Sujet Précédent Sujet Suivant

Problème windows live

Khalid -  
 Khalid -
Bonjour,

j'ai un problème avec windows live messenger, c'est un peu différent au sujet des autes, enffet, mon adresse envoi à tous mes contact des différents sites internet. J'ai un antivirus avast avec clé valide, j'ai fait une analyse, rien à trouvé, j'ai installer antispyrware, j'ai fait une analyse, rien à trouvé, j'ai installé antimalwaresbytes, j'ai fairt une analyse, rien à trouvé. l'odinateur est en ordre toutes les mises à jours ont été instalé correctment, j'ai fait une analyse avec windows defender, rien à trouvé, j'ai installé une mise à jour de Oncare scanner pour windows live, le problème y est encore, que dios-je faire. Merci d'avance
A voir également:

8 réponses

Réponse 1 / 8
Utilisateur anonyme
 
télécharge GenProc sur ton bureau

dézippe le dossier, double-clique sur GenProc.exe (le".exe" peut ne pas apparaitre)

et poste le contenu du rapport qui s'ouvre

IMPORTANT : poste le rapport et ne fais rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .

1
Réponse 2 / 8
Khalid
 
Merci pour votre réponse, je posterai le rapport après le lancement de Genproc. Merci beaucoup
0
Réponse 3 / 8
Khalid
 
Bonjour,

Aidez-moi, Voilà mon rapport que GenProc m'a donné. Merci d'avance

Rapport GenProc 2.584 [1]
@ 12/06/2009 à 21:24:10
@ Windows Vista Service Pack 2 - Mode normal

# Etape 1/ Télécharge :

- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- rustbfix http://uploads.ejvindh.andymanchesta.com/RustbFix.exe ( (ejvindh) et sauvegarde-le sur ton Bureau.
- Double clique sur rustbfix.exe afin de lancer l'outil.
- Si une infection Rustock.b est détectée, une invite t'indiquera qu'il est nécessaire de redémarrer l'ordi.
- Ce redémarrage pourrait être plus long que d'habitude, et il est possible que deux redémarrages soient requis. Tout cela se fera automatiquement.

- Suite au(x) redémarrage(s), deux rapports s'ouvriront : (C:\avenger.txt & C:\rustbfix\pelog.txt).
- Poste le contenu de ces deux rapports, ainsi qu'un rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm

----------------------------------------------------------------------

~~ Arguments de la procédure ~~

# Détections [1] GenProc 2.584 12/06/2009 à 21:24:41
Rustock: le 12/06/2009 à 21:24:42 "pe386" present

~~ Fin à 21:24:42 ~~
0
Réponse 4 / 8
Khalid
 
Bonjour quand j'ai lancé rusbifiks ça m'a donnée

************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
13/06/2009 15:42:47,02

No Rustock.b-rootkits found

******************************* End of Logfile ********************************
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
khalid
 
Bonjour

et voilà quand j'ai lancé hijackthis le rapport qui m'a donnée:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:00, on 13/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vb32&d=0209&m=aspire_6530
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.gdark.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?client=firefox-a&rls=org.mozilla:fr:official&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vb32&d=0209&m=aspire_6530
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.gdark.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.gdark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.gdark.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.gdark.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
F2 - REG:system.ini: UserInit=Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTRConnect (ntrconnect) - NTRglobal - C:\Program Files\NTR global\NTRconnect\NTRconnect.exe
0
Réponse 6 / 8
Utilisateur anonyme
 
salut

Désactivez le contrôle des comptes utilisateurs avant utilisation de cet outil:

* Allez dans "Démarrer" puis Panneau de configuration.
* Double Cliquez sur l'icône Comptes d'utilisateurs et sur "Activer ou désactiver le contrôle des comptes d'utilisateurs".
* Décochez la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
* Validez par OK et redémarrez .

Aides en images ( Uac )

ensuite

Télécharge Ad-remover ( de C_XX ) sur ton bureau :

! Déconnecte toi et ferme toutes applications en cours !

clic droit sur "Ad-R.exe" en tant qu'administrateur pour lancer l'installation et laisse les paramètres d'installation par défaut .

clic droit sur le raccourci Ad-remover en tant qu'administrateur qui est sur ton bureau pour lancer l'outil .

Au menu principal choisis l'option "L" et tape sur [entrée] .

Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Aides en images (Installation)
Aides en images (Recherche)
0
Khalid
 
Voullez- vous bien vérifier les deux rapport de Ad-Remover et de Combofix:

J’ai désactiver le contrôle des comptes d’utilisateur, et j’ai redémarrer le PC, puis, j’ai executer chacun de ces programmes ci-dessous en tant qu’administrateur:

J’ai lance Ad-Remover qui m’a donné qui m’a donné 2 rapport, 1 pour le scan, et un pour le nettoyage,
Pour le scan :

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_J | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 14/06/2009 à 10:30 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 20:20:13, 17/06/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Basic Service Pack 2 v6.0.6002
Nom du PC: PC-DE-MIMOUN | Utilisateur actuel: mimoun
.
Administrateur: Administrateur *Desactive*
N'est pas administrateur: Invité *Desactive*
Administrateur: mimoun
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\MediaPlayer.GraphicsUtils
HKCR\MediaPlayer.GraphicsUtils.1
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\Software\SweetIM
HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
HKLM\Software\Classes\MediaPlayer.GraphicsUtils
HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1
HKLM\Software\Classes\MgMediaPlayer.GifAnimator
HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1
HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\Software\SweetIM
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\Registry\User\S-1-5-21-1296028825-2768064146-476506390-1000\Software\Sweetim
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\PROGRA~2\SweetIM
C:\ProgramData\SweetIM
C:\Program Files\SweetIM
C:\Windows\Installer\12e8d66.msi
.
============== Scan additionnel ==============
.
.
.

* Internet Explorer Version 8.0.6001.18783 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vb32&d=0209&m=aspire_6530
Default_Search_URL: hxxp://fr.gdark.com
Start Page: hxxp://www.google.fr/firefox?client=firefox-a&rls=org.mozilla

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vb32&d=0209&m=aspire_6530
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://fr.gdark.com
Start Page: hxxp://fr.gdark.com

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.

+---------------------------------------------------------------------------+

7609 Octet(s) - C:\Ad-Report-SCAN.log

1 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE

Fin à: 20:31:26 | 17/06/2009
.
============== E.O.F ==============
.

Pour le nettoyage

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_J | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 14/06/2009 à 10:30 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 21:03:11, 17/06/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Basic Service Pack 2 v6.0.6002
Nom du PC: PC-DE-MIMOUN | Utilisateur actuel: mimoun
.
Administrateur: Administrateur *Desactive*
N'est pas administrateur: Invité *Desactive*
Administrateur: mimoun
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\MediaPlayer.GraphicsUtils
HKCR\MediaPlayer.GraphicsUtils.1
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\Software\SweetIM
HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\Software\SweetIM
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\Registry\User\S-1-5-21-1296028825-2768064146-476506390-1000\Software\Sweetim
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\PROGRA~2\SweetIM\Messenger
C:\PROGRA~2\SweetIM\Messenger\conf
C:\PROGRA~2\SweetIM\Messenger\data
C:\PROGRA~2\SweetIM\Messenger\logs
C:\PROGRA~2\SweetIM\Messenger\update
C:\PROGRA~2\SweetIM\Messenger\conf\adapter.xml
C:\PROGRA~2\SweetIM\Messenger\conf\autoupdate.xml
C:\PROGRA~2\SweetIM\Messenger\conf\logger.xml
C:\PROGRA~2\SweetIM\Messenger\conf\messages.xml
C:\PROGRA~2\SweetIM\Messenger\conf\sweetim.xml
C:\PROGRA~2\SweetIM\Messenger\conf\sweetimapp.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users
C:\PROGRA~2\SweetIM\Messenger\conf\users\btissamdu26@hotmail.fr
C:\PROGRA~2\SweetIM\Messenger\conf\users\main_user_config.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users\sarahlabrunedu13@hotmail.fr
C:\PROGRA~2\SweetIM\Messenger\conf\users\xx-miss-07@hotmail.fr
C:\PROGRA~2\SweetIM\Messenger\conf\users\zinadu26@hotmail.fr
C:\PROGRA~2\SweetIM\Messenger\conf\users\btissamdu26@hotmail.fr\content_update_notification.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users\btissamdu26@hotmail.fr\emoticons_shortcut.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users\btissamdu26@hotmail.fr\user_config.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users\sarahlabrunedu13@hotmail.fr\content_update_notification.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users\sarahlabrunedu13@hotmail.fr\emoticons_shortcut.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users\sarahlabrunedu13@hotmail.fr\user_config.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users\xx-miss-07@hotmail.fr\content_update_notification.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users\xx-miss-07@hotmail.fr\emoticons_shortcut.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users\xx-miss-07@hotmail.fr\lastuse_Audibles.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users\xx-miss-07@hotmail.fr\lastuse_Emoticons.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users\xx-miss-07@hotmail.fr\lastuse_Winks.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users\xx-miss-07@hotmail.fr\user_config.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users\zinadu26@hotmail.fr\content_update_notification.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users\zinadu26@hotmail.fr\emoticons_shortcut.xml
C:\PROGRA~2\SweetIM\Messenger\conf\users\zinadu26@hotmail.fr\user_config.xml
C:\PROGRA~2\SweetIM\Messenger\data\contentdb
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00010859.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\0001085D.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00010896.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\0001089A.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\000108A9.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\000108AA.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\000108C4.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\0001092C.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00010952.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00010954.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00010968.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00010970.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00010981.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\0002006E.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00020073.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00020076.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\0002016A.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\000201C5.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00020344.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\0003009A.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\000300A1.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\000300D7.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00050005.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\000600B2.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\000601B9.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00060299.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\000602E7.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\0008000D.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00080011.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00080017.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00080027.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\00080040.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\000800D0.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\000800D9.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\000800ED.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\000800EF.dat
C:\PROGRA~2\SweetIM\Messenger\data\contentdb\cache_indx.dat
C:\PROGRA~2\SweetIM
C:\Program Files\SweetIM\Messenger
C:\Program Files\SweetIM\Toolbars
C:\Program Files\SweetIM\Messenger\default.xml
C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
C:\Program Files\SweetIM\Messenger\mgAIMAuto.dll
C:\Program Files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgArchive.dll
C:\Program Files\SweetIM\Messenger\mgcommon.dll
C:\Program Files\SweetIM\Messenger\mgcommunication.dll
C:\Program Files\SweetIM\Messenger\mgconfig.dll
C:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll
C:\Program Files\SweetIM\Messenger\mghooking.dll
C:\Program Files\SweetIM\Messenger\mgICQAuto.dll
C:\Program Files\SweetIM\Messenger\mgICQMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgIEPlayer.dll
C:\Program Files\SweetIM\Messenger\mglogger.dll
C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll
C:\Program Files\SweetIM\Messenger\mgMsnAuto.dll
C:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgsimcommon.dll
C:\Program Files\SweetIM\Messenger\mgSweetIM.dll
C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll
C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll
C:\Program Files\SweetIM\Messenger\mgYahooAuto.dll
C:\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\msvcp71.dll
C:\Program Files\SweetIM\Messenger\msvcr71.dll
C:\Program Files\SweetIM\Messenger\resources
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Messenger\resources\images
C:\Program Files\SweetIM\Messenger\resources\images\AudibleButton.png
C:\Program Files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
C:\Program Files\SweetIM\Messenger\resources\images\EmoticonButton.png
C:\Program Files\SweetIM\Messenger\resources\images\NudgeButton.png
C:\Program Files\SweetIM\Messenger\resources\images\SoundFxButton.png
C:\Program Files\SweetIM\Messenger\resources\images\WinksButton.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources
C:\Program Files\SweetIM
C:\Windows\Installer\12e8d66.msi

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
.

* Internet Explorer Version 8.0.6001.18783 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.

+---------------------------------------------------------------------------+

13928 Octet(s) - C:\Ad-Report-CLEAN.log
7831 Octet(s) - C:\Ad-Report-SCAN.log

20 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
27 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE

Fin à: 21:07:34 | 17/06/2009
.
============== E.O.F ==============

J'ai passé Combofix qui m’a donné ce rapport :

ComboFix 09-06-16.05 - mimoun 17/06/2009 21:48.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2814.1998 [GMT 2:00]
Lancé depuis: c:\users\mimoun\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-17 au 2009-06-17 ))))))))))))))))))))))))))))))))))))
.

2009-06-17 18:19 . 2009-06-17 19:07 -------- d-----w- c:\program files\Ad-remover
2009-06-17 18:06 . 2009-06-17 18:06 -------- d-----w- C:\rsit
2009-06-17 12:00 . 2009-06-17 12:00 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-06-13 20:43 . 2009-06-13 20:43 -------- d-----w- c:\program files\Trend Micro
2009-06-13 13:42 . 2009-06-13 13:44 -------- d-----w- C:\Rustbfix
2009-06-13 13:38 . 2009-06-13 13:38 -------- d-----w- c:\program files\CCleaner
2009-06-12 19:22 . 2009-06-12 19:22 -------- d-----w- c:\program files\IZArc
2009-06-10 14:45 . 2009-06-10 14:45 -------- d-----w- c:\programdata\Friends Games
2009-06-07 22:26 . 2009-06-17 18:04 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-05 16:55 . 2009-06-05 16:55 -------- d-----w- c:\programdata\Malwarebytes
2009-06-05 16:38 . 2009-06-05 16:38 -------- d-----w- c:\programdata\Arovax
2009-06-05 13:45 . 2009-06-05 16:50 -------- d-----w- c:\windows\system32\eu-ES
2009-06-05 13:45 . 2009-06-05 16:50 -------- d-----w- c:\windows\system32\ca-ES
2009-06-05 13:45 . 2009-06-05 16:51 -------- d-----w- c:\windows\system32\vi-VN
2009-06-05 13:35 . 2009-06-05 16:50 -------- d-----w- c:\windows\system32\EventProviders
2009-06-05 13:32 . 2009-04-11 06:33 614376 ----a-w- c:\windows\system32\ci.dll
2009-06-05 13:31 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-06-05 13:31 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-06-05 13:31 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-06-05 13:31 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-06-05 13:31 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-06-05 13:31 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-06-05 13:31 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-06-05 13:31 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-06-05 13:31 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-06-05 13:31 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-06-05 13:31 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-06-05 13:15 . 2009-06-05 13:15 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-05 13:14 . 2009-06-05 13:15 -------- d-----w- c:\program files\Windows Live
2009-06-05 13:07 . 2009-06-05 13:07 -------- d-----w- c:\program files\Ares
2009-06-05 13:06 . 2009-06-05 13:06 -------- d-----w- c:\program files\VideoLAN
2009-06-05 13:04 . 2009-06-05 13:06 -------- d-----w- c:\program files\VLC
2009-06-05 11:36 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-05 11:11 . 2009-06-05 11:11 -------- d-----w- c:\users\mimoun\Option
2009-06-02 21:55 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-02 21:55 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-02 21:55 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-02 21:55 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-02 21:55 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-02 21:54 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-02 21:54 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-02 21:17 . 2009-06-02 21:17 -------- d-----w- c:\program files\NTR global
2009-05-31 09:58 . 2009-05-31 09:58 -------- d-----w- c:\programdata\Meridian93
2009-05-28 11:00 . 2008-12-04 14:03 572512 ----a-w- c:\windows\system32\msvcp50.dll
2009-05-28 10:49 . 2009-05-28 10:54 -------- d-----w- c:\programdata\fssg
2009-05-28 10:48 . 2009-06-02 21:36 -------- d-----w- c:\programdata\f-secure
2009-05-25 16:49 . 2009-05-25 16:49 -------- d-----w- c:\program files\Common Files\Sandlot Shared
2009-05-24 20:21 . 2009-05-24 20:21 -------- d-----w- c:\programdata\Downloaded Installations
2009-05-22 20:57 . 2009-05-22 20:57 -------- d-----w- c:\program files\Alwil Software
2009-05-22 16:54 . 2009-05-22 16:54 -------- d-----w- c:\programdata\Sandlot Games

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 17:36 . 2008-01-21 07:23 672182 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-17 17:36 . 2008-01-21 07:23 124770 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-17 16:37 . 2009-01-18 03:52 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-16 18:14 . 2009-02-17 09:52 -------- d-----w- c:\program files\Launch Manager
2009-06-13 10:27 . 2009-01-17 14:52 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 14:40 . 2009-05-16 18:13 -------- d-----w- c:\programdata\Flood Light Games
2009-06-05 13:45 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-06-05 13:45 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-05 13:45 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-06-05 13:45 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-06-05 13:45 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-06-05 13:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-05 13:45 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-05 12:23 . 2009-01-17 15:13 -------- d-----w- c:\program files\Microsoft
2009-06-05 12:14 . 2009-01-17 14:50 -------- d-----w- c:\programdata\Microsoft Help
2009-06-05 11:26 . 2009-01-17 14:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-05 11:24 . 2009-01-17 15:41 -------- d-----w- c:\program files\NewTech Infosystems
2009-06-05 11:16 . 2009-01-17 15:26 -------- d-----w- c:\program files\Acer GameZone
2009-06-04 22:18 . 2009-01-17 15:50 -------- d-----w- c:\programdata\eSobi
2009-05-28 18:44 . 2009-01-17 15:16 -------- d-----w- c:\programdata\McAfee
2009-05-28 11:06 . 2009-01-17 15:17 -------- d-----w- c:\program files\Common Files\McAfee
2009-05-28 11:06 . 2009-01-17 15:16 -------- d-----w- c:\program files\McAfee
2009-05-09 05:50 . 2009-06-11 19:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-11 19:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-04 00:52 . 2009-05-04 00:52 -------- d-----w- c:\programdata\SpinTop Games
2009-05-03 20:28 . 2009-02-17 09:59 -------- d-----w- c:\programdata\CyberLink
2009-05-03 04:07 . 2009-05-03 04:07 -------- d-----w- c:\programdata\Arcade Lab
2009-05-03 03:14 . 2009-05-03 03:14 -------- d-----w- c:\programdata\TERMINAL Studio
2009-04-30 01:00 . 2009-01-17 14:48 -------- d-----w- c:\program files\Acer
2009-04-30 00:55 . 2009-04-30 00:55 -------- d-sh--we c:\program files\Fichiers communs
2009-04-30 00:55 . 2009-04-30 00:55 -------- d-sh--we c:\programdata\Modèles
2009-04-30 00:55 . 2009-04-30 00:55 -------- d-sh--we c:\programdata\Menu Démarrer
2009-04-30 00:55 . 2009-04-30 00:55 -------- d-sh--we c:\programdata\Favoris
2009-04-30 00:55 . 2009-04-30 00:55 -------- d-sh--we c:\programdata\Bureau
2009-04-23 12:15 . 2009-06-11 19:33 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-11 19:33 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:39 . 2009-06-11 19:33 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-04-11 06:33 . 2009-06-05 13:33 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-06-05 13:32 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-06-05 13:32 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-06-05 13:33 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:28 . 2009-06-05 13:32 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-06-05 13:33 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-06-05 13:32 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-06-05 13:32 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-06-05 13:32 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-06-05 13:33 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-06-05 13:33 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-06-05 13:32 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-06-05 13:32 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-06-05 13:32 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-06-05 13:32 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-06-05 13:32 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-06-05 13:32 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-06-05 13:32 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-06-05 13:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-06-05 13:32 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-06-05 13:32 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-06-05 13:32 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-06-05 13:32 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-06-05 13:32 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-06-05 13:32 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-06-05 13:32 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-06-05 13:32 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-06-05 13:32 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-06-05 13:32 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:42 . 2009-06-05 13:32 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-06-05 13:32 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-06-05 13:32 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-06-05 13:32 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-06-05 13:32 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-04-11 04:42 . 2009-06-05 13:32 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-06-05 13:32 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-06-05 13:32 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-06-05 13:33 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-06-05 13:32 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-06-05 13:32 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-06-05 13:32 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-06-05 13:32 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:38 . 2009-06-05 13:32 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-04-11 04:27 . 2009-06-05 13:32 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23 . 2009-06-05 13:33 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-06-05 13:32 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-06-05 13:32 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-06-05 13:32 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:15 . 2009-06-05 13:32 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-06-05 13:32 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-06-05 13:32 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-06-05 13:32 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-06-05 13:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-06-05 13:32 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-06-05 13:32 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-06-05 13:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-06-05 13:32 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-06-05 13:32 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-11 04:13 . 2009-06-05 13:32 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-11 04:13 . 2009-06-05 13:32 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-11 04:13 . 2009-06-05 13:32 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-11 04:12 . 2009-06-05 13:32 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-11 02:52 . 2009-06-05 13:33 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-17 817672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):11,d6,6b,cc,e4,e5,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{743AC124-6B27-405C-B7C4-1FF5F5CB4566}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{C44E177E-9D18-4E6F-98F4-BEE33F7C43A8}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{3B04368A-8CC7-48C4-BEDA-92A869205803}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{4966AA97-DD7D-481D-BC62-4E560808B3D5}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{CC35A8AF-3CA4-4C4F-A721-91F7F774F3A2}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{F30D85F7-9BDE-4C00-9571-CBC75B23063E}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{CFBF54C6-C759-40BA-82AC-33DE78814ABC}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{88E62793-771D-49BA-B1D5-4F389B0842CA}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"TCP Query User{01488A0D-D979-4518-B703-65BA3F5A855F}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{D352EC5D-90F7-4899-8A1E-9F258572E646}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [02/06/2009 23:55 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [02/06/2009 23:55 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [02/06/2009 23:54 51792]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [17/02/2009 12:02 69632]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [17/01/2009 16:48 24576]
R2 ntrconnect;NTRConnect;c:\program files\NTR global\NTRconnect\NTRconnect.exe [29/10/2008 14:00 89600]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [16/12/2008 06:05 48128]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [17/01/2009 16:35 22072]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28/03/2007 08:51 43008]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [17/01/2009 23:14 419328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://fr.gdark.com/search.php?cx=partner-pub-7902900401080901%3Ae94ctf-nqmg&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
uSearchURL,(Default) = hxxp://fr.gdark.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 21:53
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(2372)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Heure de fin: 2009-06-17 21:55
ComboFix-quarantined-files.txt 2009-06-17 19:55

Avant-CF: 81 990 864 896 octets libres
Après-CF: 82 175 971 328 octets libres

252 --- E O F --- 2009-06-16 11:02

Merci d'avance
0
Réponse 7 / 8
Utilisateur anonyme
 
salut qui t'a demandé de passer Combofix ?
0
Khalid
 
Bonjour,

C'est jacques.gache qui m'a demandé de passer Combofix. Merci d'avance
0
Réponse 8 / 8
Khalid
 
Voici le lien:

http://www.commentcamarche.net/forum/affich 12870110 probleme grave windows live mesenger
0