Il y a actuellement 158 visiteurs
Vendredi 27 Décembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

virus Win32:Rootkit-gen et autres pages de pub

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

virus Win32:Rootkit-gen et autres pages de pub

Message le 16 Sep 2010 18:44

Bonjour à tous,

J'ai depuis quelques temps des pages de pubs qui s 'ouvrent de manière intempestives sur mon pc, que ce soit pour des sonneries de téléphone ou investissement immoblier loi scellier. Depuis environ quelques jours, avast me détecte un virus Win32:Rootkit-gen et je n'arrive pas à m'en débarasser. J'ai fait l analyse HIJACK :

Code: Tout sélectionner
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:43, on 16/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Soft2PC\soft2pc.exe
C:\Documents and Settings\Utilisateur\Application Data\Soft2PC\Software\SoftwareHP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Utilisateur\Application Data\Delivery\DeliveryManager.EXE
C:\Program Files\Micro Application\LauncherMA.exe
C:\Documents and Settings\Utilisateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Utilisateur\Mes documents\Téléchargements\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SOFT2PCBHO - {3475D2C4-BBD1-4255-A70D-4125A4D30956} - C:\Program Files\Soft2PC\soft2pcBHO.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [soft2PC] "C:\Program Files\Soft2PC\soft2pc.exe"
O4 - HKLM\..\Run: [Helper] C:\Documents and Settings\Utilisateur\Application Data\Soft2PC\Software\SoftwareHP.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cbyyawaudio] rundll32.exe "ssqroo.dll",s
O4 - HKLM\..\Run: [mlkkkksys] rundll32.exe "mlklig.dll",s
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [rqpppnaudio] rundll32.exe "ssqroo.dll",s
O4 - HKCU\..\Run: [iiiigesys] rundll32.exe "geeefe.dll",s
O4 - HKCU\..\Run: [yabxvssys] rundll32.exe "mlklig.dll",s
O4 - HKUS\S-1-5-18\..\Run: [ddbcawaudio] rundll32.exe "ssqroo.dll",s (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [qonkifsys] rundll32.exe "mlklig.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ddbcawaudio] rundll32.exe "ssqroo.dll",s (User 'Default user')
O4 - Startup: DeliveryManager.lnk = C:\Documents and Settings\Utilisateur\Application Data\Delivery\DeliveryManager.EXE
O4 - Startup: Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Utilisateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: userinit.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 13692 bytes


Pouvez vous m'aider?
breizh56
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 16 Sep 2010 18:40
 


Re: virus Win32:Rootkit-gen et autres pages de pub

Message le 16 Sep 2010 19:17

Bonsoir

fait ceci s.t.p


Rendez-vous à cette adresse afin de télécharger AD-Remover (créé par C_XX) :

http://forum-aide-contre-virus.be/downl ... mover.html

Cliquez sur "TELECHARGER " et enregistrez-le "sur votre bureau"

Une fois téléchargé sur votre bureau, double-cliquez sur son icone pour lancer l'installation.

Sous vista et Windows7 : clic droit sur son icone et sélectionnez "Exécuter en tant qu'administrateur".
L'installation se fera automatiquement.

A l'écran principal, cliquez sur Nettoyer pour exécuter le nettoyage.

Une fois l'ordinateur redémarré, il ne vous reste plus qu'à copier/coller le rapport sur le forum comme le précédent.
Le rapport se trouve à cet endroit : C:\Ad-Report-CLEAN[1].txt


ensuite ceci.


Installe Malewarebytes' Antimalware,
Téléchargement



*** Met-le à jour puis choisi, Exécuter un examen complet

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

Poste le rapport final.
*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.
Voici comment faire: Lancez Spybot-S&D, passez en Mode avancé via le Menu Mode (en haut) → cliquez sur Oui--> choisissez Outils dans la barre de navigation sur la gauche -->Résident et là vous pouvez décocher les cases situées devant les deux outils.



puis ceci pour contrôle.


* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
vstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles




* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: virus Win32:Rootkit-gen et autres pages de pub

Message le 16 Sep 2010 19:19

EDIT: grilled par bernard :lol:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: virus Win32:Rootkit-gen et autres pages de pub

Message le 16 Sep 2010 19:45

Merci beaucoup, je fais ça au plus vite
breizh56
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 16 Sep 2010 18:40
 

Re: virus Win32:Rootkit-gen et autres pages de pub

Message le 16 Sep 2010 19:54

jeanmimigab a écrit:EDIT: grilled par bernard :lol:


salut jeanmimigab :wink:
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: virus Win32:Rootkit-gen et autres pages de pub

Message le 16 Sep 2010 20:21

Voici le rapport pour AD REPORT CLEANER

Code: Tout sélectionner
======= RAPPORT D'AD-REMOVER 2.0.0.1,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 16/09/10 à 13:30
Contact: AdRemover.contact[AT]gmail.com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 21:09:06 le 16/09/2010, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Utilisateur@FUJITSU ( )
 
============== ACTION(S) ==============


0,Fichier supprimé: C:\Documents and Settings\Utilisateur\Application Data\Mozilla\FireFox\Profiles\vixmmt25.default\searchplugins\fast-browser-search.xml
0,Dossier supprimé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker
0,Dossier supprimé: C:\Program Files\Fast Browser Search
0,Dossier supprimé: C:\Documents and Settings\Utilisateur\Application Data\Soft2PC
0,Dossier supprimé: C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Soft2PC
0,Dossier supprimé: C:\Program Files\Soft2PC

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Documents and Settings\Utilisateur\Application Data\Mozilla\FireFox\Profiles\vixmmt25.default\Prefs.js --
-- Fichier Fermé --
 

1,Clé supprimée: HKLM\Software\Classes\CLSID\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
1,Clé supprimée: HKLM\Software\Classes\Interface\{CC883F50-95BB-4A25-9DBF-B801506F1BC4}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{B52F3553-49FA-4599-81A4-F98951E0B53B}
0,Clé supprimée: HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO
0,Clé supprimée: HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO.1
0,Clé supprimée: HKLM\Software\Classes\AppID\Soft2PCBHO.DLL
1,Clé supprimée: HKLM\Software\Classes\AppID\{AB67D16D-3824-4683-B81A-D66DBA61B1AF}
0,Clé supprimée: HKLM\Software\soft2PC
0,Clé supprimée: HKCU\Software\Grand Virtual
0,Clé supprimée: HKCU\Software\soft2PC
0,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Everest Poker
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Soft2PC_is1
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Software_is1
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Soft2PC_is1

0,Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|helper
0,Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|soft2PC


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.9 (fr)] **

-- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\FireFox\Profiles\vixmmt25.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\Utilisateur\\Mes documents
browser.startup.homepage, hxxp://y.lo.st
browser.startup.homepage_override.mstone, rv:1.9.2.9
keyword.URL, hxxp://search.sweetim.com/search.asp?src=2&q=
sweetim.toolbar.previous.keyword.URL, chrome://browser-region/locale/region.properties

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
SearchAssistant:
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst:

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 89 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 2 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 16/09/2010 (1169 Octet(s))

Fin à: 21:12:36, 16/09/2010
 
============== E.O.F ==============



Faut il que j'attende votre réponse pour faire la suite (Malewarebytes' Antimalware)
breizh56
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 16 Sep 2010 18:40
 

Re: virus Win32:Rootkit-gen et autres pages de pub

Message le 16 Sep 2010 20:24

non fait toutes mes demandes dans l'ordre demandé s.t.p :wink:
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: virus Win32:Rootkit-gen et autres pages de pub

Message le 16 Sep 2010 20:30

je n'arrive pas démarrer Malewarebytes' Antimalware je l'ai installé mais il ne se lance pas
breizh56
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 16 Sep 2010 18:40
 

Re: virus Win32:Rootkit-gen et autres pages de pub

Message le 17 Sep 2010 11:40

breizh56 a écrit:je n'arrive pas démarrer Malewarebytes' Antimalware je l'ai installé mais il ne se lance pas


bon passe OTL s.t.p
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: virus Win32:Rootkit-gen et autres pages de pub

Message le 17 Sep 2010 17:22

Voici le rapport OTL.txt

Code: Tout sélectionner


OTL logfile created on: 17/09/2010 12:57:36 - Run 1
OTL by OldTimer - Version 3.2.12.1     Folder = C:\Downloads\Software
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
1 023,00 Mb Total Physical Memory | 479,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 190,40 Gb Free Space | 81,76% Space Free | Partition Type: NTFS
Drive D: | 587,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FUJITSU
Current User Name: Utilisateur
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Downloads\Software\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Utilisateur\Application Data\Delivery\DeliveryManager.EXE (Immanens)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Documents and Settings\Utilisateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)
PRC - C:\Program Files\Micro Application\LauncherMA.exe (Micro Application)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
PRC - C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe (Microsoft)
PRC - C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
PRC - C:\WINDOWS\system32\PRISMSTA.exe (Intersil Americas Inc.)
PRC - C:\WINDOWS\system32\slserv.exe ( )
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\Cyberlink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\Cyberlink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe (TechCity Solutions France)
PRC - C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVComS.exe (Logitech Inc.)
PRC - C:\Program Files\Lexmark X74-X75\lxbbbmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe (Lexmark International, Inc.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Downloads\Software\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.)
MOD - C:\Documents and Settings\Utilisateur\Local Settings\TempIadHide3.dll (BackWeb)
MOD - C:\Program Files\Windows Live\MessengerSearchAddon\msgrsearchaddon.dll (Microsoft)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\SweetIM\Messenger\msvcr71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Boonty Games) -- C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe ( )
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (pnicml) -- C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\pnicml.sys File not found
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (PRISM_A00) -- C:\WINDOWS\system32\drivers\PRISMA00.sys (Intersil Americas Inc.)
DRV - (NVXBAR) -- C:\WINDOWS\system32\drivers\nvxbar.sys (NVIDIA Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvcap) nVidia WDM Video Capture (universal) -- C:\WINDOWS\system32\drivers\nvcap.sys (NVIDIA Corporation)
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys ( )
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys ( )
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys ( )
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys ( )
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys ( )
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Vireo Software)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (mod7700) -- C:\WINDOWS\system32\drivers\dvb7700all.sys (DiBcom)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0) -- C:\WINDOWS\system32\drivers\CamDrL21.sys (Logitech Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 62 E7 6D 70 4B CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://y.lo.st"
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.0.3
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.9
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 12:20:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 12:20:05 | 000,000,000 | ---D | M]
 
[2008/12/18 21:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Extensions
[2010/09/16 20:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\vixmmt25.default\extensions
[2009/07/02 12:17:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\vixmmt25.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/21 14:27:28 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\vixmmt25.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010/02/21 14:27:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\vixmmt25.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/14 14:40:08 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\vixmmt25.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009/10/23 18:08:52 | 000,002,650 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\vixmmt25.default\searchplugins\bing.xml
[2009/03/05 14:22:29 | 000,002,123 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\vixmmt25.default\searchplugins\MyStart Search.xml
[2009/11/14 14:40:05 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\vixmmt25.default\searchplugins\sweetim.xml
[2010/09/16 20:57:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/23 16:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010/03/15 21:25:03 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/03/15 21:25:03 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/15 21:25:03 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/07/23 17:30:34 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/03/15 21:25:03 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/23 22:40:06 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe (TechCity Solutions France)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [cbyyawaudio] C:\WINDOWS\System32\ssqroo.dll (Symantec Corporation)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Lexmark X74-X75] C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [mlkkkksys] C:\WINDOWS\System32\mlklig.dll (Symantec Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PRISMSTA.EXE] C:\WINDOWS\System32\PRISMSTA.exe (Intersil Americas Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKCU..\Run: [iiiigesys]  File not found
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - HKCU..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe (Microsoft)
O4 - HKCU..\Run: [rqpppnaudio] C:\WINDOWS\System32\ssqroo.dll (Symantec Corporation)
O4 - HKCU..\Run: [Shareaza] C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
O4 - HKCU..\Run: [yabxvssys] C:\WINDOWS\System32\mlklig.dll (Symantec Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\DeliveryManager.lnk = C:\Documents and Settings\Utilisateur\Application Data\Delivery\DeliveryManager.EXE (Immanens)
O4 - Startup: C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe (Micro Application)
O4 - Startup: C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = C:\Documents and Settings\Utilisateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game09.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://camera1.mairie-brest.fr/activex/AMC.cab (AxisMediaControlEmb Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (mlklig.dll) - C:\WINDOWS\System32\mlklig.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/25 14:31:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/19 11:09:53 | 000,120,904 | R--- | M] (Micro Application) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2003/06/19 08:57:42 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2007/01/23 10:33:36 | 000,000,123 | R--- | M] () - D:\AUTORUN.INI -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/09/17 12:55:02 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/09/16 21:43:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/16 21:43:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/16 21:42:42 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Utilisateur\Bureau\malwarebytes-anti-malware_malwarebytes_anti-malware_1.46_francais_215092.exe
[2010/09/16 21:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Application Data\Malwarebytes
[2010/09/16 21:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/16 21:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/16 21:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2010/09/16 21:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Bureau\C_XX
[2010/09/16 19:22:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/16 19:22:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/16 19:22:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/16 19:22:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/16 19:22:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/09/16 16:02:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/16 16:02:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/12 14:33:52 | 000,083,456 | -H-- | C] (Symantec Corporation) -- C:\WINDOWS\System32\mlklig.dll
[2010/09/11 12:29:36 | 000,104,960 | -H-- | C] (Symantec Corporation) -- C:\WINDOWS\System32\ssqroo.dll
[2010/09/08 21:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/08 21:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/01 21:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/27 22:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Mes documents\Malédiction à Hollywood
[2010/08/27 18:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\1 Jeu par jour
[2010/08/27 18:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\Micro Application
[2010/08/27 18:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Micro Application
[2010/08/26 12:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/08/24 13:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2010/08/24 13:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Application Data\Zylom
[2008/09/25 15:41:16 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2005/02/02 15:18:18 | 001,301,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2005/02/02 15:18:18 | 000,548,952 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2005/02/02 15:18:18 | 000,221,736 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2005/02/02 15:18:18 | 000,167,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2005/02/02 15:18:18 | 000,086,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/09/17 12:56:04 | 000,001,157 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\DeliveryManager.lnk
[2010/09/17 12:34:00 | 000,001,064 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/17 10:57:25 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{65BFDD6B-3C5B-48DA-B812-1EFCE0DE3AED}.job
[2010/09/17 10:54:28 | 000,001,060 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/17 10:54:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/17 10:53:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/16 22:18:52 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Utilisateur\NTUSER.DAT
[2010/09/16 22:18:52 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Utilisateur\ntuser.ini
[2010/09/16 21:43:32 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/09/16 21:42:45 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Utilisateur\Bureau\malwarebytes-anti-malware_malwarebytes_anti-malware_1.46_francais_215092.exe
[2010/09/16 21:18:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/16 21:09:05 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\AD-R.lnk
[2010/09/15 20:55:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/15 20:26:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/14 13:14:18 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2010/09/12 14:33:52 | 000,083,456 | -H-- | M] (Symantec Corporation) -- C:\WINDOWS\System32\mlklig.dll
[2010/09/11 12:29:36 | 000,104,960 | -H-- | M] (Symantec Corporation) -- C:\WINDOWS\System32\ssqroo.dll
[2010/09/08 21:25:43 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Safari.lnk
[2010/09/08 21:25:43 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/05 22:16:50 | 000,009,067 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\CAP.odt
[2010/09/01 21:08:03 | 000,000,629 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/09/01 21:07:03 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
[2010/09/01 20:01:19 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 18:02:45 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/29 14:04:54 | 000,021,203 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\S7300075_2.jpg
[2010/08/27 23:08:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Curses.INI
[2010/08/27 18:07:58 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Nancy Drew - Malédiction à Hollywood.lnk
[2010/08/27 18:07:29 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\Lanceur.lnk
[2010/08/22 12:14:03 | 000,001,848 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\eBay Sidebar pour Firefox.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/09/16 21:43:32 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/09/16 21:09:05 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\AD-R.lnk
[2010/09/16 19:22:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/16 19:22:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/16 19:22:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/16 19:22:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/16 19:22:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/08 21:24:20 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2010/09/01 21:08:03 | 000,000,629 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/09/01 21:07:02 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
[2010/08/29 14:04:53 | 000,021,203 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Mes documents\S7300075_2.jpg
[2010/08/27 23:08:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2010/08/27 18:07:58 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Nancy Drew - Malédiction à Hollywood.lnk
[2010/08/27 18:07:29 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\Lanceur.lnk
[2010/04/11 18:51:15 | 000,000,037 | ---- | C] () -- C:\WINDOWS\DeliveryReader.INI
[2010/01/18 14:23:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/01/18 14:22:34 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/12/01 18:36:20 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/12/01 18:36:20 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/12/21 18:42:46 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2008/12/21 18:42:18 | 000,011,653 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/12/21 18:41:05 | 000,000,816 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/12/21 18:40:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2008/12/19 21:46:03 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/19 21:46:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/10/15 13:12:19 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/10/02 22:57:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/01 10:41:51 | 000,000,282 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2008/09/30 21:16:37 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2008/09/26 21:38:34 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/25 15:41:16 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2008/09/25 15:41:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2008/09/25 15:41:16 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2006/01/03 13:57:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/02/02 15:18:18 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2005/02/02 15:18:18 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2005/02/02 15:18:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2005/02/02 12:15:40 | 000,008,632 | ---- | C] () -- C:\WINDOWS\PRISMDOM.ini
[2004/08/05 14:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/05 14:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/05 14:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/05 14:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/05 14:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/07/11 07:53:36 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\lxbbcoin.ini
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Utilisateur\Mes documents\Shareaza Downloads:Shareaza.GUID
< End of report >

breizh56
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 16 Sep 2010 18:40
 

Re: virus Win32:Rootkit-gen et autres pages de pub

Message le 17 Sep 2010 17:23

et voici le extras.txt

Code: Tout sélectionner
OTL Extras logfile created on: 17/09/2010 12:57:37 - Run 1
OTL by OldTimer - Version 3.2.12.1     Folder = C:\Downloads\Software
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
1 023,00 Mb Total Physical Memory | 479,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 190,40 Gb Free Space | 81,76% Space Free | Partition Type: NTFS
Drive D: | 587,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FUJITSU
Current User Name: Utilisateur
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing -- (Shareaza Development Team)
"C:\Program Files\InterVideo\DVD8\WinDVD.exe" = C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:backWeb-8876480 -- ()
"C:\WINDOWS\system32\CIMSVR.exe" = C:\WINDOWS\system32\CIMSVR.exe:*:Enabled:Logitech IM Video Companion Server -- (Logitech Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player  -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
"C:\Program Files\Jeyo\JMC_WindowsMobile\JMC_WM.exe" = C:\Program Files\Jeyo\JMC_WindowsMobile\JMC_WM.exe:*:Disabled:Jeyo Mobile Companion -- File not found
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{0CA6047C-D28B-4295-834A-07C52BA20C2D}" = Extension de Windows Live Toolbar (Windows Live Toolbar)
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}" = Menus intelligents (Windows Live Toolbar)
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25DC2DF7-3E29-494E-8086-7A882FF9925D}" = Samsung PC Studio 3
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{391E9A33-18AC-425D-86F5-597E8F7BD0D5}" = Pro Evolution Soccer 3
"{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}" = Kit de Connexion Alice ADSL
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.3.6
"{4468EF97-A253-4699-9E1C-88CAE2C6832D}" = ABBYY FineReader 5.0 Sprint
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites pour Windows Live Toolbar
"{81B5F83F-2291-48B0-8375-36B63A9BF5B0}" = Surligneur (Windows Live Toolbar)
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F000FC8-EDE8-498F-9A52-504D3BC373ED}" = Nancy Drew - Malédiction à Hollywood
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{984F10FD-11FD-4BED-8163-92DB81E6A825}" = Logitech IM Video Companion
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.2 - Français
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B2E581DB-C4DD-432C-AC84-ED761AC056BC}" = OpenOffice.org 3.1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}" = LauncherMA
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C514C594-23AA-4F13-A070-DB8BDB27594F}" = Windows Live Mail
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{F9657EF6-C156-4CE9-A0A2-562CD3E94842}" = Beach Life
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ad-Remover" = Ad-Remover By C_XX
"AliceSAV" = Alice Auto-diagnostic
"ALZip_is1" = ALZip
"avast!" = avast! Antivirus
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"BetClic Poker" = BetClic Poker
"CCleaner" = CCleaner (remove only)
"Delivery" = Delivery
"Free Download Manager_is1" = Free Download Manager 2.5
"Full Pack" = Full Pack Codecs
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{391E9A33-18AC-425D-86F5-597E8F7BD0D5}" = Pro Evolution Soccer 3
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.1 (Full)
"Lexmark X74-X75" = Lexmark X74-X75
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shareaza_is1" = Shareaza 2.4.0.0
"SLAMRMO" = Smart Link 56K Modem
"Software Informer_is1" = Software Informer 1.0 BETA
"Spotify" = Spotify
"UltraISO_is1" = UltraISO Premium V9.35
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8C3953BD-78C1-4615-8957-626FE7490B1E}" = Fonction de recherche dans Messenger
"Notification de cadeaux MSN" = Notification de cadeaux MSN
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Antivirus Events ]
Error - 04/05/2009 10:26:03 | Computer Name = FUJITSU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 D:\RIMG0098.JPG failed, 0000A420. 
 
Error - 04/05/2009 10:27:38 | Computer Name = FUJITSU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 D:\Leo matteo.JPG failed, 0000A420. 
 
Error - 04/05/2009 10:32:07 | Computer Name = FUJITSU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 D:\RIMG0076.JPG failed, 0000A420. 
 
Error - 04/05/2009 10:42:23 | Computer Name = FUJITSU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 D:\RIMG0055.JPG failed, 0000A420. 
 
Error - 04/05/2009 10:50:36 | Computer Name = FUJITSU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 D:\RIMG0054.JPG failed, 0000A420. 
 
Error - 04/05/2009 14:59:37 | Computer Name = FUJITSU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 E:\RIMG0072.JPG failed, 0000A420. 
 
Error - 08/11/2009 09:27:51 | Computer Name = FUJITSU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 http://img.shopping.com/jfe/JavaFrontEnd-fe73.04.mediabeam.42.5-12880/bb/js/pages/xpoConditionFilter-all-min.js
 failed, 0000A413. 
 
[ Application Events ]
Error - 31/08/2010 13:23:43 | Computer Name = FUJITSU | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (Une connexion existante a dû être
 fermée par l'hôte distant.)
 
Error - 03/09/2010 16:16:44 | Computer Name = FUJITSU | Source = Windows Live Messenger | ID = 1000
Description =
 
Error - 07/09/2010 16:34:17 | Computer Name = FUJITSU | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (Une connexion existante a dû être
 fermée par l'hôte distant.)
 
Error - 07/09/2010 16:34:17 | Computer Name = FUJITSU | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Une connexion existante a dû être
 fermée par l'hôte distant.)
 
Error - 07/09/2010 16:34:17 | Computer Name = FUJITSU | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Une connexion existante a dû être
 fermée par l'hôte distant.)
 
Error - 07/09/2010 16:34:17 | Computer Name = FUJITSU | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (Une connexion existante a dû être
 fermée par l'hôte distant.)
 
Error - 07/09/2010 16:34:17 | Computer Name = FUJITSU | Source = Bonjour Service | ID = 100
Description = 420: ERROR: read_msg errno 10054 (Une connexion existante a dû être
 fermée par l'hôte distant.)
 
Error - 07/09/2010 16:34:17 | Computer Name = FUJITSU | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (Une connexion existante a dû être
 fermée par l'hôte distant.)
 
Error - 10/09/2010 16:14:10 | Computer Name = FUJITSU | Source = Windows Live Messenger | ID = 1000
Description =
 
Error - 15/09/2010 07:52:18 | Computer Name = FUJITSU | Source = Bonjour Service | ID = 100
Description = 208: ERROR: read_msg errno 10054 (Une connexion existante a dû être
 fermée par l'hôte distant.)
 
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >




breizh56
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 16 Sep 2010 18:40
 

Re: virus Win32:Rootkit-gen et autres pages de pub

Message le 17 Sep 2010 18:57

ok fait ceci.


* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

Code: Tout sélectionner
:OTL
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)   
MOD - C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.) 
MOD - C:\Program Files\SweetIM\Messenger\msvcr71.dll (Microsoft Corporation) 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found 
SRV - (Boonty Games) -- C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (BOONTY) 
DRV - (pnicml) -- C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\pnicml.sys File not found 
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)   
FF - prefs.js..browser.startup.homepage: "http://y.lo.st"

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.9
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" 

[2009/11/14 14:40:08 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\vixmmt25.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} 
[2009/11/14 14:40:05 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\vixmmt25.default\searchplugins\sweetim.xml   

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)     
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)       
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)       
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)       
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.       
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)       
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [mlkkkksys] C:\WINDOWS\System32\mlklig.dll (Symantec Corporation)
O4 - HKCU..\Run: [rqpppnaudio] C:\WINDOWS\System32\ssqroo.dll (Symantec Corporation) 
O4 - HKCU..\Run: [yabxvssys] C:\WINDOWS\System32\mlklig.dll (Symantec Corporation) 
O30 - LSA: Authentication Packages - (mlklig.dll) - C:\WINDOWS\System32\mlklig.dll (Symantec Corporation)
[2010/09/12 14:33:52 | 000,083,456 | -H-- | C] (Symantec Corporation) -- C:\WINDOWS\System32\mlklig.dll 
[2010/09/11 12:29:36 | 000,104,960 | -H-- | C] (Symantec Corporation) -- C:\WINDOWS\System32\ssqroo.dll 

:Commands
[emptytemp]
 


* Cliques sur l'icône Correction (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

en ce qui concerne les commandes disponibles pour le scan personnalisé (a utiliser avec "Analyse" )
Voici celles que je connais:

Ensuite tu as trop de chose au démarrage que tu peux résoudre comme cela.

Démarrer >> Exécuter >> tapes msconfig puis rends toi a l'onglet démarrage et décoches tout cela.

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe (TechCity Solutions France)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Lexmark X74-X75] C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [iiiigesys] File not found
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - HKCU..\Run: [Shareaza] C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\DeliveryManager.lnk = C:\Documents and Settings\Utilisateur\Application Data\Delivery\DeliveryManager.EXE (Immanens)
O4 - Startup: C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe (Micro Application)
O4 - Startup: C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = C:\Documents and Settings\Utilisateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()


Redémarre le pc.


Ensuite retentes un passage de MalwaresBytes.
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: virus Win32:Rootkit-gen et autres pages de pub

Message le 19 Sep 2010 11:57

J'ai li'mpression d'être un peu un boulet. J'ai fais ce que tu m'as demandé mais le logiciel ne se lance toujours pas. Par contre après la manip OTL jai redémarré mon pc et un fichier blocnotes s'est ouvert. Par contre il ne portait pas le nom OTL.txt. Je le poste quand même au cas où :

Code: Tout sélectionner

All processes killed
Error: Unable to interpret <OTL> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)    > in the current context!
Error: Unable to interpret <MOD - C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.)  > in the current context!
Error: Unable to interpret <MOD - C:\Program Files\SweetIM\Messenger\msvcr71.dll (Microsoft Corporation)  > in the current context!
Error: Unable to interpret <SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found  > in the current context!
Error: Unable to interpret <SRV - (Boonty Games) -- C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (BOONTY)  > in the current context!
Error: Unable to interpret <DRV - (pnicml) -- C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\pnicml.sys File not found  > in the current context!
Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)    > in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "http://y.lo.st" > in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.9> in the current context!
Error: Unable to interpret <FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="  > in the current context!
Error: Unable to interpret <[2009/11/14 14:40:08 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\vixmmt25.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}  > in the current context!
Error: Unable to interpret <[2009/11/14 14:40:05 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\vixmmt25.default\searchplugins\sweetim.xml    > in the current context!
Error: Unable to interpret <O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)      > in the current context!
Error: Unable to interpret <O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)       > in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)       > in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)       > in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.       > in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)       > in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [mlkkkksys] C:\WINDOWS\System32\mlklig.dll (Symantec Corporation) > in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [rqpppnaudio] C:\WINDOWS\System32\ssqroo.dll (Symantec Corporation)  > in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [yabxvssys] C:\WINDOWS\System32\mlklig.dll (Symantec Corporation)  > in the current context!
Error: Unable to interpret <O30 - LSA: Authentication Packages - (mlklig.dll) - C:\WINDOWS\System32\mlklig.dll (Symantec Corporation) > in the current context!
Error: Unable to interpret <[2010/09/12 14:33:52 | 000,083,456 | -H-- | C] (Symantec Corporation) -- C:\WINDOWS\System32\mlklig.dll  > in the current context!
Error: Unable to interpret <[2010/09/11 12:29:36 | 000,104,960 | -H-- | C] (Symantec Corporation) -- C:\WINDOWS\System32\ssqroo.dll  > in the current context!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 115616 bytes
->Temporary Internet Files folder emptied: 298614 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 214015906 bytes
 
User: Utilisateur
->Temp folder emptied: 124696205 bytes
->Temporary Internet Files folder emptied: 434119610 bytes
->Java cache emptied: 65976918 bytes
->FireFox cache emptied: 96703445 bytes
->Apple Safari cache emptied: 17649664 bytes
->Flash cache emptied: 85023 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134506 bytes
%systemroot%\System32 .tmp files removed: 3590656 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82057871 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64572242 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 6154366 bytes
 
Total Files Cleaned = 1 061,00 mb
 
 
OTL by OldTimer - Version 3.2.12.1 log created on 09192010_121202

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUD093JF\adlink%7C516%7C1686978%7C0%7C154%7CAdId%3D2208356%3BBnId%3D1%3Bitime%3D779881380%3Blink%3Dhttp%3A%2F%2Ffr%2Eebayobjects%2Ecom%2F6k%3Bh%3Dv8%2F37ca%2F3%2F0%2F%2a%2Fd%3B20[1] not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL82KJLV\53Bkw%253Dwii+%25252B+wii+fit%253Bdcopt%253Dist%253Bseg%253DF-1233668969698%253Btcat%253D14616%253Bitems%253D491%253Bsz%253D160x600%253Btile%253D3%253Bord%253D1233779773604%253B not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL82KJLV\CAANWDQN._callback1&request=layout%3D2%26page%3D3907%26emitStyle%3D2%26minResult%3D10%26promotypes%3D75031%26promoStyles%3D48%26results%3D32%26query%3Dkillington&8636 not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL82KJLV\rds%253Bkw%253Dconsole+wii+fit%253Bdcopt%253Dist%253Bseg%253DF-1233668969698%253Btcat%253D104779%253Bitems%253D6%253Bsz%253D160x600%253Btile%253D3%253Bord%253D1233779793330%253B not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\Temporary Internet Files\Content.IE5\5Y7X9YOA\adlink%7C516%7C1548071%7C0%7C225%7CAdId%3D2208347%3BBnId%3D1%3Bitime%3D779881281%3Blink%3Dhttp%3A%2F%2Ffr%2Eebayobjects%2Ecom%2F6k%3Bh%3Dv8%2F37ca%2F3%2F0%2F%2a%2Fb%3B20[1] not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\Temporary Internet Files\Content.IE5\5Y7X9YOA\OTUV29.search%252Fkeywords%253Bkw%253Dwii+%25252B+wii+fit%253Bdcopt%253Dist%253Btcat%253D14616%253Bitems%253D491%253Bsz%253D160x600%253Btile%253D3%253Bord%253D1233779773604%253B not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\flaC.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFE3A7.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFE3C5.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFE45A.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFE4E0.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFE671.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFE68E.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFE800.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFE818.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFE863.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFE877.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFE955.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFE995.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFEB1B.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFEB3C.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFEC84.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFEC98.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFECE4.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temp\~DFED0F.tmp not found!
File\Folder C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\T1735ABS\virus-win32rootkit-gen-pages-pub-vt-53209[1].html not found!
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\MSDDYYGW\adsCA12M7HR.htm moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\DSP83JJQ\adsCA6M5GJF.htm moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\DRYYP2VE\m0303[1].htm moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_708.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_c88.dat not found!

Registry entries deleted on Reboot...












breizh56
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 16 Sep 2010 18:40
 

Re: virus Win32:Rootkit-gen et autres pages de pub

Message le 19 Sep 2010 12:05

ok pour le rapport.

fait ceci pour MalwaresBytes.

e mes la procédure pour ceux qui reliront et qui en auront peut-être besoin ...

1°) Supprimer Malwarebytes Malware à partir d' " Ajout et suppression de programmes " dans le " Panneau de configuration"
2°) Il est important de redémarrer l'ordinateur.
3°) Télécharger et installer l'outil mbam-clean : http://www.malwarebytes.org/mbam-clean.exe
4°) Il sera demandé de redémarrer, laissez faire et approuvez.
5°) Après le redémarrage de l'ordinateur, télécharger et installer la dernière version disponible : http://www.malwarebytes.org/mbam-download.php
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: virus Win32:Rootkit-gen et autres pages de pub

Message le 19 Sep 2010 12:34

vraiment désoléé :oops: :oops: mais ça ne marche toujours pas
breizh56
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 16 Sep 2010 18:40
 

Suivante


Sujets similaires

Message [Réglé] choix anti virus
bonjour a tous, je viens de changer mon pc et j'aimerai vos avis sur le choix de l anti virus.
Réponses: 8

Message HELP je pense avoir un virus
Bonsoir,Première fois que ce genre de chose m'arrive, j'ai d'abord été hackée sur Instagram, pensant que ca s'arrêterait làEnsuite ca a été au tour de STEAM malgré le steam guard ( identification à 2 facteurs) puis Linkedin !! Je n'ai eu aucune alerte de connexion, que ce soit par sms ou email !! J' ...
Réponses: 12

Message Aide suite à une analyse FRST contre un virus vbc.exe
Bonjour tout le monde, J'ai récemment constaté que j'étais infecté par un virus lié à vbc.exe, ce qui entraîne une utilisation du CPU allant jusqu'à 30% voire 40%. J'ai donc effectué mes analyses FRST et voici les rapports obtenus : - FRST.txt: https://pjjoint.malekal.com/files.php?id=FRST_20240315_ ...
Réponses: 3

Message [Réglé] Petite vérification virus
Salut Heravles ,Merci et bonne année a toi également et aussi a toute ta famille.Oui désolé j'ai pas fais attention quand j'ai téléchargé le logiciel alors que je sais très bien qu'il fallait le faire sur le bureau. Je ferais plus attention la prochaine fois.Nickel si mon Pc et pas infecté.Je t'envo ...
Réponses: 5

Message Formule EXCEL Sumif + liste déroulante + plusieures pages
Bonjour à tous.Je ne suis pas certain d'être sur la bonne partie du forum, mais c'est ce qui m'a semblé le plus adéquat ^^"Alors, je vous explique ce dont j'ai besoin.Pour faire la compta de mon asso, j'ai un Excel sur 13 pages. 1 par mois +1 qui me ressort sur un tableau les recettes, dépenses ...
Réponses: 0

Message 22h2 bogues tpm et centre de sécurité: virus?
Salut,J'ai refait iso et formaté override le disque. Un reset électrique du PC.Je suis sur W11 PRO 64 v22621.525 (même bogue sur la première iso 22h2 fournie par Microsoft en 22621.382).WU est désactivé avant connexion a internet via gpedit.msc.J'ai installé à neuf en compte local. J'installe sans i ...
Réponses: 17

Message anti virus gratuit
Bonjour,Avez-vous un anti virus nettoyeur gratuit en français a me conseiller pour mon j3 2016 samsung.Cordialement.
Réponses: 3


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 6 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.