Aide pour rapport Hijackthis

Balkiara Messages postés 21 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

Voila je voudrai que quelqu'un m'aide et me guide pour mon rapport Hijackthis je ne suis pas une pro en la matière!!^^
Merci à celui ou celle qui 'maidera.

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:24, on 06/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SWPROguard] C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_SEDD7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE Backup] "C:\Program Files\Bodrag\Outlook Express Backup Expert\OEBackup.exe" /start
O4 - HKCU\..\Run: [Error mail] "C:\ProgramData\Upload Bags Bags.owimem"
O4 - HKCU\..\Run: [LESS CITY AMEN SETUP] "C:\ProgramData\Web move ooze.9cfvpss"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Users/viyo/AppData/Local/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70745FFC-9E01-48CA-9F18-402E784B5239}: NameServer = 80.10.246.1,80.10.246.139
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AV Engine Scanning Service - Unknown owner - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Common Toolkit Service - Unknown owner - C:\Program Files\Common Files\Common Toolkit Suite\FighterSuiteService.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

19 réponses

Réponse 1 / 19
Utilisateur anonyme
 
salut desinstalle Spyware doctor

ensuite :


▶ Désactivez le contrôle des comptes utilisateurs avant utilisation de cet outil:

▶ Allez dans "Démarrer" puis Panneau de configuration.
▶ Double Cliquez sur l'icône Comptes d'utilisateurs et sur "Activer ou désactiver le contrôle des comptes d'utilisateurs".
▶ Décochez la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
▶ Validez par OK et redémarrez .

ensuite

▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :


▶ Déconnecte toi et ferme toutes applications en cours !

▶ clic droit sur "Ad-R.exe" en tant qu'administrateur pour lancer l'installation et laisse les paramètres d'installation par défaut .

▶ clic droit sur le raccourci Ad-remover en tant qu'administrateur qui est sur ton bureau pour lancer l'outil .

▶ Au menu principal choisis l'option "L" et tape sur [entrée] .

▶ Laisse travailler l'outil et ne touche à rien ...

▶ Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


ensuite :

Desinstalle Ad-Remover

ensuite :


▶ télécharge LOP S&D sur ton Bureau.

▶ Double-clique dessus pour lancer l'installation
▶ Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
▶ Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
▶ Patiente jusqu'à la fin du scan

▶ Poste le rapport généré (C:\lopR.txt)

ensuite :

▶ double-clique sur le raccourci Lop S&D présent sur ton Bureau

▶ Séléctionne la langue souhaitée , puis choisis l'option "Suppression + Hosts"
▶ Patiente jusqu'à la fin du scan
▶ Poste le rapport généré (C:\lopR.txt)

ensuite :

▶ Telecharge et install UsbFix

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "éxécuter en tant qu'administrateur" .

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

▶ Laisse travailler l outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

ensuite :

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir


▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi éxécuter en tant qu'administrateur .

▶ choisi l option 2 ( Suppression )

▶ Ton bureau disparaitra et le pc redémarrera .

▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

######### | Désinstallation | #########


▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi éxécuter en tant qu'administrateur .

▶ Choisi l option Désinstaller ....
0
Balkiara Messages postés 21 Statut Membre
 
Ok merci, c rapide.
Je ferais tout ca demain à tete reposée car la fatigue se fait sentir.
Je poste ca demain.
0
Réponse 2 / 19
Utilisateur anonyme
 
ok j attends les rapports respectifs ^^
0
Réponse 3 / 19
Balkiara Messages postés 21 Statut Membre
 
1ère partie

RAPPORT D'AD-REMOVER 1.1.4.6_G | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 05.01.2010 à 18:50
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 10:50:39, 08/01/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: PC-DE-VIYO | Utilisateur actuel: viyo

.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\Users\viyo\DOCUME~1\PacificPoker
C:\Users\viyo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Pacific Poker.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\GamesBar
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Pacific Poker
C:\Program Files\GamesBar
C:\Users\viyo\AppData\Roaming\EoRezo
C:\Users\viyo\AppData\Roaming\ItsLabel
C:\ProgramData\GamesBar
C:\Users\viyo\AppData\Local\akacy.bat

(!) -- Fichiers temporaires supprimés.

.
HKCU\software\EoRezo
HKCU\software\GamesBar
HKCU\software\Grand Virtual
HKCU\software\ItsLabel
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\software\pacificpoker
HKCU\software\pokerinstaller
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\software\classes\EoRezoBHO.EoBho
HKLM\software\classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\software\GamesBar
HKLM\software\GamesBarSetup
HKLM\software\ItsLabel
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\OBget.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine
HKLM\software\microsoft\windows\currentversion\uninstall\akacy
HKLM\software\microsoft\windows\currentversion\uninstall\GamesBar
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 8.0.6001.18865 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1 (0x1)
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Enable Browser Extensions: yes
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Use Search Asst: no
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.0.8102-to-2.4.2.8301-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\Blizzard Updater.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\Blizzard Updater.exe
C:\Users\Public\Games\World of Warcraft\WoW-2.4.2-frFR-patch.exe
C:\Users\Public\Games\World of Warcraft\WoW-3.3.0.10958-to-3.3.0.11159-frFR-patch.exe
C:\Users\Public\Games\World of Warcraft\Updates\wow-3.2.2-to-3.3.0-frFR-Win-patch\Blizzard Updater.exe
.
===================================
.
5393 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
0 Fichier(s) - C:\Users\viyo\AppData\Local\Temp
2 Fichier(s) - C:\Windows\Temp
5 Fichier(s) - C:\Windows\Prefetch
.
18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
171 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 10:55:25 | 08/01/2010 - CLEAN[1]
.
============== E.O.F ==============
.
0
Réponse 4 / 19
Balkiara Messages postés 21 Statut Membre
 
\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : viyo ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:111 Go (Free:33 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 08/01/2010|11:04 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[05/10/2007|11:23] C:\Users\viyo\AppData\Local\Acer Arcade Live
[05/10/2007|10:37] C:\Users\viyo\AppData\Local\Adobe
[02/11/2008|22:46] C:\Users\viyo\AppData\Local\Apple
[02/11/2008|22:48] C:\Users\viyo\AppData\Local\Apple Computer
[05/10/2007|09:53] C:\Users\viyo\AppData\Local\Application Data
[06/11/2009|19:24] C:\Users\viyo\AppData\Local\Apps
[05/01/2010|16:45] C:\Users\viyo\AppData\Local\Blizzard Entertainment
[09/10/2007|11:08] C:\Users\viyo\AppData\Local\CyberLink
[03/04/2008|14:01] C:\Users\viyo\AppData\Local\d3d8caps.dat
[16/04/2009|19:25] C:\Users\viyo\AppData\Local\d3d9caps.dat
[07/01/2010|11:54] C:\Users\viyo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[06/11/2009|19:35] C:\Users\viyo\AppData\Local\Deployment
[26/02/2009|00:15] C:\Users\viyo\AppData\Local\DVDivine
[15/03/2008|17:35] C:\Users\viyo\AppData\Local\eMule
[13/08/2009|21:49] C:\Users\viyo\AppData\Local\GDIPFONTCACHEV1.DAT
[06/11/2009|20:09] C:\Users\viyo\AppData\Local\Google
[05/10/2007|09:53] C:\Users\viyo\AppData\Local\Historique
[09/10/2007|11:08] C:\Users\viyo\AppData\Local\HomeMedia
[08/01/2010|10:49] C:\Users\viyo\AppData\Local\IconCache.db
[27/02/2009|19:19] C:\Users\viyo\AppData\Local\Microsoft
[01/11/2007|11:15] C:\Users\viyo\AppData\Local\Microsoft Games
[26/01/2009|14:45] C:\Users\viyo\AppData\Local\Microsoft Help
[17/04/2008|17:54] C:\Users\viyo\AppData\Local\MigWiz
[18/05/2008|17:00] C:\Users\viyo\AppData\Local\Oberon Media
[05/01/2010|19:54] C:\Users\viyo\AppData\Local\PackageAware
[07/01/2010|19:15] C:\Users\viyo\AppData\Local\PokerStars
[05/10/2007|09:54] C:\Users\viyo\AppData\Local\PowerCinema
[08/04/2008|17:57] C:\Users\viyo\AppData\Local\Seven Zip
[25/09/2008|09:59] C:\Users\viyo\AppData\Local\Sony
[08/01/2010|11:02] C:\Users\viyo\AppData\Local\Temp
[05/10/2007|09:53] C:\Users\viyo\AppData\Local\Temporary Internet Files
[08/01/2010|10:33] C:\Users\viyo\AppData\Local\Threat Expert
[05/10/2007|11:23] C:\Users\viyo\AppData\Local\VideoMagician
[25/03/2008|19:24] C:\Users\viyo\AppData\Local\VirtualStore
[28/01/2009|23:05] C:\Users\viyo\AppData\Local\Windows Live Writer

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[07/01/2010 10:22][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{ACC6481B-9B5B-4DAB-BCF8-CDC180BBBC9A}.job
[08/01/2010 10:52][--a------] C:\Windows\tasks\Google Software Updater.job
[01/01/2010 23:44][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - viyo.job
[08/01/2010 10:50][--ah-----] C:\Windows\tasks\SA.DAT
[08/01/2010 10:49][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[08/04/2008|17:58] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[06/01/2010|10:48] C:\ProgramData\{7516B6E8-5C01-4895-B079-DFC32A4ADEE1}
[06/05/2007|20:23] C:\ProgramData\Adobe
[02/11/2008|22:46] C:\ProgramData\Apple
[02/11/2006|14:02] C:\ProgramData\Application Data
[15/10/2008|14:33] C:\ProgramData\Blizzard
[13/08/2009|23:31] C:\ProgramData\Blizzard Entertainment
[30/06/2008|18:34] C:\ProgramData\BOONTY
[05/10/2007|09:49] C:\ProgramData\Bureau
[09/10/2007|18:07] C:\ProgramData\CanonBJ
[06/01/2010|10:48] C:\ProgramData\Common Toolkit Suite
[16/10/2008|15:23] C:\ProgramData\CyberLink
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[20/03/2008|00:10] C:\ProgramData\Downloaded Installations
[15/03/2008|17:37] C:\ProgramData\eMule
[08/04/2008|18:00] C:\ProgramData\EPSON
[05/10/2007|09:49] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[05/01/2010|15:18] C:\ProgramData\Google
[07/01/2010|17:40] C:\ProgramData\Google Updater
[31/03/2008|16:35] C:\ProgramData\Hercules
[06/01/2010|19:43] C:\ProgramData\Malwarebytes
[05/10/2007|09:49] C:\ProgramData\Menu D‚marrer
[18/11/2009|14:54] C:\ProgramData\Micro Application
[06/11/2009|07:01] C:\ProgramData\Microsoft
[10/12/2009|12:42] C:\ProgramData\Microsoft Help
[05/10/2007|09:49] C:\ProgramData\ModŠles
[09/08/2009|10:59] C:\ProgramData\NOS
[09/10/2007|11:07] C:\ProgramData\NtiDvdCopy
[20/03/2009|10:45] C:\ProgramData\Oberon Media
[18/05/2008|17:00] C:\ProgramData\PopCap
[02/11/2006|14:02] C:\ProgramData\Start Menu
[03/03/2009|14:37] C:\ProgramData\SUPERAntiSpyware.com
[04/08/2008|22:52] C:\ProgramData\Symantec
[08/01/2010|10:50] C:\ProgramData\TEMP
[02/11/2006|14:02] C:\ProgramData\Templates
[05/01/2010|20:03] C:\ProgramData\Tool Eggs Less City
[29/02/2008|16:18] C:\ProgramData\UDL
[04/04/2009|01:20] C:\ProgramData\Upload Bags Bags.9ceva7
[02/03/2009|22:56] C:\ProgramData\Upload Bags Bags.j8rl5rx
[04/04/2009|01:42] C:\ProgramData\Upload Bags Bags.owimem
[02/03/2009|22:56] C:\ProgramData\Upload Bags Bags.y1ncj07
[02/03/2009|22:56] C:\ProgramData\Web move ooze.9cfvpss
[31/03/2008|17:46] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[06/05/2007|20:33] C:\Program Files\Acer Arcade Live
[08/08/2007|08:27] C:\Program Files\Acer Inc
[06/05/2007|20:22] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[06/05/2007|20:23] C:\Program Files\Adobe
[08/01/2010|10:59] C:\Program Files\Ad-Remover
[06/01/2010|22:07] C:\Program Files\ALCATEL PC Suite
[15/03/2008|00:09] C:\Program Files\Alwil Software
[02/11/2008|22:46] C:\Program Files\Apple Software Update
[08/08/2007|08:25] C:\Program Files\ATI
[19/08/2009|13:08] C:\Program Files\Audacity
[22/06/2008|17:58] C:\Program Files\bfgclient
[22/07/2008|19:19] C:\Program Files\Blender Foundation
[13/04/2008|19:28] C:\Program Files\CCleaner
[06/01/2010|10:47] C:\Program Files\Common Files
[16/04/2009|23:17] C:\Program Files\Curse
[06/05/2007|20:30] C:\Program Files\CyberLink
[05/10/2007|18:59] C:\Program Files\directx
[24/02/2009|20:24] C:\Program Files\DivX
[18/03/2008|17:12] C:\Program Files\eMule
[29/02/2008|16:17] C:\Program Files\epson
[05/10/2007|09:49] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[05/01/2010|19:59] C:\Program Files\Fighters
[05/01/2010|19:29] C:\Program Files\Google
[31/03/2008|15:30] C:\Program Files\Hercules
[06/01/2010|23:22] C:\Program Files\hijackthis[1]
[14/12/2009|18:03] C:\Program Files\InstallShield Installation Information
[10/12/2009|22:01] C:\Program Files\Internet Explorer
[21/02/2009|09:29] C:\Program Files\Java
[26/01/2009|15:05] C:\Program Files\JRE
[06/01/2010|19:44] C:\Program Files\Malwarebytes' Anti-Malware
[14/12/2009|18:03] C:\Program Files\Micro Application
[06/11/2009|07:03] C:\Program Files\Microsoft
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[06/05/2007|20:22] C:\Program Files\Microsoft Office
[09/11/2009|11:09] C:\Program Files\Microsoft Silverlight
[06/11/2009|07:00] C:\Program Files\Microsoft SQL Server Compact Edition
[06/11/2009|07:02] C:\Program Files\Microsoft Sync Framework
[16/10/2009|09:21] C:\Program Files\Microsoft Works
[06/05/2007|20:20] C:\Program Files\Microsoft.NET
[27/08/2008|12:55] C:\Program Files\Mindscape
[19/02/2009|21:06] C:\Program Files\Minilyrics
[04/10/2009|11:36] C:\Program Files\Movie Maker
[02/11/2006|13:37] C:\Program Files\MSBuild
[15/03/2008|13:00] C:\Program Files\MSXML 4.0
[06/05/2007|20:18] C:\Program Files\NewTech Infosystems
[14/10/2008|09:15] C:\Program Files\Norton Internet Security
[20/03/2009|10:42] C:\Program Files\Oberon Media
[13/09/2009|12:52] C:\Program Files\oovooToolbar
[26/01/2009|15:05] C:\Program Files\OpenOffice.org 3
[24/05/2009|15:37] C:\Program Files\PC Tools Firewall Plus
[07/01/2010|10:34] C:\Program Files\PokerStars
[06/05/2007|20:05] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[23/03/2008|17:06] C:\Program Files\SAGEM
[08/10/2007|19:43] C:\Program Files\SLD Codec Pack
[25/09/2008|09:53] C:\Program Files\Sony Setup
[03/03/2009|14:37] C:\Program Files\SUPERAntiSpyware
[14/10/2008|09:13] C:\Program Files\Symantec
[31/10/2007|14:53] C:\Program Files\Ubisoft
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[26/06/2009|17:15] C:\Program Files\Veoh Networks
[02/03/2009|23:03] C:\Program Files\vghd
[08/10/2007|19:43] C:\Program Files\VideoLAN
[22/09/2009|12:05] C:\Program Files\VirtualDJ
[04/10/2009|11:36] C:\Program Files\Windows Calendar
[04/10/2009|11:36] C:\Program Files\Windows Collaboration
[04/10/2009|11:36] C:\Program Files\Windows Defender
[04/10/2009|11:36] C:\Program Files\Windows Journal
[06/11/2009|07:03] C:\Program Files\Windows Live
[06/11/2009|06:58] C:\Program Files\Windows Live SkyDrive
[10/12/2009|22:01] C:\Program Files\Windows Mail
[29/10/2009|11:03] C:\Program Files\Windows Media Player
[05/10/2007|09:49] C:\Program Files\Windows NT
[04/10/2009|11:36] C:\Program Files\Windows Photo Gallery
[18/11/2009|17:27] C:\Program Files\Windows Portable Devices
[18/08/2009|19:33] C:\Program Files\Windows scrabble
[04/10/2009|11:36] C:\Program Files\Windows Sidebar
[13/12/2009|01:23] C:\Program Files\WinRAR
[13/08/2009|15:25] C:\Program Files\World of Warcraft
[08/10/2008|21:34] C:\Program Files\WowCartographe
[18/08/2009|19:32] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[06/05/2007|20:23] C:\Program Files\Common Files\Adobe
[02/04/2009|20:33] C:\Program Files\Common Files\Blizzard Entertainment
[30/06/2008|18:34] C:\Program Files\Common Files\BOONTY Shared
[06/05/2007|20:20] C:\Program Files\Common Files\DESIGNER
[29/02/2008|16:21] C:\Program Files\Common Files\InstallShield
[15/03/2008|17:07] C:\Program Files\Common Files\Java
[06/05/2007|20:17] C:\Program Files\Common Files\LightScribe
[05/01/2010|19:23] C:\Program Files\Common Files\microsoft shared
[06/05/2007|20:18] C:\Program Files\Common Files\NewTech Infosystems
[17/05/2008|14:49] C:\Program Files\Common Files\Oberon Media
[08/01/2010|10:34] C:\Program Files\Common Files\PC Tools
[25/03/2008|18:16] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[14/10/2008|09:15] C:\Program Files\Common Files\Symantec Shared
[04/10/2009|11:36] C:\Program Files\Common Files\System
[06/11/2009|06:49] C:\Program Files\Common Files\Windows Live
[14/03/2008|17:54] C:\Program Files\Common Files\WindowsLiveInstaller
[03/03/2009|14:36] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 53 Processes )

iexplore.exe ~ [PID:3656]
iexplore.exe ~ [PID:820]

--------------------\\ Recherche avec S_Lop

C:\ProgramData\Upload Bags Bags.9ceva7
C:\ProgramData\Upload Bags Bags.owimem
C:\ProgramData\Upload Bags Bags.j8rl5rx
C:\ProgramData\Upload Bags Bags.y1ncj07
C:\ProgramData\Web move ooze.9cfvpss

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\Tool Eggs Less City
C:\ProgramData\Tool Eggs Less City\FORD BOOK.dat
C:\Users\viyo\AppData\Roaming\MICROS~1\Windows\Cookies\viyo@advertising[2].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Error mail"="\"C:\\ProgramData\\Upload Bags Bags.owimem\""
"LESS CITY AMEN SETUP"="\"C:\\ProgramData\\Web move ooze.9cfvpss\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 11:05:01
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 236

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:4][D:13]-> C:\Users\viyo\AppData\Local\Temp
[F:22][D:1]-> C:\Users\viyo\AppData\Roaming\MICROS~1\Windows\Cookies
[F:294][D:9]-> C:\Users\viyo\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:7][D:4]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 08/01/2010|11:06 - Option : [1]

--------------------\\ Fin du rapport a 11:06:52
[ UAC => 1 ]
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
Balkiara Messages postés 21 Statut Membre
 
\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : viyo ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:111 Go (Free:33 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 08/01/2010|11:10 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\ProgramData\Tool Eggs Less City\FORD BOOK.dat
Supprime! - C:\Users\viyo\AppData\Roaming\MICROS~1\Windows\Cookies\viyo@advertising[2].txt
Supprime! - C:\ProgramData\Upload Bags Bags.9ceva7
Supprime! - C:\ProgramData\Upload Bags Bags.owimem
Supprime! - C:\ProgramData\Upload Bags Bags.j8rl5rx
Supprime! - C:\ProgramData\Upload Bags Bags.y1ncj07
Supprime! - C:\ProgramData\Web move ooze.9cfvpss
Supprime! - C:\ProgramData\Tool Eggs Less City
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[05/10/2007|11:23] C:\Users\viyo\AppData\Local\Acer Arcade Live
[05/10/2007|10:37] C:\Users\viyo\AppData\Local\Adobe
[02/11/2008|22:46] C:\Users\viyo\AppData\Local\Apple
[02/11/2008|22:48] C:\Users\viyo\AppData\Local\Apple Computer
[05/10/2007|09:53] C:\Users\viyo\AppData\Local\Application Data
[06/11/2009|19:24] C:\Users\viyo\AppData\Local\Apps
[05/01/2010|16:45] C:\Users\viyo\AppData\Local\Blizzard Entertainment
[09/10/2007|11:08] C:\Users\viyo\AppData\Local\CyberLink
[03/04/2008|14:01] C:\Users\viyo\AppData\Local\d3d8caps.dat
[16/04/2009|19:25] C:\Users\viyo\AppData\Local\d3d9caps.dat
[07/01/2010|11:54] C:\Users\viyo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[06/11/2009|19:35] C:\Users\viyo\AppData\Local\Deployment
[26/02/2009|00:15] C:\Users\viyo\AppData\Local\DVDivine
[15/03/2008|17:35] C:\Users\viyo\AppData\Local\eMule
[13/08/2009|21:49] C:\Users\viyo\AppData\Local\GDIPFONTCACHEV1.DAT
[06/11/2009|20:09] C:\Users\viyo\AppData\Local\Google
[05/10/2007|09:53] C:\Users\viyo\AppData\Local\Historique
[09/10/2007|11:08] C:\Users\viyo\AppData\Local\HomeMedia
[08/01/2010|10:49] C:\Users\viyo\AppData\Local\IconCache.db
[27/02/2009|19:19] C:\Users\viyo\AppData\Local\Microsoft
[01/11/2007|11:15] C:\Users\viyo\AppData\Local\Microsoft Games
[26/01/2009|14:45] C:\Users\viyo\AppData\Local\Microsoft Help
[17/04/2008|17:54] C:\Users\viyo\AppData\Local\MigWiz
[18/05/2008|17:00] C:\Users\viyo\AppData\Local\Oberon Media
[05/01/2010|19:54] C:\Users\viyo\AppData\Local\PackageAware
[07/01/2010|19:15] C:\Users\viyo\AppData\Local\PokerStars
[05/10/2007|09:54] C:\Users\viyo\AppData\Local\PowerCinema
[08/04/2008|17:57] C:\Users\viyo\AppData\Local\Seven Zip
[25/09/2008|09:59] C:\Users\viyo\AppData\Local\Sony
[08/01/2010|11:11] C:\Users\viyo\AppData\Local\Temp
[05/10/2007|09:53] C:\Users\viyo\AppData\Local\Temporary Internet Files
[08/01/2010|10:33] C:\Users\viyo\AppData\Local\Threat Expert
[05/10/2007|11:23] C:\Users\viyo\AppData\Local\VideoMagician
[25/03/2008|19:24] C:\Users\viyo\AppData\Local\VirtualStore
[28/01/2009|23:05] C:\Users\viyo\AppData\Local\Windows Live Writer

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[07/01/2010 10:22][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{ACC6481B-9B5B-4DAB-BCF8-CDC180BBBC9A}.job
[08/01/2010 10:52][--a------] C:\Windows\tasks\Google Software Updater.job
[01/01/2010 23:44][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - viyo.job
[08/01/2010 10:50][--ah-----] C:\Windows\tasks\SA.DAT
[08/01/2010 10:49][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[08/04/2008|17:58] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[06/01/2010|10:48] C:\ProgramData\{7516B6E8-5C01-4895-B079-DFC32A4ADEE1}
[06/05/2007|20:23] C:\ProgramData\Adobe
[02/11/2008|22:46] C:\ProgramData\Apple
[02/11/2006|14:02] C:\ProgramData\Application Data
[15/10/2008|14:33] C:\ProgramData\Blizzard
[13/08/2009|23:31] C:\ProgramData\Blizzard Entertainment
[30/06/2008|18:34] C:\ProgramData\BOONTY
[05/10/2007|09:49] C:\ProgramData\Bureau
[09/10/2007|18:07] C:\ProgramData\CanonBJ
[06/01/2010|10:48] C:\ProgramData\Common Toolkit Suite
[16/10/2008|15:23] C:\ProgramData\CyberLink
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[20/03/2008|00:10] C:\ProgramData\Downloaded Installations
[15/03/2008|17:37] C:\ProgramData\eMule
[08/04/2008|18:00] C:\ProgramData\EPSON
[05/10/2007|09:49] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[05/01/2010|15:18] C:\ProgramData\Google
[07/01/2010|17:40] C:\ProgramData\Google Updater
[31/03/2008|16:35] C:\ProgramData\Hercules
[06/01/2010|19:43] C:\ProgramData\Malwarebytes
[05/10/2007|09:49] C:\ProgramData\Menu D‚marrer
[18/11/2009|14:54] C:\ProgramData\Micro Application
[06/11/2009|07:01] C:\ProgramData\Microsoft
[10/12/2009|12:42] C:\ProgramData\Microsoft Help
[05/10/2007|09:49] C:\ProgramData\ModŠles
[09/08/2009|10:59] C:\ProgramData\NOS
[09/10/2007|11:07] C:\ProgramData\NtiDvdCopy
[20/03/2009|10:45] C:\ProgramData\Oberon Media
[18/05/2008|17:00] C:\ProgramData\PopCap
[02/11/2006|14:02] C:\ProgramData\Start Menu
[03/03/2009|14:37] C:\ProgramData\SUPERAntiSpyware.com
[04/08/2008|22:52] C:\ProgramData\Symantec
[08/01/2010|10:50] C:\ProgramData\TEMP
[02/11/2006|14:02] C:\ProgramData\Templates
[29/02/2008|16:18] C:\ProgramData\UDL
[31/03/2008|17:46] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[06/05/2007|20:33] C:\Program Files\Acer Arcade Live
[08/08/2007|08:27] C:\Program Files\Acer Inc
[06/05/2007|20:22] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[06/05/2007|20:23] C:\Program Files\Adobe
[08/01/2010|10:59] C:\Program Files\Ad-Remover
[06/01/2010|22:07] C:\Program Files\ALCATEL PC Suite
[15/03/2008|00:09] C:\Program Files\Alwil Software
[02/11/2008|22:46] C:\Program Files\Apple Software Update
[08/08/2007|08:25] C:\Program Files\ATI
[19/08/2009|13:08] C:\Program Files\Audacity
[22/06/2008|17:58] C:\Program Files\bfgclient
[22/07/2008|19:19] C:\Program Files\Blender Foundation
[13/04/2008|19:28] C:\Program Files\CCleaner
[06/01/2010|10:47] C:\Program Files\Common Files
[16/04/2009|23:17] C:\Program Files\Curse
[06/05/2007|20:30] C:\Program Files\CyberLink
[05/10/2007|18:59] C:\Program Files\directx
[24/02/2009|20:24] C:\Program Files\DivX
[18/03/2008|17:12] C:\Program Files\eMule
[29/02/2008|16:17] C:\Program Files\epson
[05/10/2007|09:49] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[05/01/2010|19:59] C:\Program Files\Fighters
[05/01/2010|19:29] C:\Program Files\Google
[31/03/2008|15:30] C:\Program Files\Hercules
[06/01/2010|23:22] C:\Program Files\hijackthis[1]
[14/12/2009|18:03] C:\Program Files\InstallShield Installation Information
[10/12/2009|22:01] C:\Program Files\Internet Explorer
[21/02/2009|09:29] C:\Program Files\Java
[26/01/2009|15:05] C:\Program Files\JRE
[06/01/2010|19:44] C:\Program Files\Malwarebytes' Anti-Malware
[14/12/2009|18:03] C:\Program Files\Micro Application
[06/11/2009|07:03] C:\Program Files\Microsoft
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[06/05/2007|20:22] C:\Program Files\Microsoft Office
[09/11/2009|11:09] C:\Program Files\Microsoft Silverlight
[06/11/2009|07:00] C:\Program Files\Microsoft SQL Server Compact Edition
[06/11/2009|07:02] C:\Program Files\Microsoft Sync Framework
[16/10/2009|09:21] C:\Program Files\Microsoft Works
[06/05/2007|20:20] C:\Program Files\Microsoft.NET
[27/08/2008|12:55] C:\Program Files\Mindscape
[19/02/2009|21:06] C:\Program Files\Minilyrics
[04/10/2009|11:36] C:\Program Files\Movie Maker
[02/11/2006|13:37] C:\Program Files\MSBuild
[15/03/2008|13:00] C:\Program Files\MSXML 4.0
[06/05/2007|20:18] C:\Program Files\NewTech Infosystems
[14/10/2008|09:15] C:\Program Files\Norton Internet Security
[20/03/2009|10:42] C:\Program Files\Oberon Media
[13/09/2009|12:52] C:\Program Files\oovooToolbar
[26/01/2009|15:05] C:\Program Files\OpenOffice.org 3
[24/05/2009|15:37] C:\Program Files\PC Tools Firewall Plus
[07/01/2010|10:34] C:\Program Files\PokerStars
[06/05/2007|20:05] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[23/03/2008|17:06] C:\Program Files\SAGEM
[08/10/2007|19:43] C:\Program Files\SLD Codec Pack
[25/09/2008|09:53] C:\Program Files\Sony Setup
[03/03/2009|14:37] C:\Program Files\SUPERAntiSpyware
[14/10/2008|09:13] C:\Program Files\Symantec
[31/10/2007|14:53] C:\Program Files\Ubisoft
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[26/06/2009|17:15] C:\Program Files\Veoh Networks
[02/03/2009|23:03] C:\Program Files\vghd
[08/10/2007|19:43] C:\Program Files\VideoLAN
[22/09/2009|12:05] C:\Program Files\VirtualDJ
[04/10/2009|11:36] C:\Program Files\Windows Calendar
[04/10/2009|11:36] C:\Program Files\Windows Collaboration
[04/10/2009|11:36] C:\Program Files\Windows Defender
[04/10/2009|11:36] C:\Program Files\Windows Journal
[06/11/2009|07:03] C:\Program Files\Windows Live
[06/11/2009|06:58] C:\Program Files\Windows Live SkyDrive
[10/12/2009|22:01] C:\Program Files\Windows Mail
[29/10/2009|11:03] C:\Program Files\Windows Media Player
[05/10/2007|09:49] C:\Program Files\Windows NT
[04/10/2009|11:36] C:\Program Files\Windows Photo Gallery
[18/11/2009|17:27] C:\Program Files\Windows Portable Devices
[18/08/2009|19:33] C:\Program Files\Windows scrabble
[04/10/2009|11:36] C:\Program Files\Windows Sidebar
[13/12/2009|01:23] C:\Program Files\WinRAR
[13/08/2009|15:25] C:\Program Files\World of Warcraft
[08/10/2008|21:34] C:\Program Files\WowCartographe
[18/08/2009|19:32] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[06/05/2007|20:23] C:\Program Files\Common Files\Adobe
[02/04/2009|20:33] C:\Program Files\Common Files\Blizzard Entertainment
[30/06/2008|18:34] C:\Program Files\Common Files\BOONTY Shared
[06/05/2007|20:20] C:\Program Files\Common Files\DESIGNER
[29/02/2008|16:21] C:\Program Files\Common Files\InstallShield
[15/03/2008|17:07] C:\Program Files\Common Files\Java
[06/05/2007|20:17] C:\Program Files\Common Files\LightScribe
[05/01/2010|19:23] C:\Program Files\Common Files\microsoft shared
[06/05/2007|20:18] C:\Program Files\Common Files\NewTech Infosystems
[17/05/2008|14:49] C:\Program Files\Common Files\Oberon Media
[08/01/2010|10:34] C:\Program Files\Common Files\PC Tools
[25/03/2008|18:16] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[14/10/2008|09:15] C:\Program Files\Common Files\Symantec Shared
[04/10/2009|11:36] C:\Program Files\Common Files\System
[06/11/2009|06:49] C:\Program Files\Common Files\Windows Live
[14/03/2008|17:54] C:\Program Files\Common Files\WindowsLiveInstaller
[03/03/2009|14:36] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 52 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 11:11:13
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 236

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:2][D:13]-> C:\Users\viyo\AppData\Local\Temp
[F:21][D:1]-> C:\Users\viyo\AppData\Roaming\MICROS~1\Windows\Cookies
[F:296][D:9]-> C:\Users\viyo\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:7][D:4]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 08/01/2010|11:06 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 08/01/2010|11:13 - Option : [2]

--------------------\\ Fin du rapport a 11:13:02
[ UAC => 1 ]
0
Réponse 6 / 19
Balkiara Messages postés 21 Statut Membre
 
############################## | UsbFix V6.071 |

User : viyo (Administrateurs) # PC-DE-VIYO
Update on 06/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:44:15 | 08/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled
AV : Norton Internet Security 2007 [ Enabled | (!) Outdated ]
FW : Norton Internet Security[ Enabled ]2007

C:\ -> Disque fixe local # 111,7 Go (19,15 Go free) [ACER] # NTFS
D:\ -> Disque fixe local # 111,43 Go (33,57 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible # 1,84 Go (1,29 Go free) [DS] # FAT

############################## | Processus actifs |

C:\Windows\System32\smss.exe 524
C:\Windows\system32\csrss.exe 608
C:\Windows\system32\wininit.exe 660
C:\Windows\system32\csrss.exe 668
C:\Windows\system32\services.exe 708
C:\Windows\system32\lsass.exe 720
C:\Windows\system32\lsm.exe 728
C:\Windows\system32\winlogon.exe 808
C:\Windows\system32\svchost.exe 916
C:\Windows\system32\svchost.exe 976
C:\Windows\System32\svchost.exe 1032
C:\Windows\System32\svchost.exe 1120
C:\Windows\System32\svchost.exe 1168
C:\Windows\system32\svchost.exe 1212
C:\Windows\system32\svchost.exe 1324
C:\Windows\system32\SLsvc.exe 1344
C:\Windows\system32\svchost.exe 1416
C:\Windows\system32\svchost.exe 1584
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 1668
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe 1744
C:\Windows\System32\spoolsv.exe 464
C:\Windows\system32\svchost.exe 556
C:\Windows\system32\taskeng.exe 2108
C:\Windows\system32\Dwm.exe 2156
C:\Windows\Explorer.EXE 2228
C:\Windows\RtHDVCpl.exe 2432
C:\Windows\System32\rundll32.exe 2476
C:\Program Files\Java\jre6\bin\jusched.exe 2488
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe 2496
C:\Program Files\Windows Sidebar\sidebar.exe 2536
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2608
C:\Windows\System32\rundll32.exe 2620
C:\Windows\System32\p2phost.exe 2632
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2644
C:\Program Files\Windows Media Player\wmpnscfg.exe 2652
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe 2684
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE 2692
C:\Program Files\OpenOffice.org 3\program\soffice.exe 2800
C:\Program Files\OpenOffice.org 3\program\soffice.bin 2892
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE 3076
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE 3148
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe 3184
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe 3204
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 3300
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 3432
C:\Program Files\PC Tools Firewall Plus\FWService.exe 3476
C:\Program Files\Windows Media Player\wmplayer.exe 3572
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 3620
C:\Windows\system32\svchost.exe 3744
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 3756
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 3792
C:\Windows\system32\svchost.exe 3868
C:\Windows\System32\svchost.exe 3908
C:\Windows\system32\SearchIndexer.exe 3940
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 4080
C:\Windows\system32\WUDFHost.exe 1176
C:\Program Files\Windows Media Player\wmpnetwk.exe 2880
C:\Windows\system32\wbem\wmiprvse.exe 1504
C:\Windows\system32\wbem\wmiprvse.exe 4332
C:\Windows\system32\taskeng.exe 5968
C:\Program Files\Internet Explorer\iexplore.exe 2848
C:\Program Files\Internet Explorer\iexplore.exe 4524
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe 5580
C:\Windows\system32\conime.exe 2572
C:\Windows\servicing\TrustedInstaller.exe 4916
C:\Windows\system32\consent.exe 2928

################## | Elements infectieux |

D:\autorun.inf
D:\MS32DLL.dll.vbs

################## | Registre |

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"

################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\K
shell\AutoRun\command =K:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{0a38fe51-4cba-11dd-be7a-001c25247ffb}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{7966bee5-ca91-11dc-ba19-001c25247ffb}
shell\AutoRun\command =J:\AutoRun.exe

HKCU\..\..\Explorer\MountPoints2\{9133d9be-62f1-11de-b132-001c25247ffb}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Key-Installer.exe
shell\default\command =J:\Key-Installer.exe

HKCU\..\..\Explorer\MountPoints2\{b1ace00c-ab68-11dc-b944-001c25247ffb}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\Key-Installer.exe
shell\default\command =K:\Key-Installer.exe

HKCU\..\..\Explorer\MountPoints2\{b1ace00f-ab68-11dc-b944-001c25247ffb}
shell\AutoRun\command =J:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{b1cfd92b-e703-11de-a386-001c25247ffb}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Key-Installer.exe
shell\default\command =Key-Installer.exe

HKCU\..\..\Explorer\MountPoints2\{b1cfd92f-e703-11de-a386-001c25247ffb}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Key-Installer.exe
shell\default\command =Key-Installer.exe

HKCU\..\..\Explorer\MountPoints2\{c941665b-f82a-11dd-9c2b-001c25247ffb}
shell\AutoRun\command =F:\DPFMate.exe

################## | Cracks > Keygens > Serials |

"D:\music's\yoyo\steve\nico stef\Nero 8 + keygen\Nero-8.3.6.0_fra_trial.exe"
28/07/2008 15:20 |Size 200420344 |Crc32 4142a6ca |Md5 84321f72f6381576e3828e636acbc6ac

"D:\music's\yoyo\steve\nico stef\Nero 8 + keygen\Keygen\keymaker.exe"
23/03/2008 08:31 |Size 398848 |Crc32 ed49a48b |Md5 b8f4c37bbbe4eb5403986f7bc7985f7a


################## | ! Fin du rapport # UsbFix V6.071 ! |

! |
0
Réponse 7 / 19
Balkiara Messages postés 21 Statut Membre
 
############################## | UsbFix V6.071 |

User : viyo (Administrateurs) # PC-DE-VIYO
Update on 06/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:51:27 | 08/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled
AV : Norton Internet Security 2007 [ Enabled | (!) Outdated ]
FW : Norton Internet Security[ Enabled ]2007

C:\ -> Disque fixe local # 111,7 Go (19,18 Go free) [ACER] # NTFS
D:\ -> Disque fixe local # 111,43 Go (33,57 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible # 1,84 Go (1,29 Go free) [DS] # FAT

############################## | Processus actifs |

C:\Windows\System32\smss.exe 460
C:\Windows\system32\csrss.exe 580
C:\Windows\system32\wininit.exe 632
C:\Windows\system32\csrss.exe 640
C:\Windows\system32\services.exe 680
C:\Windows\system32\lsass.exe 692
C:\Windows\system32\lsm.exe 700
C:\Windows\system32\winlogon.exe 768
C:\Windows\system32\svchost.exe 892
C:\Windows\system32\svchost.exe 952
C:\Windows\System32\svchost.exe 992
C:\Windows\system32\LogonUI.exe 1036
C:\Windows\System32\svchost.exe 1108
C:\Windows\System32\svchost.exe 1144
C:\Windows\system32\svchost.exe 1156
C:\Windows\system32\svchost.exe 1296
C:\Windows\system32\SLsvc.exe 1312
C:\Windows\system32\svchost.exe 1388
C:\Windows\system32\svchost.exe 1520
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 1604
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe 1716
C:\Windows\System32\spoolsv.exe 1968
C:\Windows\system32\svchost.exe 2028
C:\Windows\system32\userinit.exe 1428
C:\Windows\system32\Dwm.exe 1344
C:\Windows\system32\taskeng.exe 2060
C:\Windows\Explorer.EXE 2116
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe 2320
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe 2340
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 2432
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2560
C:\Program Files\PC Tools Firewall Plus\FWService.exe 2608
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 2696
C:\Windows\system32\svchost.exe 2744
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2756
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2780
C:\Windows\system32\svchost.exe 2816
C:\Windows\System32\svchost.exe 2856
C:\Windows\system32\SearchIndexer.exe 2896
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 2952
C:\Windows\system32\WUDFHost.exe 3044
C:\Windows\system32\runonce.exe 3476
C:\Windows\system32\wbem\wmiprvse.exe 3532
C:\Windows\system32\conime.exe 3564

################## | Elements infectieux |

Supprimé ! C:\$Recycle.Bin\S-1-5-18
Supprimé ! C:\$Recycle.Bin\S-1-5-20
Supprimé ! C:\$Recycle.Bin\S-1-5-21-106716856-121279866-2024856251-1000
Supprimé ! C:\$Recycle.Bin\S-1-5-21-106716856-121279866-2024856251-500
Supprimé ! D:\MS32DLL.dll.vbs
Supprimé ! D:\autorun.inf
Supprimé ! D:\$Recycle.Bin\S-1-5-18
Supprimé ! D:\$Recycle.Bin\S-1-5-20
Supprimé ! D:\$Recycle.Bin\S-1-5-21-106716856-121279866-2024856251-1000
Supprimé ! D:\$Recycle.Bin\S-1-5-21-106716856-121279866-2024856251-500

################## | Registre |

Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"

################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\K\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{0a38fe51-4cba-11dd-be7a-001c25247ffb}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{7966bee5-ca91-11dc-ba19-001c25247ffb}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9133d9be-62f1-11de-b132-001c25247ffb}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{b1ace00c-ab68-11dc-b944-001c25247ffb}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{b1ace00f-ab68-11dc-b944-001c25247ffb}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{b1cfd92b-e703-11de-a386-001c25247ffb}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{b1cfd92f-e703-11de-a386-001c25247ffb}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c941665b-f82a-11dd-9c2b-001c25247ffb}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[06/05/2007 20:29|--a------|3358] C:\-20070506.log
[08/01/2010 10:55|--a------|5760] C:\Ad-Report-CLEAN[1].log
[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[09/07/2004 08:13|--a------|703080] C:\BDA.cab
[19/07/2004 21:58|--a------|1156363] C:\BDANT.cab
[19/07/2004 21:53|--a------|976020] C:\BDAXP.cab
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr
[07/05/2007 04:44|-ra-s----|8192] C:\BOOTSECT.BAK
[18/09/2006 22:43|--a------|10] C:\config.sys
[16/07/2004 13:30|--a------|3858] C:\directx redist.txt
[09/07/2004 08:13|--a------|15493481] C:\DirectX.cab
[09/07/2004 02:03|--a------|62976] C:\DSETUP.dll
[09/07/2004 03:08|--a------|2242560] C:\dsetup32.dll
[09/07/2004 13:17|--a------|13265040] C:\dxnt.cab
[09/07/2004 03:08|--a------|472576] C:\dxsetup.exe
[?|?|?] C:\hiberfil.sys
[13/10/2008 12:58|-rahs----|0] C:\IO.SYS
[08/01/2010 11:13|--a------|13507] C:\lopR.txt
[22/07/2004 09:51|--a------|3432656] C:\ManagedDX.CAB
[29/11/2006 16:35|--a------|512] C:\MDR.iss
[13/10/2008 12:58|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[06/05/2007 20:06|--a------|420] C:\RHDSetup.log
[23/03/2008 17:06|--a------|159] C:\Setup.log
[08/01/2010 11:55|--a------|5825] C:\UsbFix.txt
[19/11/2009 19:34|--a------|3148904] D:\Bruce Springsteen - Streets of Philadelphia.mp3
[21/05/2009 12:49|--a------|3615286] D:\Olivia_Ruiz_elle_panique.mp3
[21/11/2009 21:06|--a------|3513782] D:\Peter Kingsbery - Only The Very Best 90.mp3
[18/11/2009 20:18|--a------|7863693] D:\The Cranberries - 03 - Promises.mp3
[18/11/2009 19:11|--a------|7429223] D:\The Cranberries - 03 - Zombie.mp3
[21/11/2009 20:36|--a------|4231348] D:\The Cranberries - Animal Instinct.mp3
[18/11/2009 18:34|--a------|6193527] D:\The Cranberries - Dreams.mp3
[21/11/2009 20:45|--a------|4006183] D:\the cranberries analyse.mp3
[30/12/2009 12:37|--a------|5183] D:\VirtualDJ Local Database v6.xml
[25/08/2009 17:07|--a------|2097152] J:\F_CORE.DAT

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# J:\autorun.inf -> Dossier créé par UsbFix.

################## | Crack > Keygen > Serial |

"D:\music's\yoyo\steve\nico stef\Nero 8 + keygen\Nero-8.3.6.0_fra_trial.exe"
28/07/2008 15:20 |Size 200420344 |Crc32 4142a6ca |Md5 84321f72f6381576e3828e636acbc6ac

"D:\music's\yoyo\steve\nico stef\Nero 8 + keygen\Keygen\keymaker.exe"
23/03/2008 08:31 |Size 398848 |Crc32 ed49a48b |Md5 b8f4c37bbbe4eb5403986f7bc7985f7a
0
Réponse 8 / 19
Balkiara Messages postés 21 Statut Membre
 
Voila, je pense avoir tout fait comme il faut j'attends maintenant tes consignes pour la suite.
Merci de ta réponse :)
0
Réponse 9 / 19
Utilisateur anonyme
 
Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur all

ne modifie pas ceci :

"files created whithin" et "files modified whithin"

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt".
0
Réponse 10 / 19
Balkiara Messages postés 21 Statut Membre
 
http://www.cijoint.fr/cjlink.php?file=cj201001/cijByjlMpw.txt

http://www.cijoint.fr/cjlink.php?file=cj201001/cijFQ9JMz1.txt

Voilà, mais peux tu m'expliquer vite fait à quoi sert tout ca?? je te suis à l'aveugle^^

Merci
0
Réponse 11 / 19
Utilisateur anonyme
 
differents outils pour eradiquer differentes infections ^^

▶ Double clic sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:services
Boonty Games

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-21-106716856-121279866-2024856251-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-106716856-121279866-2024856251-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C31F31E6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify"=-
"InternetSettingsDisableNotify"=-
"AutoUpdateDisableNotify"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

:files
C:\Users\Public\Desktop\SPYWAREfighter.lnk
C:\Users\viyo\AppData\Roaming\comidle

:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur RunFix pour lancer la suppression.


▶ Poste le rapport.
0
Réponse 12 / 19
Balkiara Messages postés 21 Statut Membre
 
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Service Boonty Games stopped successfully!
Service Boonty Games deleted successfully!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-106716856-121279866-2024856251-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-106716856-121279866-2024856251-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\ProgramData\TEMP:C31F31E6 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\TEMP:C46995DA deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UacDisableNotify deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\InternetSettingsDisableNotify deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AutoUpdateDisableNotify deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
C:\Users\Public\Desktop\SPYWAREfighter.lnk moved successfully.
C:\Users\viyo\AppData\Roaming\comidle folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Incomplete

User: Public

User: viyo
->Temp folder emptied: 59272 bytes
->Temporary Internet Files folder emptied: 140773446 bytes
->Java cache emptied: 9901809 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 678 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 144,00 mb


OTL by OldTimer - Version 3.1.21.2 log created on 01082010_195108

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
0
Réponse 13 / 19
Utilisateur anonyme
 
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



▶ Télécharge :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0
Réponse 14 / 19
Balkiara Messages postés 21 Statut Membre
 
J'avais déjà téléchargé cette application je n'ai plus qu'à faire le scan alors!!
Je lance ca et je poste merci.
0
Réponse 15 / 19
Utilisateur anonyme
 
non retelecharge-le de mahniere a etre sur qu il soit a jour
0
Réponse 16 / 19
Balkiara Messages postés 21 Statut Membre
 
Re,

J'avais téléchargé l'application il y a 2 jours donc voici mon post d'aujourd'hui et je te mets ensuite celui d'il y a 2 jours je pense que le scan est bon??

Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3502
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

08/01/2010 21:58:00
mbam-log-2010-01-08 (21-58-00).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 236498
Temps écoulé: 1 hour(s), 25 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Voici celui d'il y a 2 jours :

Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3502
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

06/01/2010 19:56:16
mbam-log-2010-01-06 (19-56-16).txt

Type de recherche: Examen rapide
Eléments examinés: 99330
Temps écoulé: 6 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aiuoogw (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title (Hijacked.WindowTitle) -> Bad: (Hacked by Godzilla) Good: (Internet Explorer) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\viyo\Local Settings\Application Data\aiuoogw_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\viyo\Local Settings\Application Data\aiuoogw_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\viyo\Local Settings\Application Data\aiuoogw.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\viyo\Local Settings\Application Data\aiuoogw.exe (Adware.Navipromo.H) -> Delete on reboot.
c:\Users\viyo\AppData\Local\aiuoogw.exe (Trojan.Agent.H) -> Delete on reboot.
0
Réponse 17 / 19
Utilisateur anonyme
 
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

0
Réponse 18 / 19
Balkiara Messages postés 21 Statut Membre
 
List'em by g3n-h@ckm@n 1.1.8.2

Thx to El Desaparecido.....& CCM team

User : viyo (Administrateurs) # PC-DE-VIYO
Update on 14/01/2010 by g3n-h@ckm@n ::::: 02:50
Start at: 15:33:51 | 14/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled
AV : Norton Internet Security 2007 [ Enabled | (!) Outdated ]
FW : Norton Internet Security[ Enabled ]2007

C:\ -> Disque fixe local | 111,7 Go (20,16 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 111,43 Go (48,03 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\Users\viyo\AppData\Local\Temp\89D7.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Acer Tour Reminder REG_SZ
EPSON Stylus DX4400 Series REG_SZ C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_SEDD7.tmp" /EF "HKCU"
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
CollaborationHost REG_SZ C:\Windows\system32\p2phost.exe -s
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
OE Backup REG_SZ "C:\Program Files\Bodrag\Outlook Express Backup Expert\OEBackup.exe" /start
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RtHDVCpl REG_SZ RtHDVCpl.exe
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
00PCTFW REG_SZ "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
SWPROguard REG_SZ C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 128 (0x80)
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
HonorAutoRunSetting REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)
NoActiveDesktopChanges REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 128 (0x80)
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
HonorAutoRunSetting REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9F23983F-F8C6-06B2-C42D-46D11A435983}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
Wlansvc : 0x3
SharedAccess : 0x4
windefend : 0x2
wuauserv : 0x2
wscsvc : 0x2

=========

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C: ACER

Taille du volume = 112 Go
Espace libre = 20.17 Go
tendue d'espace libre la plus grande = 7.51 Go
Pourcentage de fragmentation des fichiers = 0 %

Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

Il n'est pas n‚cessaire de d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Windows\System32\uniq.tll
C:\Users\viyo\LOCAL Settings\Temp\SearchWithGoogleUpdate.exe

¤¤¤¤¤¤¤¤¤¤ Keys :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoActiveDesktopChanges"
HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
HKCR\Interface\{ec1a2105-5621-440f-987d-27ef428131d9}
HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 15:39:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

Acer Arcade Live
Acer Inc
Activation Assistant for the 2007 Microsoft Office suites
Ad-Remover
Adobe
ALCATEL PC Suite
Alwil Software
Apple Software Update
ATI
Audacity
BDA.cab
BDANT.cab
BDAXP.cab
bfgclient
Blender Foundation
CCleaner
Common Files
Curse
CyberLink
desktop.ini
directx
directx redist.txt
DirectX.cab
DivX
DSETUP.dll
dsetup32.dll
dxnt.cab
dxsetup.exe
eMule
epson
Fichiers communs
Fighters
Google
Hercules
HijackThis.exe
hijackthis.log
hijackthis[1]
InstallShield Installation Information
Internet Explorer
Java
JRE
List_Kill'em
Malwarebytes' Anti-Malware
ManagedDX.CAB
Micro Application
Microsoft
Microsoft Games
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Works
Microsoft.NET
Mindscape
Minilyrics
Movie Maker
MSBuild
MSXML 4.0
NewTech Infosystems
Norton Internet Security
Oberon Media
oovooToolbar
OpenOffice.org 3
PC Tools Firewall Plus
PokerStars
Realtek
Reference Assemblies
SAGEM
SLD Codec Pack
Sony Setup
SUPERAntiSpyware
Symantec
Ubisoft
Uninstall Information
Veoh Networks
vghd
VideoLAN
VirtualDJ
Windows Calendar
Windows Collaboration
Windows Defender
Windows Journal
Windows Live
Windows Live SkyDrive
Windows Mail
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Portable Devices
Windows scrabble
Windows Sidebar
WinRAR
World of Warcraft
WowCartographe
Yahoo!

============
Lecteur C:
============

$RECYCLE.BIN
-20070506.log
Acer
AcerSW
Ad-Report-CLEAN[1].log
Adobe Reader 7.0
autoexec.bat
autorun.inf
BDA.cab
BDANT.cab
BDAXP.cab
BigFishGamesCache
Boonty
Boot
bootmgr
BOOTSECT.BAK
config.sys
directx redist.txt
DirectX.cab
Documents and Settings
DRV
DSETUP.dll
dsetup32.dll
dxnt.cab
dxsetup.exe
hiberfil.sys
IO.SYS
Kill'em
List'em.txt
Lop SD
lopR.txt
Lyrics
ManagedDX.CAB
MDR.iss
MSDOS.SYS
MSOCache
NVIDIA
pagefile.sys
PerfLogs
Program Files
ProgramData
RHDSetup.log
Setup.log
System Volume Information
Users
Windows
_OTL

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\Program Files\Common Files\Symantec Shared\coShared\Common\1.0\Patch25d.dll
C:\Program Files\Common Files\Symantec Shared\IDS\Patch25.dll
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\Blizzard Updater.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\wow-final.MPQ
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\wow-partial-1.MPQ
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\wow-partial-2.MPQ
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\Blizzard Updater.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\wow-final.MPQ
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\wow-partial-1.MPQ
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\wow-partial-2.MPQ
C:\Users\Public\Games\World of Warcraft\Patch.html
C:\Users\Public\Games\World of Warcraft\Patch.txt
D:\jeux\Warcraft III\Patch.txt
D:\music's\yoyo\steve\nico stef\Nero 8 + keygen\Keygen
D:\music's\yoyo\steve\nico stef\Nero 8 + keygen\Keygen\keymaker.exe
C:\$RECYCLE.BIN\S-1-5-21-106716856-121279866-2024856251-1000\$RDJH4TW\misctools\AutoDLDIPatch\AutoDLDIPatch.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\Install.exe
C:\Users\viyo\Desktop\200901161857_moonshell200beta5\misctools_ƒ?Ÿc?[Ÿ<\AutoDLDIPatch_Z¸"©DLDIŸpŸbŸ`"¤'×%zŸAŸ_ŸvŸ^O'îŸc?[Ÿ<\AutoDLDIPatch.exe




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 19 / 19
Utilisateur anonyme
 
tu l'as bien executé avec le clic droit "executer en tant qu'administrateur" ?

fais de meme pour ceci :

▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses