Sécurity Tool...
Fermé
jaja_33
Messages postés
386
Date d'inscription
samedi 9 mai 2009
Statut
Membre
Dernière intervention
16 mars 2016
-
25 oct. 2009 à 19:02
jaja_33 Messages postés 386 Date d'inscription samedi 9 mai 2009 Statut Membre Dernière intervention 16 mars 2016 - 25 oct. 2009 à 20:11
jaja_33 Messages postés 386 Date d'inscription samedi 9 mai 2009 Statut Membre Dernière intervention 16 mars 2016 - 25 oct. 2009 à 20:11
A voir également:
- Sécurity Tool...
- Hp format tool - Télécharger - Stockage
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Media creation tool - Télécharger - Systèmes d'exploitation
- Daemon tool - Télécharger - Émulation & Virtualisation
- Paint tool sai 2 - Télécharger - Photo & Graphisme
24 réponses
Utilisateur anonyme
25 oct. 2009 à 19:39
25 oct. 2009 à 19:39
Salut ,
▶ Télécharge OTM de OldTimer sur ton Bureau.
• Double-clique sur OTM.exe afin de le lancer.
• Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
85413627.exe
54909027.exe
livemessenger.com
:files
C:\GenProc
C:\DOCUME~1\ALLUSE~1\APPLIC~1\54909027\54909027.exe
C:\Documents and Settings\All Users\Application Data\85413627\85413627.exe
C:\Documents and Settings\All Users\Application Data\54909027
C:\Documents and Settings\All Users\Application Data\85413627
C:\WINDOWS\System32\yotgwsu.exe
C:\WINDOWS\System32\avrugad.exe
C:\WINDOWS\System32\kazaabackupfiles
C:\WINDOWS\msnsmgr.exe
C:\WINDOWS\livemessenger.com
C:\Documents and Settings\Mailek\Bureau\IMG00098714911567251832-JPG.EXE
C:\WINDOWS\smss.exe
:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Mailek\Bureau\IMG00098714911567251832-JPG.EXE"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Winsock2 driver"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Runonce"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update"=-
"Winsock2 driver"=-
"85413627"=-
"54909027"=-
:commands
[emptytemp]
[reboot]
• Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
• Clique maintenant sur le bouton MoveIt! puis ferme OTM.
▶ Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
▶ Accepte en cliquant sur YES.
• Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
▶ Télécharge OTM de OldTimer sur ton Bureau.
• Double-clique sur OTM.exe afin de le lancer.
• Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
85413627.exe
54909027.exe
livemessenger.com
:files
C:\GenProc
C:\DOCUME~1\ALLUSE~1\APPLIC~1\54909027\54909027.exe
C:\Documents and Settings\All Users\Application Data\85413627\85413627.exe
C:\Documents and Settings\All Users\Application Data\54909027
C:\Documents and Settings\All Users\Application Data\85413627
C:\WINDOWS\System32\yotgwsu.exe
C:\WINDOWS\System32\avrugad.exe
C:\WINDOWS\System32\kazaabackupfiles
C:\WINDOWS\msnsmgr.exe
C:\WINDOWS\livemessenger.com
C:\Documents and Settings\Mailek\Bureau\IMG00098714911567251832-JPG.EXE
C:\WINDOWS\smss.exe
:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Mailek\Bureau\IMG00098714911567251832-JPG.EXE"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Winsock2 driver"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Runonce"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update"=-
"Winsock2 driver"=-
"85413627"=-
"54909027"=-
:commands
[emptytemp]
[reboot]
• Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
• Clique maintenant sur le bouton MoveIt! puis ferme OTM.
▶ Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
▶ Accepte en cliquant sur YES.
• Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Bonjour,
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
jaja_33
Messages postés
386
Date d'inscription
samedi 9 mai 2009
Statut
Membre
Dernière intervention
16 mars 2016
17
25 oct. 2009 à 19:04
25 oct. 2009 à 19:04
Merci pour cette réponse "flash" je fais ça et je poste de suite.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jaja_33
Messages postés
386
Date d'inscription
samedi 9 mai 2009
Statut
Membre
Dernière intervention
16 mars 2016
17
25 oct. 2009 à 19:07
25 oct. 2009 à 19:07
Problème, lorsque je lance le programme, je vois bien qu'il se passe quelque chose (la fenêtre de la clé usb est "grisée") mais rien non plus...
c'est la première fois que cela me fais ça, il est vraiment corriace...
c'est la première fois que cela me fais ça, il est vraiment corriace...
jaja_33
Messages postés
386
Date d'inscription
samedi 9 mai 2009
Statut
Membre
Dernière intervention
16 mars 2016
17
25 oct. 2009 à 19:10
25 oct. 2009 à 19:10
je suis en train de tester.
(pour le demarrage en mode sans échec)
(pour le demarrage en mode sans échec)
jaja_33
Messages postés
386
Date d'inscription
samedi 9 mai 2009
Statut
Membre
Dernière intervention
16 mars 2016
17
25 oct. 2009 à 19:12
25 oct. 2009 à 19:12
pour malwarebytes je l'avais déjà testé, mais il a reffuser de se lancé aussi...
jaja_33
Messages postés
386
Date d'inscription
samedi 9 mai 2009
Statut
Membre
Dernière intervention
16 mars 2016
17
25 oct. 2009 à 19:16
25 oct. 2009 à 19:16
déjà je te teste le genproc en mode sans échec, puis je fais malwarebytes ensuite (si ça marche..)
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
25 oct. 2009 à 19:19
25 oct. 2009 à 19:19
Bonsoir
j'ai essayé RSIT, ComboFix, USBFix, et rien, ils sont tous bloqués...
Pas étonnant
Peut-être judicieux de vider de ton PC tous ces Fix et de faire un RSTI
j'ai essayé RSIT, ComboFix, USBFix, et rien, ils sont tous bloqués...
Pas étonnant
Peut-être judicieux de vider de ton PC tous ces Fix et de faire un RSTI
jaja_33
Messages postés
386
Date d'inscription
samedi 9 mai 2009
Statut
Membre
Dernière intervention
16 mars 2016
17
25 oct. 2009 à 19:26
25 oct. 2009 à 19:26
Voila le log de RSIT :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jaja at 2009-10-25 19:23:12
Microsoft Windows XP Professionnel Service Pack 1
System drive C: has 125 GB (82%) free of 153 GB
Total RAM: 2047 MB (88% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-12 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-07 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-12 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-16 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-16 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-09-18 848144]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-12 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-16 148888]
"Microsoft Update"=C:\WINDOWS\livemessenger.com [2009-10-13 75776]
"Windows Rundll Center"=C:\WINDOWS\msnsmgr.exe [2009-10-13 41472]
"Winsock2 driver"=C:\WINDOWS\system32\AVRUGAD.EXE [2009-10-13 83456]
"85413627"=C:\Documents and Settings\All Users\Application Data\85413627\85413627.exe [2009-10-25 1051682]
"54909027"=C:\DOCUME~1\ALLUSE~1\APPLIC~1\54909027\54909027.exe [2009-10-25 1051682]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-23 68856]
"Runonce"=C:\WINDOWS\smss.exe [2007-11-30 229621]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Winsock2 driver"=C:\WINDOWS\system32\AVRUGAD.EXE [2009-10-13 83456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-23 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
F:\UnHackMe\hackmon.exe []
C:\Documents and Settings\Mailek\Menu Démarrer\Programmes\Démarrage
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Mailek\Bureau\IMG00098714911567251832-JPG.EXE"="C:\Documents and Settings\Mailek\Bureau\IMG00098714911567251832-JPG.EXE:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.reg - edit -
.reg - open - "%1" %*
.vbs - edit -
.vbs - open - "%1" %*
======List of files/folders created in the last 1 months======
2009-10-25 19:23:14 ----D---- C:\Program Files\trend micro
2009-10-25 19:23:12 ----D---- C:\rsit
2009-10-25 19:21:45 ----A---- C:\WINDOWS\zip.exe
2009-10-25 19:21:45 ----A---- C:\WINDOWS\vFind.exe
2009-10-25 19:21:45 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-10-25 19:21:45 ----A---- C:\WINDOWS\SWSC.exe
2009-10-25 19:21:45 ----A---- C:\WINDOWS\SWREG.exe
2009-10-25 19:21:45 ----A---- C:\WINDOWS\sed.exe
2009-10-25 19:21:45 ----A---- C:\WINDOWS\NIRCMD.exe
2009-10-25 19:21:45 ----A---- C:\WINDOWS\grep.exe
2009-10-25 19:21:12 ----D---- C:\WINDOWS\ERDNT
2009-10-25 19:21:11 ----D---- C:\ComboFix
2009-10-25 19:21:10 ----A---- C:\WINDOWS\System32\CF7362.exe
2009-10-25 19:21:04 ----D---- C:\Qoobox
2009-10-25 19:15:17 ----D---- C:\log
2009-10-25 19:10:34 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-25 19:04:57 ----D---- C:\GenProc
2009-10-25 15:46:24 ----D---- C:\Documents and Settings\All Users\Application Data\54909027
2009-10-25 14:20:55 ----D---- C:\Documents and Settings\All Users\Application Data\85413627
2009-10-13 19:30:18 ----H---- C:\WINDOWS\System32\yotgwsu.exe
2009-10-13 19:29:55 ----H---- C:\WINDOWS\System32\avrugad.exe
2009-10-13 19:29:55 ----D---- C:\WINDOWS\System32\kazaabackupfiles
2009-10-13 19:28:01 ----N---- C:\WINDOWS\msnsmgr.exe
2009-10-13 19:04:26 ----RSH---- C:\WINDOWS\livemessenger.com
2009-09-27 14:44:49 ----HD---- C:\Program Files\FX Uninstall Information
======List of files/folders modified in the last 1 months======
2009-10-25 19:23:14 ----RD---- C:\Program Files
2009-10-25 19:22:02 ----D---- C:\WINDOWS
2009-10-25 19:21:14 ----D---- C:\WINDOWS\system32
2009-10-25 19:18:28 ----D---- C:\Program Files\Any Video Converter
2009-10-25 19:18:26 ----D---- C:\Documents and Settings\Mailek\Application Data\Any Video Converter
2009-10-25 19:08:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-25 19:05:46 ----D---- C:\WINDOWS\Prefetch
2009-10-25 18:54:00 ----D---- C:\WINDOWS\Temp
2009-10-25 18:49:40 ----D---- C:\Program Files\Mozilla Firefox
2009-10-25 18:37:54 ----D---- C:\Documents and Settings\Mailek\Application Data\Hamachi
2009-10-25 14:24:49 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2009-10-24 17:36:48 ----D---- C:\Program Files\Everest Poker
2009-10-24 16:47:20 ----RSHD---- C:\RECYCLER
2009-10-24 16:19:42 ----D---- C:\WINDOWS\System32\CatRoot2
2009-10-18 18:23:15 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-10-18 18:20:31 ----D---- C:\Program Files\Photoshop CS3 Portable FR
2009-10-13 19:14:57 ----D---- C:\Documents and Settings\Mailek\Application Data\LimeWire
2009-10-03 14:18:30 ----RSHDC---- C:\WINDOWS\System32\dllcache
2009-10-03 14:18:26 ----HD---- C:\WINDOWS\inf
2009-10-03 14:18:26 ----D---- C:\WINDOWS\Help
2009-10-02 19:01:57 ----A---- C:\WINDOWS\System32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\System32\DRIVERS\hamachi.sys [2009-05-16 25280]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2004-04-01 126686]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2004-01-28 1309184]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2004-01-28 180360]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-08-28 891711]
S3 P17;Creative SB Audigy LS; C:\WINDOWS\system32\drivers\P17.sys [2004-01-16 687232]
S3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2004-04-01 404990]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2004-01-28 95424]
S3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2004-01-28 13240]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-16 152984]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2004-01-08 73796]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-22 182768]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jaja at 2009-10-25 19:23:12
Microsoft Windows XP Professionnel Service Pack 1
System drive C: has 125 GB (82%) free of 153 GB
Total RAM: 2047 MB (88% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-12 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-07 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-12 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-16 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-16 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-09-18 848144]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-12 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-16 148888]
"Microsoft Update"=C:\WINDOWS\livemessenger.com [2009-10-13 75776]
"Windows Rundll Center"=C:\WINDOWS\msnsmgr.exe [2009-10-13 41472]
"Winsock2 driver"=C:\WINDOWS\system32\AVRUGAD.EXE [2009-10-13 83456]
"85413627"=C:\Documents and Settings\All Users\Application Data\85413627\85413627.exe [2009-10-25 1051682]
"54909027"=C:\DOCUME~1\ALLUSE~1\APPLIC~1\54909027\54909027.exe [2009-10-25 1051682]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-23 68856]
"Runonce"=C:\WINDOWS\smss.exe [2007-11-30 229621]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Winsock2 driver"=C:\WINDOWS\system32\AVRUGAD.EXE [2009-10-13 83456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-23 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
F:\UnHackMe\hackmon.exe []
C:\Documents and Settings\Mailek\Menu Démarrer\Programmes\Démarrage
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Mailek\Bureau\IMG00098714911567251832-JPG.EXE"="C:\Documents and Settings\Mailek\Bureau\IMG00098714911567251832-JPG.EXE:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.reg - edit -
.reg - open - "%1" %*
.vbs - edit -
.vbs - open - "%1" %*
======List of files/folders created in the last 1 months======
2009-10-25 19:23:14 ----D---- C:\Program Files\trend micro
2009-10-25 19:23:12 ----D---- C:\rsit
2009-10-25 19:21:45 ----A---- C:\WINDOWS\zip.exe
2009-10-25 19:21:45 ----A---- C:\WINDOWS\vFind.exe
2009-10-25 19:21:45 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-10-25 19:21:45 ----A---- C:\WINDOWS\SWSC.exe
2009-10-25 19:21:45 ----A---- C:\WINDOWS\SWREG.exe
2009-10-25 19:21:45 ----A---- C:\WINDOWS\sed.exe
2009-10-25 19:21:45 ----A---- C:\WINDOWS\NIRCMD.exe
2009-10-25 19:21:45 ----A---- C:\WINDOWS\grep.exe
2009-10-25 19:21:12 ----D---- C:\WINDOWS\ERDNT
2009-10-25 19:21:11 ----D---- C:\ComboFix
2009-10-25 19:21:10 ----A---- C:\WINDOWS\System32\CF7362.exe
2009-10-25 19:21:04 ----D---- C:\Qoobox
2009-10-25 19:15:17 ----D---- C:\log
2009-10-25 19:10:34 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-25 19:04:57 ----D---- C:\GenProc
2009-10-25 15:46:24 ----D---- C:\Documents and Settings\All Users\Application Data\54909027
2009-10-25 14:20:55 ----D---- C:\Documents and Settings\All Users\Application Data\85413627
2009-10-13 19:30:18 ----H---- C:\WINDOWS\System32\yotgwsu.exe
2009-10-13 19:29:55 ----H---- C:\WINDOWS\System32\avrugad.exe
2009-10-13 19:29:55 ----D---- C:\WINDOWS\System32\kazaabackupfiles
2009-10-13 19:28:01 ----N---- C:\WINDOWS\msnsmgr.exe
2009-10-13 19:04:26 ----RSH---- C:\WINDOWS\livemessenger.com
2009-09-27 14:44:49 ----HD---- C:\Program Files\FX Uninstall Information
======List of files/folders modified in the last 1 months======
2009-10-25 19:23:14 ----RD---- C:\Program Files
2009-10-25 19:22:02 ----D---- C:\WINDOWS
2009-10-25 19:21:14 ----D---- C:\WINDOWS\system32
2009-10-25 19:18:28 ----D---- C:\Program Files\Any Video Converter
2009-10-25 19:18:26 ----D---- C:\Documents and Settings\Mailek\Application Data\Any Video Converter
2009-10-25 19:08:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-25 19:05:46 ----D---- C:\WINDOWS\Prefetch
2009-10-25 18:54:00 ----D---- C:\WINDOWS\Temp
2009-10-25 18:49:40 ----D---- C:\Program Files\Mozilla Firefox
2009-10-25 18:37:54 ----D---- C:\Documents and Settings\Mailek\Application Data\Hamachi
2009-10-25 14:24:49 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2009-10-24 17:36:48 ----D---- C:\Program Files\Everest Poker
2009-10-24 16:47:20 ----RSHD---- C:\RECYCLER
2009-10-24 16:19:42 ----D---- C:\WINDOWS\System32\CatRoot2
2009-10-18 18:23:15 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-10-18 18:20:31 ----D---- C:\Program Files\Photoshop CS3 Portable FR
2009-10-13 19:14:57 ----D---- C:\Documents and Settings\Mailek\Application Data\LimeWire
2009-10-03 14:18:30 ----RSHDC---- C:\WINDOWS\System32\dllcache
2009-10-03 14:18:26 ----HD---- C:\WINDOWS\inf
2009-10-03 14:18:26 ----D---- C:\WINDOWS\Help
2009-10-02 19:01:57 ----A---- C:\WINDOWS\System32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\System32\DRIVERS\hamachi.sys [2009-05-16 25280]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2004-04-01 126686]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2004-01-28 1309184]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2004-01-28 180360]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-08-28 891711]
S3 P17;Creative SB Audigy LS; C:\WINDOWS\system32\drivers\P17.sys [2004-01-16 687232]
S3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2004-04-01 404990]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2004-01-28 95424]
S3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2004-01-28 13240]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-16 152984]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2004-01-08 73796]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-22 182768]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
-----------------EOF-----------------
jaja_33
Messages postés
386
Date d'inscription
samedi 9 mai 2009
Statut
Membre
Dernière intervention
16 mars 2016
17
25 oct. 2009 à 19:27
25 oct. 2009 à 19:27
malwaresbytes et genproc n'ont pas marchés..
jaja_33
Messages postés
386
Date d'inscription
samedi 9 mai 2009
Statut
Membre
Dernière intervention
16 mars 2016
17
25 oct. 2009 à 19:39
25 oct. 2009 à 19:39
y a quelqu'un?...
jaja_33
Messages postés
386
Date d'inscription
samedi 9 mai 2009
Statut
Membre
Dernière intervention
16 mars 2016
17
25 oct. 2009 à 19:40
25 oct. 2009 à 19:40
Merci, je fais ça.
EDIT : ça a rebooter tout seul, j'attend le redemarrage pour poster le rapport OTM.
EDIT : ça a rebooter tout seul, j'attend le redemarrage pour poster le rapport OTM.
jaja_33
Messages postés
386
Date d'inscription
samedi 9 mai 2009
Statut
Membre
Dernière intervention
16 mars 2016
17
25 oct. 2009 à 19:50
25 oct. 2009 à 19:50
voila le rapport OTM:
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
No active process named 85413627.exe was found!
No active process named 54909027.exe was found!
No active process named livemessenger.com was found!
========== FILES ==========
File/Folder C:\GenProc not found.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\54909027\54909027.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\85413627\85413627.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\54909027 moved successfully.
C:\Documents and Settings\All Users\Application Data\85413627 moved successfully.
C:\WINDOWS\System32\yotgwsu.exe moved successfully.
C:\WINDOWS\System32\avrugad.exe moved successfully.
C:\WINDOWS\System32\kazaabackupfiles moved successfully.
C:\WINDOWS\msnsmgr.exe moved successfully.
C:\WINDOWS\livemessenger.com moved successfully.
File/Folder C:\Documents and Settings\Mailek\Bureau\IMG00098714911567251832-JPG.EXE not found.
C:\WINDOWS\smss.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Mailek\Bureau\IMG00098714911567251832-JPG.EXE deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Winsock2 driver deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Runonce deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Winsock2 driver deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\85413627 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\54909027 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34297 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5916839 bytes
User: Mailek
->Temp folder emptied: 450337206 bytes
->Temporary Internet Files folder emptied: 8310652 bytes
->Java cache emptied: 16568701 bytes
->FireFox cache emptied: 54241368 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 1100105 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 228352 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 511,88 mb
OTM by OldTimer - Version 3.0.0.6 log created on 10252009_194439
Files moved on Reboot...
Registry entries deleted on Reboot...
________________________________________________________________________________
ça a du marcher car je ne vois plus de trace de ce fichu security tool, merci beaucoup ;)
Comment avez vous fait pour trouver les bonnes "choses" à supprimer ?
________________________________________________________________________________
MERCI.
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
No active process named 85413627.exe was found!
No active process named 54909027.exe was found!
No active process named livemessenger.com was found!
========== FILES ==========
File/Folder C:\GenProc not found.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\54909027\54909027.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\85413627\85413627.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\54909027 moved successfully.
C:\Documents and Settings\All Users\Application Data\85413627 moved successfully.
C:\WINDOWS\System32\yotgwsu.exe moved successfully.
C:\WINDOWS\System32\avrugad.exe moved successfully.
C:\WINDOWS\System32\kazaabackupfiles moved successfully.
C:\WINDOWS\msnsmgr.exe moved successfully.
C:\WINDOWS\livemessenger.com moved successfully.
File/Folder C:\Documents and Settings\Mailek\Bureau\IMG00098714911567251832-JPG.EXE not found.
C:\WINDOWS\smss.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Mailek\Bureau\IMG00098714911567251832-JPG.EXE deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Winsock2 driver deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Runonce deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Winsock2 driver deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\85413627 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\54909027 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34297 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5916839 bytes
User: Mailek
->Temp folder emptied: 450337206 bytes
->Temporary Internet Files folder emptied: 8310652 bytes
->Java cache emptied: 16568701 bytes
->FireFox cache emptied: 54241368 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 1100105 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 228352 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 511,88 mb
OTM by OldTimer - Version 3.0.0.6 log created on 10252009_194439
Files moved on Reboot...
Registry entries deleted on Reboot...
________________________________________________________________________________
ça a du marcher car je ne vois plus de trace de ce fichu security tool, merci beaucoup ;)
Comment avez vous fait pour trouver les bonnes "choses" à supprimer ?
________________________________________________________________________________
MERCI.