[Résolu]Trojan ou virus (Adware.Hotbar - Porn.Dialer) : Aide pour supprimer les virus

[Résolu]Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Si vous avez des problèmes pour supprimer virus ou troyens installés sur votre ordinateur, vous pouvez demander de l'aide dans ce forum.

Modérateur: Modérateurs

Règles du forum
Merci de consulter Les règles du forum

Rappel: Le langage SMS et les abréviations ne sont pas tolérés sur ce forum. Les demandes d'aide écrites en SMS ou formulées dans un français trop approximatif ne seront pas traitées
Répondre

[Résolu]Trojan ou virus (Adware.Hotbar - Porn.Dialer)



Publicité
 
Haut

[Résolu]Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Messagede jcg11290 » 31 Aoû 2010, 15:03

:hello: à tous,

Etant en visite chez des amis, il y avait un pb de Java que j'ai résolu en faisant une MAJ, j'en ai profité pour passer un coup de "Malwarebytes' Anti-Malware" (Maj).
Le pc est sous Windows XP Fam. Service Pack 3 et comme antivirus Avast.
Habitant assez loin, ils suivront le sujet et ferons les manips. Je ne fais qu'ouvrir le sujet étant donné qu'ils sont nouveaux sur le forum.
1er rapport de MBAM en examen rapide:
Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Version de la base de données: 4478

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25/08/2010 22:55:12
mbam-log-2010-08-25 (22-55-12).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 153569
Temps écoulé: 8 minute(s), 34 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 18
Fichier(s) infecté(s): 145

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Montorgueil (Porn.Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\LocalService\Application Data\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\HostOI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\HostOI\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\HostOI\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\HostOL (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\HostOL\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\HostOL\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\2563392.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat\31ce.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29115 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4382 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4442 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705021 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705140 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705143 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\31ce.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_511745-514279.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_ringtone.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_SearchBoxTrapper.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar12.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar13.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar14.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully.

2ème rapport le lendemain en examen complet:
Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Version de la base de données: 4482

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26/08/2010 17:45:16
mbam-log-2010-08-26 (17-45-16).txt

Type d'examen: Examen complet (C:\|H:\|)
Elément(s) analysé(s): 232112
Temps écoulé: 54 minute(s), 52 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Pour l'instant, je n'ai rien fait d'autre mais j'aimerais que vous puissiez les conseiller pour faire un nettoyage complet.
Il y a certainement eu infection avec des clés USB et des téléchargements de log. un peu douteux. (Le PC étant prêté de temps à autre :pascontent: )

Par avance, merci.
:wink:
J.Cl.
Clic! Nature
XP - SP3
Avatar de l’utilisateur
jcg11290
Habitué
Habitué
 
Messages: 78
Inscription: 29 Nov 2007, 18:34
Localisation: Carcassonne(11)
Haut

Re: Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Messagede Marie » 31 Aoû 2010, 15:30

Bonjour JC :sourire:


:arrow: Génère un rapport RSIT de la façon suivante:

  • Télécharge random's system information tool (RSIT) de random/random et enregistre le sur ton bureau.
  • Double clique sur RSIT.exe pour le lancer.
  • Clique sur Continuepour accepter les conditions d'utilisation de l'outil et lancer le scan.
    :att: Si ton pare-feu te demande l'autorisation pour laisser RSIT.exe accéder au net, accepte.
  • Une fois le scan terminé, un rapport va s'afficher à l'écran (log.txt). Poste l'intégralité de son contenu dans ta prochaine réponse.
    Un autre rapport sera réduit dans la barre des tâches (Info.txt). Poste le en pièce jointe dans ta prochaine réponse.
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21397
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Re: Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Messagede jeanwathelet » 31 Aoû 2010, 16:45

Bonjour,

Je suis la personne qui a un problème.

Voici le rapport log.txt :

Code: Tout sélectionner
Logfile of random's system information tool 1.06 (written by random/random)
Run by WATHELET at 2010-08-31 17:11:55
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 74 GB (74%) free of 100 GB
Total RAM: 1406 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:02, on 31/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\WATHELET\Bureau\RSIT1.06.exe
C:\FichierTelecharge\HijackThis\WATHELET.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.durable.com/recherche
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WalterShop - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FFTI] C:\Documents and Settings\WATHELET\Application Data\Mozilla\Firefox\Profiles\gyj65mxq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FFTI] C:\Documents and Settings\WATHELET\Application Data\Mozilla\Firefox\Profiles\gyj65mxq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A50C7380-59A5-4C1E-BCEA-1F152833708B}: NameServer = 81.253.149.1 80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate1c9f99a8db31b58) (gupdate1c9f99a8db31b58) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8424 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-73586283-776561741-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-776561741-725345543-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-13 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-03 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9ec204df-0e48-4c32-816e-2e928a4fd9c2} - WalterShop - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-07-13 47904]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-03-13 202256]
"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-05-14 248552]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-30 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2006-03-20 516096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CD_Updater]
C:\Program Files\Carpe Diem\videos-sexanoo\CDUpdater.exe CD_UPDATER []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [2006-04-19 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe [2000-07-12 311350]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe [2000-08-04 28739]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe [2010-03-13 75320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll,NvStartup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2007-05-07 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2004-12-10 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2008-01-02 103712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-30 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-03-13 202256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe [2000-07-12 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1998-12-01 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2006-02-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2006-04-19 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office\OSA9.EXE [2000-01-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe [2000-07-12 24633]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-15 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoLogoff"=1
"NoClose"=0
"NoActiveDesktop"=00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0005b66c-30ab-11dc-940a-000e50374bca}]
shell\AutoRun\command - J:\start.exe
shell\FramaKey\command - J:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0d3c1a9-a96c-11dc-95b1-000e50374bca}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


======List of files/folders created in the last 1 months======

2010-08-31 17:11:55 ----D---- C:\rsit
2010-08-27 12:39:51 ----D---- C:\Program Files\QuickTime
2010-08-27 12:25:55 ----D---- C:\Program Files\iPod
2010-08-27 12:25:48 ----D---- C:\Program Files\iTunes
2010-08-26 19:06:15 ----D---- C:\Program Files\Fichiers communs\Skype
2010-08-25 22:43:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-25 22:24:11 ----D---- C:\Program Files\Fichiers communs\Java
2010-08-25 22:23:38 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-25 22:23:38 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-25 22:23:38 ----A---- C:\WINDOWS\system32\java.exe
2010-08-13 15:50:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-13 15:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-13 15:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-13 15:50:07 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-13 15:49:57 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-13 10:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-13 10:29:41 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-13 10:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-03 09:47:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$

======List of files/folders modified in the last 1 months======

2010-08-31 17:12:01 ----D---- C:\WINDOWS\Prefetch
2010-08-31 16:48:40 ----D---- C:\Program Files\Mozilla Firefox
2010-08-31 16:48:38 ----SD---- C:\WINDOWS\Tasks
2010-08-31 14:24:00 ----D---- C:\WINDOWS\Temp
2010-08-31 14:22:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-31 14:01:23 ----D---- C:\Documents and Settings\WATHELET\Application Data\Skype
2010-08-31 14:01:04 ----D---- C:\Documents and Settings\WATHELET\Application Data\skypePM
2010-08-31 09:21:27 ----D---- C:\WINDOWS
2010-08-29 15:00:14 ----A---- C:\WINDOWS\QTW.INI
2010-08-29 10:35:52 ----A---- C:\moduleName.txt
2010-08-27 12:41:29 ----SHD---- C:\WINDOWS\Installer
2010-08-27 12:40:45 ----HD---- C:\Config.Msi
2010-08-27 12:39:51 ----RD---- C:\Program Files
2010-08-27 12:39:51 ----D---- C:\WINDOWS\system32
2010-08-27 12:33:08 ----D---- C:\Program Files\Safari
2010-08-27 12:25:51 ----D---- C:\Program Files\Fichiers communs\Apple
2010-08-26 19:06:15 ----D---- C:\Program Files\Fichiers communs
2010-08-25 23:06:56 ----D---- C:\FichierTelecharge
2010-08-25 22:56:32 ----D---- C:\WINDOWS\system32\drivers
2010-08-25 22:23:35 ----D---- C:\Program Files\Java
2010-08-25 22:23:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-18 22:02:37 ----D---- C:\WINDOWS\Debug
2010-08-18 11:05:38 ----D---- C:\WINDOWS\Help
2010-08-14 09:46:32 ----D---- C:\Program Files\Microsoft Picture It! PhotoPub
2010-08-13 15:50:31 ----HD---- C:\WINDOWS\inf
2010-08-13 15:50:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-13 13:05:59 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-13 13:05:55 ----RSD---- C:\WINDOWS\assembly
2010-08-13 12:17:22 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-13 10:30:04 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-13 10:28:30 ----D---- C:\WINDOWS\WinSxS
2010-08-13 10:25:43 ----D---- C:\Program Files\Internet Explorer
2010-08-13 10:25:28 ----D---- C:\WINDOWS\ie8updates
2010-08-13 10:22:28 ----D---- C:\Program Files\Movie Maker
2010-08-10 08:59:38 ----A---- C:\WINDOWS\win.ini
2010-08-10 08:44:53 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-09-02 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-15 2301440]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-06-21 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys []
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46848]
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2006-03-02 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS); C:\WINDOWS\system32\DRIVERS\RTL8029.SYS []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 trid3d;trid3d; C:\WINDOWS\System32\DRIVERS\trid3dm.sys [2001-08-17 222336]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-11-25 203776]
S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2000-12-03 22640]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-15 479232]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S2 gupdate1c9f99a8db31b58;Service Google Update (gupdate1c9f99a8db31b58); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-30 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-27 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt
info.txt
(31.11 Kio) Téléchargé 13 fois


Merci de m'aider.
jeanwathelet
Nouveau
Nouveau
 
Messages: 10
Inscription: 31 Aoû 2010, 12:55
Haut

Re: Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Messagede Marie » 31 Aoû 2010, 17:30

Bonjour et bienvenue :sourire:


:arrow: Double-clique sur Poste de travail puis va dans le dossier C:\FichierTelecharge\HijackThis. Recherche le fichier WATHELET.exe. Clique droit dessus et choisis Envoyer vers puis Bureau.
Un nouveau raccourci va apparaitre sur ton bureau ayant pour nom WATHELET.exe.
Il s'agit du logiciel HijackThis, renommé pour la circonstance.



:arrow: Double-clique sur WATHELET.exe pour lancer HijackThis puis clique sur Do a system scan only.
Enfin, coche les lignes suivantes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.durable.com/recherche
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: WalterShop - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


Clique sur Fix Checked puis confirme le message qui suit.




:arrow: Télécharge USBFix de Chiquitine29 et C_XX et enregistre le sur ton bureau.

  • Double-clique sur USBFix.exe pour le lancer.

  • Clique sur le bouton Recherche pour lancer le scan.
  • Une fenêtre de te demandant de bancher tous les périphériques externes que tu as pu utiliser ces derniers jours (clés USB, lecteurs MP3, disques durs externes, etc ...) et de les mettre sous tension si nécessaire va apparaitre.
    Branche tout le matériel dont tu disposes puis clique sur OK pour poursuivre.

  • Patiente le temps d'exécution du scan.

  • A la fin, un rapport va être généré (C:/USBFix.txt). Copie-colle l'intégralité de son contenu dans ta prochaine réponse.
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21397
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Re: Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Messagede jeanwathelet » 01 Sep 2010, 17:37

Bonjour,

HijackThis a été exécuté.

Ci-dessous le rapport USBfix.txt

Code: Tout sélectionner
############################## | UsbFix 7.022 | [Recherche]

Utilisateur: WATHELET (Administrateur) # WATHELET-797F9N [ ]
Mis à jour le 29/08/10 par El Desaparecido / C_XX
Lancé à 18:31:58 | 01/09/2010
Site Web: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: AMD Sempron(tm) Processor 3200+
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
Antivirus: avast! antivirus 4.8.1368 [VPS 100901-0] 4.8.1368 [Enabled | Updated]
RAM -> 1406 Mo
C:\ (%systemdrive%) -> Disque fixe # 98 Go (73 Go libre(s) - 74%) [] # NTFS
D:\ -> CD-ROM
H:\ -> Disque fixe # 51 Go (51 Go libre(s) - 100%) [Nouveau nom] # NTFS
J:\ -> Disque amovible # 31 Mo (25 Mo libre(s) - 78%) [] # FAT
K:\ -> Disque fixe # 466 Go (448 Go libre(s) - 96%) [] # FAT32

################## | Éléments infectieux |

Présent! C:\sys.txt

################## | Registre |

Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoClose

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{0005b66c-30ab-11dc-940a-000e50374bca}
Shell\AutoRun\Command = J:\start.exe
Shell\FramaKey\Command = J:\start.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{c0d3c1a9-a96c-11dc-95b1-000e50374bca}
Shell\Auto\Command = AdobeR.exe e
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |


:wink:
jeanwathelet
Nouveau
Nouveau
 
Messages: 10
Inscription: 31 Aoû 2010, 12:55
Haut

Re: Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Messagede Marie » 01 Sep 2010, 18:11

Bonjour :sourire:


:arrow: On passe à la désinfection:

  • Double-clique sur USBFix.exe pour le lancer.


  • Clique sur le bouton Suppression et laisse l'outil travailler sans l'interrompre.

  • Une fenêtre de te demandant de bancher tous les périphériques externes que tu as pu utiliser ces derniers jours (clés USB, lecteurs MP3, disques durs externes, etc ...) va apparaitre.
    Branche le matériel puis clique sur OK pour poursuivre.

  • USBFix va continuer son exécution. Le bureau va disparaitre et ne sera plus accessible tout le temps du scan. Ne t'inquiète pas, c'est normal. Patiente le temps du nettoyage sans l'interrompre.

  • A la fin, un rapport va être généré (C:/USBFix.txt). Copie-colle l'intégralité de son contenu dans ta prochaine réponse.



:arrow: Installe la version 5 d'Avast qui est beaucoup plus efficace que la 4.

  • Télécharge Avast 5 et enregistre le sur ton disque dur
  • Désinstalle Avast 4 par Ajout/Suppression de Programmes puis redémarre le PC.
  • Installe ensuite Avast 5



:arrow: Ta version d'Acrobat Reader est obsolète. Là encore, c'est un risque d'infection.
Télécharge dernière version et installe la.
Ensuite lance Adobe Reader et dans le menu Aide clique sur Rechercher des mises à jour. S'il t'en propose, installe les. :wink:



:arrow: Poste enfin un nouveau rapport RSIT.
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21397
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Re: Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Messagede jeanwathelet » 02 Sep 2010, 09:31

Bonjour,

Voici le nouveau rapport UsbFix.txt :

Code: Tout sélectionner
############################## | UsbFix 7.022 | [Suppression]

Utilisateur: WATHELET (Administrateur) # WATHELET-797F9N [ ]
Mis à jour le 29/08/10 par El Desaparecido / C_XX
Lancé à 10:23:13 | 02/09/2010
Site Web: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: AMD Sempron(tm) Processor 3200+
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
Antivirus: avast! antivirus 4.8.1368 [VPS 100901-1] 4.8.1368 [Enabled | Updated]
RAM -> 1406 Mo
C:\ (%systemdrive%) -> Disque fixe # 98 Go (73 Go libre(s) - 74%) [] # NTFS
D:\ -> CD-ROM
H:\ -> Disque fixe # 51 Go (51 Go libre(s) - 100%) [Nouveau nom] # NTFS
J:\ -> Disque amovible # 31 Mo (31 Mo libre(s) - 100%) [] # FAT
K:\ -> Disque fixe # 466 Go (448 Go libre(s) - 96%) [] # FAT32

################## | Éléments infectieux |

Supprimé! C:\sys.txt

################## | Registre |

Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoClose

################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{0005b66c-30ab-11dc-940a-000e50374bca}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{c0d3c1a9-a96c-11dc-95b1-000e50374bca}

################## | Listing |

[19/08/2005 - 13:13:02 | A | 50]    C:\AUTOEXEC.BAT
[11/12/2008 - 23:14:34 | D ]    C:\bin
[11/12/2008 - 23:30:43 | HD ]    C:\BJPrinter
[18/02/2009 - 12:24:27 | SH | 216]    C:\boot.ini
[02/03/2006 - 14:00:00 | RASH | 4952]    C:\Bootfont.bin
[01/04/2008 - 22:11:23 | A | 74]    C:\CMLoader.log
[27/08/2010 - 12:40:45 | HD ]    C:\Config.Msi
[30/11/2001 - 17:05:29 | A | 0]    C:\CONFIG.SYS
[03/12/2001 - 02:04:41 | D ]    C:\Corel
[28/01/2008 - 23:21:44 | A | 86]    C:\csb.log
[16/08/2009 - 00:16:09 | D ]    C:\dd6ee420eef7c3ae3078f658f5e0
[17/06/2003 - 16:38:33 | A | 11]    C:\dialer_version.tmp
[01/04/2008 - 21:57:49 | D ]    C:\Documents and Settings
[24/04/2006 - 01:03:43 | D ]    C:\Drivers
[25/08/2010 - 23:06:56 | D ]    C:\FichierTelecharge
[02/09/2010 - 10:09:08 | ASH | 1474809856]    C:\hiberfil.sys
[30/11/2001 - 17:05:29 | RASH | 0]    C:\IO.SYS
[28/12/2002 - 15:00:54 | AH | 782]    C:\IPH.PH
[13/12/2001 - 14:26:55 | D ]    C:\KPCMS
[19/04/2006 - 18:08:14 | A | 183]    C:\LogiSetup.log
[20/11/2006 - 13:44:26 | D ]    C:\Mes téléchargements
[11/03/2002 - 18:16:13 | D ]    C:\Microapp
[01/09/2010 - 22:26:46 | A | 4383]    C:\moduleName.txt
[30/11/2001 - 17:05:29 | RASH | 0]    C:\MSDOS.SYS
[02/09/2008 - 12:08:12 | D ]    C:\Multimedia Files
[10/12/2001 - 00:58:46 | D ]    C:\My Music
[02/03/2006 - 14:00:00 | RASH | 47564]    C:\NTDETECT.COM
[03/09/2008 - 09:31:28 | RASH | 252240]    C:\ntldr
[02/09/2010 - 10:09:04 | ASH | 704643072]    C:\pagefile.sys
[28/09/2008 - 22:45:33 | A | 13030]    C:\PDOXUSRS.NET
[23/03/2006 - 14:23:57 | A | 192]    C:\persist.dbs
[22/04/2002 - 13:44:53 | D ]    C:\PLUGINS
[27/08/2010 - 12:39:51 | RD ]    C:\Program Files
[02/09/2010 - 10:25:39 | SHD ]    C:\RECYCLER
[06/11/2006 - 11:56:10 | A | 347]    C:\RHDSetup.log
[31/08/2010 - 17:12:07 | D ]    C:\rsit
[04/04/2007 - 17:48:52 | D ]    C:\Sauvegarde Firefox
[06/11/2006 - 10:44:48 | SHD ]    C:\System Volume Information
[03/01/2009 - 01:07:54 | A | 510]    C:\updatedatfix.log
[02/09/2010 - 10:25:39 | D ]    C:\UsbFix
[02/09/2010 - 10:25:45 | A | 1156]    C:\UsbFix.txt
[24/04/2006 - 01:03:34 | D ]    C:\USB_DRV
[31/08/2010 - 09:21:27 | D ]    C:\WINDOWS
[21/06/2008 - 20:24:23 | A | 14582152]    C:\xscan.txt
[25/04/2003 - 10:16:35 | A | 0]    C:\_NIM4711.TMP
[02/09/2010 - 10:25:39 | SHD ]    H:\RECYCLER
[18/02/2009 - 14:43:12 | SHD ]    H:\System Volume Information

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_WATHELET-797F9N.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Merci de votre contribution.

################## | E.O.F |


Je continue le point 2 et la suite ...

Merci beaucoup.

:wink:
jeanwathelet
Nouveau
Nouveau
 
Messages: 10
Inscription: 31 Aoû 2010, 12:55
Haut

Re: Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Messagede jeanwathelet » 02 Sep 2010, 10:33

Rebonjour,

J'ai installé Avast5 et remis à jour AdobeReader.

Voici maintenant le rapport 2 de RSIT1.06.exe :

Code: Tout sélectionner
Logfile of random's system information tool 1.06 (written by random/random)
Run by WATHELET at 2010-09-02 11:29:02
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 74 GB (74%) free of 100 GB
Total RAM: 1406 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:13, on 02/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\WATHELET\Bureau\RSIT1.06.exe
C:\FichierTelecharge\HijackThis\WATHELET.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [FIXIO PC Cleaner Windows service] "C:\FIXIO Avast 5\FIXIO PC Utilities\FIXIO PC Cleaner\FIXIO PC Cleaner.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FFTI] C:\Documents and Settings\WATHELET\Application Data\Mozilla\Firefox\Profiles\gyj65mxq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FFTI] C:\Documents and Settings\WATHELET\Application Data\Mozilla\Firefox\Profiles\gyj65mxq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A50C7380-59A5-4C1E-BCEA-1F152833708B}: NameServer = 80.10.246.1 81.253.149.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate1c9f99a8db31b58) (gupdate1c9f99a8db31b58) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7387 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-73586283-776561741-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-776561741-725345543-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-13 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-03 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-07-13 47904]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-03-13 202256]
"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-05-14 248552]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall Adobe Download Manager"=C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [2010-08-13 66112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-30 68856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FIXIO PC Cleaner Windows service"=C:\FIXIO Avast 5\FIXIO PC Utilities\FIXIO PC Cleaner\FIXIO PC Cleaner.exe -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2006-03-20 516096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CD_Updater]
C:\Program Files\Carpe Diem\videos-sexanoo\CDUpdater.exe CD_UPDATER []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [2006-04-19 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe [2000-07-12 311350]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe [2000-08-04 28739]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe [2010-03-13 75320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll,NvStartup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2007-05-07 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2004-12-10 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2008-01-02 103712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-30 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-03-13 202256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe [2000-07-12 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1998-12-01 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2006-02-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE  []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2006-04-19 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office\OSA9.EXE [2000-01-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe [2000-07-12 24633]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-15 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoLogoff"=1
"NoActiveDesktop"=00000000
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-09-02 11:19:38 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-09-02 11:10:49 ----D---- C:\Program Files\NOS
2010-09-02 11:10:49 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-09-02 11:07:22 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-09-02 11:07:18 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-09-02 10:25:45 ----RASHD---- C:\Autorun.inf
2010-09-02 10:23:13 ----A---- C:\UsbFix.txt
2010-09-01 18:28:26 ----D---- C:\UsbFix
2010-08-31 17:11:55 ----D---- C:\rsit
2010-08-27 12:39:51 ----D---- C:\Program Files\QuickTime
2010-08-27 12:25:55 ----D---- C:\Program Files\iPod
2010-08-27 12:25:48 ----D---- C:\Program Files\iTunes
2010-08-26 19:06:15 ----D---- C:\Program Files\Fichiers communs\Skype
2010-08-25 22:43:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-25 22:24:11 ----D---- C:\Program Files\Fichiers communs\Java
2010-08-25 22:23:38 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-25 22:23:38 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-25 22:23:38 ----A---- C:\WINDOWS\system32\java.exe
2010-08-13 15:50:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-13 15:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-13 15:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-13 15:50:07 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-13 15:49:57 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-13 10:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-13 10:29:41 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-13 10:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-03 09:47:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$

======List of files/folders modified in the last 1 months======

2010-09-02 11:23:05 ----D---- C:\WINDOWS\Prefetch
2010-09-02 11:20:26 ----SHD---- C:\WINDOWS\Installer
2010-09-02 11:20:25 ----HD---- C:\Config.Msi
2010-09-02 11:19:52 ----D---- C:\Program Files\Fichiers communs\Adobe
2010-09-02 11:19:25 ----D---- C:\Program Files\Adobe
2010-09-02 11:17:36 ----D---- C:\WINDOWS\system32
2010-09-02 11:11:28 ----D---- C:\WINDOWS\Temp
2010-09-02 11:10:49 ----RD---- C:\Program Files
2010-09-02 11:10:46 ----SD---- C:\WINDOWS\Tasks
2010-09-02 11:10:46 ----D---- C:\Program Files\Mozilla Firefox
2010-09-02 11:07:36 ----D---- C:\WINDOWS\system32\drivers
2010-09-02 11:07:28 ----D---- C:\WINDOWS\WinSxS
2010-09-02 11:07:23 ----D---- C:\WINDOWS
2010-09-02 11:07:18 ----D---- C:\Program Files\Alwil Software
2010-09-02 10:41:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-02 10:25:39 ----SHD---- C:\RECYCLER
2010-09-02 10:13:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-01 22:26:46 ----A---- C:\moduleName.txt
2010-08-31 14:01:23 ----D---- C:\Documents and Settings\WATHELET\Application Data\Skype
2010-08-31 14:01:04 ----D---- C:\Documents and Settings\WATHELET\Application Data\skypePM
2010-08-29 15:00:14 ----A---- C:\WINDOWS\QTW.INI
2010-08-27 12:33:08 ----D---- C:\Program Files\Safari
2010-08-27 12:25:51 ----D---- C:\Program Files\Fichiers communs\Apple
2010-08-26 19:06:15 ----D---- C:\Program Files\Fichiers communs
2010-08-25 23:06:56 ----D---- C:\FichierTelecharge
2010-08-25 22:23:35 ----D---- C:\Program Files\Java
2010-08-18 22:02:37 ----D---- C:\WINDOWS\Debug
2010-08-18 11:05:38 ----D---- C:\WINDOWS\Help
2010-08-14 09:46:32 ----D---- C:\Program Files\Microsoft Picture It! PhotoPub
2010-08-13 15:50:31 ----HD---- C:\WINDOWS\inf
2010-08-13 15:50:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-13 13:05:59 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-13 13:05:55 ----RSD---- C:\WINDOWS\assembly
2010-08-13 12:17:22 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-13 10:30:04 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-13 10:25:43 ----D---- C:\Program Files\Internet Explorer
2010-08-13 10:25:28 ----D---- C:\WINDOWS\ie8updates
2010-08-13 10:22:28 ----D---- C:\Program Files\Movie Maker
2010-08-10 08:59:38 ----A---- C:\WINDOWS\win.ini
2010-08-10 08:44:53 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-09-02 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-15 2301440]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-06-21 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys []
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46848]
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2006-03-02 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS); C:\WINDOWS\system32\DRIVERS\RTL8029.SYS []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 trid3d;trid3d; C:\WINDOWS\System32\DRIVERS\trid3dm.sys [2001-08-17 222336]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-11-25 203776]
S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2000-12-03 22640]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-15 479232]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S2 gupdate1c9f99a8db31b58;Service Google Update (gupdate1c9f99a8db31b58); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-30 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-27 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Encore merci pour tout.

:wink:
jeanwathelet
Nouveau
Nouveau
 
Messages: 10
Inscription: 31 Aoû 2010, 12:55
Haut

Re: Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Messagede Marie » 02 Sep 2010, 13:22

Bonjour :sourire:


Tout est OK! :ok:

:arrow: Comment se porte le PC maintenant ?



Pour optimiser un peu le démarrage du PC et éviter que des programmes se lancent inutilement au démarrage de la machine fais ce qui suit:


:arrow: Désactive les options de langues avancées (qui ne sont utiles que pour les langues asiatiques):
  • Va dans Panneau de configuration/Options régionales et linguistiques,
  • Clique sur l'onglet Langues puis sur Détails...,
  • Sélectionne l'onglet Avancé,
  • Coche la case Arrêter les services de texte avancés.

    Image


:arrow: Double-clique sur WATHELET.exe pour lancer HijackThis puis clique sur Do a system scan only.
Enfin, coche les lignes suivantes:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')


Clique sur Fix Checked et confirme le message qui suit.




:arrow: Fais un scan antivirus en ligne chez Kaspersky. A la fin du scan, sauvegarde le rapport et poste le dans ta prochaine réponse.
Si besoin, consulte ce tuto pour lancer le scan.

:att: Désactive ton antivirus le temps de l'installation des contrôles ActiveX de Kaspersky.



:arrow: Redémarre le PC puis poste un nouveau rapport HijackThis:
Double-clique sur WATHELET.exe pour lancer HijackThis puis clique sur Do a system scan and save a log File.
Poste le rapport généré dans ta prochaine réponse.
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21397
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Re: Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Messagede jeanwathelet » 03 Sep 2010, 21:27

Bonsoir,

J'ai effectué les points 2 et 3 sans difficultés. Par contre, le point 4 m'a pris énormément de temps, mais voici enfin le rapport :

Code: Tout sélectionner
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, September 3, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, September 03, 2010 07:35:37
Records in database: 4183813
--------------------------------------------------------------------------------

Scan settings:
   scan using the following database: extended
   Scan archives: yes
   Scan e-mail databases: yes

Scan area - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\
   G:\
   H:\
   I:\

Scan statistics:
   Objects scanned: 81468
   Threats found: 1
   Infected objects found: 2
   Suspicious objects found: 0
   Scan duration: 02:51:03


File name / Threat / Threats count
C:\Program Files\archive-xxx[1]\archive-xxx[1].exe   Infected: not-a-virus:Porn-Dialer.Win32.Generic   1
C:\Program Files\video43[1]\video43[1].exe   Infected: not-a-virus:Porn-Dialer.Win32.Generic   1

Selected area has been scanned.


Je vais faire un nouveau contrôle Hijackthis et vous le soumettre en suivant.

:wink:
jeanwathelet
Nouveau
Nouveau
 
Messages: 10
Inscription: 31 Aoû 2010, 12:55
Haut

Re: Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Messagede jeanwathelet » 03 Sep 2010, 21:40

Ci-dessous le rapport HijackThis :

Code: Tout sélectionner
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:39, on 03/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\FichierTelecharge\HijackThis\WATHELET.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [FFTI] C:\Documents and Settings\WATHELET\Application Data\Mozilla\Firefox\Profiles\gyj65mxq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FFTI] C:\Documents and Settings\WATHELET\Application Data\Mozilla\Firefox\Profiles\gyj65mxq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A50C7380-59A5-4C1E-BCEA-1F152833708B}: NameServer = 81.253.149.9 80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate1c9f99a8db31b58) (gupdate1c9f99a8db31b58) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6111 bytes


Merci et à bientôt.
Dernière édition par jeanwathelet le 04 Sep 2010, 16:50, édité 1 fois.
jeanwathelet
Nouveau
Nouveau
 
Messages: 10
Inscription: 31 Aoû 2010, 12:55
Haut

Re: Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Messagede jeanwathelet » 04 Sep 2010, 16:50

Ce post pour vous signaler que nous serons absents jusqu'au 20 septembre.

S'il y a d'autres démarches à faire, ce sera donc après cette date.

Encore un grand merci pour tout.

:wink:
jeanwathelet
Nouveau
Nouveau
 
Messages: 10
Inscription: 31 Aoû 2010, 12:55
Haut

Re: Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Messagede Marie » 06 Sep 2010, 17:56

Bonjour :sourire:

(Désolée, je n'étais pas chez moi ce WE ...)


On va supprimer les 2 dossiers contenant les fichiers infectés puis ce sera OK. :wink:


:arrow: Double-clique sur Poste de travail puis rends toi dans le dossier C:/Program Files.

Supprime les 2 dossiers suivants (clic droit sur le dossier puis Supprimer):

C:\Program Files\archive-xxx[1]
et
C:\Program Files\video43[1]


:arrow: Vide ensuite ta corbeille.


Pour Terminer la désinfection, fais ceci:

:arrow: Supprime l'icone de RSIT qui est sur ton bureau puis supprime le dossier C:/RSIT (clic droit sur le dossier puis Supprimer)
Tu peux garder Malwarebytes si tu le désires.



:arrow: Double-clique sur USBFix.exe pour le lancer.

Clique sur le bouton Désinstaller pour lancer la désinstallation de l'outil.




:arrow: Vide les points de restauration système qui sont inévitablement infectés.
Ceci t'évitera de remonter un point de sauvegarde infecté si un jour tu veux lancer une restauration système.

Pour cela
  • Dans Panneau de configuration/Système/onglet Restauration du système, coche Désactiver la restauration du système sur tous les lecteurs puis clique sur OK.

  • Tout de suite après, décoche la case Désactiver ... puis clique sur OK de façon à remettre la restauration système en fonction.






:arrow: Le site Vista-XP est engagé dans la lutte anti-malware.
Aide-nous dans notre lutte (ceci nous tient vraiment à coeur) en déclarant ton infection sur Malware Complaints. Qu'est ce que Malware Complaints

Pour faire entendre notre voix, nous devons être le plus nombreux possible à témoigner.


  • Voir les règles de Malware-Complaints : http://www.malwarecomplaints.info/phpBB3/viewtopic.php?t=5

  • Enregistre toi sur le forum à partir du bouton register en haut :

  • Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, etc..) :
    Exemple pour la France: http://www.malwarecomplaints.info/phpBB3/viewforum.php?f=10

    Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, crée un message dans le sujet "Autres infections" conforme aux règles du forum (age, ville, département etc..) (Dans ton cas, il s'agit d'une infection HotBar + PornDialer)

  • Pour poster un message, clique sur le bouton "post reply" et saisis les informations.
    NE PAS CREER UN NOUVEAU SUJET avec le bouton New Topic.

    NB: Si tu as de la difficulté pour l'inscription sur Malware Complaints, tout est expliqué ICI et tu peux aussi demander de l'aide à la suite de ce topic.




:hello:
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21397
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Re: [Résolu]Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Messagede jeanwathelet » 21 Sep 2010, 21:47

Voilà, je viens de suivre les 5 points pour terminer la désinfection de mon ordi.

Je ne manquerai pas de me rendre dans Malware Complaints dans les jours suivants.

Encore merci pour tout. :wink:
jeanwathelet
Nouveau
Nouveau
 
Messages: 10
Inscription: 31 Aoû 2010, 12:55
Haut

Re: [Résolu]Trojan ou virus (Adware.Hotbar - Porn.Dialer)

Messagede Marie » 22 Sep 2010, 08:49

Contente d'avoir pu t'aider. :sourire:
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21397
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut
Suivante
Répondre

Retourner vers Aide pour supprimer les virus

 


  • Articles en relation
    Réponses
    Vus
    Dernier message

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Spider tracking tool for webmaster - SEO script - Outil de suivi des robots pour webmaster
Traduction par: phpBB-fr.com
phpBB SEO