alors voici les rapports
USBFIX
############################## [ UsbFix V3.021 # Cleaning ]
# User : Guillaume (Administrateurs) # PORTABLE
# Update on 16/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite :
http://pagesperso-orange.fr/NosTools/usbfix.html# Start at: 19:02:06 | 19/05/2009
# Intel(R) Pentium(R) M processor 1.60GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# C:\ # Disque fixe local # 55,88 Go (10,15 Go free) # NTFS
# D:\ # Disque CD-ROM
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Fichiers # Dossiers infectieux ]
Deleted ! C:\WINDOWS\system32\antinul.vbe
Deleted ! C:\WINDOWS\system32\Autoruns.exe
Deleted ! C:\WINDOWS\system32\SelfDel.bat
################## [ Registre # Clés Run infectieuses ]
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
# HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
################## [ Registre # Mountpoints2 ]
################## [ Listing des fichiers présent ]
[19/05/2009 08:35|--a------|6426] - C:\aaw7boot.log
[12/05/2008 16:57|--a------|0] - C:\AUTOEXEC.BAT
[12/05/2008 16:51|---hs----|212] - C:\boot.ini
[28/08/2001 16:00|-rahs----|4952] - C:\Bootfont.bin
[12/05/2008 16:57|--a------|0] - C:\CONFIG.SYS
[12/05/2008 16:57|-rahs----|0] - C:\IO.SYS
[09/04/2009 15:46|--ah-----|462] - C:\IPH.PH
[12/05/2008 16:57|-rahs----|0] - C:\MSDOS.SYS
[04/08/2004 00:38|-rahs----|47564] - C:\NTDETECT.COM
[04/08/2004 00:59|-rahs----|251712] - C:\ntldr
[29/02/2004 17:44|--a------|52576] - C:\orange.bmp
[?|?|?] - C:\pagefile.sys
[12/05/2008 18:46|--ah-----|268] - C:\sqmdata00.sqm
[12/05/2008 18:46|--ah-----|244] - C:\sqmnoopt00.sqm
[19/05/2009 19:02|--a------|3042] - C:\UsbFix.txt
[12/05/2008 17:18|--a------|59] - C:\XPSP2+_Version.txt
################## [ Vaccination ]
# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
################## [ Cracks / Keygens / Serials ]
# -> Nothing found !
################## [ ! Fin du rapport # UsbFix V3.021 ! ]
antivir
Avira AntiVir Personal
Report file date: mardi 19 mai 2009 19:26
Scanning for 1410306 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PORTABLE
Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 17/04/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 19/05/2009 17:24:50
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
ANTIVIR2.VDF : 7.1.3.185 2010112 Bytes 12/05/2009 17:24:50
ANTIVIR3.VDF : 7.1.3.231 325632 Bytes 19/05/2009 17:24:50
Engineversion : 8.2.0.168
AEVDF.DLL : 8.1.1.1 106868 Bytes 19/05/2009 17:24:50
AESCRIPT.DLL : 8.1.2.0 389497 Bytes 19/05/2009 17:24:50
AESCN.DLL : 8.1.2.3 127347 Bytes 19/05/2009 17:24:50
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
AEPACK.DLL : 8.1.3.16 397686 Bytes 19/05/2009 17:24:50
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
AEHEUR.DLL : 8.1.0.129 1761655 Bytes 19/05/2009 17:24:50
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
AEGEN.DLL : 8.1.1.44 348532 Bytes 19/05/2009 17:24:50
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 19/05/2009 17:24:50
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 19/05/2009 17:24:50
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 19/05/2009 17:24:50
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: mardi 19 mai 2009 19:26
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthttavbwuymwuxyvbvpexrloytafsxktqx\main
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthttavbwuymwuxyvbvpexrloytafsxktqx\modules
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthttavbwuymwuxyvbvpexrloytafsxktqx\start
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthttavbwuymwuxyvbvpexrloytafsxktqx\type
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthttavbwuymwuxyvbvpexrloytafsxktqx\group
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthttavbwuymwuxyvbvpexrloytafsxktqx\imagepath
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthttavbwuymwuxyvbvpexrloytafsxktqx\inst
[INFO] The registry entry is invisible.
'35821' objects were checked, '7' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'AnotherScripT.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '42' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Guillaume\Mes documents\Downloads\son rimk\antinul.vbe
[DETECTION] Contains recognition pattern of the VBS/Antinul.A VBS script virus
C:\Program Files\Couscous Script version1.0\CousCous Script.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/mIRC-1804800.A back-door program
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128364.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128365.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128366.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128367.sys
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128368.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128369.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128370.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\WINDOWS\system32\otmspr.exe
[DETECTION] Is the TR/Agent.5632.44 Trojan
C:\WINDOWS\system32\drivers\etc\hosts
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192148.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192155.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192156.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192157.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192158.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192159.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192220.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192222.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192223.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192224.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192225.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192226.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192227.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192228.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192229.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090519-141930.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.msn
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\_OTMoveIt\MovedFiles\05192009_183016\WINDOWS\system32\plkhost.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
Beginning disinfection:
C:\Documents and Settings\Guillaume\Mes documents\Downloads\son rimk\antinul.vbe
[DETECTION] Contains recognition pattern of the VBS/Antinul.A VBS script virus
[NOTE] The file was moved to '4a86f288.qua'!
C:\Program Files\Couscous Script version1.0\CousCous Script.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/mIRC-1804800.A back-door program
[NOTE] The file was moved to '4a87f28a.qua'!
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128364.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4a43f24b.qua'!
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128365.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49519cfc.qua'!
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128366.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4b381fd4.qua'!
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128367.sys
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '495294a4.qua'!
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128368.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4953ad6c.qua'!
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128369.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4b379f94.qua'!
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128370.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49508434.qua'!
C:\WINDOWS\system32\otmspr.exe
[DETECTION] Is the TR/Agent.5632.44 Trojan
[NOTE] The file was moved to '4a7ff28f.qua'!
C:\WINDOWS\system32\drivers\etc\hosts
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '4a85f28a.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192148.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '49926713.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192155.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '4b00666b.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192156.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '491338a3.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192157.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '4912237b.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192158.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '491d2b33.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192159.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '499c6fe3.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192220.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '491c130b.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192222.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '491f1bc3.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192223.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '491b7843.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192224.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '491a601b.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192225.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '492568d3.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192226.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '499f57bb.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192227.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '499e5e73.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192228.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '4999464b.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192229.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '49984e03.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090519-141930.backup
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '499b36db.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.msn
[DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
[NOTE] The file was moved to '499a3e93.qua'!
C:\_OTMoveIt\MovedFiles\05192009_183016\WINDOWS\system32\plkhost.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] TR/Dropper.Gen:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<Key Drv>=sz:plkhost.exe
[NOTE] The file was moved to '4a7df287.qua'!
End of the scan: mardi 19 mai 2009 19:53
Used time: 27:04 Minute(s)
The scan has been done completely.
7908 Scanned directories
251139 Files were scanned
29 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
29 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
251109 Files not concerned
1268 Archives were scanned
1 Warnings
30 Notes
35821 Objects were scanned with rootkit scan
7 Hidden objects were found
et hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:39, on 19/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Guillaume\Mes documents\Mes fichiers reçus\Another-ScripT_V.1.2.0\AnotherScripT.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://moteur.chat-land.org/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.fr/ieR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.frR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://fr.msn.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.fr/ieR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.google.fr/search?q=%sR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Key Drv] plkhost.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: CabBuilder -
http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cabO16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A98D136-9551-4EC9-9986-5054041AFCAC}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{74D593CC-E022-4A08-83DD-EEB1F35BA7BA}: NameServer = 80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF2CF521-5E59-4448-A3DB-8D7519B793A9}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate1c9b519ac90bc8a) (gupdate1c9b519ac90bc8a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7707 bytes
voila