Rootkit comment fair pour s'en débarasser ?

michlarich Messages postés 5 Statut Membre -  
 archet9 -
Bonjour,



Bonjour a tous , j'ai depuis quelque jour un rootkit qui ce promene sur mon PC et me fou un bazard pas possible ...

voici le raport derreur que me donne Combofix cependant je ne suis pas assez callé pour analyser cela tout seul , pouriez vous me venir en aide ? comment et ou es-je pu chopper ce virus ?

Voici le raport d'erreur de combofix , cordialement a tous .. merci davance je suis perdu

EDITE voici le raport en entier

ComboFix 10-05-16.06 - Seb 18/05/2010 19:04:09.6.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1464 [GMT 2:00]
Lancé depuis: c:\documents and settings\Seb\Mes documents\Téléchargements\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-04-18 au 2010-05-18 ))))))))))))))))))))))))))))))))))))
.

2010-05-18 10:19 . 2010-05-18 10:19 -------- d-----w- c:\documents and settings\Seb\Local Settings\Application Data\PCHealth
2010-05-18 06:53 . 2010-05-18 10:13 536064 ----a-w- c:\windows\system32\drivers\uzylhbb.sys
2010-05-18 06:45 . 2010-05-18 06:46 -------- d-----w- C:\rsit
2010-05-15 22:14 . 2008-04-13 09:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-15 22:14 . 2008-04-13 09:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-15 22:13 . 2008-04-13 09:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-15 22:12 . 2008-04-13 09:41 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-15 22:12 . 2008-04-13 09:41 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-05-02 18:47 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-05-02 18:47 . 2010-05-02 18:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-05-02 18:42 . 2010-05-02 18:42 86576 ----a-w- c:\documents and settings\Seb\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2010-05-02 18:42 . 2010-05-02 18:42 392728 ----a-w- c:\documents and settings\Seb\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2010-05-02 18:42 . 2010-05-02 18:42 135680 ----a-w- c:\documents and settings\Seb\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2010-05-02 18:42 . 2010-05-02 18:42 132672 ----a-w- c:\documents and settings\Seb\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2010-05-02 18:38 . 2010-05-04 04:38 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-20 16:11 . 2010-05-15 23:32 69392 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-20 11:27 . 2010-04-20 11:27 -------- d-----w- c:\documents and settings\Seb\Application Data\AskToolbar

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 14:29 . 2010-02-06 17:08 -------- d-----w- c:\documents and settings\Seb\Application Data\Mumble
2010-05-18 06:46 . 2010-03-10 11:16 -------- d-----w- c:\program files\Trend Micro
2010-05-18 06:40 . 2010-02-21 15:36 -------- d-----w- c:\program files\Anti Keylogger Elite
2010-05-17 21:56 . 2008-04-14 12:00 81134 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-17 21:56 . 2008-04-14 12:00 501206 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-16 13:44 . 2009-09-22 08:35 -------- d-----w- c:\documents and settings\Seb\Application Data\teamspeak2
2010-05-15 22:11 . 2010-05-15 22:11 16 ----a-w- c:\documents and settings\LocalService\Application Data\qvjsge.dat
2010-05-15 21:47 . 2009-09-14 17:53 1 ----a-w- c:\documents and settings\Seb\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-02 18:47 . 2009-09-15 11:43 -------- d-----w- c:\program files\Windows Live
2010-04-30 20:03 . 2009-09-15 11:23 -------- d-----w- c:\documents and settings\Seb\Application Data\vlc
2010-04-17 22:22 . 2009-09-17 23:49 -------- d-----w- c:\documents and settings\Seb\Application Data\dvdcss
2010-04-16 15:47 . 2010-04-16 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-16 08:41 . 2010-04-16 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-15 20:26 . 2010-04-15 20:26 -------- d-----w- c:\program files\Ask.com
2010-04-15 20:25 . 2010-04-15 20:25 -------- d-----w- c:\program files\Microsoft.NET
2010-04-15 19:55 . 2010-04-15 19:55 -------- d-----w- c:\program files\Yahoo!
2010-04-09 20:14 . 2009-09-17 08:51 -------- d-----w- c:\program files\World of Warcraft
2010-03-26 20:43 . 2009-11-23 17:14 -------- d-----w- c:\documents and settings\Seb\Application Data\Ventrilo
2010-03-24 15:22 . 2010-03-24 15:22 -------- d-----w- c:\documents and settings\Seb\Application Data\Western Digital
2010-03-24 15:22 . 2010-03-24 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2010-03-24 15:21 . 2010-03-24 15:21 -------- d-----w- c:\program files\Western Digital
2010-03-10 11:04 . 2009-09-15 11:39 17472 ----a-w- c:\documents and settings\Seb\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 06:16 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-05-18_06.52.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-18 10:15 . 2010-05-18 10:15 16384 c:\windows\Temp\Perflib_Perfdata_284.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-04 18085888]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Seb\Menu D'marrer\Programmes\D'marrage\
CurseClientStartup.ccip [2009-12-15 0]
Notification de cadeaux MSN.lnk - c:\documents and settings\Seb\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2010-5-2 135680]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
wwwzuc32.exe [2008-4-14 31744]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Seb\\Local Settings\\Apps\\2.0\\53C0AWC8.Q69\\C7WP3G4J.KEP\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [14/09/2009 19:33 108289]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14/10/2009 15:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 10:58 20480]
S2 AKEProtect;AKEProtect;\??\c:\program files\Anti Keylogger Elite\AKEProtect.sys --> c:\program files\Anti Keylogger Elite\AKEProtect.sys [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/02/2010 22:41 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [14/09/2009 17:43 1684736]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/01/2010 18:45 243056]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [24/03/2010 17:22 11520]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [23/02/2009 00:21 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 20:41]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 20:41]

2010-05-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]

2010-05-18 c:\windows\Tasks\User_Feed_Synchronization-{A188F064-0446-4706-B40A-61A107A4F262}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
FF - ProfilePath - c:\documents and settings\Seb\Application Data\Mozilla\Firefox\Profiles\0yjf6z7x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={1ED82761-22CD-DDF8-9932-E1B233D2591C}&q=
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 19:06
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2540)
c:\windows\system32\msi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2010-05-18 19:07:11
ComboFix-quarantined-files.txt 2010-05-18 17:07
ComboFix2.txt 2010-05-18 10:25
ComboFix3.txt 2010-05-18 06:53
ComboFix4.txt 2010-05-15 23:16
ComboFix5.txt 2010-05-18 17:03

Avant-CF: 2 520 567 808 octets libres
Après-CF: 2 508 656 640 octets libres

- - End Of File - - 07E964E799EFF1ABE361A1D78924813B

9 réponses

  1. archet9
     
    Bonjour

    Ton rapport n'est pas complet...Il manque le début !

    ==> Reposte le stp

    a+
    0
  2. michlarich Messages postés 5 Statut Membre
     
    Voila , j'ai edité mon post voici le vrai raport ci dessu .
    0
  3. archet9
     
    Télécharge The Avenger par Swandog46 sur ton Bureau:

    http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/

    Click sur Avenger.zip pour ouvrir le fichier
    Extraire avenger.exe sur votre bureau

    . Maintenant, lance The Avenger en cliquant sur son icône du bureau.
    . Copie tout le texte en gras ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):

    Drivers to disable:
    npggsvc
    Drivers to delete:
    npggsvc
    Files to delete:
    c:\windows\system32\GameMon.des -service
    c:\program files\ask.com\genericasktoolbar.dll
    c:\program files\ask.com\updatetask.exe
    Registry keys to delete:
    HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc
    HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd


    . Colle ce texte (Ctrl+V) dans le cadre :

    Input script here

    . Appuie sur Execute

    . Le pc va redémarrer

    . Colle le rapport qui aparaitra.

    Ensuite:

    Malwarebytes étant présent sur ton pc

    ==> Mets le à jour (Important)
    et choisis "Executer un examen rapide"

    Colle le rapport qui sera généré.
    a+
    0
  4. michlarich Messages postés 5 Statut Membre
     
    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Platform: Windows XP (build 2600, Service Pack 3)
    Wed May 19 13:51:47 2010

    13:51:42: Error: Invalid registry syntax in command:
    "HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd"
    Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
    Skipping line. (Registry key deletion mode)

    //////////////////////////////////////////

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    Driver "npggsvc" disabled successfully.
    Driver "npggsvc" deleted successfully.

    Error: file "c:\windows\system32\GameMon.des -service" not found!
    Deletion of file "c:\windows\system32\GameMon.des -service" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist

    File "c:\program files\ask.com\genericasktoolbar.dll" deleted successfully.
    File "c:\program files\ask.com\updatetask.exe" deleted successfully.

    Error: registry key "HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc" not found!
    Deletion of registry key "HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist

    Completed script processing.

    *******************

    Finished! Terminate.

    voila le rapport .
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. michlarich Messages postés 5 Statut Membre
     
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    19/05/2010 16:35:31
    mbam-log-2010-05-19 (16-35-31).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 117549
    Temps écoulé: 3 minute(s), 12 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  7. archet9
     
    Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)
    http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

    Miroir:

    https://www.androidworld.fr/

    /!\ Ferme toutes applications en cours /!\

    /!\ Désactive provisoirement et seulement le temps de l'utilisation de AD-Remover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    - Double-clique sur l'icône Ad-remover située sur ton Bureau.
    - Sur la page, clique sur le bouton « Nettoyer »
    - Confirme lancement du scan
    - Laisse travailler l'outil.
    - Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
    0
  8. michlarich Messages postés 5 Statut Membre
     
    .
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 07/05/10 à 16:50
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 17:13:59 le 19/05/2010 | Mode normal | Option: SCAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    SE: Microsoft® Windows XP(TM) Service Pack 3 - X86
    Nom du PC: PROPRI-435C9523
    Utilisateur actuel: Seb
    .
    ============== ÉLÉMENT(S) TROUVÉ(S) ==============
    .
    .
    C:\Documents and Settings\Seb\Application Data\AskToolbar
    C:\Documents and Settings\Seb\Application Data\Mozilla\FireFox\Profiles\0yjf6z7x.default\extensions\toolbar@ask.com
    C:\Documents and Settings\Seb\Local Settings\Application Data\AskToolbar
    C:\Program Files\Ask.com
    C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    .
    HKCU\Software\AppDataLow\AskToolbarInfo
    HKCU\Software\Ask.com
    HKCU\Software\AskToolbar
    HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
    HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
    HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
    HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    HKLM\Software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCA25126-2B55-437a-AA5B-F300D393654B}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
    .
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version 3.6.3 (fr) *
    .
    C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Seb\\Mes documents\\Mes images
    C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - browser.search.defaultenginename: Fast Browser Search
    C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - browser.search.defaulturl: hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
    C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - browser.search.selectedEngine: Fast Browser Search
    C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - browser.startup.homepage: hxxp://google.fr
    C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
    C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - keyword.URL: hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={1ED82761-22CD-DDF8-9932-E1B233D2591C}&q=
    .
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("browser.search.defaultenginename", "Fast Browser Search");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("browser.search.defaulturl", "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("browser.search.order.1", "Fast Browser Search");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("browser.search.selectedEngine", "Fast Browser Search");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("extensions.asktb.cbid", "EV");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&dm=lang");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("extensions.asktb.fresh-install", false);
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("extensions.asktb.l", "dis");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("extensions.asktb.last-config-req", "1274252461992");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("extensions.asktb.locale", "fr_FR");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("extensions.asktb.nero.userName", "");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("extensions.asktb.o", "101917");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("extensions.asktb.options-lang", "fr");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("extensions.asktb.options-locale", "UK");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("extensions.asktb.qsrc", "2871");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("extensions.asktb.r", "2");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3,toolbar@ask.com:3.6.6.117,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3");
    TROUVÉ: C:\Documents and Settings\Seb\..\0yjf6z7x.default\prefs.js - user_pref("keyword.URL", "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={1ED82761-22CD-DDF8-9932-E1B233D2591C}&q=");
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Custom Search URL: 1
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ========================================
    .
    C:\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Ad-Remover\Backup: 0 Fichier(s)
    .
    C:\Ad-Report-SCAN[1].txt - 7706 Octet(s)
    .
    Fin à: 17:15:23, 19/05/2010
    .
    ============== E.O.F - SCAN[1] ==============
    0
  9. archet9
     
    J'avais dit ceci:

    - Double-clique sur l'icône Ad-remover située sur ton Bureau.
    - Sur la page, clique sur le bouton « Nettoyer »

    ==> Donc recommence !

    a+

    0