282:TCP:FD

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [11/06/2009 21:38 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [11/06/2009 21:38 45416]
R2 ProtectorPlusAVMonitor;Protector Plus Anti-virus Monitor Service;c:\protector plus\PPAVMON.EXE [19/08/2009 15:19 62128]
R2 ProtectorPlusService;Protector Plus Service;c:\protector plus\PPSERV.EXE [19/08/2009 15:19 78512]
R3 PPDrv;Protector Plus Driver;c:\protector plus\PPDRV.SYS [19/08/2009 15:19 703920]
R3 PPEMSCAN;Protector Plus Email Scan Driver;c:\protector plus\PPEMSCAN.SYS [19/08/2009 15:19 19272]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 srwsvc;srwsvc;\??\c:\windows\system32\drivers\srwsvc.sys --> c:\windows\system32\drivers\srwsvc.sys [?]
S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [31/08/2007 21:39 90568]
S4 AntiVirSchedulerService;Avira AntiVir Planificateur;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.menara.ma
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{85e1f530-48f4-11d9-9629-08ff2ffc9f67}
TCP: {3192EA5F-B1D0-431C-B5E2-4A77C4D81B29} = 62.251.229.223 62.251.229.237
DPF: {63308B48-F435-42FD-AB0A-3564C7BEF9D7} - hxxps://iplay.fr.toontown.com/download/sv1.5.22.4/ttinst-french.cab
FF - ProfilePath - c:\documents and settings\Ilias\Application Data\Mozilla\Firefox\Profiles\i2p0xk37.default\
FF - prefs.js: browser.startup.homepage - hxxp://forum.kooora.com/f.aspx?mode=f&f=112
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-29 02:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1816)
c:\windows\system32\msi.dll
.
Completion time: 2009-08-29 3:05
ComboFix-quarantined-files.txt 2009-08-29 01:05
ComboFix2.txt 2009-08-28 18:53
ComboFix3.txt 2009-08-27 19:03

Pre-Run: 7 929 671 680 octets libres
Post-Run: 7 882 162 176 octets libres

322 --- E O F --- 2009-08-21 10:23

Répondre à iliasjackie
Destrio5   29-08-2009 à 18:08:22
- 1 +

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.


  • Installe AntiVir et mets-le à jour.
  • Double-clique sur l'icône d'AntiVir (Parapluie) dans la barre des tâches.
  • Dans AntiVir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages puis valide.
  • Fais un scan complet, clique sur Tout réparer si AntiVir trouve quelque chose et poste le rapport.


Tutoriel : Scanner le(s) disque(s) dur(s)

Répondre à Destrio5
iliasjackie   29-08-2009 à 18:11:32
- 0 +

jai deja un antivirus sé protector + je lui fais quoi ????

Répondre à iliasjackie
iliasjackie   29-08-2009 à 18:19:55
- 0 +

je desinstale mon antivirus ?

Répondre à iliasjackie
iliasjackie   29-08-2009 à 20:17:48
- 0 +

c'est protector plus mais jai jamais fais de scan ac set antivirus

Répondre à iliasjackie
Destrio5   29-08-2009 à 20:25:44
- 0 +

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.


Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

Répondre à Destrio5
Choco_22   29-08-2009 à 22:38:34
- 0 +

Bonjour,
Je pense avoir le même problême, je commence donc avec le log RSIT:

  

Modération: Edition du message, merci de créer ton propre sujet pour ne pas compliquer la désinfection.

  


Voilà merci d'avance


Message édité par OmaR le 30-08-2009 à 01:53:41
Répondre à Choco_22
Destrio5   29-08-2009 à 22:47:29
- 0 +

Bonjour Choco_22,

Merci de faire ton propre sujet ;)

Répondre à Destrio5
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Helpppppp virus iEXPLORE.eXE
Aller à :

Il y a 1545 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,369 secondes
Liens