Fenetre intempestives
G
-
G -
G -
Bonjour,
J'ai un problème de fenêtre intempestives qui s'ouvre que je surfe sur internet.
Voici le rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:37, on 29/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SGPSA\ie3sh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Windows\system32\conime.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Windows\system32\rdpclip.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\UTILXP\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
O4 - HKLM\..\RunOnce: [DeleteDir[CD8] Search Guard Plus] cmd.exe /C RD /S /Q C:\PROGRA~1\SEARCH~1
O4 - HKLM\..\RunOnce: [DeleteDir[CD8] Search Guard Plus Updater] cmd.exe /C RD /S /Q C:\PROGRA~1\SEARCH~2
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EXTRAREMOTE] "C:\ProgramData\Scr Mess Mess.uswhy"
O4 - HKCU\..\Run: [Itch ford four knob] "C:\ProgramData\THIS ANTI BIND.vbi4x09"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1221848529_14acd5394cf9fa01756d8e6fff9c43c1&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe
J'ai un problème de fenêtre intempestives qui s'ouvre que je surfe sur internet.
Voici le rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:37, on 29/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SGPSA\ie3sh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Windows\system32\conime.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Windows\system32\rdpclip.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\UTILXP\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
O4 - HKLM\..\RunOnce: [DeleteDir[CD8] Search Guard Plus] cmd.exe /C RD /S /Q C:\PROGRA~1\SEARCH~1
O4 - HKLM\..\RunOnce: [DeleteDir[CD8] Search Guard Plus Updater] cmd.exe /C RD /S /Q C:\PROGRA~1\SEARCH~2
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EXTRAREMOTE] "C:\ProgramData\Scr Mess Mess.uswhy"
O4 - HKCU\..\Run: [Itch ford four knob] "C:\ProgramData\THIS ANTI BIND.vbi4x09"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1221848529_14acd5394cf9fa01756d8e6fff9c43c1&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe
A voir également:
- Fenetre intempestives
- Fenetre windows - Guide
- Fenêtre hors écran windows 11 - Guide
- Fenetre de navigation privée - Guide
- Mcafee fenetre intempestive - Accueil - Piratage
- Forcer fermeture fenetre windows - Guide
5 réponses
Bonjour
Désactive le contrôle des comptes utilisateurs
(tu le réactiveras après ta désinfection):
* Va dans démarrer puis panneau de configuration
* Double Clique sur l'icône "Comptes d'utilisateurs"
* Clique ensuite sur désactiver et valide.
Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517
https://forum.pcastuces.com/navilog_de_il_mafioso_pour_vista-f31s12.htm
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Désactive le contrôle des comptes utilisateurs
(tu le réactiveras après ta désinfection):
* Va dans démarrer puis panneau de configuration
* Double Clique sur l'icône "Comptes d'utilisateurs"
* Clique ensuite sur désactiver et valide.
Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517
https://forum.pcastuces.com/navilog_de_il_mafioso_pour_vista-f31s12.htm
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Bizarre....
Télécharge Lop S&D.exe sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
Tutorial (aide) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956.htm
Télécharge Lop S&D.exe sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
Tutorial (aide) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956.htm
En effet bizarre,....
Voici le deuxième rapport:
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Professionnel ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
BIOS : Version 6.00 R1.05.2587.A1
USER : cendrine ( Administrator )
BOOT : Normal boot
Antivirus : Panda Antivirus 2008 3.01.00 (Activated)
C:\ (Local Disk) - NTFS - Total:230 Go (Free:153 Go)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 29/09/2009|14:54 )
[ UAC => 1 ]
--------------------\\ Listing des dossiers dans Local
[03/06/2009|21:14] C:\Users\cendrine\AppData\Local\Adobe
[10/12/2008|18:45] C:\Users\cendrine\AppData\Local\Apple
[09/02/2009|11:42] C:\Users\cendrine\AppData\Local\Apple Computer
[18/03/2008|14:29] C:\Users\cendrine\AppData\Local\Application Data
[16/09/2009|22:03] C:\Users\cendrine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[09/09/2009|15:35] C:\Users\cendrine\AppData\Local\GDIPFONTCACHEV1.DAT
[05/06/2008|18:18] C:\Users\cendrine\AppData\Local\gnc.exe
[13/06/2009|13:14] C:\Users\cendrine\AppData\Local\Google
[18/03/2008|14:29] C:\Users\cendrine\AppData\Local\Historique
[29/09/2009|14:32] C:\Users\cendrine\AppData\Local\IconCache.db
[09/09/2009|16:01] C:\Users\cendrine\AppData\Local\mcygo.bat
[09/09/2009|17:01] C:\Users\cendrine\AppData\Local\Microsoft
[19/06/2008|20:54] C:\Users\cendrine\AppData\Local\Microsoft Help
[18/03/2008|14:32] C:\Users\cendrine\AppData\Local\MigWiz
[01/06/2009|23:28] C:\Users\cendrine\AppData\Local\Mozilla
[09/09/2009|16:24] C:\Users\cendrine\AppData\Local\Panda Software
[14/09/2008|12:26] C:\Users\cendrine\AppData\Local\Sony Ericsson
[29/09/2009|14:53] C:\Users\cendrine\AppData\Local\Temp
[18/03/2008|14:29] C:\Users\cendrine\AppData\Local\Temporary Internet Files
[06/11/2008|20:02] C:\Users\cendrine\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[28/09/2009 21:26][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{22E92E3D-96CA-43A9-9E4F-26966D6AA492}.job
[29/09/2009 14:34][--ah-----] C:\Windows\tasks\SA.DAT
[29/09/2009 14:33][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[11/03/2008|17:56] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[28/06/2008|00:26] C:\ProgramData\Adobe
[10/12/2008|18:45] C:\ProgramData\Apple
[10/12/2008|18:45] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[02/11/2006|15:02] C:\ProgramData\Favorites
[21/01/2009|20:26] C:\ProgramData\Google
[26/03/2009|16:05] C:\ProgramData\Hewlett-Packard
[04/08/2009|15:53] C:\ProgramData\Messenger Plus!
[18/03/2009|21:15] C:\ProgramData\Microsoft
[09/09/2009|15:26] C:\ProgramData\Microsoft Help
[07/06/2009|15:51] C:\ProgramData\NOS
[03/08/2009|01:49] C:\ProgramData\Scr Mess Mess.5m6pa
[17/08/2009|09:49] C:\ProgramData\Scr Mess Mess.oi9kdrd
[09/09/2009|17:14] C:\ProgramData\Scr Mess Mess.s6znsvz
[09/09/2009|17:14] C:\ProgramData\Scr Mess Mess.uswhy
[18/03/2008|13:53] C:\ProgramData\sentinel
[14/09/2008|12:26] C:\ProgramData\Sony Ericsson
[02/11/2006|15:02] C:\ProgramData\Start Menu
[09/09/2009|17:14] C:\ProgramData\Start one
[14/09/2008|12:26] C:\ProgramData\Teleca
[02/11/2006|15:02] C:\ProgramData\Templates
[09/09/2009|17:14] C:\ProgramData\third lies itch ford
[09/09/2009|17:14] C:\ProgramData\THIS ANTI BIND.vbi4x09
[07/05/2008|00:21] C:\ProgramData\WindowsSearch
[10/09/2008|19:30] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[11/03/2008|17:56] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[06/06/2008|15:04] C:\Program Files\Adobe
[28/06/2008|00:20] C:\Program Files\Adobe Media Player
[02/06/2009|13:19] C:\Program Files\Alwil Software
[10/12/2008|18:45] C:\Program Files\Apple Software Update
[15/09/2009|16:30] C:\Program Files\Circle Developemen
[18/03/2008|14:02] C:\Program Files\Citrix
[18/03/2009|21:15] C:\Program Files\Common Files
[20/09/2009|21:36] C:\Program Files\Fast Browser Search
[12/06/2008|18:28] C:\Program Files\FastStone Image Viewer
[19/09/2008|20:29] C:\Program Files\GeoGebra
[30/01/2009|10:13] C:\Program Files\Google
[01/08/2009|15:44] C:\Program Files\INFORAD
[01/08/2009|15:44] C:\Program Files\INFORAD_DRIVERS
[09/09/2009|16:24] C:\Program Files\InstallShield Installation Information
[30/07/2009|03:11] C:\Program Files\Internet Explorer
[19/09/2008|20:22] C:\Program Files\java
[03/08/2009|01:48] C:\Program Files\Messenger Plus! Live
[18/03/2009|21:24] C:\Program Files\Microsoft
[18/03/2008|14:36] C:\Program Files\Microsoft Office
[09/09/2009|15:29] C:\Program Files\Microsoft Silverlight
[30/08/2008|13:07] C:\Program Files\Microsoft SQL Server Compact Edition
[08/09/2007|02:54] C:\Program Files\Microsoft Visual Studio
[09/09/2009|15:24] C:\Program Files\Microsoft Works
[08/09/2007|02:54] C:\Program Files\Microsoft.NET
[09/04/2008|15:32] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[15/09/2008|03:02] C:\Program Files\MSXML 4.0
[09/09/2009|17:01] C:\Program Files\Navilog1
[07/06/2009|15:51] C:\Program Files\NOS
[18/03/2008|13:53] C:\Program Files\Panda Security
[13/10/2008|20:03] C:\Program Files\PopCap Games
[10/12/2008|18:46] C:\Program Files\QuickTime
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[20/09/2009|21:36] C:\Program Files\SGPSA
[14/09/2008|12:26] C:\Program Files\Sony Ericsson
[19/09/2008|20:23] C:\Program Files\Sun
[13/10/2008|20:03] C:\Program Files\Trymedia
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[09/04/2008|15:32] C:\Program Files\Windows Calendar
[09/04/2008|15:32] C:\Program Files\Windows Collaboration
[09/04/2008|15:32] C:\Program Files\Windows Defender
[09/04/2008|15:32] C:\Program Files\Windows Journal
[18/03/2009|21:26] C:\Program Files\Windows Live
[18/03/2009|21:24] C:\Program Files\Windows Live SkyDrive
[09/09/2009|15:28] C:\Program Files\Windows Mail
[14/08/2009|03:03] C:\Program Files\Windows Media Player
[02/11/2006|14:37] C:\Program Files\Windows NT
[09/04/2008|15:32] C:\Program Files\Windows Photo Gallery
[09/04/2008|15:32] C:\Program Files\Windows Sidebar
[19/09/2008|20:29] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[06/06/2008|15:05] C:\Program Files\Common Files\Adobe
[28/06/2008|00:20] C:\Program Files\Common Files\Adobe AIR
[10/12/2008|18:46] C:\Program Files\Common Files\Apple
[08/09/2007|02:54] C:\Program Files\Common Files\DESIGNER
[09/09/2009|16:22] C:\Program Files\Common Files\InstallShield
[19/09/2008|20:21] C:\Program Files\Common Files\Java
[09/09/2009|15:25] C:\Program Files\Common Files\microsoft shared
[09/09/2009|16:22] C:\Program Files\Common Files\Panda Software
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[14/09/2008|12:26] C:\Program Files\Common Files\Sony Ericsson Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[09/04/2008|15:32] C:\Program Files\Common Files\System
[14/09/2008|12:26] C:\Program Files\Common Files\Teleca Shared
[18/03/2009|21:15] C:\Program Files\Common Files\Windows Live
[30/08/2008|13:07] C:\Program Files\Common Files\WindowsLiveInstaller
--------------------\\ Process
( 61 Processes )
iexplore.exe ~ [PID:2960]
iexplore.exe ~ [PID:3104]
--------------------\\ Recherche avec S_Lop
C:\ProgramData\Scr Mess Mess.5m6pa
C:\ProgramData\Scr Mess Mess.uswhy
C:\ProgramData\Scr Mess Mess.oi9kdrd
C:\ProgramData\Scr Mess Mess.s6znsvz
C:\ProgramData\THIS ANTI BIND.vbi4x09
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\ProgramData\third lies itch ford
C:\ProgramData\third lies itch ford\32 rule.dat
C:\ProgramData\third lies itch ford\32 rule.exe
C:\Users\cendrine\AppData\Local\Temp\staAC93.exe
C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@d2.advertserve[1].txt
C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@bigpoint[2].txt
C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@fr.deepolis.bigpoint[2].txt
C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@2xmoinscher[1].txt
C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@cc.2xmoinscher[2].txt
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EXTRAREMOTE"="\"C:\\ProgramData\\Scr Mess Mess.uswhy\""
"Itch ford four knob"="\"C:\\ProgramData\\THIS ANTI BIND.vbi4x09\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 14:54:15
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1592
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:345][D:17]-> C:\Users\cendrine\AppData\Local\Temp
[F:1148][D:1]-> C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies
[F:15572][D:20]-> C:\Users\cendrine\AppData\Local\MICROS~2\Windows\TEMPOR~1\content.IE5
[F:33][D:6]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 29/09/2009|15:00 - Option : [1]
--------------------\\ Fin du rapport a 15:00:18
[ UAC => 1 ]
Voici le deuxième rapport:
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Professionnel ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
BIOS : Version 6.00 R1.05.2587.A1
USER : cendrine ( Administrator )
BOOT : Normal boot
Antivirus : Panda Antivirus 2008 3.01.00 (Activated)
C:\ (Local Disk) - NTFS - Total:230 Go (Free:153 Go)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 29/09/2009|14:54 )
[ UAC => 1 ]
--------------------\\ Listing des dossiers dans Local
[03/06/2009|21:14] C:\Users\cendrine\AppData\Local\Adobe
[10/12/2008|18:45] C:\Users\cendrine\AppData\Local\Apple
[09/02/2009|11:42] C:\Users\cendrine\AppData\Local\Apple Computer
[18/03/2008|14:29] C:\Users\cendrine\AppData\Local\Application Data
[16/09/2009|22:03] C:\Users\cendrine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[09/09/2009|15:35] C:\Users\cendrine\AppData\Local\GDIPFONTCACHEV1.DAT
[05/06/2008|18:18] C:\Users\cendrine\AppData\Local\gnc.exe
[13/06/2009|13:14] C:\Users\cendrine\AppData\Local\Google
[18/03/2008|14:29] C:\Users\cendrine\AppData\Local\Historique
[29/09/2009|14:32] C:\Users\cendrine\AppData\Local\IconCache.db
[09/09/2009|16:01] C:\Users\cendrine\AppData\Local\mcygo.bat
[09/09/2009|17:01] C:\Users\cendrine\AppData\Local\Microsoft
[19/06/2008|20:54] C:\Users\cendrine\AppData\Local\Microsoft Help
[18/03/2008|14:32] C:\Users\cendrine\AppData\Local\MigWiz
[01/06/2009|23:28] C:\Users\cendrine\AppData\Local\Mozilla
[09/09/2009|16:24] C:\Users\cendrine\AppData\Local\Panda Software
[14/09/2008|12:26] C:\Users\cendrine\AppData\Local\Sony Ericsson
[29/09/2009|14:53] C:\Users\cendrine\AppData\Local\Temp
[18/03/2008|14:29] C:\Users\cendrine\AppData\Local\Temporary Internet Files
[06/11/2008|20:02] C:\Users\cendrine\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[28/09/2009 21:26][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{22E92E3D-96CA-43A9-9E4F-26966D6AA492}.job
[29/09/2009 14:34][--ah-----] C:\Windows\tasks\SA.DAT
[29/09/2009 14:33][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[11/03/2008|17:56] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[28/06/2008|00:26] C:\ProgramData\Adobe
[10/12/2008|18:45] C:\ProgramData\Apple
[10/12/2008|18:45] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[02/11/2006|15:02] C:\ProgramData\Favorites
[21/01/2009|20:26] C:\ProgramData\Google
[26/03/2009|16:05] C:\ProgramData\Hewlett-Packard
[04/08/2009|15:53] C:\ProgramData\Messenger Plus!
[18/03/2009|21:15] C:\ProgramData\Microsoft
[09/09/2009|15:26] C:\ProgramData\Microsoft Help
[07/06/2009|15:51] C:\ProgramData\NOS
[03/08/2009|01:49] C:\ProgramData\Scr Mess Mess.5m6pa
[17/08/2009|09:49] C:\ProgramData\Scr Mess Mess.oi9kdrd
[09/09/2009|17:14] C:\ProgramData\Scr Mess Mess.s6znsvz
[09/09/2009|17:14] C:\ProgramData\Scr Mess Mess.uswhy
[18/03/2008|13:53] C:\ProgramData\sentinel
[14/09/2008|12:26] C:\ProgramData\Sony Ericsson
[02/11/2006|15:02] C:\ProgramData\Start Menu
[09/09/2009|17:14] C:\ProgramData\Start one
[14/09/2008|12:26] C:\ProgramData\Teleca
[02/11/2006|15:02] C:\ProgramData\Templates
[09/09/2009|17:14] C:\ProgramData\third lies itch ford
[09/09/2009|17:14] C:\ProgramData\THIS ANTI BIND.vbi4x09
[07/05/2008|00:21] C:\ProgramData\WindowsSearch
[10/09/2008|19:30] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[11/03/2008|17:56] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[06/06/2008|15:04] C:\Program Files\Adobe
[28/06/2008|00:20] C:\Program Files\Adobe Media Player
[02/06/2009|13:19] C:\Program Files\Alwil Software
[10/12/2008|18:45] C:\Program Files\Apple Software Update
[15/09/2009|16:30] C:\Program Files\Circle Developemen
[18/03/2008|14:02] C:\Program Files\Citrix
[18/03/2009|21:15] C:\Program Files\Common Files
[20/09/2009|21:36] C:\Program Files\Fast Browser Search
[12/06/2008|18:28] C:\Program Files\FastStone Image Viewer
[19/09/2008|20:29] C:\Program Files\GeoGebra
[30/01/2009|10:13] C:\Program Files\Google
[01/08/2009|15:44] C:\Program Files\INFORAD
[01/08/2009|15:44] C:\Program Files\INFORAD_DRIVERS
[09/09/2009|16:24] C:\Program Files\InstallShield Installation Information
[30/07/2009|03:11] C:\Program Files\Internet Explorer
[19/09/2008|20:22] C:\Program Files\java
[03/08/2009|01:48] C:\Program Files\Messenger Plus! Live
[18/03/2009|21:24] C:\Program Files\Microsoft
[18/03/2008|14:36] C:\Program Files\Microsoft Office
[09/09/2009|15:29] C:\Program Files\Microsoft Silverlight
[30/08/2008|13:07] C:\Program Files\Microsoft SQL Server Compact Edition
[08/09/2007|02:54] C:\Program Files\Microsoft Visual Studio
[09/09/2009|15:24] C:\Program Files\Microsoft Works
[08/09/2007|02:54] C:\Program Files\Microsoft.NET
[09/04/2008|15:32] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[15/09/2008|03:02] C:\Program Files\MSXML 4.0
[09/09/2009|17:01] C:\Program Files\Navilog1
[07/06/2009|15:51] C:\Program Files\NOS
[18/03/2008|13:53] C:\Program Files\Panda Security
[13/10/2008|20:03] C:\Program Files\PopCap Games
[10/12/2008|18:46] C:\Program Files\QuickTime
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[20/09/2009|21:36] C:\Program Files\SGPSA
[14/09/2008|12:26] C:\Program Files\Sony Ericsson
[19/09/2008|20:23] C:\Program Files\Sun
[13/10/2008|20:03] C:\Program Files\Trymedia
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[09/04/2008|15:32] C:\Program Files\Windows Calendar
[09/04/2008|15:32] C:\Program Files\Windows Collaboration
[09/04/2008|15:32] C:\Program Files\Windows Defender
[09/04/2008|15:32] C:\Program Files\Windows Journal
[18/03/2009|21:26] C:\Program Files\Windows Live
[18/03/2009|21:24] C:\Program Files\Windows Live SkyDrive
[09/09/2009|15:28] C:\Program Files\Windows Mail
[14/08/2009|03:03] C:\Program Files\Windows Media Player
[02/11/2006|14:37] C:\Program Files\Windows NT
[09/04/2008|15:32] C:\Program Files\Windows Photo Gallery
[09/04/2008|15:32] C:\Program Files\Windows Sidebar
[19/09/2008|20:29] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[06/06/2008|15:05] C:\Program Files\Common Files\Adobe
[28/06/2008|00:20] C:\Program Files\Common Files\Adobe AIR
[10/12/2008|18:46] C:\Program Files\Common Files\Apple
[08/09/2007|02:54] C:\Program Files\Common Files\DESIGNER
[09/09/2009|16:22] C:\Program Files\Common Files\InstallShield
[19/09/2008|20:21] C:\Program Files\Common Files\Java
[09/09/2009|15:25] C:\Program Files\Common Files\microsoft shared
[09/09/2009|16:22] C:\Program Files\Common Files\Panda Software
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[14/09/2008|12:26] C:\Program Files\Common Files\Sony Ericsson Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[09/04/2008|15:32] C:\Program Files\Common Files\System
[14/09/2008|12:26] C:\Program Files\Common Files\Teleca Shared
[18/03/2009|21:15] C:\Program Files\Common Files\Windows Live
[30/08/2008|13:07] C:\Program Files\Common Files\WindowsLiveInstaller
--------------------\\ Process
( 61 Processes )
iexplore.exe ~ [PID:2960]
iexplore.exe ~ [PID:3104]
--------------------\\ Recherche avec S_Lop
C:\ProgramData\Scr Mess Mess.5m6pa
C:\ProgramData\Scr Mess Mess.uswhy
C:\ProgramData\Scr Mess Mess.oi9kdrd
C:\ProgramData\Scr Mess Mess.s6znsvz
C:\ProgramData\THIS ANTI BIND.vbi4x09
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\ProgramData\third lies itch ford
C:\ProgramData\third lies itch ford\32 rule.dat
C:\ProgramData\third lies itch ford\32 rule.exe
C:\Users\cendrine\AppData\Local\Temp\staAC93.exe
C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@d2.advertserve[1].txt
C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@bigpoint[2].txt
C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@fr.deepolis.bigpoint[2].txt
C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@2xmoinscher[1].txt
C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@cc.2xmoinscher[2].txt
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EXTRAREMOTE"="\"C:\\ProgramData\\Scr Mess Mess.uswhy\""
"Itch ford four knob"="\"C:\\ProgramData\\THIS ANTI BIND.vbi4x09\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 14:54:15
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1592
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:345][D:17]-> C:\Users\cendrine\AppData\Local\Temp
[F:1148][D:1]-> C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies
[F:15572][D:20]-> C:\Users\cendrine\AppData\Local\MICROS~2\Windows\TEMPOR~1\content.IE5
[F:33][D:6]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 29/09/2009|15:00 - Option : [1]
--------------------\\ Fin du rapport a 15:00:18
[ UAC => 1 ]
Relance Lop S&D
* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)
* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)
Voici le rapport après suppression:
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Professionnel ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
BIOS : Version 6.00 R1.05.2587.A1
USER : cendrine ( Administrator )
BOOT : Normal boot
Antivirus : Panda Antivirus 2008 3.01.00 (Activated)
C:\ (Local Disk) - NTFS - Total:230 Go (Free:153 Go)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 29/09/2009|15:07 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\ProgramData\third lies itch ford\32 rule.dat
Supprime! - C:\ProgramData\third lies itch ford\32 rule.exe
Supprime! - C:\Users\cendrine\AppData\Local\Temp\staAC93.exe
Supprime! - C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@d2.advertserve[1].txt
Supprime! - C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@bigpoint[2].txt
Supprime! - C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@fr.deepolis.bigpoint[2].txt
Supprime! - C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@2xmoinscher[1].txt
Supprime! - C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@cc.2xmoinscher[2].txt
Supprime! - C:\ProgramData\Scr Mess Mess.5m6pa
Supprime! - C:\ProgramData\Scr Mess Mess.uswhy
Supprime! - C:\ProgramData\Scr Mess Mess.oi9kdrd
Supprime! - C:\ProgramData\Scr Mess Mess.s6znsvz
Supprime! - C:\ProgramData\THIS ANTI BIND.vbi4x09
Supprime! - C:\ProgramData\third lies itch ford
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[03/06/2009|21:14] C:\Users\cendrine\AppData\Local\Adobe
[10/12/2008|18:45] C:\Users\cendrine\AppData\Local\Apple
[09/02/2009|11:42] C:\Users\cendrine\AppData\Local\Apple Computer
[18/03/2008|14:29] C:\Users\cendrine\AppData\Local\Application Data
[16/09/2009|22:03] C:\Users\cendrine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[09/09/2009|15:35] C:\Users\cendrine\AppData\Local\GDIPFONTCACHEV1.DAT
[05/06/2008|18:18] C:\Users\cendrine\AppData\Local\gnc.exe
[13/06/2009|13:14] C:\Users\cendrine\AppData\Local\Google
[18/03/2008|14:29] C:\Users\cendrine\AppData\Local\Historique
[29/09/2009|14:32] C:\Users\cendrine\AppData\Local\IconCache.db
[09/09/2009|16:01] C:\Users\cendrine\AppData\Local\mcygo.bat
[09/09/2009|17:01] C:\Users\cendrine\AppData\Local\Microsoft
[19/06/2008|20:54] C:\Users\cendrine\AppData\Local\Microsoft Help
[18/03/2008|14:32] C:\Users\cendrine\AppData\Local\MigWiz
[01/06/2009|23:28] C:\Users\cendrine\AppData\Local\Mozilla
[09/09/2009|16:24] C:\Users\cendrine\AppData\Local\Panda Software
[14/09/2008|12:26] C:\Users\cendrine\AppData\Local\Sony Ericsson
[29/09/2009|15:07] C:\Users\cendrine\AppData\Local\Temp
[18/03/2008|14:29] C:\Users\cendrine\AppData\Local\Temporary Internet Files
[06/11/2008|20:02] C:\Users\cendrine\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[28/09/2009 21:26][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{22E92E3D-96CA-43A9-9E4F-26966D6AA492}.job
[29/09/2009 14:34][--ah-----] C:\Windows\tasks\SA.DAT
[29/09/2009 14:33][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[11/03/2008|17:56] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[28/06/2008|00:26] C:\ProgramData\Adobe
[10/12/2008|18:45] C:\ProgramData\Apple
[10/12/2008|18:45] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[02/11/2006|15:02] C:\ProgramData\Favorites
[21/01/2009|20:26] C:\ProgramData\Google
[26/03/2009|16:05] C:\ProgramData\Hewlett-Packard
[04/08/2009|15:53] C:\ProgramData\Messenger Plus!
[18/03/2009|21:15] C:\ProgramData\Microsoft
[09/09/2009|15:26] C:\ProgramData\Microsoft Help
[07/06/2009|15:51] C:\ProgramData\NOS
[18/03/2008|13:53] C:\ProgramData\sentinel
[14/09/2008|12:26] C:\ProgramData\Sony Ericsson
[02/11/2006|15:02] C:\ProgramData\Start Menu
[09/09/2009|17:14] C:\ProgramData\Start one
[14/09/2008|12:26] C:\ProgramData\Teleca
[02/11/2006|15:02] C:\ProgramData\Templates
[07/05/2008|00:21] C:\ProgramData\WindowsSearch
[10/09/2008|19:30] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[11/03/2008|17:56] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[06/06/2008|15:04] C:\Program Files\Adobe
[28/06/2008|00:20] C:\Program Files\Adobe Media Player
[02/06/2009|13:19] C:\Program Files\Alwil Software
[10/12/2008|18:45] C:\Program Files\Apple Software Update
[15/09/2009|16:30] C:\Program Files\Circle Developemen
[18/03/2008|14:02] C:\Program Files\Citrix
[18/03/2009|21:15] C:\Program Files\Common Files
[20/09/2009|21:36] C:\Program Files\Fast Browser Search
[12/06/2008|18:28] C:\Program Files\FastStone Image Viewer
[19/09/2008|20:29] C:\Program Files\GeoGebra
[30/01/2009|10:13] C:\Program Files\Google
[01/08/2009|15:44] C:\Program Files\INFORAD
[01/08/2009|15:44] C:\Program Files\INFORAD_DRIVERS
[09/09/2009|16:24] C:\Program Files\InstallShield Installation Information
[30/07/2009|03:11] C:\Program Files\Internet Explorer
[19/09/2008|20:22] C:\Program Files\java
[03/08/2009|01:48] C:\Program Files\Messenger Plus! Live
[18/03/2009|21:24] C:\Program Files\Microsoft
[18/03/2008|14:36] C:\Program Files\Microsoft Office
[09/09/2009|15:29] C:\Program Files\Microsoft Silverlight
[30/08/2008|13:07] C:\Program Files\Microsoft SQL Server Compact Edition
[08/09/2007|02:54] C:\Program Files\Microsoft Visual Studio
[09/09/2009|15:24] C:\Program Files\Microsoft Works
[08/09/2007|02:54] C:\Program Files\Microsoft.NET
[09/04/2008|15:32] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[15/09/2008|03:02] C:\Program Files\MSXML 4.0
[09/09/2009|17:01] C:\Program Files\Navilog1
[07/06/2009|15:51] C:\Program Files\NOS
[18/03/2008|13:53] C:\Program Files\Panda Security
[13/10/2008|20:03] C:\Program Files\PopCap Games
[10/12/2008|18:46] C:\Program Files\QuickTime
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[20/09/2009|21:36] C:\Program Files\SGPSA
[14/09/2008|12:26] C:\Program Files\Sony Ericsson
[19/09/2008|20:23] C:\Program Files\Sun
[13/10/2008|20:03] C:\Program Files\Trymedia
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[09/04/2008|15:32] C:\Program Files\Windows Calendar
[09/04/2008|15:32] C:\Program Files\Windows Collaboration
[09/04/2008|15:32] C:\Program Files\Windows Defender
[09/04/2008|15:32] C:\Program Files\Windows Journal
[18/03/2009|21:26] C:\Program Files\Windows Live
[18/03/2009|21:24] C:\Program Files\Windows Live SkyDrive
[09/09/2009|15:28] C:\Program Files\Windows Mail
[14/08/2009|03:03] C:\Program Files\Windows Media Player
[02/11/2006|14:37] C:\Program Files\Windows NT
[09/04/2008|15:32] C:\Program Files\Windows Photo Gallery
[09/04/2008|15:32] C:\Program Files\Windows Sidebar
[19/09/2008|20:29] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[06/06/2008|15:05] C:\Program Files\Common Files\Adobe
[28/06/2008|00:20] C:\Program Files\Common Files\Adobe AIR
[10/12/2008|18:46] C:\Program Files\Common Files\Apple
[08/09/2007|02:54] C:\Program Files\Common Files\DESIGNER
[09/09/2009|16:22] C:\Program Files\Common Files\InstallShield
[19/09/2008|20:21] C:\Program Files\Common Files\Java
[09/09/2009|15:25] C:\Program Files\Common Files\microsoft shared
[09/09/2009|16:22] C:\Program Files\Common Files\Panda Software
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[14/09/2008|12:26] C:\Program Files\Common Files\Sony Ericsson Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[09/04/2008|15:32] C:\Program Files\Common Files\System
[14/09/2008|12:26] C:\Program Files\Common Files\Teleca Shared
[18/03/2009|21:15] C:\Program Files\Common Files\Windows Live
[30/08/2008|13:07] C:\Program Files\Common Files\WindowsLiveInstaller
--------------------\\ Process
( 57 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 15:07:18
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1592
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:344][D:17]-> C:\Users\cendrine\AppData\Local\Temp
[F:1143][D:1]-> C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies
[F:15572][D:20]-> C:\Users\cendrine\AppData\Local\MICROS~2\Windows\TEMPOR~1\content.IE5
[F:33][D:6]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 29/09/2009|15:00 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 29/09/2009|15:13 - Option : [2]
--------------------\\ Fin du rapport a 15:13:16
[ UAC => 1 ]
Est ce que c'est ok?
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Professionnel ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
BIOS : Version 6.00 R1.05.2587.A1
USER : cendrine ( Administrator )
BOOT : Normal boot
Antivirus : Panda Antivirus 2008 3.01.00 (Activated)
C:\ (Local Disk) - NTFS - Total:230 Go (Free:153 Go)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 29/09/2009|15:07 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\ProgramData\third lies itch ford\32 rule.dat
Supprime! - C:\ProgramData\third lies itch ford\32 rule.exe
Supprime! - C:\Users\cendrine\AppData\Local\Temp\staAC93.exe
Supprime! - C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@d2.advertserve[1].txt
Supprime! - C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@bigpoint[2].txt
Supprime! - C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@fr.deepolis.bigpoint[2].txt
Supprime! - C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@2xmoinscher[1].txt
Supprime! - C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies\cendrine@cc.2xmoinscher[2].txt
Supprime! - C:\ProgramData\Scr Mess Mess.5m6pa
Supprime! - C:\ProgramData\Scr Mess Mess.uswhy
Supprime! - C:\ProgramData\Scr Mess Mess.oi9kdrd
Supprime! - C:\ProgramData\Scr Mess Mess.s6znsvz
Supprime! - C:\ProgramData\THIS ANTI BIND.vbi4x09
Supprime! - C:\ProgramData\third lies itch ford
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[03/06/2009|21:14] C:\Users\cendrine\AppData\Local\Adobe
[10/12/2008|18:45] C:\Users\cendrine\AppData\Local\Apple
[09/02/2009|11:42] C:\Users\cendrine\AppData\Local\Apple Computer
[18/03/2008|14:29] C:\Users\cendrine\AppData\Local\Application Data
[16/09/2009|22:03] C:\Users\cendrine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[09/09/2009|15:35] C:\Users\cendrine\AppData\Local\GDIPFONTCACHEV1.DAT
[05/06/2008|18:18] C:\Users\cendrine\AppData\Local\gnc.exe
[13/06/2009|13:14] C:\Users\cendrine\AppData\Local\Google
[18/03/2008|14:29] C:\Users\cendrine\AppData\Local\Historique
[29/09/2009|14:32] C:\Users\cendrine\AppData\Local\IconCache.db
[09/09/2009|16:01] C:\Users\cendrine\AppData\Local\mcygo.bat
[09/09/2009|17:01] C:\Users\cendrine\AppData\Local\Microsoft
[19/06/2008|20:54] C:\Users\cendrine\AppData\Local\Microsoft Help
[18/03/2008|14:32] C:\Users\cendrine\AppData\Local\MigWiz
[01/06/2009|23:28] C:\Users\cendrine\AppData\Local\Mozilla
[09/09/2009|16:24] C:\Users\cendrine\AppData\Local\Panda Software
[14/09/2008|12:26] C:\Users\cendrine\AppData\Local\Sony Ericsson
[29/09/2009|15:07] C:\Users\cendrine\AppData\Local\Temp
[18/03/2008|14:29] C:\Users\cendrine\AppData\Local\Temporary Internet Files
[06/11/2008|20:02] C:\Users\cendrine\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[28/09/2009 21:26][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{22E92E3D-96CA-43A9-9E4F-26966D6AA492}.job
[29/09/2009 14:34][--ah-----] C:\Windows\tasks\SA.DAT
[29/09/2009 14:33][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[11/03/2008|17:56] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[28/06/2008|00:26] C:\ProgramData\Adobe
[10/12/2008|18:45] C:\ProgramData\Apple
[10/12/2008|18:45] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[02/11/2006|15:02] C:\ProgramData\Favorites
[21/01/2009|20:26] C:\ProgramData\Google
[26/03/2009|16:05] C:\ProgramData\Hewlett-Packard
[04/08/2009|15:53] C:\ProgramData\Messenger Plus!
[18/03/2009|21:15] C:\ProgramData\Microsoft
[09/09/2009|15:26] C:\ProgramData\Microsoft Help
[07/06/2009|15:51] C:\ProgramData\NOS
[18/03/2008|13:53] C:\ProgramData\sentinel
[14/09/2008|12:26] C:\ProgramData\Sony Ericsson
[02/11/2006|15:02] C:\ProgramData\Start Menu
[09/09/2009|17:14] C:\ProgramData\Start one
[14/09/2008|12:26] C:\ProgramData\Teleca
[02/11/2006|15:02] C:\ProgramData\Templates
[07/05/2008|00:21] C:\ProgramData\WindowsSearch
[10/09/2008|19:30] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[11/03/2008|17:56] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[06/06/2008|15:04] C:\Program Files\Adobe
[28/06/2008|00:20] C:\Program Files\Adobe Media Player
[02/06/2009|13:19] C:\Program Files\Alwil Software
[10/12/2008|18:45] C:\Program Files\Apple Software Update
[15/09/2009|16:30] C:\Program Files\Circle Developemen
[18/03/2008|14:02] C:\Program Files\Citrix
[18/03/2009|21:15] C:\Program Files\Common Files
[20/09/2009|21:36] C:\Program Files\Fast Browser Search
[12/06/2008|18:28] C:\Program Files\FastStone Image Viewer
[19/09/2008|20:29] C:\Program Files\GeoGebra
[30/01/2009|10:13] C:\Program Files\Google
[01/08/2009|15:44] C:\Program Files\INFORAD
[01/08/2009|15:44] C:\Program Files\INFORAD_DRIVERS
[09/09/2009|16:24] C:\Program Files\InstallShield Installation Information
[30/07/2009|03:11] C:\Program Files\Internet Explorer
[19/09/2008|20:22] C:\Program Files\java
[03/08/2009|01:48] C:\Program Files\Messenger Plus! Live
[18/03/2009|21:24] C:\Program Files\Microsoft
[18/03/2008|14:36] C:\Program Files\Microsoft Office
[09/09/2009|15:29] C:\Program Files\Microsoft Silverlight
[30/08/2008|13:07] C:\Program Files\Microsoft SQL Server Compact Edition
[08/09/2007|02:54] C:\Program Files\Microsoft Visual Studio
[09/09/2009|15:24] C:\Program Files\Microsoft Works
[08/09/2007|02:54] C:\Program Files\Microsoft.NET
[09/04/2008|15:32] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[15/09/2008|03:02] C:\Program Files\MSXML 4.0
[09/09/2009|17:01] C:\Program Files\Navilog1
[07/06/2009|15:51] C:\Program Files\NOS
[18/03/2008|13:53] C:\Program Files\Panda Security
[13/10/2008|20:03] C:\Program Files\PopCap Games
[10/12/2008|18:46] C:\Program Files\QuickTime
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[20/09/2009|21:36] C:\Program Files\SGPSA
[14/09/2008|12:26] C:\Program Files\Sony Ericsson
[19/09/2008|20:23] C:\Program Files\Sun
[13/10/2008|20:03] C:\Program Files\Trymedia
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[09/04/2008|15:32] C:\Program Files\Windows Calendar
[09/04/2008|15:32] C:\Program Files\Windows Collaboration
[09/04/2008|15:32] C:\Program Files\Windows Defender
[09/04/2008|15:32] C:\Program Files\Windows Journal
[18/03/2009|21:26] C:\Program Files\Windows Live
[18/03/2009|21:24] C:\Program Files\Windows Live SkyDrive
[09/09/2009|15:28] C:\Program Files\Windows Mail
[14/08/2009|03:03] C:\Program Files\Windows Media Player
[02/11/2006|14:37] C:\Program Files\Windows NT
[09/04/2008|15:32] C:\Program Files\Windows Photo Gallery
[09/04/2008|15:32] C:\Program Files\Windows Sidebar
[19/09/2008|20:29] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[06/06/2008|15:05] C:\Program Files\Common Files\Adobe
[28/06/2008|00:20] C:\Program Files\Common Files\Adobe AIR
[10/12/2008|18:46] C:\Program Files\Common Files\Apple
[08/09/2007|02:54] C:\Program Files\Common Files\DESIGNER
[09/09/2009|16:22] C:\Program Files\Common Files\InstallShield
[19/09/2008|20:21] C:\Program Files\Common Files\Java
[09/09/2009|15:25] C:\Program Files\Common Files\microsoft shared
[09/09/2009|16:22] C:\Program Files\Common Files\Panda Software
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[14/09/2008|12:26] C:\Program Files\Common Files\Sony Ericsson Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[09/04/2008|15:32] C:\Program Files\Common Files\System
[14/09/2008|12:26] C:\Program Files\Common Files\Teleca Shared
[18/03/2009|21:15] C:\Program Files\Common Files\Windows Live
[30/08/2008|13:07] C:\Program Files\Common Files\WindowsLiveInstaller
--------------------\\ Process
( 57 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 15:07:18
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1592
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:344][D:17]-> C:\Users\cendrine\AppData\Local\Temp
[F:1143][D:1]-> C:\Users\cendrine\AppData\Roaming\MICROS~1\Windows\Cookies
[F:15572][D:20]-> C:\Users\cendrine\AppData\Local\MICROS~2\Windows\TEMPOR~1\content.IE5
[F:33][D:6]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 29/09/2009|15:00 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 29/09/2009|15:13 - Option : [2]
--------------------\\ Fin du rapport a 15:13:16
[ UAC => 1 ]
Est ce que c'est ok?
Télécharge UsbFix de chiquitine29 sur ton bureau
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
--> Lance l installation avec les paramètres par défaut
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Au menu principal choisis l'option " F " pour français et tape sur [entrée]
--> Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
--> Laisse travailler l’outil
-->Poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valide.
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
--> Lance l installation avec les paramètres par défaut
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Au menu principal choisis l'option " F " pour français et tape sur [entrée]
--> Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
--> Laisse travailler l’outil
-->Poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valide.
Voici le rapport:
############################## | UsbFix V6.037 |
User : cendrine (Administrateurs) # TONDAR02
Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 15:23:42 | 29/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft® Windows Vista™ Professionnel (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Enabled
AV : Panda Antivirus 2008 3.01.00 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local # 230,87 Go (153,19 Go free) [System] # NTFS
F:\ -> Disque CD-ROM
############################## | Processus actifs |
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\WINDOWS\SYSTEM32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\SYSTEM32\LogonUI.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Windows\system32\fxssvc.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
C:\Program Files\SGPSA\ie3sh.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
################## | Registre # Clés Run infectieuses |
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{2532442c-62e7-11de-9863-001999249bf6}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
################## | ! Fin du rapport # UsbFix V6.037 ! |
############################## | UsbFix V6.037 |
User : cendrine (Administrateurs) # TONDAR02
Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 15:23:42 | 29/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft® Windows Vista™ Professionnel (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Enabled
AV : Panda Antivirus 2008 3.01.00 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local # 230,87 Go (153,19 Go free) [System] # NTFS
F:\ -> Disque CD-ROM
############################## | Processus actifs |
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\WINDOWS\SYSTEM32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\SYSTEM32\LogonUI.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Windows\system32\fxssvc.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
C:\Program Files\SGPSA\ie3sh.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
################## | Registre # Clés Run infectieuses |
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{2532442c-62e7-11de-9863-001999249bf6}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
################## | ! Fin du rapport # UsbFix V6.037 ! |
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d’avoir été infectés sans les ouvrir
# Double clique sur le raccourci UsbFix présent sur ton bureau
# Au menu principal choisis l'option " F " pour français et tape sur [entrée]
# choisi l’option 2 ( Suppression )
# Ton bureau disparaîtra et le pc redémarrera .
# Au redémarrage, UsbFix scannera ton pc, laisse travailler l’outil.
# Ensuite poste le rapport UsbFix.txt qui apparaîtra avec le bureau .
# Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
# Double clique sur le raccourci UsbFix présent sur ton bureau
# Au menu principal choisis l'option " F " pour français et tape sur [entrée]
# choisi l’option 2 ( Suppression )
# Ton bureau disparaîtra et le pc redémarrera .
# Au redémarrage, UsbFix scannera ton pc, laisse travailler l’outil.
# Ensuite poste le rapport UsbFix.txt qui apparaîtra avec le bureau .
# Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft® Windows Vista™ Professionnel ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
BIOS : Version 6.00 R1.05.2587.A1
USER : cendrine ( Administrator )
BOOT : Normal boot
Antivirus : Panda Antivirus 2008 3.01.00 (Activated)
C:\ (Local Disk) - NTFS - Total:230 Go (Free:153 Go)
F:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 29/09/2009|14:38 )
[ UAC => 0 ]
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 29/09/2009|14:38 - Option : [1]
-----------\\ Fin du rapport a 14:38:48,37
G.