Contrôle du rapport pour eorezo

Résolu
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention   -  
flo-91 Messages postés 5646 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Suite à desinstallation de eorezo en suivant tous les conseils trouvés sur votre site, il apparait qu'une fenêtre intempestuve continue de me polluer
merci de votre aide

Ci-joint rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:13:03, on 29/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winsudate\gibsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Nicole\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe
C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/fr/adsl-neufbox.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Nicole\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nicole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O4 - HKCU\..\Run: [RDfrNET] C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe
O4 - HKCU\..\Run: [RDfrNEScheduler] C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe SCHEDULER
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: e-Carte Bleue LCL.lnk = C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate1ca2b1024ce908e) (gupdate1ca2b1024ce908e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe

41 réponses

Précédent
Réponse 21 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
Et voilà !


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 2.0.5
USER : Nicole ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:171 Go (Free:150 Go)
D:\ (Local Disk) - NTFS - Total:58 Go (Free:51 Go)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 29/11/2009|17:33 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\PopSwatter
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\026A9AEA
C:\Program Files\AskBarDis\bar\Cache\026A9F6E
C:\Program Files\AskBarDis\bar\Cache\026AA114.bin
C:\Program Files\AskBarDis\bar\Cache\026AA29B.bin
C:\Program Files\AskBarDis\bar\Cache\026AA4EC.bin
C:\Program Files\AskBarDis\bar\Cache\026AA683.bin
C:\Program Files\AskBarDis\bar\Cache\026AA828.bin
C:\Program Files\AskBarDis\bar\Cache\026AA980.bin
C:\Program Files\AskBarDis\bar\Cache\026AAAB9.bin
C:\Program Files\AskBarDis\bar\Cache\026AABF1.bin
C:\Program Files\AskBarDis\bar\Cache\026AAD1A.bin
C:\Program Files\AskBarDis\bar\Cache\026AAE53.bin
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\History\search
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
C:\Program Files\AskBarDis\PopSwatter\History
C:\Program Files\AskBarDis\PopSwatter\History\allowed
C:\Program Files\AskBarDis\PopSwatter\History\notallow
C:\DOCUME~1\Nicole\LOCALS~1\Temp\ICD1.tmp

-----------\\ Extensions

(Nicole) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.sfr.fr/fr/adsl-neufbox.jsp"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 29/11/2009|17:34 - Option : [1]

-----------\\ Fin du rapport a 17:34:58,73


----- Message d'origine -----
De : forums@commentcamarche.net
À : every@club-internet.fr
Envoyé : dimanche 29 novembre 2009 17:13
Objet : Forum virus/sécurité - contrôle du rapport pour eorezo - reponse de flo-91


Bonjour,

Vous avez demandé à recevoir les réponses au message de mystoune intitulé « contrôle du rapport pour eorezo » datant du 29 novembre 2009 à 17:14 posté dans « Forum virus/sécurité ».
Ce message vient de recevoir la réponse suivante de flo-91
_______________________________________________________
Bonjour,

Il reste encore des infections, fait ceci :

>Toolbar S&D<


>Telecharge Toolbar S&D ici

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

>Enregistrer le logiciel sur le bureau
>Double-clique sur l'icone "l'icône ToolBarSD.exe"
>Accepte l'installation


>Une fois l'installation terminée, Double-clique sur la nouvelle icone avec écrit Toolbar S&D noir sur ton bureau
>Appuie sur "F" pour choisir la langue francais
>Choisi l'option 1 "recherche" le menu Démarrer et les icônes vont disparaitrent, c'est normal.
>Laisse l'outil faire, ne touche à rien
>Une fois l'analyse terminé, le rapport de recherche s'ouve sur le Bloc-Note. (Dans le cas où le rapport ne s'ouvre pas, ce dernier se trouve sur C:\TB.txt)

>Poste le rapport
--
*>flo-91<*®

N'hésitez pas a faire un tour dans la faq du forum ( rubrique astuce ), il y a peut être déjà la solution à votre problème =)
_______________________________________________________
Pour répondre au message de flo-91, merci de cliquer sur le lien ci-dessous:
https://forums.commentcamarche.net/forum/affich-15404312-controle-du-rapport-pour-eorezo#2009-11-29%2017%3A16%3A15

Pour arrêter les envois de mails concernant cette discussion, veuillez cliquer sur le lien suivant:
https://forums.commentcamarche.net/forum/stopmail.php3?id=15404312&P=c385557d7a3da0b2a0263edf7f182648


--
CommentÇaMarche.net, Communautés d'assistance et de conseils
https://www.commentcamarche.net/
0
Réponse 22 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
Est-ce normal que je n'ai pas de réponse suite au rapport posté ?
0
Réponse 23 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
Voici le rapport
Je suis patiente ...promis


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 2.0.5
USER : Nicole ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:171 Go (Free:150 Go)
D:\ (Local Disk) - NTFS - Total:58 Go (Free:51 Go)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 29/11/2009|18:01 )

-----------\\ SUPPRESSION

Echec ! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\PopSwatter
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskBarDis\bar\bin
Supprime! - C:\DOCUME~1\Nicole\LOCALS~1\Temp\ICD1.tmp
Supprime! - C:\Program Files\AskBarDis

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Nicole) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.sfr.fr/fr/adsl-neufbox.jsp"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 29/11/2009|17:34 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 29/11/2009|18:03 - Option : [2]

-----------\\ Fin du rapport a 18:03:39,85
0
Réponse 24 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
je ne sais pas quel manip pour désactiver mon antvirus....
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
BITDEFENDER 2009

je ne trouve pas de fonction "Quitter" ou "désactiver"
0
Réponse 26 / 41
Utilisateur anonyme
 
Celui la:

C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe


a+
0
Réponse 27 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
c'est tout ce que j'ai comme indication
antivirus 2009 - Build 12.0. 12.1
0
Réponse 28 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
Oui ça y est j'ai trouvé

je fais Ad remover et je poste le rapport
0
Réponse 29 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
.
Voilà,

======= RAPPORT D'AD-REMOVER 1.1.4.6_D | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 28.11.2009 à 18:29
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:48:37, 29/11/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: NICOLE-9F985183 | Utilisateur actuel: Nicole
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
Service: WinSvc
C:\DOCUME~1\Nicole\APPLIC~1\DesktopIcon
C:\DOCUME~1\Nicole\APPLIC~1\EoRezo
C:\DOCUME~1\Nicole\APPLIC~1\ItsLabel
C:\DOCUME~1\Nicole\APPLIC~1\Mozilla\Firefox\Profiles\vva1dwya.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
C:\Program Files\AskSearch
C:\Program Files\Kiwee Toolbar2
C:\Program Files\Mozilla FireFox\Components\AskSearch.js
C:\Program Files\Winsudate
C:\DOCUME~1\Nicole\APPLIC~1\Microsoft\Internet Explorer\Quick Launch\Ebay.lnk
C:\DOCUME~1\Nicole\MENUDM~1\Ebay.lnk
C:\DOCUME~1\Nicole\Bureau\Ebay.lnk
C:\WINDOWS\Prefetch\ITSTV.EXE-0AD8A706.pf
C:\WINDOWS\Prefetch\ITSTV.EXE-130CED18.pf
C:\WINDOWS\Prefetch\ITSTV.EXE-2D3E25D8.pf
C:\WINDOWS\Prefetch\ITSTV.EXE-35726BEA.pf
C:\WINDOWS\Prefetch\SOFTWAREUPDATEHP.EXE-225DE433.pf
.
HKCU\software\appdatalow\AskBarDis
HKCU\software\EoRezo
HKCU\software\ItsLabel
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WinUsr
HKLM\software\AskBarDis
HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
HKLM\software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SoftwareHelper
HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1
HKLM\SYSTEM\ControlSet001\Services\winsvc
HKLM\SYSTEM\ControlSet002\Services\winsvc
HKLM\SYSTEM\CurrentControlSet\Services\winsvc
HKU\.default\software\EoRezo
HKU\s-1-5-18\software\EoRezo
HKU\s-1-5-21-682003330-1292428093-725345543-1004\software\appdatalow\AskBarDis
HKU\s-1-5-21-682003330-1292428093-725345543-1004\software\EoRezo
HKU\s-1-5-21-682003330-1292428093-725345543-1004\software\ItsLabel
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version Error: Value: "CurrentVersion" does not exist! *
.
Nom du profil: vva1dwya.default (Nicole)
.
(Nicole, prefs.js) €user_prefbrowser.startup.homepage, hxxp://y.lo.st
(Nicole, prefs.js) Browser.startup.homepage, hxxp://www.wibeez.com/annuaire
(Nicole, prefs.js) Browser.search.selectedEngine, Wibeez.
(Nicole, prefs.js) TROUVE - €user_prefbrowser.startup.homepage, hxxp://y.lo.st
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://www.sfr.fr/fr/adsl-neufbox.jsp
Search Page: hxxp://www.google.com
Default_Search_URL: hxxp://www.google.com/ie
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache_TIMESTAMP: NARY e0471a8decb9c901
Start Page Redirect Cache AcceptLangs: fr
Search Bar: hxxp://www.google.com/ie
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.msn.com/
Search Bar: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\Nicole\Application Data\HouseCall 6.6\patch.exe
.
===================================
.
4313 Octet(s) - C:\Ad-Report-SCAN[1].log
.
2895 Fichier(s) - C:\DOCUME~1\Nicole\LOCALS~1\Temp
380 Fichier(s) - C:\WINDOWS\Temp
.
1 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 18:56:26 | 29/11/2009 - SCAN[1]
.
============== E.O.F ==============
.
0
Réponse 30 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
je n'arrive pas à récupérer le rapport
0
Réponse 31 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_D | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 28.11.2009 à 18:29
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 19:25:31, 29/11/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: NICOLE-9F985183 | Utilisateur actuel: Nicole
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
Service: WinSvc
.

ESt-ce que c'est tout ? ou il en manque ?
0
Réponse 32 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
.
Est-ce que c'est bon ?


======= RAPPORT D'AD-REMOVER 1.1.4.6_D | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 28.11.2009 à 18:29
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 20:11:24, 29/11/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: NICOLE-9F985183 | Utilisateur actuel: Nicole
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

(!) -- Fichiers temporaires supprimés.

.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version Error: Value: "CurrentVersion" does not exist! *
.
Nom du profil: vva1dwya.default (Nicole)
.
(Nicole, prefs.js) Browser.startup.homepage, hxxp://www.wibeez.com/annuaire
(Nicole, prefs.js) Browser.search.selectedEngine, Wibeez.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache_TIMESTAMP: NARY e0471a8decb9c901
Start Page Redirect Cache AcceptLangs: fr
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\Nicole\Application Data\HouseCall 6.6\patch.exe
.
===================================
.
543 Octet(s) - C:\Ad-Report-CLEAN[1].log
4419 Octet(s) - C:\Ad-Report-CLEAN[2].log
522 Octet(s) - C:\Ad-Report-CLEAN[3].log
2203 Octet(s) - C:\Ad-Report-CLEAN[4].log
4643 Octet(s) - C:\Ad-Report-SCAN[1].log
.
2173 Fichier(s) - C:\DOCUME~1\Nicole\LOCALS~1\Temp
280 Fichier(s) - C:\WINDOWS\Temp
.
21 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
147 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 20:20:12 | 29/11/2009 - CLEAN[4]
.
============== E.O.F ==============
.
0
Réponse 33 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
Voilà

je fais quoi de doktor 4 que je viens d'acheter ?
Est-ce que je suis débarrassée de eorezo ?

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3258
Windows 5.1.2600 Service Pack 2

29/11/2009 21:50:05
mbam-log-2009-11-29 (21-50-05).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 231512
Temps écoulé: 1 hour(s), 14 minute(s), 46 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 34

Processus mémoire infecté(s):
C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe (Rogue.AntivirusDoktor) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\Registry_Doktor 4.1\EngineAP.dll (Rogue.RegistryDoctor) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorFrNE (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry_Doktor 2009_is1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rdfrnet (Rogue.AntivirusDoktor) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Registry_Doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Registry_Doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe (Rogue.AntivirusDoktor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\LHY4Y6XT\registry-doktor-07fr[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\DOCUME~1\Nicole\APPLIC~1\DESKTO~1\eBayShortcuts.exe.vir (Adware.ADON) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\DOCUME~1\Nicole\APPLIC~1\EoRezo\SOFTWA~1\SoftwareUpdate.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\DOCUME~1\Nicole\APPLIC~1\EoRezo\SOFTWA~1\SoftwareUpdateHP.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibcom.dll.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibidl.dll.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibsvc.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibupt.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibusr.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50DAC7AF-0203-4C31-8E13-7DB33F5862BB}\RP524\A0048947.exe (Rogue.AntivirusDoktor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50DAC7AF-0203-4C31-8E13-7DB33F5862BB}\RP527\A0049157.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50DAC7AF-0203-4C31-8E13-7DB33F5862BB}\RP527\A0049160.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50DAC7AF-0203-4C31-8E13-7DB33F5862BB}\RP527\A0049164.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50DAC7AF-0203-4C31-8E13-7DB33F5862BB}\RP528\A0049287.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50DAC7AF-0203-4C31-8E13-7DB33F5862BB}\RP528\A0049293.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50DAC7AF-0203-4C31-8E13-7DB33F5862BB}\RP528\A0049294.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50DAC7AF-0203-4C31-8E13-7DB33F5862BB}\RP528\A0049307.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50DAC7AF-0203-4C31-8E13-7DB33F5862BB}\RP528\A0049308.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50DAC7AF-0203-4C31-8E13-7DB33F5862BB}\RP528\A0049309.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50DAC7AF-0203-4C31-8E13-7DB33F5862BB}\RP528\A0049310.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50DAC7AF-0203-4C31-8E13-7DB33F5862BB}\RP528\A0049311.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\Cl.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\EngineAP.dll (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\ScheduleAP.txt (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\Task.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\unins000.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\unins000.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\200812.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Registry_Doktor 4.1\Désinstaller Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Registry_Doktor 4.1\Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\user32.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
0
Réponse 34 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
alors si je comprends bien je me suis fait arnaquée de 40 euros ?

et suite à toutes ces manips est-ce que je suis débarrassée des infections ?
0
Réponse 35 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Nicole at 2009-11-29 22:15:22
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 155 GB (88%) free of 176 GB
Total RAM: 1014 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:29, on 29/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nicole\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nicole.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nicole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RDfrNEScheduler] C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe SCHEDULER
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: e-Carte Bleue LCL.lnk = C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate1ca2b1024ce908e) (gupdate1ca2b1024ce908e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
0
Réponse 36 / 41
flo-91 Messages postés 5646 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 120
 
.
0
Réponse 37 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
bonjour,

Voici le rapport demandé



List'em by g3n-h@ckm@n 1.1.0.1

Thx to Chiquitine29.....

User : Nicole (Administrateurs) # NICOLE-9F985183
Update on 04/12/2009 by g3n-h@ckm@n ::::: 09:00
Start at: 11:17:14 | 04/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) D CPU 2.80GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Antivirus BitDefender 12.0 [ Enabled | Updated ]
AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]

C:\ -> Disque fixe local | 171,44 Go (150,75 Go free) | NTFS
D:\ -> Disque fixe local | 58,18 Go (51,15 Go free) [Données] | NTFS
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 760
C:\WINDOWS\system32\csrss.exe 808
C:\WINDOWS\system32\winlogon.exe 832
C:\WINDOWS\system32\services.exe 876
C:\WINDOWS\system32\lsass.exe 888
C:\WINDOWS\system32\svchost.exe 1056
C:\WINDOWS\system32\svchost.exe 1124
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe 1224
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe 1240
C:\WINDOWS\System32\svchost.exe 1324
C:\WINDOWS\system32\svchost.exe 1460
C:\WINDOWS\system32\svchost.exe 1636
C:\WINDOWS\system32\spoolsv.exe 1828
C:\WINDOWS\system32\svchost.exe 192
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe 224
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 232
C:\Program Files\Bonjour\mDNSResponder.exe 272
C:\WINDOWS\system32\cisvc.exe 292
C:\Program Files\Java\jre6\bin\jqs.exe 532
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 604
C:\WINDOWS\system32\tcpsvcs.exe 732
C:\WINDOWS\Explorer.EXE 1560
C:\WINDOWS\system32\svchost.exe 1672
C:\Program Files\Logitech\Video\LogiTray.exe 1420
C:\WINDOWS\vVX3000.exe 1524
C:\Program Files\iTunes\iTunesHelper.exe 1548
C:\Program Files\Unlocker\UnlockerAssistant.exe 1476
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe 672
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe 1744
C:\Program Files\Java\jre6\bin\jusched.exe 2072
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 2092
C:\WINDOWS\system32\LVComS.exe 2120
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2144
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe 2236
C:\WINDOWS\system32\ctfmon.exe 2280
C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe 2436
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe 2452
C:\Program Files\iPod\bin\iPodService.exe 3260
C:\WINDOWS\System32\alg.exe 3668
C:\Program Files\Outlook Express\msimn.exe 3168
C:\Program Files\Messenger\msmsgs.exe 3384
C:\WINDOWS\system32\wuauclt.exe 1808
C:\WINDOWS\system32\cidaemon.exe 2600
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 1584
C:\Program Files\Internet Explorer\iexplore.exe 2552
C:\Program Files\Internet Explorer\iexplore.exe 1452
C:\DOCUME~1\Nicole\LOCALS~1\Temp\Répertoire temporaire 1 pour List_Killem.zip\List_Kill'em.exe 3996
C:\WINDOWS\system32\cmd.exe 1012
C:\WINDOWS\system32\wbem\wmiprvse.exe 3464
C:\Documents and Settings\Nicole\Local Settings\Temp\4B.tmp\pv.exe 3424

======================
Keys "Run"
======================

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Google Update REG_SZ "C:\Documents and Settings\Nicole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
RDfrNEScheduler REG_SZ C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe SCHEDULER

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LogitechVideoRepair REG_SZ C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray REG_SZ C:\Program Files\Logitech\Video\LogiTray.exe
VX3000 REG_SZ C:\WINDOWS\vVX3000.exe
AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
UnlockerAssistant REG_SZ "C:\Program Files\Unlocker\UnlockerAssistant.exe"
BDAgent REG_SZ "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
BitDefender Antiphishing Helper REG_SZ "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
ArcSoft Connection Service REG_SZ C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Google Quick Search Box REG_SZ "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
=====================
Other Keys
=====================

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1
===============

===============
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
===============
BHO :
======
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
@="AcroIEHelperStub"
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
@="NCO 2.0 IE BHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
@="JQSIEStartDetectorImpl"
"NoExplorer"=dword:00000001


========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========

=========================
Environnement variables :
=========================

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nicole\Application Data
choix=1
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=NICOLE-9F985183
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nicole
LOGONSERVER=\\NICOLE-9F985183
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Nicole\LOCALS~1\Temp
TMP=C:\DOCUME~1\Nicole\LOCALS~1\Temp
USERDOMAIN=NICOLE-9F985183
USERNAME=Nicole
USERPROFILE=C:\Documents and Settings\Nicole
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\WINDOWS\aucfg.ini
C:\WINDOWS\patch.exe
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\Documents and Settings\Nicole\Application Data\Skinux

¤¤¤¤¤¤¤¤¤¤ Keys :

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

=========
Rootkits
=========

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-04 11:22:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

ACDAEMON.EXE-1BC61AE7.pf
ACRORD32.EXE-32E4AFCD.pf
ADOBEARM.EXE-2D5CF26D.pf
ALG.EXE-275708CF.pf
APPLESYNCNOTIFIER.EXE-11B5BF6E.pf
BDAGENT.EXE-14DFC558.pf
BDTKEXEC.EXE-32406DD4.pf
CATCHME.EXE-252AE600.pf
CHECKUPDATE.AC-289AE12C.pf
CHKNTFS.EXE-30FE9626.pf
CIDAEMON.EXE-01BEEBF3.pf
CMD.EXE-034B0549.pf
CSCRIPT.EXE-0A13A05C.pf
CTFMON.EXE-05E57A5E.pf
DEFRAG.EXE-2858C7E2.pf
DFRGNTFS.EXE-38C3807C.pf
DUMPREP.EXE-0AF2BF67.pf
DWWIN.EXE-2C373FB7.pf
EASYSHARE.EXE-3401A6FD.pf
ECBL-LCL.EXE-0F7204DE.pf
EXPLORER.EXE-02121B1A.pf
FAV.EXE-2EA13748.pf
FIND.EXE-0EEAD1A7.pf
FINDSTR.EXE-1A4FC238.pf
GETPATHS.EXE-0D417E4D.pf
GOOGLECRASHHANDLER.EXE-02285780.pf
GOOGLECRASHHANDLER.EXE-36491BAC.pf
GOOGLEQUICKSEARCHBOX.EXE-2CF3026A.pf
GOOGLETALKPLUGIN.EXE-2BBE55A0.pf
GOOGLETOOLBARNOTIFIER.EXE-0047A1C5.pf
GOOGLEUPDATE.EXE-160E1F62.pf
GOOGLEUPDATE.EXE-3613C78F.pf
GOOGLEUPDATER.EXE-1D8A4379.pf
GOOGLEUPDATERSERVICE.EXE-2F4A2F77.pf
HELPSVC.EXE-1C192440.pf
HIJACKTHIS.EXE-241EE54E.pf
HP PRECISIONSCAN PRO.EXE-154F46FD.pf
IESHOW.EXE-3762CB87.pf
IEXPLORE.EXE-2D97EBE6.pf
IGFXSRVC.EXE-1D88F978.pf
IMAPI.EXE-201490BB.pf
INFOCARD.EXE-0146833D.pf
IPODSERVICE.EXE-37043579.pf
ISSTART.EXE-38096257.pf
ITUNESHELPER.EXE-0A1B0F2C.pf
JAVA.EXE-32FD225F.pf
JAVAW.EXE-392A4E93.pf
JAVAWS.EXE-078C20EA.pf
JUSCHED.EXE-04A13915.pf
Layout.ini
LIST_KILL'EM.EXE-3A9CAF44.pf
LOGITRAY.EXE-05079E40.pf
LOGON.SCR-24ADF392.pf
LVCOMS.EXE-0ECD8F09.pf
MBAM.EXE-0D37CDF0.pf
MODE.COM-318FFE37.pf
MSIEXEC.EXE-330626DC.pf
MSIMN.EXE-183B59AF.pf
MSMSGS.EXE-0620E8B3.pf
NAVILOG1.EXE-19B0F901.pf
NOTEPAD.EXE-2DAE2DE6.pf
NOTEPAD.EXE-2F2D61E1.pf
NTOSBOOT-B00DFAAD.pf
OSV.EXE-36EA78CD.pf
PIETRO.EXE-1470450E.pf
POWERPNT.EXE-2EEF88AA.pf
PV.EXE-24033202.pf
QTTASK.EXE-1876A1A1.pf
READER_SL.EXE-2D713FFC.pf
REALONEMESSAGECENTER.EXE-0418296D.pf
REALPLAY.EXE-05411014.pf
REALSCHED.EXE-388D7C2D.pf
RECORDINGMANAGER.EXE-3B8FD935.pf
REG.EXE-04B79ED3.pf
REG.EXE-07FA5B3F.pf
REGEDIT.EXE-2AE3423E.pf
RUNDLL32.EXE-3ED7CBC2.pf
RUNDLL32.EXE-5CA0A988.pf
RUNDLL32.EXE-6DF739B2.pf
RUNDLL32.EXE-7401CD93.pf
SECCENTER.EXE-3563D9FE.pf
SKYPE.EXE-2EAF99A0.pf
SKYPEPM.EXE-082BC99E.pf
SOFTWAREUPDATE.EXE-09F5A6BB.pf
UISCAN.EXE-0E2B188C.pf
UNLOCKERASSISTANT.EXE-30E0AA94.pf
UPDATE.EXE-2DFA60D1.pf
UPGREPL.EXE-07704B73.pf
USERINIT.EXE-0743FDA9.pf
VERCLSID.EXE-28F52AD2.pf
VVX3000.EXE-3A4DFD8F.pf
WGATRAY.EXE-350D4455.pf
WINWORD.EXE-1ED2A104.pf
WINWORD.EXE-33AEA629.pf
WLLOGINPROXY.EXE-090074F0.pf
WMIAPSRV.EXE-02740A4B.pf
WMIPRVSE.EXE-0D449B4F.pf
WORDCONV.EXE-0ED4103A.pf
WSCRIPT.EXE-0C5C5251.pf
WUAUCLT.EXE-1360D60A.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 38 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
et voilà !

Kill'em by g3n-h@ckm@n 1.1.0.1

User : Nicole (Administrateurs) # NICOLE-9F985183
Update on 04/12/2009 by g3n-h@ckm@n ::::: 09:00
Start at: 19:19:20 | 04/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) D CPU 2.80GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Antivirus BitDefender 12.0 [ (!) Disabled | Updated ]
AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]

C:\ -> Disque fixe local | 171,44 Go (150,75 Go free) | NTFS
D:\ -> Disque fixe local | 58,18 Go (51,15 Go free) [Données] | NTFS
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 760
C:\WINDOWS\system32\csrss.exe 808
C:\WINDOWS\system32\winlogon.exe 832
C:\WINDOWS\system32\services.exe 876
C:\WINDOWS\system32\lsass.exe 888
C:\WINDOWS\system32\svchost.exe 1056
C:\WINDOWS\system32\svchost.exe 1124
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe 1224
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe 1240
C:\WINDOWS\System32\svchost.exe 1324
C:\WINDOWS\system32\svchost.exe 1460
C:\WINDOWS\system32\svchost.exe 1636
C:\WINDOWS\system32\spoolsv.exe 1828
C:\WINDOWS\system32\svchost.exe 192
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe 224
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 232
C:\Program Files\Bonjour\mDNSResponder.exe 272
C:\WINDOWS\system32\cisvc.exe 292
C:\Program Files\Java\jre6\bin\jqs.exe 532
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 604
C:\WINDOWS\system32\tcpsvcs.exe 732
C:\WINDOWS\Explorer.EXE 1560
C:\WINDOWS\system32\svchost.exe 1672
C:\Program Files\Logitech\Video\LogiTray.exe 1420
C:\WINDOWS\vVX3000.exe 1524
C:\Program Files\iTunes\iTunesHelper.exe 1548
C:\Program Files\Unlocker\UnlockerAssistant.exe 1476
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe 672
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe 1744
C:\Program Files\Java\jre6\bin\jusched.exe 2072
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 2092
C:\WINDOWS\system32\LVComS.exe 2120
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2144
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe 2236
C:\WINDOWS\system32\ctfmon.exe 2280
C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe 2436
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe 2452
C:\Program Files\iPod\bin\iPodService.exe 3260
C:\WINDOWS\System32\alg.exe 3668
C:\Program Files\Outlook Express\msimn.exe 3168
C:\Program Files\Messenger\msmsgs.exe 3384
C:\WINDOWS\system32\wuauclt.exe 1808
C:\WINDOWS\system32\cidaemon.exe 2600
C:\Program Files\Skype\Phone\Skype.exe 2332
C:\Program Files\Skype\Plugin Manager\skypePM.exe 4080
C:\WINDOWS\system32\wscntfy.exe 3964
C:\DOCUME~1\Nicole\LOCALS~1\Temp\Répertoire temporaire 2 pour List_Killem.zip\List_Kill'em.exe 2504
C:\WINDOWS\system32\cmd.exe 1752
C:\WINDOWS\system32\wbem\wmiprvse.exe 1664
C:\Documents and Settings\Nicole\Local Settings\Temp\230.tmp\pv.exe 3812

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

"C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}"
"C:\WINDOWS\aucfg.ini"
"C:\WINDOWS\patch.exe"
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
"C:\Documents and Settings\Nicole\Application Data\Skinux"


¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

Quarantine :

aucfg.ini.Kill'em
hosts.msn.Kill'em
PATCH.EXE.Kill'em
Skinux.Kill'em
{3276BE95_AF08_429F_A64F_CA64CB79BCF6}.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe

============
Disk Cleaned
============

¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch

Layout.ini
NTOSBOOT-B00DFAAD.pf



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 39 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
et voilà

Logfile of random's system information tool 1.06 (written by random/random)
Run by Nicole at 2009-12-04 19:43:48
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 155 GB (88%) free of 176 GB
Total RAM: 1014 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:01, on 04/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nicole\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nicole.exe
C:\Program Files\Google\Update\GoogleUpdate.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/fr/adsl-neufbox.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nicole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RDfrNEScheduler] C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe SCHEDULER
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: e-Carte Bleue LCL.lnk = C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate1ca2b1024ce908e) (gupdate1ca2b1024ce908e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
0
Réponse 40 / 41
mystoune Messages postés 153 Date d'inscription   Statut Membre Dernière intervention  
 
Voilà
j'espère que je n'ai pas fait d'erreur de manip....

All processes killed
Error: Unable to interpret <processes > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== FILES ==========
File/Folder C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 16042030 bytes

User: NetworkService
->Temp folder emptied: 1886 bytes
->Temporary Internet Files folder emptied: 27072006 bytes

User: Nicole
->Temp folder emptied: 538757184 bytes
->Temporary Internet Files folder emptied: 35471517 bytes
->Java cache emptied: 13689361 bytes
->FireFox cache emptied: 17656091 bytes
->Google Chrome cache emptied: 6361641 bytes
->Apple Safari cache emptied: 209053 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2183788 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 15692309 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23964910 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 664,94 mb


OTM by OldTimer - Version 3.1.2.0 log created on 12042009_200059

Files moved on Reboot...

Registry entries deleted on Reboot...
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
Contrôle d’accès Bbox
Granny -
brupala -

1 réponse
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
passer outre le contrôle parental
Jeuls21 -
giselledurand -

12 réponses