Problème de publicités

marquise -  
 marquise -
Bonjour,voilà j'ai sans cesse des fenêtres de publicités internet qui s'ouvrent !!! sans rien avoir demander !!!
Que puis-je faire ??
merci
Configuration: Windows XP

5 réponses

  1. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    bonjour

    • Télécharge Random's System Information Tool (RSIT) de Random/Random.

    http://images.malwareremoval.com/random/RSIT.exe

    • Enregistre le sur ton Bureau.

    • Double clique sur RSIT.exe pour lancer l'outil.

    • Clique sur "Continue" à l'écran Disclaimer.

    • Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)

    et tu devras accepter la licence.

    • Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

    Les rapports se trouvent à cet endroit:
    C:\rsit\info.txt
    C:\rsit\log.txt
    0
    1. marquise
       
      voici le (même) résultat...(par contre je n'ai pas eu 2 rapports mais un seul) :

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Administrateur at 2009-11-06 23:51:48
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 7 GB (35%) free of 20 GB
      Total RAM: 895 MB (54% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:52:02, on 06/11/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16915)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
      C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\AVG\AVG8\avgemc.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\Program Files\AVG\AVG8\avgcsrvx.exe
      C:\Program Files\UberIcon\UberIcon Manager.exe
      C:\Windows\System32\VisualTaskTips.exe
      C:\Program Files\styler\Styler.exe
      C:\WINDOWS\system32\topdesk.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Soft4Ever\looknstop\_looknstop.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\PROGRA~1\AVG\AVG8\avgtray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Windows Live\Toolbar\wltuser.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
      C:\Program Files\trend micro\Administrateur.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
      O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
      O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
      O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
      O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
      O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe
      O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
      O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
      O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Tons Ford.exe
      O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [toolbias] C:\DOCUME~1\ADMINI~1\APPLIC~1\CDROME~1\Cool bait.exe
      O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
      O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
      O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10812} (FlyLoader Class) - http://www.flysuite.com/flycalc/loadercalc_win_fr.cab
      O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3f7c71364df54e84.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
      O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
      O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
      O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
      O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
      O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  2. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Bonsoir,
    Certainement une infection derrière tout ça !
    On va établir un diagnostic des infections présentes sur ton PC avec un outil : RSIT.

    *******

    Télécharge Random’s System Information Tool (RSIT) de random/random et enregistre l’exécutable sur le Bureau.
    = = = = >>> En cliquant ici <<< = = = =

    * Double clique sur RSIT.exe pour le lancer.
    * Une première fenêtre s’ouvre, clique alors sur Continue (Disclaimer).
    * Si la dernière version de HijackThis n’est pas détectée sur ton PC, RSIT le téléchargera et te demandera d’accepter la licence.
    * Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront (probablement avec le bloc-notes).
    * Poste le contenu de log.txt.
    0
    1. marquise
       
      voici le résultat :

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Administrateur at 2009-11-06 23:51:48
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 7 GB (35%) free of 20 GB
      Total RAM: 895 MB (54% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:52:02, on 06/11/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16915)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
      C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\AVG\AVG8\avgemc.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\Program Files\AVG\AVG8\avgcsrvx.exe
      C:\Program Files\UberIcon\UberIcon Manager.exe
      C:\Windows\System32\VisualTaskTips.exe
      C:\Program Files\styler\Styler.exe
      C:\WINDOWS\system32\topdesk.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Soft4Ever\looknstop\_looknstop.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\PROGRA~1\AVG\AVG8\avgtray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Windows Live\Toolbar\wltuser.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
      C:\Program Files\trend micro\Administrateur.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
      O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
      O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
      O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
      O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
      O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe
      O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
      O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
      O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Tons Ford.exe
      O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [toolbias] C:\DOCUME~1\ADMINI~1\APPLIC~1\CDROME~1\Cool bait.exe
      O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
      O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
      O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10812} (FlyLoader Class) - http://www.flysuite.com/flycalc/loadercalc_win_fr.cab
      O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3f7c71364df54e84.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
      O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
      O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
      O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
      O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
      O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  3. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    A crapoulou

    honneur aux anciens...et que je regarde et que j'apprends

    (sourire)

    amicalement
    0
  4. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    honneur aux anciens...et que je regarde et que j'apprends
    Ok, alors si t'as des questions, n'hésite pas à m'e, faire part par MP.

    *****

    Plusieurs infections ont été détectées dont Lop.
    Commençons par celle-ci :

    Télécharge LopS&D (de eric_71)
    = = = = >>> En cliquant ici <<< = = = =

    Enregistre le fichier sur ton bureau.
    Lance l’installation.
    Une fois le programme lancé tape F pour être en Français.
    Réponds OK au message d’alerte qui s’affiche.
    Puis exécute l’option 1, Recherche.
    Un rapport sera généré.
    Poste son intégralité ici.
    Note :
    Le rapport se trouve ici : C:\LopR.txt
    Petit tutorial si besoin ICI.
    0
    1. marquise
       
      voici le rapport :


      --------------------\\ Lop S&D 4.2.5-0 XP/Vista

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
      X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
      BIOS : BIOS Date: 09/08/04 17:24:24 Ver: 08.00.09
      USER : Administrateur ( Administrator )
      BOOT : Normal boot
      Antivirus : AVG Anti-Virus Free 8.5 (Activated)
      Firewall : Look 'n' Stop 2.05p2 (Soft4Ever) 2.05p2 (Activated)
      C:\ (Local Disk) - NTFS - Total:19 Go (Free:6 Go)
      D:\ (Local Disk) - NTFS - Total:54 Go (Free:32 Go)
      E:\ (CD or DVD)
      G:\ (USB)
      H:\ (USB)
      I:\ (CD or DVD)
      J:\ (USB)
      K:\ (USB)

      "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
      Option : [1] ( 07/11/2009| 0:13 )

      --------------------\\ Listing des dossiers dans APPLIC~1

      [29/01/2009|11:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
      [23/03/2008|10:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
      [03/11/2009|22:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Anthropics
      [14/11/2008|17:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft
      [24/08/2008|17:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Canneverbe_Limited
      [04/11/2009|20:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\cdromeggs
      [10/09/2008|17:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\EPSON
      [10/06/2009|21:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\FlySuite
      [16/08/2008|20:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
      [03/11/2009|22:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\gtk-2.0
      [22/05/2008|09:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
      [04/02/2009|13:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
      [23/03/2008|18:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
      [24/03/2008|20:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
      [22/03/2008|10:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
      [22/03/2008|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
      [19/07/2009|21:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
      [03/11/2009|22:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Nero
      [29/06/2008|09:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Nikon
      [23/10/2009|09:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\OpenOffice.org
      [27/03/2008|23:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
      [28/03/2008|22:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Ericsson
      [21/10/2009|10:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Studio-Scrap
      [22/03/2008|10:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Styler
      [28/03/2008|22:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Teleca
      [15/04/2008|21:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
      [06/11/2009|19:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Winamp
      [22/03/2008|10:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Xentient
      [04/02/2009|13:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Zylom

      [14/05/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
      [22/03/2008|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
      [31/01/2009|15:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
      [06/06/2008|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cdiscount Album Photo
      [01/08/2008|21:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
      [04/11/2009|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
      [08/06/2008|11:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
      [06/11/2009|21:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
      [22/06/2008|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
      [22/06/2008|12:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
      [04/09/2008|23:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
      [10/06/2009|23:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
      [14/06/2009|16:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
      [29/10/2009|22:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
      [22/03/2008|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
      [28/03/2008|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
      [28/03/2008|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
      [24/10/2008|20:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
      [16/11/2008|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
      [22/03/2008|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
      [23/03/2008|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
      [04/02/2009|13:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

      [23/08/2005|23:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
      [22/03/2008|09:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real

      [13/10/2008|21:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\agi
      [30/01/2009|14:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

      [30/01/2009|14:12] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

      --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

      [06/11/2009 11:00][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
      [06/11/2009 10:32][--ah-----] C:\WINDOWS\tasks\SA.DAT
      [28/08/2004 15:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

      --------------------\\ Listing des dossiers dans C:\Program Files

      [23/03/2008|19:11] C:\Program Files\AbiSuite2
      [05/06/2009|12:34] C:\Program Files\Ad-Aware
      [27/06/2008|23:30] C:\Program Files\Adobe
      [07/08/2009|12:29] C:\Program Files\Ad-remover
      [25/10/2009|20:34] C:\Program Files\Alwil Software
      [04/08/2008|16:17] C:\Program Files\ArchoSoft
      [04/08/2008|15:09] C:\Program Files\ArcSoft
      [23/10/2009|10:06] C:\Program Files\Ask Search Assistant
      [30/01/2009|14:13] C:\Program Files\AVG
      [17/06/2009|21:18] C:\Program Files\Bejeweled 2 Deluxe
      [04/11/2009|20:13] C:\Program Files\BitDownload
      [23/02/2009|13:06] C:\Program Files\CCleaner
      [04/11/2009|20:12] C:\Program Files\cdromeggs
      [22/03/2008|09:52] C:\Program Files\Cener Development
      [14/06/2006|18:46] C:\Program Files\Compare It!
      [22/03/2008|09:27] C:\Program Files\ComPlus Applications
      [04/08/2008|15:54] C:\Program Files\Creative
      [06/11/2009|23:28] C:\Program Files\eMule
      [24/10/2006|07:44] C:\Program Files\Everest
      [29/10/2009|22:14] C:\Program Files\Fichiers communs
      [16/08/2008|19:59] C:\Program Files\Google
      [06/01/2009|15:58] C:\Program Files\Hercules
      [14/06/2006|18:46] C:\Program Files\IE Privacy Keeper
      [16/03/2009|12:21] C:\Program Files\InstallShield Installation Information
      [21/10/2009|09:45] C:\Program Files\InstStudioScrap-Kit-St-Valentin
      [21/10/2009|08:27] C:\Program Files\Internet Explorer
      [22/03/2008|09:50] C:\Program Files\K-Lite Codec Pack
      [04/09/2008|20:35] C:\Program Files\Kodak
      [22/03/2008|13:45] C:\Program Files\Lavalys
      [15/08/2009|22:35] C:\Program Files\Micro Application
      [23/02/2009|02:48] C:\Program Files\Microsoft
      [04/08/2009|15:51] C:\Program Files\Microsoft Office
      [23/02/2009|02:54] C:\Program Files\Microsoft Sync Framework
      [19/10/2008|08:28] C:\Program Files\Movie Maker
      [04/08/2009|15:48] C:\Program Files\MSECache
      [01/04/2008|23:46] C:\Program Files\MSXML 4.0
      [22/03/2008|17:08] C:\Program Files\MSXML 6.0
      [07/08/2009|10:32] C:\Program Files\Navilog1
      [29/10/2009|22:16] C:\Program Files\Nero
      [29/06/2008|09:13] C:\Program Files\Nikon
      [23/10/2009|10:03] C:\Program Files\OpenOffice.org 3
      [10/06/2009|22:51] C:\Program Files\ORKTools
      [13/08/2009|06:36] C:\Program Files\Outlook Express
      [15/08/2009|21:59] C:\Program Files\PCStitch 7
      [06/11/2009|19:36] C:\Program Files\PhotoFiltre Studio
      [22/05/2008|09:18] C:\Program Files\Sierra On-Line
      [04/08/2004|15:19] C:\Program Files\Soft4Ever
      [28/03/2008|22:42] C:\Program Files\Sony Ericsson
      [21/10/2009|09:41] C:\Program Files\Studio-Scrap
      [22/03/2008|10:06] C:\Program Files\Styler
      [11/09/2008|09:51] C:\Program Files\Tall Emu
      [14/05/2008|22:47] C:\Program Files\Tracker Software
      [06/11/2009|23:51] C:\Program Files\trend micro
      [05/07/2006|03:20] C:\Program Files\TweakRAM
      [14/06/2006|18:46] C:\Program Files\UberIcon
      [22/03/2008|09:25] C:\Program Files\Uninstall Information
      [15/04/2008|21:36] C:\Program Files\VideoLAN
      [02/08/2009|11:55] C:\Program Files\Winamp
      [10/01/2007|22:21] C:\Program Files\Windows Defender
      [23/02/2009|02:56] C:\Program Files\Windows Live
      [19/10/2008|08:28] C:\Program Files\Windows Media Player
      [10/01/2007|22:20] C:\Program Files\Windows Sidebar
      [22/03/2008|09:29] C:\Program Files\WindowsUpdate
      [22/03/2008|09:52] C:\Program Files\Winrar
      [28/01/2009|11:10] C:\Program Files\XoftSpySE
      [05/11/2009|11:01] C:\Program Files\ZHPDiag
      [11/09/2008|23:53] C:\Program Files\Zilla Popup Killer
      [11/09/2008|23:22] C:\Program Files\Zone Labs
      [04/02/2009|14:15] C:\Program Files\Zylom Games

      --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

      [14/05/2008|19:32] C:\Program Files\Fichiers communs\Adobe
      [22/03/2008|09:49] C:\Program Files\Fichiers communs\Ahead
      [19/04/2008|20:29] C:\Program Files\Fichiers communs\InstallShield
      [04/08/2009|14:22] C:\Program Files\Fichiers communs\Microsoft Shared
      [22/03/2008|09:28] C:\Program Files\Fichiers communs\MSSoap
      [29/10/2009|22:17] C:\Program Files\Fichiers communs\Nero
      [23/10/2008|22:13] C:\Program Files\Fichiers communs\Nikon
      [22/03/2008|10:19] C:\Program Files\Fichiers communs\ODBC
      [22/03/2008|09:28] C:\Program Files\Fichiers communs\Services
      [28/03/2008|22:43] C:\Program Files\Fichiers communs\Sony Ericsson Shared
      [04/08/2009|14:22] C:\Program Files\Fichiers communs\System
      [28/03/2008|22:43] C:\Program Files\Fichiers communs\Teleca Shared
      [23/02/2009|02:43] C:\Program Files\Fichiers communs\Windows Live
      [23/03/2008|10:55] C:\Program Files\Fichiers communs\WindowsLiveInstaller

      --------------------\\ Process

      ( 50 Processes )

      iexplore.exe ~ [PID:3676]
      iexplore.exe ~ [PID:3740]
      iexplore.exe ~ [PID:2348]

      --------------------\\ Recherche avec S_Lop

      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bis45.exe
      C:\DOCUME~1\ADMINI~1\APPLIC~1\CDROME~1
      C:\DOCUME~1\ADMINI~1\APPLIC~1\CDROME~1\Cool bait.exe
      C:\DOCUME~1\ADMINI~1\APPLIC~1\CDROME~1\fmsexvhm.exe
      C:\DOCUME~1\ADMINI~1\APPLIC~1\CDROME~1\PlayAmokIdle.exe

      --------------------\\ Recherche de Fichiers / Dossiers Lop

      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Tons Ford.dat
      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Tons Ford.exe
      C:\DOCUME~1\ADMINI~1\APPLIC~1\cdrome~1
      C:\DOCUME~1\ADMINI~1\APPLIC~1\cdrome~1\Cool bait.exe
      C:\DOCUME~1\ADMINI~1\APPLIC~1\cdrome~1\fmsexvhm.exe
      C:\DOCUME~1\ADMINI~1\APPLIC~1\cdrome~1\PlayAmokIdle.exe
      C:\Program Files\cdrome~1
      C:\Program Files\BitDownload
      C:\DOCUME~1\ADMINI~1\Cookies\administrateur@www.adserver5[1].txt
      C:\DOCUME~1\ADMINI~1\Cookies\administrateur@advertising[1].txt

      --------------------\\ Verification du Registre

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bash load mapi]
      "DisplayName"="CiD Help"
      "UninstallString"="C:\\DOCUME~1\\ADMINI~1\\APPLIC~1\\CDROME~1\\Cool bait.exe -uninstall"

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "toolbias"="C:\\DOCUME~1\\ADMINI~1\\APPLIC~1\\CDROME~1\\Cool bait.exe"
      "toolbias"="C:\\DOCUME~1\\ADMINI~1\\APPLIC~1\\CDROME~1\\Cool bait.exe"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "bend logo clock film"="C:\\Documents and Settings\\All Users\\Application Data\\Frag great bend logo\\Tons Ford.exe"

      --------------------\\ Verification du fichier Hosts

      Fichier Hosts PROPRE


      --------------------\\ Recherche de fichiers avec Catchme

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-11-07 00:15:06
      Windows 5.1.2600 Service Pack 2 NTFS
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 3

      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !

      [F:93][D:10]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
      [F:116][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
      [F:1374][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

      1 - "C:\Lop SD\LopR_1.txt" - 26/10/2009|12:53 - Option : [1]
      2 - "C:\Lop SD\LopR_2.txt" - 26/10/2009|13:03 - Option : [2]
      3 - "C:\Lop SD\LopR_3.txt" - 07/11/2009| 0:16 - Option : [1]

      --------------------\\ Fin du rapport a 0:16:23
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    edit
    0