Sujet Précédent Sujet Suivant

«SOS»

wss -  
moment de grace Messages postés 30049 Statut Contributeur sécurité -
Bonjour,
svp je veux une solution efficace contre ce maudit personal securité
au démarage de l'ordinateur et quand sa fenetre s'affiche rien du contenu du bureau n'est affiché et quand je dépass les 30 secondes avant d'ouvrir une application ou quelque chose je dois redémarer l'ordinateurpour l'ouvrir dans cette période
svp je veux une solution et merci d'avance :)

72 réponses

Précédent
Réponse 21 / 72
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
tu es tres infecté !

rkill bloquera le virus qui te gene pour executer MalwareByte's Anti-Malware correctement

fais comme c'est indiqué
0
Réponse 22 / 72
wss
 
je l'ai téléchargé et maintenant il recherche des éléments infectés dans C:/ jusqu'a maintenant 28000 elémént examinés 14 inféctés 3 minutes passés que dois je faire aprés ?
0
Réponse 23 / 72
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
rien laisses travailler, ca peut être long
0
Réponse 24 / 72
wss
 
7 minutes 14 inféctés ca va durer plus qu'une heure ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 72
wss
 
l'examen est terminé 18 éléments inféctés que dois je faire
suprimer la selection ,ignorer,enregistrer le rapport, menu pricipal :D
0
Réponse 26 / 72
wss
 
????????????????????????????????????????????????????
0
Réponse 27 / 72
wss
 
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3519
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/01/2010 06:49:03
mbam-log-2010-01-08 (06-49-03).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 213069
Temps écoulé: 26 minute(s), 29 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
C:\Documents and Settings\yassine\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\???? ???? ??? ?? ????? ??????.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\?????? ????? ?????.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\?????? ????????.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\??????? ??? ????? ????? ??? ???? ???????.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e8cfc029-8420-4eae-adef-915bdc77e1dc} (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c20ee2d6-81c3-6a08-79c5-1989da43bc19} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\personalsec (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\meet great active lies (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dllhost (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\PersonalSecUninstall (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\win32extension.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\yassine\Local Settings\Temp\Rar$EX00.328\BaDBoY_V4.2_FiXeD_BY_Rodr_\BaDBoYv4.2.exe (Trojan.Armin) -> Quarantined and deleted successfully.
C:\Documents and Settings\yassine\Bureau\BadBoy v4.2\BaDBoYv4.2.exe (Trojan.Armin) -> Quarantined and deleted successfully.
C:\Documents and Settings\yassine\Application Data\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F062908-E86B-41F8-9616-62198837774D}\RP174\A0350575.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F062908-E86B-41F8-9616-62198837774D}\RP195\A0444504.exe (Trojan.Armin) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F062908-E86B-41F8-9616-62198837774D}\RP195\A0444506.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F062908-E86B-41F8-9616-62198837774D}\RP195\A0444508.exe (Trojan.Armin) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F062908-E86B-41F8-9616-62198837774D}\RP196\A0446750.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F062908-E86B-41F8-9616-62198837774D}\RP196\A0446786.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\Program Files\Bifrost\server.exe.UsbFix (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\PersonalSecUninstall\Uninstall.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\yassine\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\yassine\Application Data\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\yassine\Application Data\Microsoft\Internet Explorer\Quick Launch\PersonalSec.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\yassine\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
0
Réponse 28 / 72
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
ok

vider la quarantaine

relancer RSIT et poster juste le rapport log

0
Réponse 29 / 72
wss
 
comment vider la quarentaine ? etavant je dois redemarrer l'ordinateur
0
Réponse 30 / 72
wss
 
comment vider la quarentaine ?
0
Réponse 31 / 72
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
ouvrir MBAM
onglet quarantaine
tout supprimer
0
Réponse 32 / 72
wss
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by yassine at 2010-01-08 07:05:20
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 72 GB (63%) free of 114 GB
Total RAM: 511 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:05:28, on 08/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\yassine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\yassine\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\yassine\Bureau\RSIT.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\trend micro\yassine.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - (no file)
O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BITSUP] C:\DOCUME~1\yassine\APPLIC~1\HOPEME~1\film dumb.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\yassine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\yassine\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBB6D6FE-7AB8-4656-8A13-0327CC796FCE}: NameServer = 213.150.176.196,193.95.66.10
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service Google Update (gupdate1ca037134c7799a) (gupdate1ca037134c7799a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 33 / 72
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
Téléchargez Toolbar-S&D ( Merci à Eric_71, Angel Dark, Sham_Rock et XmichouX ) sur le Bureau

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

Lancez l'installation du programme en exécutant le fichier téléchargé.
Double-cliquez maintenant sur le raccourci de Toolbar-S&D.
Sélectionnez la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisir maintenant l'option 1 (Recherche). Patientez jusqu'à la fin de la recherche.
Postez le rapport généré. (C:\TB.txt)

Tuto: https://sites.google.com/site/toolbarsd/aideenimages
0
Réponse 34 / 72
wss
 
ca sert à quoi ? et peut tu me donner l'etat du pc ,?
0
Réponse 35 / 72
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
on est pas loin de la fin...

celui ci supprimes les toolbars nefastes

0
Réponse 36 / 72
wss
 
-----------\\ ToolBar S&D 1.2.9 XP/Vista

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 08/01/2010| 7:17 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\Cache\00E74E6A
C:\Program Files\AskBarDis\bar\Cache\00E75243.bin
C:\Program Files\AskBarDis\bar\Cache\00E755CD.bin
C:\Program Files\AskBarDis\bar\Cache\00E757D0.bin
C:\Program Files\AskBarDis\bar\Cache\00E75A13.bin
C:\Program Files\AskBarDis\bar\Cache\00E75C45.bin
C:\Program Files\AskBarDis\bar\Cache\00E75E78.bin
C:\Program Files\AskBarDis\bar\Cache\013C6D4F
C:\Program Files\AskBarDis\bar\History\search
C:\WINDOWS\iun6002.exe

-----------\\ Extensions

(yassine) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(yassine) - {bee6eb20-01e0-ebd1-da83-080329fb9a3a} => flashVideoDownload

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://search.bearshare.com/sidebar.html?src=ssb"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\pchook.dll
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\pwdcrack.exe
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\ReadMe_En.htm
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\ReadMe_Ru.htm
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\German.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Russian.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Espaniol.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Portugues [BR].lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Ukrainian.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Chinese[RPC].lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\French.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Nederlands.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Cesky.lng
C:\DOCUME~1\yassine\Bureau\wss\Bureau\?????? ? ?????\son\m4\le‡on2\office_crack.rar

1 - "C:\ToolBar SD\TB_1.txt" - 08/01/2010| 7:18 - Option : [1]

-----------\\ Fin du rapport a 7:18:49,39
0
Réponse 37 / 72
wss
 
et après ?
0
Réponse 38 / 72
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
bien
plusieurs choses à faire

1)
relances ToolBar SD option 2 suppression, postes le rapport

.........

2)

relancer Lop S&D option 2 suppression + hosts, poster le rapport

.............

3)

dernier outil à telecharcher

Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )

Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

Rend toi sur Cjoint : http://www.cijoint.fr/

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

Clique ensuite sur "Créer le lien cjoint " et copie/colle le dans ton prochain message

0
Réponse 39 / 72
wss
 
le rapport de toolbar sd

-----------\\ ToolBar S&D 1.2.9 XP/Vista

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 08/01/2010| 7:26 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\Program Files\AskBarDis

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(yassine) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(yassine) - {bee6eb20-01e0-ebd1-da83-080329fb9a3a} => flashVideoDownload

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://search.bearshare.com/sidebar.html?src=ssb"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\pchook.dll
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\pwdcrack.exe
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\ReadMe_En.htm
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\ReadMe_Ru.htm
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\German.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Russian.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Espaniol.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Portugues [BR].lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Ukrainian.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Chinese[RPC].lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\French.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Nederlands.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Cesky.lng
C:\DOCUME~1\yassine\Bureau\wss\Bureau\?????? ? ?????\son\m4\le‡on2\office_crack.rar

1 - "C:\ToolBar SD\TB_1.txt" - 08/01/2010| 7:18 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 08/01/2010| 7:28 - Option : [2]

-----------\\ Fin du rapport a 7:28:15,46
0
Réponse 40 / 72
wss
 
rapport de lop sd :
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 08/01/2010| 7:29 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\yassine\APPLIC~1\hopemessbook
Supprime! - C:\Program Files\hopemessbook

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[17/02/2004|18:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[30/12/2004|20:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
[17/02/2004|18:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[17/02/2004|18:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[17/02/2004|18:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[17/02/2004|18:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

[03/11/2009|20:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\0271
[20/08/2009|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\1290
[07/01/2010|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\2D2BF
[11/02/2008|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AceBIT
[02/09/2009|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/01/2010|07:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[09/06/2008|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon
[18/09/2009|15:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard
[13/08/2009|21:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[05/07/2009|01:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[24/04/2009|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[05/07/2009|01:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[23/02/2008|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
[16/12/2008|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\KONAMI
[08/01/2010|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[15/09/2009|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[17/02/2004|18:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[26/08/2009|00:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation
[09/05/2008|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[07/01/2006|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[22/08/2009|00:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[26/08/2009|00:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Drivers HeadQuarters
[24/04/2009|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[08/01/2010|03:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
[23/02/2008|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[07/07/2009|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[03/07/2009|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft chic meet great
[08/01/2010|03:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[07/07/2009|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[18/09/2008|21:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[17/02/2004|18:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[17/02/2004|18:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[11/02/2008|21:33] C:\DOCUME~1\yassine\APPLIC~1\AceBIT
[17/02/2004|18:33] C:\DOCUME~1\yassine\APPLIC~1\Adobe
[06/11/2009|08:21] C:\DOCUME~1\yassine\APPLIC~1\asoftech
[09/06/2008|12:17] C:\DOCUME~1\yassine\APPLIC~1\Babylon
[05/07/2009|17:47] C:\DOCUME~1\yassine\APPLIC~1\Bandoo
[05/06/2009|12:00] C:\DOCUME~1\yassine\APPLIC~1\CoSoSys
[30/12/2004|20:46] C:\DOCUME~1\yassine\APPLIC~1\CyberLink
[12/07/2009|16:52] C:\DOCUME~1\yassine\APPLIC~1\Desktopicon
[25/11/2009|10:54] C:\DOCUME~1\yassine\APPLIC~1\DMCache
[25/08/2009|23:58] C:\DOCUME~1\yassine\APPLIC~1\GetRightToGo
[12/09/2008|02:00] C:\DOCUME~1\yassine\APPLIC~1\Google
[04/03/2008|13:29] C:\DOCUME~1\yassine\APPLIC~1\Help
[21/09/2008|03:22] C:\DOCUME~1\yassine\APPLIC~1\Hewlett-Packard
[17/02/2004|18:30] C:\DOCUME~1\yassine\APPLIC~1\Identities
[25/11/2009|10:54] C:\DOCUME~1\yassine\APPLIC~1\IDM
[17/02/2004|18:33] C:\DOCUME~1\yassine\APPLIC~1\InterTrust
[12/07/2009|16:54] C:\DOCUME~1\yassine\APPLIC~1\JLC's Software
[11/09/2008|23:44] C:\DOCUME~1\yassine\APPLIC~1\Macromedia
[08/01/2010|03:08] C:\DOCUME~1\yassine\APPLIC~1\Malwarebytes
[17/02/2004|18:16] C:\DOCUME~1\yassine\APPLIC~1\Microsoft
[03/07/2009|23:15] C:\DOCUME~1\yassine\APPLIC~1\Mozilla
[22/02/2008|15:36] C:\DOCUME~1\yassine\APPLIC~1\MSN6
[24/04/2009|18:15] C:\DOCUME~1\yassine\APPLIC~1\Nokia
[13/08/2009|22:52] C:\DOCUME~1\yassine\APPLIC~1\OpenCandy
[24/04/2009|18:14] C:\DOCUME~1\yassine\APPLIC~1\PC Suite
[29/09/2008|15:48] C:\DOCUME~1\yassine\APPLIC~1\PC Tools
[17/08/2009|13:55] C:\DOCUME~1\yassine\APPLIC~1\PlayFirst
[01/02/2008|11:40] C:\DOCUME~1\yassine\APPLIC~1\Real
[08/08/2009|15:22] C:\DOCUME~1\yassine\APPLIC~1\Samsung
[07/07/2009|20:00] C:\DOCUME~1\yassine\APPLIC~1\skypePM
[24/02/2008|11:34] C:\DOCUME~1\yassine\APPLIC~1\Sony Ericsson
[17/02/2004|18:36] C:\DOCUME~1\yassine\APPLIC~1\Sun
[24/02/2008|11:34] C:\DOCUME~1\yassine\APPLIC~1\Teleca
[29/09/2008|15:45] C:\DOCUME~1\yassine\APPLIC~1\URSoft
[12/08/2009|12:46] C:\DOCUME~1\yassine\APPLIC~1\uTorrent
[02/07/2009|14:42] C:\DOCUME~1\yassine\APPLIC~1\Webshots
[07/06/2008|20:03] C:\DOCUME~1\yassine\APPLIC~1\WinRAR

[05/11/2008|14:11] C:\DOCUME~1\INVIT\APPLIC~1\AceBIT
[17/02/2004|18:33] C:\DOCUME~1\INVIT\APPLIC~1\Adobe
[30/12/2004|20:46] C:\DOCUME~1\INVIT\APPLIC~1\CyberLink
[17/02/2004|18:30] C:\DOCUME~1\INVIT\APPLIC~1\Identities
[17/02/2004|18:33] C:\DOCUME~1\INVIT\APPLIC~1\InterTrust
[16/08/2009|01:06] C:\DOCUME~1\INVIT\APPLIC~1\Macromedia
[17/02/2004|18:16] C:\DOCUME~1\INVIT\APPLIC~1\Microsoft
[16/08/2009|01:03] C:\DOCUME~1\INVIT\APPLIC~1\Mozilla
[02/05/2009|13:47] C:\DOCUME~1\INVIT\APPLIC~1\PC Suite
[05/11/2008|14:09] C:\DOCUME~1\INVIT\APPLIC~1\Real
[17/02/2004|18:36] C:\DOCUME~1\INVIT\APPLIC~1\Sun

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[19/12/2009 16:03][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2823157980-329758466-1610853400-1010Core1ca805f8eee6bde.job
[08/01/2010 07:00][--ah-----] C:\WINDOWS\tasks\AAF2887791853C8F.job
[08/01/2010 06:40][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[08/01/2010 06:57][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[20/12/2009 17:01][--ah-----] C:\WINDOWS\tasks\{EE24932D-86C5-4C36-8F38-5E81B7D71053}_OEM-7HUK3O9FM5X_yassine.job
[08/01/2010 06:57][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 20:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( AAF2887791853C8F.job )=( c:\docume~1\yassine\applic~1\hopeme~1\OwnsFourLicense.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[17/02/2004|18:33] C:\Program Files\Adobe
[04/10/2009|10:25] C:\Program Files\Alwil Software
[12/08/2009|12:47] C:\Program Files\AskSearch
[06/11/2009|08:20] C:\Program Files\Asoftech
[07/01/2010|07:08] C:\Program Files\Avira
[10/07/2009|23:49] C:\Program Files\BearShare Applications
[30/09/2008|11:39] C:\Program Files\Binaryfish
[13/08/2009|21:39] C:\Program Files\Boonty
[13/08/2009|21:39] C:\Program Files\BoontyGames
[15/07/2009|12:43] C:\Program Files\CCleaner
[19/05/2009|19:37] C:\Program Files\Common Files
[06/01/2010|06:31] C:\Program Files\ConvertHelper
[15/09/2009|17:39] C:\Program Files\Crcle Developement
[30/12/2004|20:39] C:\Program Files\CyberLink
[24/04/2009|18:14] C:\Program Files\DIFX
[17/02/2004|18:16] C:\Program Files\Fichiers communs
[12/07/2009|16:13] C:\Program Files\Google
[03/01/2009|15:07] C:\Program Files\Handmark
[21/09/2008|03:09] C:\Program Files\Hewlett-Packard
[17/02/2004|18:31] C:\Program Files\InstallShield Installation Information
[25/11/2009|10:53] C:\Program Files\Internet Download Manager
[17/02/2004|18:22] C:\Program Files\Internet Explorer
[12/07/2009|16:52] C:\Program Files\JLC's Software
[03/09/2009|17:48] C:\Program Files\KONAMI
[12/11/2009|13:11] C:\Program Files\LogMeIn Hamachi
[19/11/2009|13:56] C:\Program Files\Magicbit
[08/01/2010|03:08] C:\Program Files\Malwarebytes' Anti-Malware
[17/02/2004|18:21] C:\Program Files\Messenger
[15/09/2009|17:38] C:\Program Files\Messenger Plus! Live
[19/11/2009|14:23] C:\Program Files\Microsoft
[01/02/2008|10:03] C:\Program Files\Microsoft Etudes
[17/02/2004|18:25] C:\Program Files\microsoft frontpage
[03/03/2008|18:42] C:\Program Files\Microsoft Office
[09/05/2008|21:57] C:\Program Files\Microsoft Visual Studio 8
[26/08/2009|00:15] C:\Program Files\Microsoft Windows Vista Upgrade Advisor
[09/05/2008|22:00] C:\Program Files\Microsoft Works
[05/07/2009|03:33] C:\Program Files\Microsoft.NET
[17/02/2004|18:22] C:\Program Files\Movie Maker
[03/07/2009|23:11] C:\Program Files\Mozilla Firefox
[07/08/2009|11:18] C:\Program Files\MSBuild
[17/02/2004|18:21] C:\Program Files\MSN
[17/02/2004|18:21] C:\Program Files\MSN Gaming Zone
[25/11/2009|08:32] C:\Program Files\MSXML 4.0
[17/02/2004|18:22] C:\Program Files\NetMeeting
[17/09/2009|17:27] C:\Program Files\NirSoft
[14/11/2008|14:50] C:\Program Files\Nokia
[29/09/2008|15:47] C:\Program Files\Ontrack
[17/02/2004|18:22] C:\Program Files\Outlook Express
[03/01/2009|15:12] C:\Program Files\PDAmill
[27/01/2006|08:32] C:\Program Files\Real
[07/08/2009|11:17] C:\Program Files\Reference Assemblies
[08/08/2009|16:26] C:\Program Files\Samsung
[17/02/2004|18:21] C:\Program Files\Services en ligne
[08/01/2010|03:42] C:\Program Files\Spyware Doctor
[08/01/2010|03:35] C:\Program Files\trend micro
[17/02/2004|18:30] C:\Program Files\Uninstall Information
[11/09/2009|23:59] C:\Program Files\uTorrent
[09/07/2009|21:43] C:\Program Files\Windows Live
[15/09/2009|16:07] C:\Program Files\Windows Live Safety Center
[19/11/2009|14:23] C:\Program Files\Windows Live SkyDrive
[17/02/2004|18:21] C:\Program Files\Windows Media Player
[17/02/2004|18:21] C:\Program Files\Windows NT
[17/02/2004|18:21] C:\Program Files\WindowsUpdate
[04/03/2008|13:41] C:\Program Files\WinRAR
[17/02/2004|18:25] C:\Program Files\xerox
[24/04/2009|19:52] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[17/02/2004|18:33] C:\Program Files\Fichiers communs\Adobe
[18/09/2009|13:52] C:\Program Files\Fichiers communs\Blizzard Entertainment
[13/08/2009|21:50] C:\Program Files\Fichiers communs\BOONTY Shared
[09/05/2008|22:00] C:\Program Files\Fichiers communs\DESIGNER
[17/02/2004|18:31] C:\Program Files\Fichiers communs\InstallShield
[17/02/2004|18:16] C:\Program Files\Fichiers communs\Microsoft Shared
[17/02/2004|18:22] C:\Program Files\Fichiers communs\MSSoap
[24/02/2008|11:38] C:\Program Files\Fichiers communs\Nullsoft
[17/02/2004|18:16] C:\Program Files\Fichiers communs\ODBC
[08/01/2010|03:42] C:\Program Files\Fichiers communs\PC Tools
[27/01/2006|08:32] C:\Program Files\Fichiers communs\Real
[17/02/2004|18:16] C:\Program Files\Fichiers communs\SpeechEngines
[24/04/2009|18:58] C:\Program Files\Fichiers communs\Stardock
[17/02/2004|18:22] C:\Program Files\Fichiers communs\System
[03/07/2009|23:17] C:\Program Files\Fichiers communs\Windows Live
[18/09/2008|21:42] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[25/11/2009|10:35] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 36 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft chic meet great
C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft chic meet great\Wipe soft.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft chic meet great\five debug.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft chic meet great\Meal first.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft chic meet great\Meal first.dat
C:\DOCUME~1\yassine\LOCALS~1\Temp\staE.exe
C:\DOCUME~1\yassine\LOCALS~1\Temp\sta10.exe
C:\WINDOWS\Tasks\AAF2887791853C8F.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 07:30:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\pchook.dll
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\pwdcrack.exe
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\ReadMe_En.htm
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\ReadMe_Ru.htm
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\German.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Russian.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Espaniol.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Portugues [BR].lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Ukrainian.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Chinese[RPC].lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\French.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Nederlands.lng
C:\DOCUME~1\yassine\Mes documents\T‚l‚chargements\pwdcrack\Cesky.lng
C:\DOCUME~1\yassine\Bureau\wss\Bureau\?????? ? ?????\son\m4\le‡on2\office_crack.rar

[F:842][D:45]-> C:\DOCUME~1\yassine\LOCALS~1\Temp
[F:18][D:0]-> C:\DOCUME~1\yassine\Cookies
[F:27][D:5]-> C:\DOCUME~1\yassine\LOCALS~1\TEMPOR~1\content.IE5
[F:6][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 08/01/2010| 7:31 - Option : [2]

--------------------\\ Fin du rapport a 7:31:16
0