Rapport Kaspersky - Page 3

Précédent
  • 1
  • 2
  • 3
  1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    Télécharge OTMoveIt3 de OldTimer sur ton Bureau en cliquant sur ce lien :

    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    Double-clique sur OTMoveIt3.exe pour le lancer.

    Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.

    Copie la liste qui se trouve en gras ci-dessous,

    et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".


    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\YCSoft\VisualCarnet\UpdaterYC.exe"= -
    "C:\Program Files\YCSoft\VisualCarnet\VisualCarnet.exe"= -
    "C:\Program Files\Ratajik Software\StationRipper\StationRipperConsole.exe"= -
    "C:\Program Files\WinPhone Ultimate Edition\winphone.exe"= -
    "C:\Program Files\WinPhone Ultimate Edition\BvrpKrnl.exe"= -

    :files
    C:\WINDOWS\SET14D.tmp
    C:\WINDOWS\SET141.tmp
    C:\WINDOWS\SET13E.tmp

    :commands
    [emptytemp]


    Clique sur "MoveIt!" pour lancer la suppression.

    Le résultat apparaitra dans le cadre "Results".

    Clique sur "Exit" pour fermer.

    Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .

    0
  2. benchris
     
    Bonjour,

    voiçi le rapport :

    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\Program Files\YCSoft\VisualCarnet\UpdaterYC.exe"| - /E : value set successfully!
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\Program Files\YCSoft\VisualCarnet\VisualCarnet.exe"| - /E : value set successfully!
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\Program Files\Ratajik Software\StationRipper\StationRipperConsole.exe"| - /E : value set successfully!
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\Program Files\WinPhone Ultimate Edition\winphone.exe"| - /E : value set successfully!
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\Program Files\WinPhone Ultimate Edition\BvrpKrnl.exe"| - /E : value set successfully!
    ========== FILES ==========
    C:\WINDOWS\SET14D.tmp moved successfully.
    C:\WINDOWS\SET141.tmp moved successfully.
    C:\WINDOWS\SET13E.tmp moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\Nous\LOCALS~1\Temp\~DF4533.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Nous\LOCALS~1\Temp\~DF454A.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03262009_064654

    Files moved on Reboot...
    File C:\DOCUME~1\Nous\LOCALS~1\Temp\~DF4533.tmp not found!
    File C:\DOCUME~1\Nous\LOCALS~1\Temp\~DF454A.tmp not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

    Bonne journée
    0
  3. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    installe OnLineArmor comme parefeu.

    Tu le trouveras ici avec un tuto :

    http://www.malekal.com/menu_tutorials_logiciels.php
    0
  4. benchris
     
    voilà ! c'est fait !!!
    Un p'tit RSIT ;-) ???????
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    je te propose plutôt de le laisser brancher.

    Et même de m'utiliser normalement.

    On refait un point demain soir voire samedi (RSIT et MBAM).
    0
  7. benchris Messages postés 21 Statut Membre
     
    OK, alors Bonne Nuit et à demain ou samedi !!!

    Et merci beaucoup !

    benchris
    0
  8. benchris
     
    bonjour Lyonnais92,

    Alors me voilà : en 1er le RSIT :

    ############################## [ FindyKill V4.720 ]

    # User : Nous (Administrateurs) # D8NKQK2J
    # Update on 22/03/09 by Chiquitine29
    # Start at: 12:01:33 | 28/03/2009
    # Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

    # AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
    # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    # Internet Explorer 7.0.5730.11
    # Windows Firewall Status : Enabled
    # AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
    # AV : [ Enabled | (!) Outdated ]
    # FW : Online Armor Firewall[ Enabled ]3.0.0.190
    # FW : [ (!) Disabled ]

    # C:\ # Disque fixe local # 218,89 Go (162,12 Go free) # NTFS
    # D:\ # Disque fixe local # 74,5 Go (16,27 Go free) [Sauvegarder] # NTFS
    # G:\ # Disque amovible
    # H:\ # Disque amovible
    # I:\ # Disque amovible
    # J:\ # Disque amovible
    # K:\ # Disque CD-ROM # 4,11 Go (0 Mo free) [sauvegarde 22_03] # CDFS

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Tall Emu\Online Armor\oahlp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## [ Fichiers / Dossiers infectieux C:\ ]

    ################## [ C:\WINDOWS ]

    ################## [ C:\WINDOWS\system32 ]

    ################## [ C:\WINDOWS\system32\drivers ]

    ################## [ C:\.. Application Data ... ]

    ################## [ Registre / Clés infectieuses ]

    ################## [ Recherche dans supports amovibles]

    # Presence des fichiers :

    ################## [ Registre / Mountpoint2 ]

    # -> Not found !

    ################## [ ! Fin du rapport # FindyKill V4.720 ! ]

    Puis le MBAM :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Nous at 2009-03-28 11:59:35
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 166 GB (74%) free of 224 GB
    Total RAM: 1022 MB (56% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:59:52, on 28/03/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Tall Emu\Online Armor\oahlp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Documents and Settings\Nous\Bureau\RSIT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\trend micro\Nous.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5061101
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://home.mcafee.com/StaticGenericPage.aspx?page=cookienotsupported&url=%2froot%2fcampaign.aspx%3fcid%3d23585%26affid%3d105-93%26culture%3dfr-FR%26ctst%3d1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cblaborie.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cblaborie.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{89F4920E-D4D9-4596-97CF-E891AE3DCD28}: NameServer = 192.168.30.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    0
  9. benchris Messages postés 21 Statut Membre
     
    Salut Lyonnais92 !

    Alors ? tu en penses quoi de ces derniers rapports ?
    Je trouve que l'ordi rame un peu quand même...

    Benchris
    0
Précédent
  • 1
  • 2
  • 3