J'aimerai un diagnostique svp si possible

viapass Messages postés 16 Statut Membre -  
 gen-hackman -

je vous envoie le rapport :
Logfile of HijackThis v1.99.1
Scan saved at 15:30:13, on 22/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis Version Française\regis59.exe.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?hl=fr&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d'Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.69.25.47.47.downloads.estara.com./as/OneCCDM.php?template=41001&sessionid=1080129083_86.219.34.4_4155&=&req=1186594855687OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19AC476B-90A9-4324-9FC4-22ACA694AD41}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDA35D1C-ED66-4808-B815-E5ED1AD02E0F}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{19AC476B-90A9-4324-9FC4-22ACA694AD41}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{19AC476B-90A9-4324-9FC4-22ACA694AD41}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{19AC476B-90A9-4324-9FC4-22ACA694AD41}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" -r (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

merci de me donner votre verdict
Jean

41 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Rapport d'analyse sur Windows XP SP3 met en évidence de nombreuses entrées de navigateur, barres d’outils et services potentiellement indésirables détectés sur le poste informatique. Des modules BHO et divers composants logiciels apparaissent dans le rapport, et la discussion porte sur des actions de nettoyage et des scans complémentaires utiles. Plusieurs conseils préconisent des scans approfondis avec des outils spécialisés et le retrait arbitraire d’extensions ou de modules jugés indésirables pour restaurer des paramètres sécurisés. En cas de persistance, certains échanges évoquent des mesures comme la désactivation temporaire d’antivirus ou l’utilisation d’outils supplémentaires, sans conclure sur l’état final de la détection.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. gen-hackman
     
    hello bien on a vire des infections des navigateurs déjà......

    refais un scan OTL comme indiqué plus haut
    2
    1. viapass
       
      voila gen je suis à ton écoute :
      entre temps j'ai passé ccleaner....
      http://www.cijoint.fr/cjlink.php?file=cj201004/cijfJeAXKr.txt
      et
      http://www.cijoint.fr/cjlink.php?file=cj201004/cije1xjdkb.txt
      merci
      Jean
      0
  2. gen-hackman
     
    DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

    ▶ Télécharge List_Kill'em et enregistre le sur ton bureau

    double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    choisis l'option Search

    un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
    un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.

    ▶ laisse travailler l'outil

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

    un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

    ▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

    1
  3. gen-hackman
     
    salut ton hijackthis est obsolete , desinstalle -le

    ensuite :

    Télécharge OTL de OLDTimer

    enregistre le sur ton Bureau.

    ▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

    ▶ Coche les 2 cases Lop et Purity

    ▶ Coche la case devant tous les utilisateurs

    ▶ règle age du fichier sur "60 jours"

    ▶ dans la moitié gauche , mets tout sur "tous"

    ne modifie pas ceci :

    "fichiers créés" et "fichiers Modifiés"


    ▶Clic sur Analyse.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier ci-dessus.

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.

    ▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
    0
  4. viapass Messages postés 16 Statut Membre
     
    voila docteur :
    http://www.cijoint.fr/cjlink.php?file=cj201004/cijcWTT0XI.txt

    http://www.cijoint.fr/cjlink.php?file=cj201004/cij2e64zj4.txt

    merci d'avance
    Jean
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gen-hackman
     
    ▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :

    ▶ Déconnecte toi et ferme toutes applications en cours !

    ▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

    ▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

    ▶ Au menu principal choisis "option clean " et tape sur [entrée] .

    ▶ Laisse travailler l'outil et ne touche à rien ...

    ▶ Poste le rapport qui apparait à la fin , sur le forum ...

    ( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    ▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
  7. viapass
     
    il y a t il un prob et merci d'avance pour votre service
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,C | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 22/04/10 à 19:00
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 08:57:28 le 23/04/2010 | Mode normal | Option: CLEAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    SE: Microsoft® Windows XP(TM) Service Pack 3 - X86
    Nom du PC: MINOUX
    Utilisateur actuel: christiane (Administrateur)
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .
    C:\Documents and Settings\All Users\Bureau\Everest Poker.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Casino
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PokerStars
    C:\Documents and Settings\christiane\Application Data\EoRezo
    C:\Documents and Settings\christiane\Application Data\ItsLabel
    C:\Documents and Settings\christiane\Application Data\Mozilla\FireFox\Profiles\x99ibq2l.default\searchplugins\askcom.xml
    C:\Program Files\EoRezo
    C:\Program Files\Everest Casino
    C:\Program Files\Everest Poker
    C:\Program Files\PokerStars
    C:\Program Files\Search Guard Plus
    C:\Program Files\Search Guard PlusU
    C:\Program Files\SGPSA
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\nvs2.inf

    (!) -- Fichiers temporaires supprimés.
    .
    HKCU\Software\EoRezo
    HKCU\Software\FBSearch
    HKCU\Software\Grand Virtual
    HKCU\Software\ItsLabel
    HKCU\Software\Lanconfig
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E6306A3F-B520-4232-9E93-EA1733F2362B}
    HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKCU\Software\SGPUpdater
    HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\Software\Classes\EoRezoBHO.EoBho
    HKLM\Software\Classes\EoRezoBHO.EoBho.1
    HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}
    HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
    HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook
    HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
    HKLM\Software\EoRezo
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23E54C77-175C-4f51-80D3-F4CB243EC68E}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Casino
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus Updater
    HKLM\Software\Trymedia Systems
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
    .
    (Orpheline) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID manquant)
    (Orpheline) HKLM,Uninstall - PokerStars - C:\Program Files\PokerStars\PokerStarsUninstall.exe (Fichier manquant)
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version Impossible d'obtenir la version *
    .
    C:\Documents and Settings\christiane\..\x99ibq2l.default\prefs.js - browser.search.selectedEngine: lo.st
    C:\Documents and Settings\christiane\..\x99ibq2l.default\prefs.js - browser.startup.homepage: hxxp://lo.st
    C:\Documents and Settings\christiane\..\x99ibq2l.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.8.1.2
    .
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    AutoHide: yes
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ============== SUSPECT(S) ==============
    .
    C:\Documents and Settings\christiane\Bureau\Journal\Registry.Booster.2.0.1164.3801.Patch-PSC.zip
    C:\Documents and Settings\christiane\Mes documents\Ma musique\photoshop CS3 crack professional.zip
    C:\Documents and Settings\christiane\Mes documents\Mes fichiers reçus\Copier pc\Patch_Window_A_0_14.exe
    C:\Documents and Settings\christiane\Mes documents\Mes fichiers reçus\Keygen Tune Up 2006.rar
    C:\Documents and Settings\christiane\Mes documents\Mes fichiers reçus\Patch_Window_A_0_14.exe
    .
    ========================================
    .
    C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp: 2 Fichier(s), 55 Dossier(s)
    C:\WINDOWS\temp: 0 Fichier(s), 16 Dossier(s)
    Temporary Internet Files: 2 Fichier(s), 44 Dossier(s)
    .
    C:\Ad-Remover\Quarantine: 4 Fichier(s)
    C:\Ad-Remover\Backup: 14 Fichier(s)
    .
    C:\Ad-Report-CLEAN[1].txt - 505 Octet(s)
    C:\Ad-Report-CLEAN[2].txt - 5778 Octet(s)
    C:\Ad-Report-SCAN[1].txt - 500 Octet(s)
    .
    Fin à: 09:31:28, 23/04/2010

    Jean
    0
  8. viapass
     
    List'em by g3n-h@ckm@n 1.7.2.1

    User : christiane (Administrateurs)
    Update on 22/04/2010 by g3n-h@ckm@n ::::: 16.15
    Start at: 18:12:37 | 23/04/2010

    Intel(R) Pentium(R) M processor 1.70GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Disabled
    AV : Kaspersky Anti-Virus 6.0.2.678 [ (!) Disabled | Updated ]
    FW : Norton Internet Worm Protection[ (!) Disabled ]2006
    FW : Kaspersky Anti-Virus[ (!) Disabled ]6.0.2.678

    C:\ -> Disque fixe local | 74,53 Go (46,52 Go free) [N01763] | NTFS
    D:\ -> Disque CD-ROM

    Boot: Normal

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\List_Kill'em\List_Kill'em.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\List_Kill'em\pv.exe

    ======================
    Keys "Run"
    ======================

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    AVP REG_SZ "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
    AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
    iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
    Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    =====================
    Other Keys
    =====================

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)

    ===============

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun REG_DWORD 145 (0x91)

    ===============

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    HonorAutoRunSetting REG_DWORD 1 (0x1)

    ===============

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS REG_SZ

    ===============

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    AutoRestartShell REG_DWORD 1 (0x1)
    DefaultDomainName REG_SZ MINOUX
    DefaultUserName REG_SZ christiane
    LegalNoticeCaption REG_SZ
    LegalNoticeText REG_SZ
    PowerdownAfterShutdown REG_SZ 0
    ReportBootOk REG_SZ 1
    Shell REG_SZ Explorer.exe
    ShutdownWithoutLogon REG_SZ 0
    System REG_SZ
    Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
    VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
    SfcQuota REG_DWORD -1 (0xffffffff)
    allocatecdroms REG_SZ 0
    allocatedasd REG_SZ 0
    allocatefloppies REG_SZ 0
    cachedlogonscount REG_SZ 10
    forceunlocklogon REG_DWORD 0 (0x0)
    passwordexpirywarning REG_DWORD 14 (0xe)
    scremoveoption REG_SZ 0
    AllowMultipleTSSessions REG_DWORD 1 (0x1)
    UIHost REG_EXPAND_SZ logonui.exe
    LogonType REG_DWORD 1 (0x1)
    Background REG_SZ 0 0 0
    DebugServerCommand REG_SZ no
    SFCDisable REG_DWORD 0 (0x0)
    WinStationsDisabled REG_SZ 0
    DefaultPassword REG_SZ
    HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
    ShowLogonOptions REG_DWORD 0 (0x0)
    AltDefaultUserName REG_SZ christiane
    AltDefaultDomainName REG_SZ MINOUX
    ChangePasswordUseKerberos REG_DWORD 1 (0x1)

    ===============

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ===============

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

    ===============

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Messenger\Msmsgs.exe REG_SZ C:\Program Files\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger
    C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\win16F.tmp.exe REG_SZ C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\win16F.tmp.exe:*:Enabled:win16F.tmp
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    C:\Program Files\Yahoo!\Messenger\YPager.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
    C:\Program Files\Yahoo!\Messenger\YServer.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
    C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe REG_SZ C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
    C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe REG_SZ C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe:*:Enabled:Logitech
    C:\Program Files\Azureus\Azureus.exe REG_SZ C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze
    C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
    C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour
    C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

    ===============
    ActivX controls
    ===============

    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{65FDEDF3-8ED9-4F5B-825E-18C2D44191A7}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}]

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

    ==============
    BHO :
    ======

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

    ===
    DNS
    ===

    Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{19AC476B-90A9-4324-9FC4-22ACA694AD41}: NameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{EDA35D1C-ED66-4808-B815-E5ED1AD02E0F}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{19AC476B-90A9-4324-9FC4-22ACA694AD41}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{EDA35D1C-ED66-4808-B815-E5ED1AD02E0F}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{19AC476B-90A9-4324-9FC4-22ACA694AD41}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{EDA35D1C-ED66-4808-B815-E5ED1AD02E0F}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{19AC476B-90A9-4324-9FC4-22ACA694AD41}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{EDA35D1C-ED66-4808-B815-E5ED1AD02E0F}: NameServer=192.168.1.1

    ================
    Internet Explorer :
    ================

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr
    Local Page REG_SZ C:\WINDOWS\system32\blank.htm
    Default_Search_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_Page_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.google.fr/webhp?hl=fr&gws_rd=ssl
    Local Page REG_SZ C:\WINDOWS\system32\blank.htm

    ========
    Services
    ========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3 ( OK = 3 )
    EapHost : 0x3 ( OK = 2 )
    SharedAccess : 0x2 ( OK = 2 )
    wuauserv : 0x2 ( OK = 2 )

    ========
    Safemode
    ========

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

    =========
    Atapi.sys
    =========

    C:\recover\WINDOWS\system32\dllcache\atapi.sys :
    MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
    SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

    C:\recover\WINDOWS\system32\drivers\atapi.sys :
    MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
    SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

    C:\recover\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys :
    MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
    SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

    C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
    MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
    SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

    C:\WINDOWS\system32\drivers\atapi.sys :
    MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
    SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

    C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys :
    MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
    SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

    Référence :
    ==========

    Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
    Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
    Win XP_32b : a64013e98426e1877cb653685c5c0009
    Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
    Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
    Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
    Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
    Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
    Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
    Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
    Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
    Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

    =======
    Drive :
    =======

    D'fragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    74,53 Go total, 46,52 Go libre (62%), 5% fragment' (fragmentation du fichier 11%)

    Il ne vous est pas n'cessaire de d'fragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Present !! : C:\Program Files\Everest Poker
    Present !! : C:\Program Files\Multi_Media
    Present !! : C:\WINDOWS\System32\_*.dll
    Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
    Present !! : C:\WINDOWS\System32\drivers\usbaapl.sys
    Present !! : C:\WINDOWS\System32\drivers\wudfpf.sys
    Present !! : C:\WINDOWS\System32\drivers\wudfrd.sys"
    Present !! : C:\WINDOWS\System32\Process.exe
    Present !! : C:\WINDOWS\System32\SrchSTS.exe
    Present !! : C:\Documents and Settings\christiane\Application Data\wklnhst.dat
    Present !! : C:\Documents and Settings\christiane\Application Data\wklnhst.dat
    Present !! : C:\Documents and Settings\christiane\LOCAL Settings\Temp\_unps.exe
    Present !! : C:\Documents and Settings\christiane\Local Settings\Temporary Internet Files\SuggestedSites.dat

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Present !! : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com
    Present !! : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow\www.netsearchsoft.com
    Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
    Present !! : "HKCU\Software\Grand Virtual"
    Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    Present !! : "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker"
    Present !! : HKCR\OutlookAddin.Addin
    Present !! : HKCR\OutlookAddin.Addin.1
    Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988}
    Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949}
    Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a}
    Present !! : HKLM\SOFTWARE\Microsoft\MSSMGR
    Present !! : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\OutlookAddin.Addin
    Present !! : HKLM\SYSTEM\ControlSet002\Services\USBAAPL
    Present !! : HKLM\SYSTEM\ControlSet003\Services\USBAAPL
    Present !! : HKLM\System\CurrentControlSet\Services\asc3550p
    Present !! : HKLM\SYSTEM\CurrentControlSet\Services\USBAAPL

    ============

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-23 19:00:11
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    kernel: MBR read successfully
    user & kernel MBR OK

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    FirstRunDisabled REG_DWORD 1 (0x1)
    AntiVirusDisableNotify REG_DWORD 1 (0x1)
    FirewallDisableNotify REG_DWORD 1 (0x1)
    UpdatesDisableNotify REG_DWORD 0 (0x0)
    AntiVirusOverride REG_DWORD 0 (0x0)
    FirewallOverride REG_DWORD 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    End of scan : 19:00:13,53

    alors docteur????j'ai mal ou :)
    0
  9. gen-hackman
     
    t'as mal aux rootkits...lol ^^

    ▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    ▶ choisis l'Option Clean

    ton PC va redemarrer,

    laisse travailler l'outil.

    en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

    ▶ colle le contenu dans ta reponse
    0
  10. viapass
     
    bravo pour vos médicaments voici le verdict :

    Kill'em by g3n-h@ckm@n 1.7.2.1

    User : christiane (Administrateurs)
    Update on 22/04/2010 by g3n-h@ckm@n ::::: 16.15
    Start at: 20:19:23 | 23/04/2010

    Intel(R) Pentium(R) M processor 1.70GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled
    AV : Kaspersky Anti-Virus 6.0.2.678 [ (!) Disabled | Updated ]
    FW : Norton Internet Worm Protection[ (!) Disabled ]2006
    FW : Kaspersky Anti-Virus[ (!) Disabled ]6.0.2.678

    C:\ -> Disque fixe local | 74,53 Go (46,53 Go free) [N01763] | NTFS
    D:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\logonui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\List_Kill'em\ERUNT.EXE
    C:\Program Files\List_Kill'em\pv.exe

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Quarantined & Deleted !! : C:\Program Files\Everest Poker
    Quarantined & Deleted !! : C:\Program Files\Multi_Media

    Quarantined & Deleted !! : C:\WINDOWS\System32\_000006_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_000007_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_000010_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_000011_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_000012_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
    Quarantined & Deleted !! : C:\WINDOWS\system32\drivers\usbaapl.sys
    Quarantined & Deleted !! : C:\WINDOWS\system32\drivers\wudfpf.sys
    Quarantined & Deleted !! : C:\WINDOWS\system32\drivers\wudfrd.sys
    Quarantined & Deleted !! : C:\WINDOWS\System32\Process.exe
    Quarantined & Deleted !! : C:\WINDOWS\System32\SrchSTS.exe
    Quarantined & Deleted !! : C:\Documents and Settings\christiane\Application Data\wklnhst.dat
    Quarantined & Deleted !! : C:\Documents and Settings\christiane\LOCAL Settings\Temp\_unps.exe
    Quarantined & Deleted !! : C:\Documents and Settings\christiane\Local Settings\Temporary Internet Files\SuggestedSites.dat
    Deleted !! : C:\RECYCLER\S-1-5-21-2141497336-4259439790-1187664588-1007\Dc1.Txt
    Deleted !! : C:\RECYCLER\S-1-5-21-2141497336-4259439790-1187664588-1007\Dc2.Txt

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========

    Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com
    Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow\www.netsearchsoft.com
    Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
    Deleted : "HKCU\Software\Grand Virtual"
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    Deleted : "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker"
    Deleted : HKCR\OutlookAddin.Addin
    Deleted : HKCR\OutlookAddin.Addin.1
    Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988}
    Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949}
    Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a}
    Deleted : HKLM\SOFTWARE\Microsoft\MSSMGR
    Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\OutlookAddin.Addin
    Deleted : HKLM\SYSTEM\ControlSet002\Services\USBAAPL
    Deleted : HKLM\SYSTEM\ControlSet003\Services\USBAAPL
    Deleted : HKLM\System\CurrentControlSet\Services\asc3550p
    =================
    Internet Explorer
    =================

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
    Local Page REG_SZ C:\WINDOWS\system32\blank.htm
    Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
    Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.google.com/?gws_rd=ssl
    Local Page REG_SZ C:\WINDOWS\system32\blank.htm
    Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    ===============
    Security Center
    ===============

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    FirstRunDisabled REG_DWORD 1 (0x1)
    AntiVirusDisableNotify REG_DWORD 0 (0x0)
    FirewallDisableNotify REG_DWORD 0 (0x0)
    UpdatesDisableNotify REG_DWORD 0 (0x0)
    AntiVirusOverride REG_DWORD 1 (0x1)
    FirewallOverride REG_DWORD 1 (0x1)

    ========
    Services
    =========

    Ndisuio : Start = 3
    EapHost : Start = 2
    Ip6Fw : Start = 2
    SharedAccess : Start = 2
    wuauserv : Start = 2
    wscsvc : Start = 2

    ============
    Disk Cleaned
    anti-ver blaster : OK
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    alors quelle pilule prendre
    Jean
    0
  11. gen-hackman
     
    Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    ▶ Télécharge :

    Malwarebytes

    ou :

    Malwarebytes

    ▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

    (NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

    ▶ Potasses le Tuto pour te familiariser avec le prg :

    ( cela dit, il est très simple d'utilisation ).

    relance malwarebytes en suivant scrupuleusement ces consignes :

    ! Déconnecte toi et ferme toutes applications en cours !

    ▶ Lance Malwarebyte's .

    Fais un examen dit "Complet" .

    ▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
    ▶ à la fin tu cliques sur "résultat" .
    Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

    Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

    0
  12. viapass
     
    voilà chef :
    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Version de la base de données: 4027

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    24/04/2010 01:00:53
    mbam-log-2010-04-24 (01-00-53).txt

    Type d'examen: Examen complet (C:\|)
    Elément(s) analysé(s): 204786
    Temps écoulé: 1 heure(s), 9 minute(s), 57 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-100005000004} (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000005-0000-0000-0000-100009000004} (Trojan.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Documents and Settings\christiane\Mes documents\Ma musique\Juju\Setup.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\christiane\Mes documents\Mes fichiers reçus\Everest Poker.exe (PUP.Casino) -> Quarantined and deleted successfully.
    0
  13. viapass
     
    entre temps j'ai dormi pardon, bonjour et voilà :

    http://www.cijoint.fr/cjlink.php?file=cj201004/cijUdyZ7eV.txt
    et
    http://www.cijoint.fr/cjlink.php?file=cj201004/cij5hGXLB8.txt

    bon we
    Jean
    0
  14. gen-hackman
     
    tu as des restes de Norton :

    Désinstaller Produis Symantec :

    Désinstalle via Ajout/Suppression de Programmes (si présents) :

    * Symantec
    * Norton
    * LiveUpdate..

    Télécharge et exécute le Norton Removal Tool.

    Ce produit va désinstaller la majorité des traces des produits Symantec.

    ensuite :

    ▶ clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.

    ▶Copie la liste qui se trouve en gras ci-dessous,

    ▶ colle-la dans la zone sous Customs Scans/Fixes :


    :processes
    explorer.exe
    iexplore.exe
    firefox.exe
    msnmsgr.exe
    Teatimer.exe

    :OTL
    FF - prefs.js..browser.search.selectedEngine: "lo.st"
    FF - prefs.js..browser.startup.homepage: "http://lo.st"
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B12D1A7D
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21317552

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"=-
    "iTunesHelper"=-
    "QuickTime Task"=-

    :Files
    C:\Program Files (x86)\webserver
    C:\Documents and Settings\All Users\Bureau\Everest Poker.lnk

    :commands
    [emptytemp]
    [start explorer]
    [reboot]


    ▶ Clique sur "Correction" pour lancer la suppression.

    ▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
    0
  15. viapass
     
    voila pour ce début d'aprem......je ne bouge pas avant la fin :

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    No active process named iexplore.exe was found!
    No active process named firefox.exe was found!
    No active process named msnmsgr.exe was found!
    No active process named Teatimer.exe was found!
    ========== OTL ==========
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    File move failed. C:\WINDOWS\Downloaded Program Files\erma.inf scheduled to be moved on reboot.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:B12D1A7D .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:21317552 .
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
    ========== FILES ==========
    File\Folder C:\Program Files (x86)\webserver not found.
    File move failed. C:\Documents and Settings\All Users\Bureau\Everest Poker.lnk scheduled to be moved on reboot.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: christiane
    ->Apple Safari cache emptied: 33887969 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 41620 bytes

    User: LocalService

    User: NetworkService

    User: Propriétaire

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 32,00 mb

    OTL by OldTimer - Version 3.2.2.0 log created on 04242010_140908

    Files\Folders moved on Reboot...
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    C:\Documents and Settings\All Users\Bureau\Everest Poker.lnk moved successfully.
    C:\Documents and Settings\christiane\Local Settings\Application Data\Apple Computer\Safari\FontsList.plist moved successfully.
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini moved successfully.
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini moved successfully.
    C:\Documents and Settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe moved successfully.
    C:\Documents and Settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\digest.s moved successfully.
    C:\WINDOWS\msdownld.tmp folder moved successfully.

    Registry entries deleted on Reboot...
    0
  16. gen-hackman
     
    Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    ▶ Télécharge :

    Malwarebytes

    ou :

    Malwarebytes

    ▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

    (NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

    ▶ Potasses le Tuto pour te familiariser avec le prg :

    ( cela dit, il est très simple d'utilisation ).

    relance malwarebytes en suivant scrupuleusement ces consignes :

    ! Déconnecte toi et ferme toutes applications en cours !

    ▶ Lance Malwarebyte's .

    Fais un examen dit "Complet" .

    ▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
    ▶ à la fin tu cliques sur "résultat" .
    Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

    Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

    0
  17. viapass
     
    on la déjà fait cette nuit Malwarebytes, mais je le refais donc.....
    0
  18. gen-hackman
     
    oui je voulais dire mets-le à jour et refais un complet ^^
    0
  19. viapass
     
    voili voilou le rapport, mais a chaque redémarage de Win XP j'ai ce message :

    "L'instruction à 0x792b21a emploie l'adresse mémoire "0x00000010" la mémoire ne peut être "written"
    cliquer OK pour teminer le programme
    cliquer Annuler pour déboguer le programme"

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Version de la base de données: 4030

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    24/04/2010 16:52:04
    mbam-log-2010-04-24 (16-52-04).txt

    Type d'examen: Examen complet (C:\|)
    Elément(s) analysé(s): 205287
    Temps écoulé: 1 heure(s), 15 minute(s), 38 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Documents and Settings\christiane\Local Settings\Temporary Internet Files\Content.IE5\5HU4CODD\Everest Poker[1].exe (PUP.Casino) -> Quarantined and deleted successfully.
    C:\Documents and Settings\christiane\Mes documents\Mes fichiers reçus\Everest Poker.exe (PUP.Casino) -> Quarantined and deleted successfully.
    0
  • 1
  • 2
  • 3