Sujet Précédent Sujet Suivant

Pubs intempestives

Fermé
yasom - 31 déc. 2009 à 21:57
 jacques.gache - 8 janv. 2010 à 22:42
Bonjour,depuis un certains temps j'ai des pub qui s'affichent et qui ralentissent mon ordi.je ne sait pas quoi faire.J'ai fait une analyse avec malwarebytes puis supprimer ce qui n'allait pas.
j'ai vraiment besoin d'aide!!Voici un rapport hijackthis:mercii

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:42, on 31/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoCtlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\myriam\Bureau\Shareaza\Shareaza.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Yassine\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.fr/8SEFRFR030000TBR/FRWCompleteTBSiteFinalDEFAULT
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\flaw bash.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [win else] C:\DOCUME~1\Yassine\APPLIC~1\USERST~1\DUPE DASH.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Shareaza] "C:\Documents and Settings\myriam\Bureau\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.69.25.47.96.downloads.estara.com./...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: cfgshl.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoCtlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
Utilisateur anonyme
31 déc. 2009 à 22:20
bonsoir

O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\flaw bash.exe
O4 - HKCU\..\Run: [win else] C:\DOCUME~1\Yassine\APPLIC~1\USERST~1\DUPE DASH.exe

Tu as une infection LOP, ce qui fait apparaitre des pop-up CID
Elles s'installent par ces programmes qu'il éviter à tout prix:
* Le sponsor de Messenger Plus!
* Bittorent
* BitDownload
* BitGrabber
* NetPumper
* BitRoll
* TorrentQ
* Torrent101


Télécharge Lop S&D(de Eric_71 et Angeldark) sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
http://eric71.geekstogo.com/tools/LopSD.exe


* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
1
Réponse 2 / 21
Utilisateur anonyme
31 déc. 2009 à 22:30
Bonsoir et bonnes fêtes....

---> Télécharge OTM (OldTimer) sur ton Bureau :
http: http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/


---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:processes
explorer.exe

:files
c:\documents and settings\all users\application data\software rule flag owns\flaw bash.exe


:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Flag Owns Live Grim"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"win else"=-


:commands
[purity]
[emptytemp]
[start explorer]
[Reboot]




---> Colle (Ctrl+V) le texte précédemment copié dans le cadre:
Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

************************
Fais un scan avec cet antispyware :
Malwarebytes + tutoriel

Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case :
"Executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
A la fin du scan, clique sur Afficher les résultats
Si des elements on ete trouvés :
> click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir;
sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.

a+

















0
Réponse 3 / 21
yasom
31 déc. 2009 à 23:03
merci pour vos réponses très rapides,pour répondre a nathandre voici mon rapport lop

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Phoenix - Award BIOS v6.00PG
USER : Yassine ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2005 (Activated)
Firewall : Norton Internet Security 2005 (Activated)
C:\ (Local Disk) - NTFS - Total:142 Go (Free:77 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:2 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 31/12/2009|22:46 )

--------------------\\ Listing des dossiers dans APPLIC~1

[25/01/2009|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[02/04/2006|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[29/11/2009|14:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[29/11/2009|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[03/05/2008|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[18/06/2008|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[28/12/2009|13:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04/09/2009|13:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[14/08/2008|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[28/01/2009|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[01/01/2005|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[01/01/2005|16:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[14/08/2008|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[29/12/2009|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[13/11/2008|18:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[19/12/2009|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[27/11/2009|23:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[26/06/2006|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
[07/02/2006|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[17/04/2006|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[01/01/2005|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[27/12/2009|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
[01/01/2005|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[31/10/2009|22:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sports Interactive
[01/01/2005|17:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[21/04/2007|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[20/12/2006|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[25/10/2006|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[15/05/2009|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[01/10/2008|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[01/02/2008|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[01/01/2005|16:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[25/11/2004|04:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[01/01/2005|16:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intervideo
[29/11/2009|11:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[28/11/2007|19:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[01/01/2005|17:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[01/01/2005|17:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[04/10/2009|17:11] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
[01/01/2005|16:58] C:\DOCUME~1\INVIT~1\APPLIC~1\Apple Computer
[14/03/2007|15:27] C:\DOCUME~1\INVIT~1\APPLIC~1\Google
[13/12/2009|16:55] C:\DOCUME~1\INVIT~1\APPLIC~1\HouseCall 6.6
[25/06/2007|07:20] C:\DOCUME~1\INVIT~1\APPLIC~1\HP
[25/11/2004|04:26] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[01/01/2005|16:55] C:\DOCUME~1\INVIT~1\APPLIC~1\Intervideo
[09/04/2006|11:03] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[21/12/2009|18:37] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[28/12/2008|15:41] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
[05/01/2008|23:10] C:\DOCUME~1\INVIT~1\APPLIC~1\OpenOffice.org2
[08/12/2009|19:41] C:\DOCUME~1\INVIT~1\APPLIC~1\Real
[01/01/2005|17:02] C:\DOCUME~1\INVIT~1\APPLIC~1\SampleView
[04/10/2009|18:19] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
[01/01/2005|17:12] C:\DOCUME~1\INVIT~1\APPLIC~1\Symantec
[27/10/2007|14:35] C:\DOCUME~1\INVIT~1\APPLIC~1\Windows Desktop Search

[03/02/2008|12:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[14/08/2008|20:38] C:\DOCUME~1\myriam\APPLIC~1\Adobe
[28/12/2008|17:48] C:\DOCUME~1\myriam\APPLIC~1\AdobeUM
[01/01/2005|16:58] C:\DOCUME~1\myriam\APPLIC~1\Apple Computer
[26/06/2006|14:48] C:\DOCUME~1\myriam\APPLIC~1\ArcSoft
[22/02/2009|19:36] C:\DOCUME~1\myriam\APPLIC~1\DivX
[16/12/2006|15:55] C:\DOCUME~1\myriam\APPLIC~1\Google
[01/07/2006|16:16] C:\DOCUME~1\myriam\APPLIC~1\Help
[03/05/2008|16:54] C:\DOCUME~1\myriam\APPLIC~1\HP
[26/06/2006|11:33] C:\DOCUME~1\myriam\APPLIC~1\HPQ
[25/11/2004|04:26] C:\DOCUME~1\myriam\APPLIC~1\Identities
[01/01/2005|16:55] C:\DOCUME~1\myriam\APPLIC~1\Intervideo
[26/06/2006|11:30] C:\DOCUME~1\myriam\APPLIC~1\Leadertech
[13/05/2006|16:03] C:\DOCUME~1\myriam\APPLIC~1\Macromedia
[11/07/2009|21:19] C:\DOCUME~1\myriam\APPLIC~1\Microsoft
[19/11/2007|19:27] C:\DOCUME~1\myriam\APPLIC~1\Moyea
[10/08/2008|15:46] C:\DOCUME~1\myriam\APPLIC~1\Mozilla
[13/05/2006|16:02] C:\DOCUME~1\myriam\APPLIC~1\MSNInstaller
[25/01/2009|17:55] C:\DOCUME~1\myriam\APPLIC~1\OpenOffice.org
[17/05/2008|17:11] C:\DOCUME~1\myriam\APPLIC~1\OpenOffice.org2
[17/02/2008|13:11] C:\DOCUME~1\myriam\APPLIC~1\Real
[01/01/2005|17:02] C:\DOCUME~1\myriam\APPLIC~1\SampleView
[25/01/2009|14:35] C:\DOCUME~1\myriam\APPLIC~1\Shareaza
[19/06/2008|11:48] C:\DOCUME~1\myriam\APPLIC~1\Sonic
[04/02/2008|12:43] C:\DOCUME~1\myriam\APPLIC~1\Sports Interactive
[01/12/2006|13:12] C:\DOCUME~1\myriam\APPLIC~1\Sun
[22/06/2006|09:18] C:\DOCUME~1\myriam\APPLIC~1\Symantec
[21/06/2006|18:07] C:\DOCUME~1\myriam\APPLIC~1\Template
[10/02/2009|18:37] C:\DOCUME~1\myriam\APPLIC~1\Ulead Systems
[27/12/2009|18:45] C:\DOCUME~1\myriam\APPLIC~1\UserStyleHold
[22/10/2008|17:06] C:\DOCUME~1\myriam\APPLIC~1\vlc
[18/10/2007|17:20] C:\DOCUME~1\myriam\APPLIC~1\Windows Desktop Search
[18/05/2008|15:33] C:\DOCUME~1\myriam\APPLIC~1\Yahoo!

[18/10/2007|16:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


[06/06/2009|17:00] C:\DOCUME~1\Yassine\APPLIC~1\Adobe
[14/02/2008|20:27] C:\DOCUME~1\Yassine\APPLIC~1\AdobeUM
[01/01/2005|16:58] C:\DOCUME~1\Yassine\APPLIC~1\Apple Computer
[17/02/2009|10:18] C:\DOCUME~1\Yassine\APPLIC~1\DivX
[06/04/2008|11:35] C:\DOCUME~1\Yassine\APPLIC~1\EPSON
[07/01/2009|16:57] C:\DOCUME~1\Yassine\APPLIC~1\FileZilla
[03/09/2008|13:02] C:\DOCUME~1\Yassine\APPLIC~1\Google
[22/05/2007|16:33] C:\DOCUME~1\Yassine\APPLIC~1\HP
[27/02/2007|14:51] C:\DOCUME~1\Yassine\APPLIC~1\HPQ
[25/11/2004|04:26] C:\DOCUME~1\Yassine\APPLIC~1\Identities
[10/05/2007|18:47] C:\DOCUME~1\Yassine\APPLIC~1\Intervideo
[27/02/2007|10:19] C:\DOCUME~1\Yassine\APPLIC~1\ItsLabel
[13/07/2008|21:23] C:\DOCUME~1\Yassine\APPLIC~1\Lavasoft
[26/09/2008|15:46] C:\DOCUME~1\Yassine\APPLIC~1\LogoMaker
[25/02/2007|19:47] C:\DOCUME~1\Yassine\APPLIC~1\Macromedia
[29/12/2009|15:39] C:\DOCUME~1\Yassine\APPLIC~1\Malwarebytes
[30/01/2008|16:18] C:\DOCUME~1\Yassine\APPLIC~1\Megaupload
[23/06/2009|13:12] C:\DOCUME~1\Yassine\APPLIC~1\Microsoft
[05/11/2009|20:27] C:\DOCUME~1\Yassine\APPLIC~1\Mostick
[16/11/2007|17:48] C:\DOCUME~1\Yassine\APPLIC~1\Moyea
[27/09/2008|17:37] C:\DOCUME~1\Yassine\APPLIC~1\Mozilla
[20/11/2007|20:52] C:\DOCUME~1\Yassine\APPLIC~1\MSNInstaller
[10/08/2007|12:15] C:\DOCUME~1\Yassine\APPLIC~1\muvee Technologies
[13/02/2009|16:57] C:\DOCUME~1\Yassine\APPLIC~1\Neverball
[28/02/2009|20:24] C:\DOCUME~1\Yassine\APPLIC~1\OpenOffice.org
[31/12/2009|20:17] C:\DOCUME~1\Yassine\APPLIC~1\OpenOffice.org2
[04/02/2008|11:42] C:\DOCUME~1\Yassine\APPLIC~1\Real
[01/01/2005|17:02] C:\DOCUME~1\Yassine\APPLIC~1\SampleView
[09/08/2007|15:18] C:\DOCUME~1\Yassine\APPLIC~1\Screenshot Sender
[20/11/2007|13:17] C:\DOCUME~1\Yassine\APPLIC~1\SecuROM
[28/01/2009|16:11] C:\DOCUME~1\Yassine\APPLIC~1\Shareaza
[26/09/2008|16:29] C:\DOCUME~1\Yassine\APPLIC~1\SlySoft
[31/10/2009|22:42] C:\DOCUME~1\Yassine\APPLIC~1\Sports Interactive
[01/03/2007|11:49] C:\DOCUME~1\Yassine\APPLIC~1\Sun
[02/03/2007|12:21] C:\DOCUME~1\Yassine\APPLIC~1\Symantec
[25/02/2007|19:28] C:\DOCUME~1\Yassine\APPLIC~1\Template
[16/02/2008|21:32] C:\DOCUME~1\Yassine\APPLIC~1\TVU networks
[21/04/2007|16:34] C:\DOCUME~1\Yassine\APPLIC~1\Ulead Systems
[17/12/2009|14:55] C:\DOCUME~1\Yassine\APPLIC~1\UserStyleHold
[21/07/2008|14:37] C:\DOCUME~1\Yassine\APPLIC~1\vlc
[19/10/2007|11:47] C:\DOCUME~1\Yassine\APPLIC~1\Windows Desktop Search
[23/12/2009|17:02] C:\DOCUME~1\Yassine\APPLIC~1\WinRAR
[18/05/2008|14:17] C:\DOCUME~1\Yassine\APPLIC~1\Yahoo!

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[31/12/2009 22:00][--ah-----] C:\WINDOWS\tasks\AAAE50F5918DC5D5.job
[31/12/2009 22:00][--ah-----] C:\WINDOWS\tasks\ACED7427918EE8F7.job
[31/12/2009 20:15][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[31/12/2009 22:45][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{79C8FF5A-454E-488A-86B6-25FCB3570166}.job
[25/06/2007 07:19][--ah-----] C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
[18/12/2009 20:00][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur - Yassine.job
[28/02/2007 12:17][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[31/12/2009 20:14][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 19:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

( AAAE50F5918DC5D5.job )=( c:\docume~1\myriam\applic~1\userst~1\rulepollslow.exe )
( ACED7427918EE8F7.job )=( c:\docume~1\yassine\applic~1\userst~1\rulepollslow.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[04/05/2008|14:00] C:\Program Files\7-Zip
[06/04/2008|11:31] C:\Program Files\Adobe
[12/11/2009|22:04] C:\Program Files\adslTV
[19/05/2007|09:59] C:\Program Files\Alwil Software
[25/02/2006|11:07] C:\Program Files\ArcSoft
[26/09/2008|17:43] C:\Program Files\AviSynth 2.5
[29/12/2009|22:36] C:\Program Files\CASIO
[18/06/2008|11:22] C:\Program Files\CCleaner
[14/03/2008|17:30] C:\Program Files\Design Science
[23/06/2009|17:55] C:\Program Files\DivX
[06/05/2006|19:19] C:\Program Files\Easy Internet signup
[19/12/2009|23:36] C:\Program Files\eMule
[21/04/2007|10:45] C:\Program Files\EZ-DUB
[27/12/2009|20:20] C:\Program Files\Fichiers communs
[05/01/2009|19:56] C:\Program Files\FileZilla FTP Client
[11/07/2008|08:50] C:\Program Files\Free
[01/06/2009|20:52] C:\Program Files\GeoGebra
[28/12/2009|13:40] C:\Program Files\Google
[27/12/2009|20:23] C:\Program Files\GSC Game World
[18/06/2007|20:31] C:\Program Files\Hewlett-Packard
[28/01/2009|16:14] C:\Program Files\HP
[13/07/2008|17:46] C:\Program Files\InstallShield Installation Information
[09/12/2009|23:01] C:\Program Files\Internet Explorer
[26/01/2008|13:17] C:\Program Files\InterVideo
[05/10/2009|20:31] C:\Program Files\Java
[25/01/2009|17:47] C:\Program Files\JRE
[28/03/2006|20:13] C:\Program Files\Kit ADSL
[05/02/2006|18:18] C:\Program Files\Learn2.com
[29/12/2009|15:39] C:\Program Files\Malwarebytes' Anti-Malware
[26/09/2008|15:59] C:\Program Files\Messenger
[27/12/2009|19:06] C:\Program Files\Messenger Plus! Live
[15/05/2009|18:00] C:\Program Files\Microsoft
[09/05/2007|15:56] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[25/11/2004|04:27] C:\Program Files\microsoft frontpage
[17/05/2008|10:23] C:\Program Files\Microsoft Office
[18/10/2007|16:31] C:\Program Files\Microsoft SQL Server Compact Edition
[15/05/2009|18:06] C:\Program Files\Microsoft Sync Framework
[23/11/2007|12:59] C:\Program Files\Mindscape
[26/09/2008|15:48] C:\Program Files\Movie Maker
[31/12/2009|20:45] C:\Program Files\Mozilla Firefox
[25/07/2009|22:09] C:\Program Files\MSBuild
[20/11/2007|20:53] C:\Program Files\MSN
[25/11/2004|04:27] C:\Program Files\MSN Gaming Zone
[26/10/2006|11:05] C:\Program Files\MSXML 4.0
[01/01/2005|17:00] C:\Program Files\muvee Technologies
[26/09/2008|15:39] C:\Program Files\NetMeeting
[01/01/2005|17:14] C:\Program Files\Norton Internet Security
[28/03/2007|12:56] C:\Program Files\NudgeMania
[19/11/2007|19:13] C:\Program Files\OpenOffice.org 2.1
[17/05/2008|19:48] C:\Program Files\OpenOffice.org 2.3
[18/09/2008|15:49] C:\Program Files\OpenOffice.org 2.4
[25/01/2009|17:47] C:\Program Files\OpenOffice.org 3
[12/08/2009|22:23] C:\Program Files\Outlook Express
[01/01/2005|17:11] C:\Program Files\PC-Doctor 5 for Windows
[27/09/2007|13:24] C:\Program Files\Psykos 7
[29/11/2009|14:13] C:\Program Files\QuickTime
[01/02/2008|16:20] C:\Program Files\Real Alternative
[23/06/2009|13:06] C:\Program Files\Red Kawa
[25/07/2009|22:08] C:\Program Files\Reference Assemblies
[01/01/2005|17:09] C:\Program Files\Services en ligne
[05/10/2008|18:28] C:\Program Files\SlySoft
[23/11/2007|12:47] C:\Program Files\Sonic
[28/12/2009|13:26] C:\Program Files\Sports Interactive
[31/12/2009|20:16] C:\Program Files\Steam
[01/01/2005|17:14] C:\Program Files\Symantec
[13/07/2008|17:45] C:\Program Files\TRENDnet
[22/12/2006|19:51] C:\Program Files\Uninstall Information
[05/02/2006|17:51] C:\Program Files\USB Driver-Express
[27/12/2009|18:44] C:\Program Files\UserStyleHold
[18/06/2008|11:16] C:\Program Files\VideoLAN
[15/07/2006|17:56] C:\Program Files\Virtools Web Player 3.5
[28/12/2009|14:02] C:\Program Files\VS Revo Group
[19/05/2007|10:08] C:\Program Files\Web Media Player
[18/10/2007|16:31] C:\Program Files\Windows Desktop Search
[04/04/2007|12:55] C:\Program Files\Windows Journal Viewer
[25/11/2009|17:40] C:\Program Files\Windows Live
[01/10/2008|18:33] C:\Program Files\Windows Live Favorites
[15/05/2009|18:00] C:\Program Files\Windows Live SkyDrive
[15/05/2009|18:06] C:\Program Files\Windows Live Toolbar
[11/05/2007|18:34] C:\Program Files\Windows Media Connect 2
[26/09/2008|15:39] C:\Program Files\Windows Media Player
[26/09/2008|15:39] C:\Program Files\Windows NT
[05/04/2006|19:12] C:\Program Files\WindowsUpdate
[23/12/2009|17:02] C:\Program Files\WinRAR
[25/11/2004|04:28] C:\Program Files\xerox
[24/06/2008|10:59] C:\Program Files\Yahoo!
[15/10/2007|17:52] C:\Program Files\Zero G Registry
[29/01/2007|17:10] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[06/04/2008|11:31] C:\Program Files\Fichiers communs\Adobe
[29/11/2009|14:11] C:\Program Files\Fichiers communs\Apple
[03/05/2008|21:11] C:\Program Files\Fichiers communs\BOONTY Shared
[01/01/2005|16:47] C:\Program Files\Fichiers communs\Hewlett-Packard
[18/06/2007|20:38] C:\Program Files\Fichiers communs\HP
[28/08/2007|06:32] C:\Program Files\Fichiers communs\InstallShield
[01/01/2005|16:54] C:\Program Files\Fichiers communs\InterVideo
[01/01/2005|16:29] C:\Program Files\Fichiers communs\Java
[19/12/2009|23:42] C:\Program Files\Fichiers communs\Microsoft Shared
[25/11/2004|04:26] C:\Program Files\Fichiers communs\MSSoap
[05/02/2006|18:18] C:\Program Files\Fichiers communs\Nullsoft
[26/01/2008|13:14] C:\Program Files\Fichiers communs\Real
[01/02/2005|08:50] C:\Program Files\Fichiers communs\Services
[18/06/2007|20:40] C:\Program Files\Fichiers communs\Sonic Shared
[25/11/2004|04:26] C:\Program Files\Fichiers communs\SpeechEngines
[01/01/2005|16:51] C:\Program Files\Fichiers communs\SureThing Shared
[05/02/2008|19:37] C:\Program Files\Fichiers communs\SWF Studio
[31/12/2009|14:51] C:\Program Files\Fichiers communs\Symantec Shared
[04/02/2008|12:30] C:\Program Files\Fichiers communs\Synacast
[27/11/2009|23:32] C:\Program Files\Fichiers communs\System
[21/04/2007|10:44] C:\Program Files\Fichiers communs\Ulead Systems
[15/05/2009|17:22] C:\Program Files\Fichiers communs\Windows Live
[01/10/2008|18:33] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 61 Processes )

IEXPLORE.EXE ~ [PID:3588]
IEXPLORE.EXE ~ [PID:3624]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\Five the.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\Five the.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\flag 32.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\flag 32.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\flaw bash.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\flaw bash.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\Support Heck.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\Support Mags.dat
C:\DOCUME~1\myriam\APPLIC~1\userst~1
C:\DOCUME~1\myriam\APPLIC~1\userst~1\amfpuirt.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\DUPE DASH.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\foqsfizl.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\funljjiz.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\hyicwdhf.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\ijwcuggu.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\imtnlyzo.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\mmbloeyf.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\ncjxnmhk.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\obkmqzrr.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\piyaafoj.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\qbkytxfo.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\rgavrdsy.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\rule poll slow.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\sivzuzph.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\smqzlntg.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\soap less the 16.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\sznsbfwy.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\tcoucuog.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\wqtuzfyu.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\wxqkqmqd.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\xmzktvsv.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\xoftvbwn.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\ykskceau.exe
C:\DOCUME~1\myriam\APPLIC~1\userst~1\yuuldczo.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\bhmhpbal.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\boxvykfl.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\DUPE DASH.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\dyrrvhym.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\fddwrjtb.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\gdgtxjxm.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\gkcnpsfr.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\hfjgjuqp.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\jiyctwwi.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\jqxortye.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\lngbrxvq.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\nkovttcd.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\qzbepcvo.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\rlucwisn.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\rule poll slow.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\soap less the 16.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\tfowngzn.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\wizrojdf.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\wjsshpmw.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\zaczslym.exe
C:\DOCUME~1\Yassine\APPLIC~1\userst~1\zmbqzptu.exe
C:\Program Files\userst~1
C:\DOCUME~1\Yassine\Cookies\yassine@advertstream[1].txt
C:\DOCUME~1\Yassine\Cookies\yassine@advertising[1].txt
C:\DOCUME~1\Yassine\Cookies\yassine@cotedazurpalace[2].txt
C:\DOCUME~1\Yassine\Cookies\yassine@serve.cotedazurpalace[2].txt
C:\DOCUME~1\Yassine\Cookies\yassine@fr.partypoker[1].txt
C:\DOCUME~1\Yassine\Cookies\yassine@partypoker[1].txt
C:\WINDOWS\Tasks\AAAE50F5918DC5D5.job
C:\WINDOWS\Tasks\ACED7427918EE8F7.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"win else"="C:\\DOCUME~1\\Yassine\\APPLIC~1\\USERST~1\\DUPE DASH.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flag Owns Live Grim"="C:\\Documents and Settings\\All Users\\Application Data\\Software rule flag owns\\flaw bash.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 22:50:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 122

--------------------\\ Recherche d'autres infections

C:\WINDOWS\Pack.epk

C:\WINDOWS\System32\agyey.dat
C:\WINDOWS\System32\agyey_navup.dat
[b]==> EGDACCESS <==/b



[F:131][D:9]-> C:\DOCUME~1\Yassine\LOCALS~1\Temp
[F:108][D:0]-> C:\DOCUME~1\Yassine\Cookies
[F:1453][D:6]-> C:\DOCUME~1\Yassine\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 31/12/2009|22:54 - Option : [1]

--------------------\\ Fin du rapport a 22:54:30

==============}Ensuite pour archet9,un rapport malwarebyte mais d'un examen complet
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

31/12/2009 20:11:17
mbam-log-2009-12-31 (20-11-17).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 295890
Temps écoulé: 4 hour(s), 53 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 32

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP633\A0242831.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP633\A0242836.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP633\A0242928.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP638\A0243793.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP633\A0242902.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP633\A0242929.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP633\A0242960.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP633\A0242974.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP634\A0243017.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP634\A0243018.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP634\A0243030.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP637\A0243611.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP638\A0243740.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP639\A0243846.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP639\A0243850.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP634\A0243028.exe (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP637\A0243610.exe (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP638\A0243738.exe (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP633\A0242900.exe (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP639\A0243848.exe (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c001649.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0018BE.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0029.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002CD6.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c003D6C.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c004823.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c004AE1.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c005F90.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c006784.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c006952.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c006DF1.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0072AE.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
0
Utilisateur anonyme
31 déc. 2009 à 23:11
double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option "Suppression + Hosts"
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
0
Réponse 4 / 21
yasom
31 déc. 2009 à 23:49
et voila mon nouveau rapport,

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Phoenix - Award BIOS v6.00PG
USER : Yassine ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2005 (Activated)
Firewall : Norton Internet Security 2005 (Activated)
C:\ (Local Disk) - NTFS - Total:142 Go (Free:89 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:2 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 31/12/2009|23:39 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\Five the.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\Five the.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\flag 32.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\flag 32.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\flaw bash.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\Support Heck.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\Support Mags.dat
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\amfpuirt.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\DUPE DASH.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\foqsfizl.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\funljjiz.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\hyicwdhf.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\ijwcuggu.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\imtnlyzo.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\mmbloeyf.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\ncjxnmhk.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\obkmqzrr.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\piyaafoj.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\qbkytxfo.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\rgavrdsy.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\rule poll slow.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\sivzuzph.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\smqzlntg.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\soap less the 16.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\sznsbfwy.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\tcoucuog.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\wqtuzfyu.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\wxqkqmqd.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\xmzktvsv.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\xoftvbwn.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\ykskceau.exe
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1\yuuldczo.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\bhmhpbal.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\boxvykfl.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\DUPE DASH.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\dyrrvhym.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\fddwrjtb.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\gdgtxjxm.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\gkcnpsfr.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\hfjgjuqp.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\jiyctwwi.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\jqxortye.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\lngbrxvq.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\nkovttcd.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\qzbepcvo.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\rlucwisn.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\rule poll slow.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\soap less the 16.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\tfowngzn.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\wizrojdf.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\wjsshpmw.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\zaczslym.exe
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1\zmbqzptu.exe
Supprime! - C:\DOCUME~1\Yassine\Cookies\yassine@advertstream[1].txt
Supprime! - C:\DOCUME~1\Yassine\Cookies\yassine@advertising[1].txt
Supprime! - C:\DOCUME~1\Yassine\Cookies\yassine@cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\Yassine\Cookies\yassine@serve.cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\Yassine\Cookies\yassine@fr.partypoker[1].txt
Supprime! - C:\DOCUME~1\Yassine\Cookies\yassine@partypoker[1].txt
Supprime! - C:\WINDOWS\Tasks\AAAE50F5918DC5D5.job
Supprime! - C:\WINDOWS\Tasks\ACED7427918EE8F7.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
Supprime! - C:\DOCUME~1\myriam\APPLIC~1\userst~1
Supprime! - C:\DOCUME~1\Yassine\APPLIC~1\userst~1
Supprime! - C:\Program Files\userst~1
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[25/01/2009|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[02/04/2006|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[29/11/2009|14:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[29/11/2009|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[03/05/2008|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[18/06/2008|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[28/12/2009|13:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04/09/2009|13:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[14/08/2008|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[28/01/2009|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[01/01/2005|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[01/01/2005|16:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[14/08/2008|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[29/12/2009|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[13/11/2008|18:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[19/12/2009|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[27/11/2009|23:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[26/06/2006|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
[07/02/2006|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[17/04/2006|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[01/01/2005|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[01/01/2005|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[31/10/2009|22:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sports Interactive
[01/01/2005|17:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[21/04/2007|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[20/12/2006|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[25/10/2006|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[15/05/2009|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[01/10/2008|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[01/02/2008|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[01/01/2005|16:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[25/11/2004|04:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[01/01/2005|16:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intervideo
[29/11/2009|11:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[28/11/2007|19:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[01/01/2005|17:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[01/01/2005|17:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[04/10/2009|17:11] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
[01/01/2005|16:58] C:\DOCUME~1\INVIT~1\APPLIC~1\Apple Computer
[14/03/2007|15:27] C:\DOCUME~1\INVIT~1\APPLIC~1\Google
[13/12/2009|16:55] C:\DOCUME~1\INVIT~1\APPLIC~1\HouseCall 6.6
[25/06/2007|07:20] C:\DOCUME~1\INVIT~1\APPLIC~1\HP
[25/11/2004|04:26] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[01/01/2005|16:55] C:\DOCUME~1\INVIT~1\APPLIC~1\Intervideo
[09/04/2006|11:03] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[21/12/2009|18:37] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[28/12/2008|15:41] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
[05/01/2008|23:10] C:\DOCUME~1\INVIT~1\APPLIC~1\OpenOffice.org2
[08/12/2009|19:41] C:\DOCUME~1\INVIT~1\APPLIC~1\Real
[01/01/2005|17:02] C:\DOCUME~1\INVIT~1\APPLIC~1\SampleView
[04/10/2009|18:19] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
[01/01/2005|17:12] C:\DOCUME~1\INVIT~1\APPLIC~1\Symantec
[27/10/2007|14:35] C:\DOCUME~1\INVIT~1\APPLIC~1\Windows Desktop Search

[03/02/2008|12:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[14/08/2008|20:38] C:\DOCUME~1\myriam\APPLIC~1\Adobe
[28/12/2008|17:48] C:\DOCUME~1\myriam\APPLIC~1\AdobeUM
[01/01/2005|16:58] C:\DOCUME~1\myriam\APPLIC~1\Apple Computer
[26/06/2006|14:48] C:\DOCUME~1\myriam\APPLIC~1\ArcSoft
[22/02/2009|19:36] C:\DOCUME~1\myriam\APPLIC~1\DivX
[16/12/2006|15:55] C:\DOCUME~1\myriam\APPLIC~1\Google
[01/07/2006|16:16] C:\DOCUME~1\myriam\APPLIC~1\Help
[03/05/2008|16:54] C:\DOCUME~1\myriam\APPLIC~1\HP
[26/06/2006|11:33] C:\DOCUME~1\myriam\APPLIC~1\HPQ
[25/11/2004|04:26] C:\DOCUME~1\myriam\APPLIC~1\Identities
[01/01/2005|16:55] C:\DOCUME~1\myriam\APPLIC~1\Intervideo
[26/06/2006|11:30] C:\DOCUME~1\myriam\APPLIC~1\Leadertech
[13/05/2006|16:03] C:\DOCUME~1\myriam\APPLIC~1\Macromedia
[11/07/2009|21:19] C:\DOCUME~1\myriam\APPLIC~1\Microsoft
[19/11/2007|19:27] C:\DOCUME~1\myriam\APPLIC~1\Moyea
[10/08/2008|15:46] C:\DOCUME~1\myriam\APPLIC~1\Mozilla
[13/05/2006|16:02] C:\DOCUME~1\myriam\APPLIC~1\MSNInstaller
[25/01/2009|17:55] C:\DOCUME~1\myriam\APPLIC~1\OpenOffice.org
[17/05/2008|17:11] C:\DOCUME~1\myriam\APPLIC~1\OpenOffice.org2
[17/02/2008|13:11] C:\DOCUME~1\myriam\APPLIC~1\Real
[01/01/2005|17:02] C:\DOCUME~1\myriam\APPLIC~1\SampleView
[25/01/2009|14:35] C:\DOCUME~1\myriam\APPLIC~1\Shareaza
[19/06/2008|11:48] C:\DOCUME~1\myriam\APPLIC~1\Sonic
[04/02/2008|12:43] C:\DOCUME~1\myriam\APPLIC~1\Sports Interactive
[01/12/2006|13:12] C:\DOCUME~1\myriam\APPLIC~1\Sun
[22/06/2006|09:18] C:\DOCUME~1\myriam\APPLIC~1\Symantec
[21/06/2006|18:07] C:\DOCUME~1\myriam\APPLIC~1\Template
[10/02/2009|18:37] C:\DOCUME~1\myriam\APPLIC~1\Ulead Systems
[22/10/2008|17:06] C:\DOCUME~1\myriam\APPLIC~1\vlc
[18/10/2007|17:20] C:\DOCUME~1\myriam\APPLIC~1\Windows Desktop Search
[18/05/2008|15:33] C:\DOCUME~1\myriam\APPLIC~1\Yahoo!

[18/10/2007|16:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


[06/06/2009|17:00] C:\DOCUME~1\Yassine\APPLIC~1\Adobe
[14/02/2008|20:27] C:\DOCUME~1\Yassine\APPLIC~1\AdobeUM
[01/01/2005|16:58] C:\DOCUME~1\Yassine\APPLIC~1\Apple Computer
[17/02/2009|10:18] C:\DOCUME~1\Yassine\APPLIC~1\DivX
[06/04/2008|11:35] C:\DOCUME~1\Yassine\APPLIC~1\EPSON
[07/01/2009|16:57] C:\DOCUME~1\Yassine\APPLIC~1\FileZilla
[03/09/2008|13:02] C:\DOCUME~1\Yassine\APPLIC~1\Google
[22/05/2007|16:33] C:\DOCUME~1\Yassine\APPLIC~1\HP
[27/02/2007|14:51] C:\DOCUME~1\Yassine\APPLIC~1\HPQ
[25/11/2004|04:26] C:\DOCUME~1\Yassine\APPLIC~1\Identities
[10/05/2007|18:47] C:\DOCUME~1\Yassine\APPLIC~1\Intervideo
[27/02/2007|10:19] C:\DOCUME~1\Yassine\APPLIC~1\ItsLabel
[13/07/2008|21:23] C:\DOCUME~1\Yassine\APPLIC~1\Lavasoft
[26/09/2008|15:46] C:\DOCUME~1\Yassine\APPLIC~1\LogoMaker
[25/02/2007|19:47] C:\DOCUME~1\Yassine\APPLIC~1\Macromedia
[29/12/2009|15:39] C:\DOCUME~1\Yassine\APPLIC~1\Malwarebytes
[30/01/2008|16:18] C:\DOCUME~1\Yassine\APPLIC~1\Megaupload
[23/06/2009|13:12] C:\DOCUME~1\Yassine\APPLIC~1\Microsoft
[05/11/2009|20:27] C:\DOCUME~1\Yassine\APPLIC~1\Mostick
[16/11/2007|17:48] C:\DOCUME~1\Yassine\APPLIC~1\Moyea
[27/09/2008|17:37] C:\DOCUME~1\Yassine\APPLIC~1\Mozilla
[20/11/2007|20:52] C:\DOCUME~1\Yassine\APPLIC~1\MSNInstaller
[10/08/2007|12:15] C:\DOCUME~1\Yassine\APPLIC~1\muvee Technologies
[13/02/2009|16:57] C:\DOCUME~1\Yassine\APPLIC~1\Neverball
[28/02/2009|20:24] C:\DOCUME~1\Yassine\APPLIC~1\OpenOffice.org
[31/12/2009|23:18] C:\DOCUME~1\Yassine\APPLIC~1\OpenOffice.org2
[04/02/2008|11:42] C:\DOCUME~1\Yassine\APPLIC~1\Real
[01/01/2005|17:02] C:\DOCUME~1\Yassine\APPLIC~1\SampleView
[09/08/2007|15:18] C:\DOCUME~1\Yassine\APPLIC~1\Screenshot Sender
[20/11/2007|13:17] C:\DOCUME~1\Yassine\APPLIC~1\SecuROM
[28/01/2009|16:11] C:\DOCUME~1\Yassine\APPLIC~1\Shareaza
[26/09/2008|16:29] C:\DOCUME~1\Yassine\APPLIC~1\SlySoft
[31/10/2009|22:42] C:\DOCUME~1\Yassine\APPLIC~1\Sports Interactive
[01/03/2007|11:49] C:\DOCUME~1\Yassine\APPLIC~1\Sun
[02/03/2007|12:21] C:\DOCUME~1\Yassine\APPLIC~1\Symantec
[25/02/2007|19:28] C:\DOCUME~1\Yassine\APPLIC~1\Template
[16/02/2008|21:32] C:\DOCUME~1\Yassine\APPLIC~1\TVU networks
[21/04/2007|16:34] C:\DOCUME~1\Yassine\APPLIC~1\Ulead Systems
[21/07/2008|14:37] C:\DOCUME~1\Yassine\APPLIC~1\vlc
[19/10/2007|11:47] C:\DOCUME~1\Yassine\APPLIC~1\Windows Desktop Search
[23/12/2009|17:02] C:\DOCUME~1\Yassine\APPLIC~1\WinRAR
[18/05/2008|14:17] C:\DOCUME~1\Yassine\APPLIC~1\Yahoo!

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[31/12/2009 23:15][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[31/12/2009 23:40][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{79C8FF5A-454E-488A-86B6-25FCB3570166}.job
[25/06/2007 07:19][--ah-----] C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
[18/12/2009 20:00][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur - Yassine.job
[28/02/2007 12:17][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[31/12/2009 23:15][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 19:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[04/05/2008|14:00] C:\Program Files\7-Zip
[06/04/2008|11:31] C:\Program Files\Adobe
[12/11/2009|22:04] C:\Program Files\adslTV
[19/05/2007|09:59] C:\Program Files\Alwil Software
[25/02/2006|11:07] C:\Program Files\ArcSoft
[26/09/2008|17:43] C:\Program Files\AviSynth 2.5
[29/12/2009|22:36] C:\Program Files\CASIO
[18/06/2008|11:22] C:\Program Files\CCleaner
[14/03/2008|17:30] C:\Program Files\Design Science
[23/06/2009|17:55] C:\Program Files\DivX
[06/05/2006|19:19] C:\Program Files\Easy Internet signup
[19/12/2009|23:36] C:\Program Files\eMule
[21/04/2007|10:45] C:\Program Files\EZ-DUB
[27/12/2009|20:20] C:\Program Files\Fichiers communs
[05/01/2009|19:56] C:\Program Files\FileZilla FTP Client
[11/07/2008|08:50] C:\Program Files\Free
[01/06/2009|20:52] C:\Program Files\GeoGebra
[28/12/2009|13:40] C:\Program Files\Google
[27/12/2009|20:23] C:\Program Files\GSC Game World
[18/06/2007|20:31] C:\Program Files\Hewlett-Packard
[28/01/2009|16:14] C:\Program Files\HP
[13/07/2008|17:46] C:\Program Files\InstallShield Installation Information
[09/12/2009|23:01] C:\Program Files\Internet Explorer
[26/01/2008|13:17] C:\Program Files\InterVideo
[05/10/2009|20:31] C:\Program Files\Java
[25/01/2009|17:47] C:\Program Files\JRE
[28/03/2006|20:13] C:\Program Files\Kit ADSL
[05/02/2006|18:18] C:\Program Files\Learn2.com
[29/12/2009|15:39] C:\Program Files\Malwarebytes' Anti-Malware
[26/09/2008|15:59] C:\Program Files\Messenger
[27/12/2009|19:06] C:\Program Files\Messenger Plus! Live
[15/05/2009|18:00] C:\Program Files\Microsoft
[09/05/2007|15:56] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[25/11/2004|04:27] C:\Program Files\microsoft frontpage
[17/05/2008|10:23] C:\Program Files\Microsoft Office
[18/10/2007|16:31] C:\Program Files\Microsoft SQL Server Compact Edition
[15/05/2009|18:06] C:\Program Files\Microsoft Sync Framework
[23/11/2007|12:59] C:\Program Files\Mindscape
[26/09/2008|15:48] C:\Program Files\Movie Maker
[31/12/2009|23:31] C:\Program Files\Mozilla Firefox
[25/07/2009|22:09] C:\Program Files\MSBuild
[20/11/2007|20:53] C:\Program Files\MSN
[25/11/2004|04:27] C:\Program Files\MSN Gaming Zone
[26/10/2006|11:05] C:\Program Files\MSXML 4.0
[01/01/2005|17:00] C:\Program Files\muvee Technologies
[26/09/2008|15:39] C:\Program Files\NetMeeting
[01/01/2005|17:14] C:\Program Files\Norton Internet Security
[28/03/2007|12:56] C:\Program Files\NudgeMania
[19/11/2007|19:13] C:\Program Files\OpenOffice.org 2.1
[17/05/2008|19:48] C:\Program Files\OpenOffice.org 2.3
[18/09/2008|15:49] C:\Program Files\OpenOffice.org 2.4
[25/01/2009|17:47] C:\Program Files\OpenOffice.org 3
[12/08/2009|22:23] C:\Program Files\Outlook Express
[01/01/2005|17:11] C:\Program Files\PC-Doctor 5 for Windows
[27/09/2007|13:24] C:\Program Files\Psykos 7
[29/11/2009|14:13] C:\Program Files\QuickTime
[01/02/2008|16:20] C:\Program Files\Real Alternative
[23/06/2009|13:06] C:\Program Files\Red Kawa
[25/07/2009|22:08] C:\Program Files\Reference Assemblies
[01/01/2005|17:09] C:\Program Files\Services en ligne
[05/10/2008|18:28] C:\Program Files\SlySoft
[23/11/2007|12:47] C:\Program Files\Sonic
[28/12/2009|13:26] C:\Program Files\Sports Interactive
[31/12/2009|23:17] C:\Program Files\Steam
[01/01/2005|17:14] C:\Program Files\Symantec
[13/07/2008|17:45] C:\Program Files\TRENDnet
[22/12/2006|19:51] C:\Program Files\Uninstall Information
[05/02/2006|17:51] C:\Program Files\USB Driver-Express
[18/06/2008|11:16] C:\Program Files\VideoLAN
[15/07/2006|17:56] C:\Program Files\Virtools Web Player 3.5
[28/12/2009|14:02] C:\Program Files\VS Revo Group
[19/05/2007|10:08] C:\Program Files\Web Media Player
[18/10/2007|16:31] C:\Program Files\Windows Desktop Search
[04/04/2007|12:55] C:\Program Files\Windows Journal Viewer
[25/11/2009|17:40] C:\Program Files\Windows Live
[01/10/2008|18:33] C:\Program Files\Windows Live Favorites
[15/05/2009|18:00] C:\Program Files\Windows Live SkyDrive
[15/05/2009|18:06] C:\Program Files\Windows Live Toolbar
[11/05/2007|18:34] C:\Program Files\Windows Media Connect 2
[26/09/2008|15:39] C:\Program Files\Windows Media Player
[26/09/2008|15:39] C:\Program Files\Windows NT
[05/04/2006|19:12] C:\Program Files\WindowsUpdate
[23/12/2009|17:02] C:\Program Files\WinRAR
[25/11/2004|04:28] C:\Program Files\xerox
[24/06/2008|10:59] C:\Program Files\Yahoo!
[15/10/2007|17:52] C:\Program Files\Zero G Registry
[29/01/2007|17:10] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[06/04/2008|11:31] C:\Program Files\Fichiers communs\Adobe
[29/11/2009|14:11] C:\Program Files\Fichiers communs\Apple
[03/05/2008|21:11] C:\Program Files\Fichiers communs\BOONTY Shared
[01/01/2005|16:47] C:\Program Files\Fichiers communs\Hewlett-Packard
[18/06/2007|20:38] C:\Program Files\Fichiers communs\HP
[28/08/2007|06:32] C:\Program Files\Fichiers communs\InstallShield
[01/01/2005|16:54] C:\Program Files\Fichiers communs\InterVideo
[01/01/2005|16:29] C:\Program Files\Fichiers communs\Java
[19/12/2009|23:42] C:\Program Files\Fichiers communs\Microsoft Shared
[25/11/2004|04:26] C:\Program Files\Fichiers communs\MSSoap
[05/02/2006|18:18] C:\Program Files\Fichiers communs\Nullsoft
[26/01/2008|13:14] C:\Program Files\Fichiers communs\Real
[01/02/2005|08:50] C:\Program Files\Fichiers communs\Services
[18/06/2007|20:40] C:\Program Files\Fichiers communs\Sonic Shared
[25/11/2004|04:26] C:\Program Files\Fichiers communs\SpeechEngines
[01/01/2005|16:51] C:\Program Files\Fichiers communs\SureThing Shared
[05/02/2008|19:37] C:\Program Files\Fichiers communs\SWF Studio
[31/12/2009|14:51] C:\Program Files\Fichiers communs\Symantec Shared
[04/02/2008|12:30] C:\Program Files\Fichiers communs\Synacast
[27/11/2009|23:32] C:\Program Files\Fichiers communs\System
[21/04/2007|10:44] C:\Program Files\Fichiers communs\Ulead Systems
[15/05/2009|17:22] C:\Program Files\Fichiers communs\Windows Live
[01/10/2008|18:33] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 59 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 23:44:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 122

--------------------\\ Recherche d'autres infections

C:\WINDOWS\Pack.epk

C:\WINDOWS\System32\agyey.dat
C:\WINDOWS\System32\agyey_navup.dat
[b]==> EGDACCESS <==/b



[F:16][D:7]-> C:\DOCUME~1\Yassine\LOCALS~1\Temp
[F:107][D:0]-> C:\DOCUME~1\Yassine\Cookies
[F:30][D:4]-> C:\DOCUME~1\Yassine\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 31/12/2009|22:54 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 31/12/2009|23:48 - Option : [2]

--------------------\\ Fin du rapport a 23:48:26
0
Utilisateur anonyme
31 déc. 2009 à 23:52
traitons maintenant cette infection
C:\WINDOWS\Pack.epk
C:\WINDOWS\System32\agyey.dat
C:\WINDOWS\System32\agyey_navup.dat

Ton PC a une infection Navipromo/Magic Control/EDG ACCESS qui affiche des publicités intempestives.
Il s'installe via certains programmes, dont ceux-ci qu'il faut éviter à tout prix:
* Funky Emoticons
* go-astro
* Games Attack
* GoRecord
* HotTVPlayer / HotTVPlayer & Paris Hilton
* Live-Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* Officiale Emule (Version d'Emule modifiée)
* Original Solitaire
* SuperSexPlayer
* Speed Downloading
* Sudoplanet
* Webmediaplayer

Télécharge Navilog (de Il Mafioso) sur ton bureau
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Surtout, désactive l'anti-virus et l'anti-spyware, car ils risquent de gêner l'outil
Double-clique sur Navilog présent sur le Bureau pour le lancer
Choisit la langue en tapant sur F, et appuie sur la touche entrée
Appuie sur un touche pour continuer lorsqu'on te le demande
Tape sur 1 (recherche/suppression automatique), et appuie sur la touche entrée
L'outil t'informe qu'il va redémarrer le PC lors de la suppression
Une fois que l'outil a terminé, le bureau réapparait, et le bloc-notes s'ouvre
Copie et colle le rapport C:\fixnavi.txt dans ta réponse


Note: Si le bureau réapparait pas, Ctrl+Alt+Suppr. Sélectionner gestionnaire de
tâches. Se rendre dans l'onglet "Processus". En haut, cliquer sur "Fichier"
Sélectionner "Nouvelle tâche". Taper "explorer", puis valider, et le bureau
réappraitra
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
yasom
1 janv. 2010 à 00:25
merciii et bonne année!!par contre j'ai toujours des pubs "trafficsolar.com" et aussi un logiciel qui s'installe tout seul:ptools.je croyais l'avoir supprimé mais il revient!!!je ne sait pas quoi faire!!!
0
Utilisateur anonyme
1 janv. 2010 à 00:28
bonne année 2010
fait navilog, et poste le rapport, puis on verra après
0
Réponse 6 / 21
yasom
1 janv. 2010 à 00:33
le rapport navi:
Fix Navipromo version 4.0.5 commencé le 31/12/2009 23:59:09,57

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 10.11.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Phoenix - Award BIOS v6.00PG
USER : Yassine ( Administrator )
BOOT : Normal boot

Antivirus : Norton Internet Security 2005 (Activated)
Firewall : Norton Internet Security 2005 (Activated)

C:\ (Local Disk) - NTFS - Total:142 Go (Free:89 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:2 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\agyey.dat supprimé !
C:\WINDOWS\system32\agyey_navup.dat supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Yassine\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok




*** Scan terminé 01/01/2010 0:05:04,31 ***
0
Utilisateur anonyme
1 janv. 2010 à 00:36
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

- http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

* Double-clique sur RSIT.exe pour le lancer .
* Une première fenêtre s'ouvre avec en titre : Disclaimer of warranty .
* Devant l'option List files/folders created ... , tu choisis 2 months
* Clique ensuite sur Continue pour lancer l'analyse ...
* Laisse faire le scan et ne touche pas au PC ...
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
* Héberge le contenu de log.txt (c'est celui qui apparait à l'écran), ainsi que de info.txt ici.
Clique sur parcourir
Une fois que tu as trouvé les rapports à héberger, clique sur ouvrir
Clique sur Cliquez ici pour déposer le fichier, puis donne le lien
qui apparait comme ceci http:/www.cijoint.fr/cjlink.php?file=cj200911/cijgAdC3Ch.txt

Note : les rapports seront en outre sauvegardés dans ce dossier C:\rsit
0
Réponse 7 / 21
yasom
1 janv. 2010 à 00:57
http://www.cijoint.fr/cjlink.php?file=cj201001/cijxM9vzy3.txt
voila le lien
0
Utilisateur anonyme
1 janv. 2010 à 00:58
Je regarderai demain
0
Réponse 8 / 21
yasom
3 janv. 2010 à 16:26
bonjour,j'ai vraiment besoin d'aide.Mon ordi ralenti,j'ai des encore des pubs adserving.ezanga.com.le logiciel pctools et controlcenter.Svpppp merciii
0
Utilisateur anonyme
3 janv. 2010 à 16:48
bonjour
pourrai tu me refaire un RSIT, il me faudrai le rapport log.txt
0
Réponse 9 / 21
yasom
3 janv. 2010 à 16:53
http://www.cijoint.fr/cjlink.php?file=cj201001/cijUqLFWYc.txt
0
Réponse 10 / 21
Utilisateur anonyme
3 janv. 2010 à 17:03
Attention, avant de commencer, lit attentivement la procédure, et imprime la

Télécharge ComboFix de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
---> Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 11 / 21
yasom
3 janv. 2010 à 17:41
le rapport combofix
ComboFix 10-01-02.05 - Yassine 03/01/2010 17:09:35.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.510.254 [GMT 1:00]
Lancé depuis: c:\documents and settings\Yassine\Bureau\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Arte - Being W
C:\Arte - Being W
c:\documents and settings\myriam\Application Data\CCenter
c:\documents and settings\myriam\Application Data\CCenter\ccagent.exe
c:\documents and settings\myriam\Application Data\CCenter\ccmain.exe
c:\documents and settings\myriam\Application Data\CCenter\faq\guide.html
c:\documents and settings\myriam\Application Data\CCenter\faq\images\05.png
c:\documents and settings\myriam\Application Data\CCenter\faq\images\06.png
c:\documents and settings\myriam\Application Data\CCenter\faq\images\07.png
c:\documents and settings\myriam\Application Data\CCenter\faq\images\08.png
c:\documents and settings\myriam\Application Data\CCenter\faq\images\09.png
c:\documents and settings\myriam\Application Data\CCenter\faq\images\10.png
c:\documents and settings\myriam\Application Data\CCenter\settings.ini
c:\documents and settings\myriam\Application Data\CCenter\uninstall.exe
c:\documents and settings\Yassine\Application Data\CCenter
c:\documents and settings\Yassine\Application Data\CCenter\ccagent.exe
c:\documents and settings\Yassine\Application Data\CCenter\ccmain.exe
c:\documents and settings\Yassine\Application Data\CCenter\faq\guide.html
c:\documents and settings\Yassine\Application Data\CCenter\faq\images\05.png
c:\documents and settings\Yassine\Application Data\CCenter\faq\images\06.png
c:\documents and settings\Yassine\Application Data\CCenter\faq\images\07.png
c:\documents and settings\Yassine\Application Data\CCenter\faq\images\08.png
c:\documents and settings\Yassine\Application Data\CCenter\faq\images\09.png
c:\documents and settings\Yassine\Application Data\CCenter\faq\images\10.png
c:\documents and settings\Yassine\Application Data\CCenter\settings.ini
c:\documents and settings\Yassine\Application Data\CCenter\uninstall.exe
c:\documents and settings\Yassine\Application Data\PC
c:\documents and settings\Yassine\Application Data\PC\agent.exe
c:\documents and settings\Yassine\Application Data\PC\faq\guide.html
c:\documents and settings\Yassine\Application Data\PC\faq\images\gimg1.jpg
c:\documents and settings\Yassine\Application Data\PC\faq\images\gimg10.jpg
c:\documents and settings\Yassine\Application Data\PC\faq\images\gimg2.jpg
c:\documents and settings\Yassine\Application Data\PC\faq\images\gimg3.jpg
c:\documents and settings\Yassine\Application Data\PC\faq\images\gimg4.jpg
c:\documents and settings\Yassine\Application Data\PC\faq\images\gimg5.jpg
c:\documents and settings\Yassine\Application Data\PC\faq\images\gimg6.jpg
c:\documents and settings\Yassine\Application Data\PC\faq\images\gimg7.jpg
c:\documents and settings\Yassine\Application Data\PC\faq\images\gimg8.jpg
c:\documents and settings\Yassine\Application Data\PC\faq\images\gimg9.jpg
c:\documents and settings\Yassine\Application Data\PC\pc.exe
c:\documents and settings\Yassine\Application Data\PC\settings.ini
c:\documents and settings\Yassine\Application Data\PC\uninstall.exe
C:\Thumbs.db
c:\windows\system32\__c0018BE.exe
c:\windows\system32\__c0029.exe
c:\windows\system32\__c002CD6.exe
c:\windows\system32\__c003D6C.exe
c:\windows\system32\__c004823.exe
c:\windows\system32\__c004AE1.exe
c:\windows\system32\__c005F90.exe
c:\windows\system32\__c006784.exe
c:\windows\system32\__c006952.exe
c:\windows\system32\__c0072AE.exe
c:\windows\system32\aafhk.dat
c:\windows\system32\aafhk.exe
c:\windows\system32\aafhk_navps.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2009-12-03 au 2010-01-03 ))))))))))))))))))))))))))))))))))))
.

2009-12-31 23:47 . 2010-01-03 15:51 -------- d-----w- C:\rsit
2009-12-31 22:57 . 2009-12-31 23:05 -------- d-----w- c:\program files\Navilog1
2009-12-31 22:08 . 2009-12-31 22:08 -------- d-----w- C:\_OTM
2009-12-31 21:45 . 2009-12-31 22:48 -------- d-----w- C:\Lop SD
2009-12-29 21:36 . 2009-12-29 21:36 -------- d-----w- c:\program files\CASIO
2009-12-29 14:39 . 2009-12-29 14:39 -------- d-----w- c:\documents and settings\Yassine\Application Data\Malwarebytes
2009-12-29 14:39 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-29 14:39 . 2009-12-29 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-29 14:39 . 2009-12-29 14:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-29 14:39 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 17:06 . 2009-12-28 13:02 -------- d-----w- c:\program files\VS Revo Group
2009-12-19 19:25 . 2009-12-19 19:25 225792 ----a-w- c:\windows\system32\cfgshl.dll
2009-12-19 19:24 . 2009-12-19 19:24 225792 ----a-w- c:\windows\system32\cfgpage10.dll
2009-12-13 15:51 . 2007-12-24 16:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 16:23 . 2007-02-28 16:42 -------- d-----w- c:\documents and settings\Yassine\Application Data\OpenOffice.org2
2010-01-03 16:21 . 2008-12-25 10:25 -------- d-----w- c:\program files\Steam
2010-01-02 17:22 . 2005-01-01 16:11 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2010-01-02 14:12 . 2006-06-05 08:19 86360 ----a-w- c:\documents and settings\myriam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 22:17 . 2007-03-02 11:30 86360 ----a-w- c:\documents and settings\Yassine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-28 12:40 . 2005-01-01 16:09 -------- d-----w- c:\program files\Google
2009-12-28 12:26 . 2008-11-04 11:15 -------- d-----w- c:\program files\Sports Interactive
2009-12-27 19:23 . 2008-12-06 18:40 -------- d-----w- c:\program files\GSC Game World
2009-12-27 18:06 . 2008-10-02 15:16 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-19 22:36 . 2007-05-16 09:38 -------- d-----w- c:\program files\eMule
2009-12-09 20:51 . 2009-02-28 19:25 1 ----a-w- c:\documents and settings\Yassine\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-08 19:46 . 2004-11-23 21:26 94518 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-08 19:46 . 2004-11-23 21:26 534808 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-06 12:14 . 2008-01-06 17:23 1 ----a-w- c:\documents and settings\Yassine\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-11-29 13:13 . 2005-01-01 15:57 -------- d-----w- c:\program files\QuickTime
2009-11-29 13:11 . 2005-01-01 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-29 13:11 . 2009-11-29 13:11 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-11-29 13:10 . 2009-11-29 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-27 22:32 . 2008-04-16 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-25 16:40 . 2007-06-10 18:07 -------- d-----w- c:\program files\Windows Live
2009-11-12 21:04 . 2007-06-26 12:35 -------- d-----w- c:\program files\adslTV
2009-11-05 19:27 . 2009-11-05 19:27 -------- d-----w- c:\documents and settings\Yassine\Application Data\Mostick
2009-10-29 07:44 . 2004-08-05 18:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:44 . 2004-08-05 18:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:44 . 2004-08-05 18:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:39 . 2004-08-05 18:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-05 18:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-05 18:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2004-08-05 18:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-05 18:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2004-08-05 18:00 150528 ----a-w- c:\windows\system32\rastls.dll
2009-10-05 19:23 . 2009-10-05 19:23 152576 ----a-w- c:\documents and settings\Yassine\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2006-04-24 16:28 . 2006-04-20 16:06 417 -c--a-w- c:\program files\Etudiant.EGP
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-25 1217808]
"Shareaza"="c:\documents and settings\myriam\Bureau\Shareaza\Shareaza.exe" [2008-10-01 5723136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-09-07 58488]
"BigDogPath"="c:\windows\VM_STI.EXE" [2005-02-28 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

c:\documents and settings\myriam\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\Yassine\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
EZ-DUB Finder.lnk - c:\program files\EZ-DUB\EZ-DUB.exe [2006-3-1 266240]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2007-7-10 634880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\myriam\\Bureau\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [01/01/2005 16:37 2786176]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\system32\drivers\usbiad.sys [05/02/2006 17:51 31547]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [13/07/2008 17:46 264576]
.
Contenu du dossier 'Tâches planifiées'

2010-01-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 12:12]

2009-12-18 c:\windows\Tasks\Norton AntiVirus - Analyser mon ordinateur - Yassine.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2004-08-31 15:48]

2007-02-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-01-01 17:22]

2010-01-03 c:\windows\Tasks\User_Feed_Synchronization-{79C8FF5A-454E-488A-86B6-25FCB3570166}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://g.msn.fr/8SEFRFR030000TBR/FRWCompleteTBSiteFinalDEFAULT
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.69.25.47.96.downloads.estara.com./as/OneCCDM.php?template=41001&sessionid=1373278661_77.195.55.16_1473&=&req=1177162493375OneCC.cab
FF - ProfilePath - c:\documents and settings\Yassine\Application Data\Mozilla\Firefox\Profiles\7lst7jw6.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-agent.exe - c:\documents and settings\Yassine\Application Data\PC\agent.exe
HKCU-Run-ccagent.exe - c:\documents and settings\Yassine\Application Data\CCenter\ccagent.exe
AddRemove-PCTools - c:\documents and settings\Yassine\Application Data\PC\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 17:21
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-1018\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fe,64,f3,b9,52,5b,af,30,27,20,b8,0d,11,dc,79,2d,e9,53,f2,a5,17,33,e3,
25,dd,13,a1,39,7c,1a,dc,61,4f,fe,f3,1f,d4,95,bf,3b,b7,14,4c,04,79,70,4c,fc,\
"??"=hex:91,1e,f5,2a,d1,ba,50,cb,11,cb,ec,c8,e8,1a,c0,4c
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(424)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Norton Internet Security\ISSVC.exe
c:\program files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoCtlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\SearchProtocolHost.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Heure de fin: 2010-01-03 17:35:38 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-03 16:35

Avant-CF: 95 504 396 288 octets libres
Après-CF: 95 394 525 184 octets libres

- - End Of File - - 416F90488579B7DB5C6168EF9FCE2540
0
Utilisateur anonyme
3 janv. 2010 à 17:51
plus de pubs ?
0
yasom > Utilisateur anonyme
3 janv. 2010 à 18:05
plus rien!!!!merci pour tout!bonne soirée!
0
Utilisateur anonyme > yasom
3 janv. 2010 à 18:08
attends, c'est pas finit, refait moi un dernier RSIT
et après, on va nettoyer le PC
0
yasom > Utilisateur anonyme
3 janv. 2010 à 18:11
voila le nouveau rsit log
http://www.cijoint.fr/cjlink.php?file=cj201001/cijcWUqDsu.txt
0
Utilisateur anonyme > yasom
3 janv. 2010 à 18:15
je vois des lignes bizarres concernant le compte invité, ce compte sert-il ?
0
Réponse 12 / 21
Utilisateur anonyme
3 janv. 2010 à 18:18
patiente, je reviens, car il y a des lignes suspectes
0
Utilisateur anonyme
3 janv. 2010 à 18:26
il faudrai aller sur le compte invité, et faire Malwarebytes dessus en suivant les instructions
0
yasom > Utilisateur anonyme
3 janv. 2010 à 18:36
une analyse rapide ou complete?
0
Utilisateur anonyme > yasom
3 janv. 2010 à 18:37
complète
je reviendrai tout à l'heure
0
yasom > Utilisateur anonyme
3 janv. 2010 à 19:33
Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

03/01/2010 19:20:40
mbam-log-2010-01-03 (19-20-40).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 194783
Time elapsed: 41 minute(s), 14 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 20

Memory Processes Infected:
C:\Documents and Settings\Invité\Application Data\PC\agent.exe (Trojan.FakeAlert) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aafhk (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\agent.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Documents and Settings\Invité\Application Data\PC\pc.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Invité\Application Data\PC\faq (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\PC\faq\images (Rogue.ControlCenter) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Invité\Application Data\PC\uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\myriam\Application Data\CCenter\uninstall.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Yassine\Application Data\CCenter\uninstall.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Yassine\Application Data\PC\uninstall.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\__c0029.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\__c004823.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\PC\faq\guide.html (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\PC\faq\images\gimg1.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\PC\faq\images\gimg10.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\PC\faq\images\gimg2.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\PC\faq\images\gimg3.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\PC\faq\images\gimg4.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\PC\faq\images\gimg5.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\PC\faq\images\gimg6.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\PC\faq\images\gimg7.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\PC\faq\images\gimg8.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\PC\faq\images\gimg9.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\PC\pc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\PC\agent.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Invité\Application Data\PC\settings.ini (Trojan.FakeAlert) -> Quarantined and deleted successfully.
0
Réponse 13 / 21
yasom
3 janv. 2010 à 20:34
que doit je faire maintenant?
0
Utilisateur anonyme
3 janv. 2010 à 21:13
ton Malwarebytes n'est pas du tout à jour, met le à jour, refait un scan rapide

ensuite, pourrai tu analyser ces fichiers sur le site Virus Total
c:\windows\system32\rkpvujos.exe
c:\windows\system32\idlhmn.exe
c:\windows\system32\ljswixgz.exe
c:\windows\system32\oaqpkis.exe
c:\windows\system32\hplraojdkx.exe
c:\windows\system32\oftspg.exe
c:\windows\system32\zeadcqdgl.exe
c:\windows\system32\cuawjyhnb.exe
c:\windows\system32\szjaeki.exe
c:\windows\system32\bysfwfcevq.exe
c:\windows\system32\apgxzz.exe
c:\windows\system32\bgpgenuas.exe
c:\windows\system32\ksmwwykmn.exe
c:\windows\system32\wtbwapp.exe
c:\windows\system32\pbgqpoxvw.exe
c:\windows\system32\yetcmcw.exe
c:\windows\system32\pextri.exe
c:\windows\system32\ijdptzc.exe
c:\windows\system32\aafhk.exe

comme il y a pas mal de fichiers, tu me diras s'il y a des résultats
0
yasom > Utilisateur anonyme
3 janv. 2010 à 22:26
je ne trouve aucun des fixhier et je peut donc pas les analysé
Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3488
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

03/01/2010 22:24:26
mbam-log-2010-01-03 (22-24-26).txt

Type de recherche: Examen rapide
Eléments examinés: 109330
Temps écoulé: 9 minute(s), 42 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Invité\Application Data\PC\agent.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
0
Utilisateur anonyme > yasom
3 janv. 2010 à 22:27
refait moi un RSIT pour voir
0
yasom > Utilisateur anonyme
3 janv. 2010 à 22:31
http://www.cijoint.fr/cjlink.php?file=cj201001/cijOBou2XC.txt
0
Réponse 14 / 21
Utilisateur anonyme
3 janv. 2010 à 22:44
Tu dois afficher les fichiers et dossiers cachés
Démarrer, Poste de travail
Clique sur outils
Sélectionne options de dossier
Va dans l'onglet affichage
Coche afficher les fichiers et dossiers cachés, puis OK


essaye de trouver les fichiers que je t'ai indiqué plus haut
0
yasom
3 janv. 2010 à 23:00
j'ai fait tout ce qu'il faut mais je ne trouve toujours pas les fichiers.il y a des fichiers en bleu dans windows.je vais dans le dossier systeme32 mais la aucun des fichiers demandé...
0
Réponse 15 / 21
Utilisateur anonyme
3 janv. 2010 à 23:58
on verra cela demain
0
yasom
4 janv. 2010 à 15:02
toujours rien...je ne trouve pas les fichiers a analysé...
0
Réponse 16 / 21
Utilisateur anonyme
4 janv. 2010 à 15:12
bonjour
je te prépare une procédure de suppression spéciale qui sera prête ce soir
0
Utilisateur anonyme
5 janv. 2010 à 12:19
bonjour yasom

Attention,à ne pas reproduire sur un autre PC, ce qui pourrai l'endommager
▶ Télécharge OTM (de Old_Timer) sur ton Bureau

▶ Double-clique sur OTM.exe pour le lancer.

▶ Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

▶ Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous "Paste instructions for item to be moved".


:files
c:\windows\system32\rkpvujos.exe
c:\windows\system32\ljswixgz.exe
c:\windows\system32\oaqpkis.exe
c:\windows\system32\hplraojdkx.exe
c:\windows\system32\oftspg.exe
c:\windows\system32\zeadcqdgl.exe
c:\windows\system32\cuawjyhnb.exe
c:\windows\system32\szjaeki.exe
c:\windows\system32\bysfwfcevq.exe
c:\windows\system32\apgxzz.exe
c:\windows\system32\bgpgenuas.exe
c:\windows\system32\ksmwwykmn.exe
c:\windows\system32\wtbwapp.exe
c:\windows\system32\pbgqpoxvw.exe
c:\windows\system32\yetcmcw.exe
c:\windows\system32\pextri.exe
c:\windows\system32\ijdptzc.exe


:reg
[HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run]
"rkpvujos"=-
"idlhmn"=-
"ljswixgz"=-
"oaqpkis"=-
"hplraojdkx"=-
"oftspg"=-
"zeadcqdgl"=-
"cuawjyhnb"=-
"szjaeki"=-
"bysfwfcevq"=-
"apgxzz"=-
"bgpgenuas"=-
"ksmwwykmn"=-
"wtbwapp"=-
"pbgqpoxvw"=-
"yetcmcw"=-
"pextri"=-
"ijdptzc"=-

:commands
[emptytemp]
[start explorer]

▶ clique sur MoveIt! pour lancer la suppression.

▶ Le résultat apparaitra dans le cadre "Results".

▶ Clique sur Exit pour fermer.

▶ Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

▶ Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
0
yasom > Utilisateur anonyme
6 janv. 2010 à 18:20
All processes killed
========== FILES ==========
File/Folder c:\windows\system32\rkpvujos.exe not found.
File/Folder c:\windows\system32\ljswixgz.exe not found.
File/Folder c:\windows\system32\oaqpkis.exe not found.
File/Folder c:\windows\system32\hplraojdkx.exe not found.
File/Folder c:\windows\system32\oftspg.exe not found.
File/Folder c:\windows\system32\zeadcqdgl.exe not found.
File/Folder c:\windows\system32\cuawjyhnb.exe not found.
File/Folder c:\windows\system32\szjaeki.exe not found.
File/Folder c:\windows\system32\bysfwfcevq.exe not found.
File/Folder c:\windows\system32\apgxzz.exe not found.
File/Folder c:\windows\system32\bgpgenuas.exe not found.
File/Folder c:\windows\system32\ksmwwykmn.exe not found.
File/Folder c:\windows\system32\wtbwapp.exe not found.
File/Folder c:\windows\system32\pbgqpoxvw.exe not found.
File/Folder c:\windows\system32\yetcmcw.exe not found.
File/Folder c:\windows\system32\pextri.exe not found.
File/Folder c:\windows\system32\ijdptzc.exe not found.
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\rkpvujos deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\idlhmn deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\ljswixgz deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\oaqpkis deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\hplraojdkx deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\oftspg deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\zeadcqdgl deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\cuawjyhnb deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\szjaeki deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\bysfwfcevq deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\apgxzz deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\bgpgenuas deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\ksmwwykmn deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\wtbwapp deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\pbgqpoxvw deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\yetcmcw deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\pextri deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3116800641-2683139522-2516512823-501\Software\Microsoft\Windows\CurrentVersion\Run\\ijdptzc deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Invité
->Temp folder emptied: 349225 bytes
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
->Temporary Internet Files folder emptied: 356472 bytes
->Java cache emptied: 109240 bytes
->FireFox cache emptied: 87946504 bytes

User: LocalService
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
->Temp folder emptied: 65748 bytes
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
->Temporary Internet Files folder emptied: 32902 bytes

User: myriam

User: NetworkService
->Temp folder emptied: 0 bytes
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
->Temporary Internet Files folder emptied: 67 bytes

User: Yamin

User: Yassine

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Windows Temp folder emptied: 17156 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 85,00 mb


OTM by OldTimer - Version 3.1.4.0 log created on 01062010_181235

Files moved on Reboot...

Registry entries deleted on Reboot...
0
Utilisateur anonyme > yasom
6 janv. 2010 à 21:41
pourrai tu me refaire un RSIT
0
Réponse 17 / 21
yassineom Messages postés 23 Date d'inscription mercredi 6 janvier 2010 Statut Membre Dernière intervention 12 octobre 2010
7 janv. 2010 à 11:46
Logfile of random's system information tool 1.06 (written by random/random)
Run by Yassine at 2010-01-07 11:46:00
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 91 GB (62%) free of 145 GB
Total RAM: 510 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:03, on 07/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoCtlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\myriam\Bureau\Shareaza\Shareaza.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\fichie~1\instal~1\update~1\isuspm.exe
c:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Yassine\Bureau\RSIT.exe
C:\Documents and Settings\Yassine\Bureau\Yassine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.fr/8SEFRFR030000TBR/FRWCompleteTBSiteFinalDEFAULT
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Shareaza] "C:\Documents and Settings\myriam\Bureau\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.69.25.47.96.downloads.estara.com./...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoCtlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Utilisateur anonyme
7 janv. 2010 à 14:36
bonjour

Il faut nettoyer le outils de désinfection:

* Télécharge ToolsCleaner2 sur ton Bureau
https://www.commentcamarche.net/telecharger/
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

supprime toolscleaner2 manuellement


*Désactive ta restauration pour supprimer les points de restauration infectés:

Clique droit sur Poste de travail, clique sur Propriétés, puis sur Restauration système Coche la case désactiver la restauration Clique sur appliquer, puis sur OK
---> Redémarre ton PC ...

*Réactive ta restauration :
Clique droit sur Poste de travail, clique sur Propriétés, puis sur Restauration système Décoche la case désactiver la restauration Clique sur appliquer, puis sur OK
--->Redémarre ton PC ...

( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).

Créer un point de restauration propre manuellement:
Démarrer, Programmes
Va dans accèssoires, et dans outils système
Sélectionne restauration système
Clique sur suivant
Entre la date du point de restauration que tu veux créer
Clique sur créer, et le point de restauration se crée automatiquement


Un dernier petit nettoyage pour ton PC:

Télécharge C Cleaner Slim
* Enregistre le sur le Bureau
* Double-clique sur le fichier pour lancer l'installation
* Sur la fenêtre de l'installation langage bien choisir français et OK
* Clique sur suivant
* Lit la licence, et clique sur j'accepte
* Clique sur suivant, sur installer, puis sur fermer
* Double-clique sur l'icône de C Cleaner pour l'ouvrir
* Clique sur option, et puis avancé
* Tu décoches effacer uniquement les fichiers du dossier temp de windows plus vieux que 48 heures
* Clique sur nettoyeur
* Clique sur windows, et dans la colonne avancé
* Coche la première case vieilles données du perfetch que celle-là, ce qui te donnes la case vieilles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-là
* Clique sur analyser
*Clique sur nettoyer et sur la demande de confirmation OK. Tu recommences jusqu'à ce que C Cleaner ne trouve plus rien
* Clique maintenant sur registre et puis sur chercher les erreurs
* Laisse tout coché, et clique sur corriger les erreurs sélectionnées
*Il te demande de sauvegarder OUI
*Tu lui donnes un nom pour pouvoir la retrouver et enregistre
* Clique sur chercher les erreurs sélectionnées et sur la demande de confirmation OK
* Il supprime, et fermer, tu vérifies en relançant chercher les erreurs
*Tu retournes dans options, et tu recoches la case effacer uniquement les fichiers, du dossier temps de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du prefetch
* Tu peux fermer C Cleaner


* Télécharge Update Checker
http://www.filehippo.com/updatechecker/FHSetup.exe
* Installe le avec les paramètres par défaut en cliquant chaques fois sur Suivant.
* Une fois installé, patiente quelques secondes et tu verras apparaître une icône verte dans ta barre des tâches te signalant qu'il y a des mises à jour disponibles.
* Double-cliques sur l'icône pour être redirrigé sur le site de téléchargement des mises à jour.
* Un conseil : n'installe pas les BETA qui sont listées en dessous.
* Tu installes les mises à jour que tu désires

Ce petit logiciel indique les mises à jour disponibles à installer sur le PC


Dernières recommandations:
Il faut garder Malwarebytes pour scanner une fois de temps en temps ton PC, et pense à le mettre à jour avant chaque scan
Pense à garder à jour Windows et tous tes logiciels pour éviter les failles de sécurité
Nettoye ton PC régulièrement, et il faut défragmenter régulièrement le disque dur pour éviter les ralentissements
Soit prudent quand tu surfes, et fait attention lorsque tu installes un logiciel gratuit et que tu le met à jour, il faut refuser les compléments telles que les barres d'outil, ne télécharge pas de logiciels que tu ne connais pas et sur des sites que tu ne connais pas
Les logicels P2P( Shaeraza, Bittorent, Emule, limewire), sont à bannir, car on risque de télécharger avec des fichiers infectés
0
Réponse 18 / 21
yassineom Messages postés 23 Date d'inscription mercredi 6 janvier 2010 Statut Membre Dernière intervention 12 octobre 2010
8 janv. 2010 à 01:06
merciiiiii pour tt !!!
j'ai mis a jour nvidia et mon ordi bug lors du défilement des pages..y'a t il une solution?il y a aussi la bar yahoo,cela peut il provenir de ca?
le nom du fichier télécharger est 195.62_desktop_winxp_32bit_english_whql
0
Utilisateur anonyme
8 janv. 2010 à 14:55
bonjour
Ce fichier concerne NVIDIA
Pourquoi l'as tu mis à jour ? Il avait besoin d'une mise à jour ?
Yahoo, tu as du l'installer avec, il faut la désinstaller
Quand on télécharge quelque chose, on nous propose toujours des compléments, il faut les refuser

On va regarder s'il ne reste pas quelque chose dans le PC
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip
▶ dezippe-le , (clic droit/ extraire.....)

Il ne necessite pas d'installation

▶ double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

un rapport du nom de catchme apparait sur ton bureau , ignore-le , mais ne le supprime pas pour l instant

▶ Poste le contenu du rapport qui s'ouvre
0
yassineom Messages postés 23 Date d'inscription mercredi 6 janvier 2010 Statut Membre Dernière intervention 12 octobre 2010 > Utilisateur anonyme
8 janv. 2010 à 15:16
une mise a jour etait proposé sur fillehippo:
Icon NVIDIA Forceware 195.62 WHQL XP
Installed Version: 77.79
j'ai fait une restauration du systeme et tout est rentré dans l'ordre
List'em by g3n-h@ckm@n 1.1.7.1

Thx to Chiquitine29.....& CCM team

User : Yassine (Utilisateurs) # YAMINA
Update on 03/12/2009 by g3n-h@ckm@n ::::: 21:00
Start at: 14:58:44 | 08/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) 64 Processor 3200+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : Norton Internet Security 2005 [ Enabled | Updated ]
FW : Norton Internet Security[ Enabled ]2005

C:\ -> Disque fixe local | 142,07 Go (92,3 Go free) [HP_PAVILION] | NTFS
D:\ -> Disque fixe local | 6,96 Go (2,91 Go free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoCtlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\myriam\Bureau\Shareaza\Shareaza.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Yassine\Bureau\List_Killem\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Yassine\Local Settings\Temp\AE.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Steam REG_SZ "C:\Program Files\Steam\Steam.exe" -silent
Shareaza REG_SZ "C:\Documents and Settings\myriam\Bureau\Shareaza\Shareaza.exe" -tray
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
FileHippo.com REG_SZ "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon REG_SZ "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
ccApp REG_SZ "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
BigDogPath REG_SZ C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
KBD REG_SZ C:\HP\KBD\KBD.EXE
ISUSPM Startup REG_SZ "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableRegistryTools REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoCDBurning REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{56F9679E-7826-4C84-81F3-532071A8BCC5} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
C:\Documents and Settings\myriam\Bureau\Shareaza\Shareaza.exe REG_SZ C:\Documents and Settings\myriam\Bureau\Shareaza\Shareaza.exe:*:Enabled:Shareaza
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe REG_SZ C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%ProgramFiles%\iTunes\iTunes.exe REG_SZ %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00B71CFB-6864-4346-A978-C0A14556272C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0742B9EF-8C83-41CA-BFBA-830A59E23533}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{127698E4-E730-4E5C-A2B1-21490A70C8A1}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{14B87622-7E19-4EA8-93B3-97215F77A6BC}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{33564D57-0000-0010-8000-00AA00389B71}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{65FDEDF3-8ED9-4F5B-825E-18C2D44191A7}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B8BE5E93-A60C-4D26-A2DC-220313175592}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F6BF0D00-0B2A-4A75-BF7B-F385591623AF}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3F7924B9-D148-3141-87B1-68F36043A940}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D4ADA769-12A5-E065-923D-6F5842D9175B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ADECBED6-0366-4377-A739-E69DFBA04663}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2

=========

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
142 Go total, 92,30 Go libre (64%), 0% fragment‚ (fragmentation du fichier 0%)

Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\All Users\Application Data\.zreglib
C:\WINDOWS\Fonts\GRGAREF.TTF
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\Documents and Settings\Yassine\application data\RobotProgPrefs
C:\Documents and Settings\Yassine\Application Data\wklnhst.dat
C:\Documents and Settings\Yassine\Application Data\ItsLabel

¤¤¤¤¤¤¤¤¤¤ Keys :

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 15:00:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

7-Zip
Adobe
adslTV
Alwil Software
ArcSoft
AviSynth 2.5
CASIO
CCleaner
Design Science
DivX
Easy Internet signup
eMule
Etudiant.EGP
EZ-DUB
Fichiers communs
FileHippo.com
FileZilla FTP Client
FileZilla FTP Client(2)
Free
GeoGebra
Google
GSC Game World
Hewlett-Packard
HP
InstallShield Installation Information
Internet Explorer
InterVideo
Java
JRE
Kit ADSL
Learn2.com
Malwarebytes' Anti-Malware
Messenger
Messenger Plus! Live
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Mindscape
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
muvee Technologies
NetMeeting
Norton Internet Security
Norton Security Scan
NortonInstaller
NudgeMania
NVIDIA Corporation
OpenOffice.org 2.1
OpenOffice.org 2.3
OpenOffice.org 2.4
OpenOffice.org 3
Outlook Express
PC-Doctor 5 for Windows
Psykos 7
QuickTime
Real Alternative
Red Kawa
Reference Assemblies
Services en ligne
SlySoft
Sonic
Sports Interactive
Steam
Symantec
TRENDnet
Uninstall Information
USB Driver-Express
VideoLAN
Virtools Web Player 3.5
VS Revo Group
Web Media Player
Windows Desktop Search
Windows Journal Viewer
Windows Live
Windows Live Favorites
Windows Live SkyDrive
Windows Live Toolbar
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
Yahoo!
Zero G Registry
Zylom Games

============
Lecteur C:
============

0e2f82bd65151be2aa3b065d84d514
1ee441c2ea65ccb41420769b50c8e9
25a6900ff6292b5f5ca5b40fbae0
4f634fcbff525cb8c36474933d68a095
834b2a662124cd1623b1907a
AILog.txt
artmod_jewel_expand.GIF
assembly
audio.gif
AUTOEXEC.BAT
bin
BOOT.BAK
boot.ini
Bootfont.bin
cmdcons
cmldr
Config.Msi
CONFIG.SYS
Documents and Settings
Games
hp
IO.SYS
IPH.PH
Kill'em
List'em.txt
map.gif
MSDOS.SYS
MSOCache
My Music
NTDETECT.COM
ntldr
NVIDIA
outlineminus.IMG
outlineplus.IMG
pagefile.sys
Program Files
Python22
RECYCLER
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmdata15.sqm
sqmdata16.sqm
sqmdata17.sqm
sqmdata18.sqm
sqmdata19.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
sqmnoopt17.sqm
sqmnoopt18.sqm
sqmnoopt19.sqm
StubInstaller.exe
System Volume Information
system.sav
SystemRoot
t010101b.jpg
t010101b.jtn
t010103a.gsm
t012944a.jpg
t014199a.gsm
t047159a.jtn
t051706a.jpg
t051706a.jtn
t051716a.jtn
t065208a.jpg
t065208a.jtn
t640878a.gsm
t640878a.gtn
t790863a.jpg
TCleaner.txt
temp
trace.ini
updatedatfix.log
WINDOWS
YServer.txt

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\Program Files\Fichiers communs\Symantec Shared\IDS\Patch25.dll
C:\Documents and Settings\Yassine\Local Settings\Application Data\ApplicationHistory\Install.exe.86d9ac29.ini
C:\hp\bin\PE_Patch.exe
C:\hp\KBD\Install.exe
D:\I386\SYSTEM32\OwnerPatch.exe
D:\I386\Apps\APP07036\src\MSWorks\Install.exe
D:\MiniNT\system32\OwnerPatch.exe




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Utilisateur anonyme > yassineom Messages postés 23 Date d'inscription mercredi 6 janvier 2010 Statut Membre Dernière intervention 12 octobre 2010
8 janv. 2010 à 16:16
▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse
0
Réponse 19 / 21
yassineom Messages postés 23 Date d'inscription mercredi 6 janvier 2010 Statut Membre Dernière intervention 12 octobre 2010
8 janv. 2010 à 17:15
Kill'em by g3n-h@ckm@n 1.1.7.1

User : Yassine (Utilisateurs) # YAMINA
Update on 03/12/2009 by g3n-h@ckm@n ::::: 21:00
Start at: 16:29:29 | 08/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) 64 Processor 3200+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : Norton Internet Security 2005 [ Enabled | Updated ]
FW : Norton Internet Security[ Enabled ]2005

C:\ -> Disque fixe local | 142,07 Go (92,28 Go free) [HP_PAVILION] | NTFS
D:\ -> Disque fixe local | 6,96 Go (2,91 Go free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoCtlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\myriam\Bureau\Shareaza\Shareaza.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Documents and Settings\Yassine\Bureau\List_Killem\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Yassine\Local Settings\Temp\143.tmp\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

"C:\Documents and Settings\All Users\Application Data\.zreglib"
"C:\WINDOWS\Fonts\GRGAREF.TTF"
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
C:\Documents and Settings\Yassine\application data\RobotProgPrefs
"C:\Documents and Settings\Yassine\Application Data\ItsLabel"


¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

Quarantine :

.zreglib.Kill'em
GRGAREF.TTF.Kill'em
hosts.msn.Kill'em
ItsLabel.Kill'em
RobotProgPrefs.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe

============
Disk Cleaned
============

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Utilisateur anonyme
8 janv. 2010 à 21:32
est-ce que tout va bien maintenant ?
0
Réponse 20 / 21
yassineom Messages postés 23 Date d'inscription mercredi 6 janvier 2010 Statut Membre Dernière intervention 12 octobre 2010
8 janv. 2010 à 21:54
oui merciiii.as tu un meilleur antivirus a me conseiller?
0
Utilisateur anonyme
8 janv. 2010 à 21:58
Je te propose un anti-virus assez efficace, Avira Antivir
http://www.commentcamarche.net/telecharger/telecharger-55-antivir
Avira Antivir télécharge une pop-up qui propose la version payante lorsque qu'il se met à jour
quotidiennement. Ne pas s'inquiéter, ferme cette pop-up tout simplement
Configure le
https://www.commentcamarche.net/faq/16831-tutoriel-configuration-optimale-d-antivir-personal

Si tu as un autre anti-virus, il faut d'abord le désinstaller, puis installer celui-ci s'il t'intéresse
0

Discussions similaires

apparation intempestives de pub type site de rencontre et photo dans le même ton
Crokino -
Crokino -

6 réponses
Candy crush
eric2850 -
MPMP10 -

6 réponses
Pub intempestive sur smartphone Android.
Camitte -
Yoyo -

31 réponses
Publicité s'ouvre toute seule ! ?
RRD91 -
Vinz -

52 réponses
pub insta arnaque
fatbouddha -
bendrop -

21 réponses