Sujet Précédent Sujet Suivant

Un dossier qui ne peut pas etre effacé

Fermé
miidos Messages postés 29 Date d'inscription dimanche 21 novembre 2010 Statut Membre Dernière intervention 15 décembre 2010 - 21 nov. 2010 à 10:23
miidos Messages postés 29 Date d'inscription dimanche 21 novembre 2010 Statut Membre Dernière intervention 15 décembre 2010 - 15 déc. 2010 à 08:17
Bonjour,

merci avant tout pour tous qui vas essayer d m'aider j'ai telechargé un dossier qui s'appelle "diablo 2 by redlion" au debut ce dossier la na pa voulu etre effacé
mais apres je le supprime normalment mai a chaque fois que j'ouvre mon ordinateur de nouveau il se met sur mon bureau apres autour de 30 second de l'apparaition du bureau ; est ce quelqun peut m'aider svp
mercii

54 réponses

Précédent
Réponse 21 / 54
miidos Messages postés 29 Date d'inscription dimanche 21 novembre 2010 Statut Membre Dernière intervention 15 décembre 2010
22 nov. 2010 à 19:10
oh lol je savais pas ^^ et je n c pa exactement c quoi le p2p mai j'ai telechargé avant ; des choses
0
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
22 nov. 2010 à 19:57 
oh lol je savais pas ^^ et je n c pa exactement c quoi le p2p mai j'ai telechargé avant ; des choses


Et tu va me dire également que tu sais pas ce qu'est "Ares galaxy" ??

Peut etre un jeu en 3D intergalactique ?
0
miidos Messages postés 29 Date d'inscription dimanche 21 novembre 2010 Statut Membre Dernière intervention 15 décembre 2010
23 nov. 2010 à 12:45
ares galaxy était dans mon ordi quand je l'ai acheté
un autre probleme qui commence c jours la je n c pa si sa a une relation avec le dossier mai quand jouvre l'ordinateur le bureau napparait pas je doit le redemmarer des fois pour qu'il apparai ;
est ce que tu peut m'aider? comment effacer le dossier de diablo 2 :/
0
Réponse 22 / 54
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
23 nov. 2010 à 18:34
Mmmhh.........

télécharge lopS&D

*double-cliquez dessus pour installer le programme.
* Un raccourci sera créé sur votre bureau , double-cliquez dessus pour lancer l'outil.
*choisis la langue .
*choisis l'option 1 (recherche) .
*copie/colle le rapport sur le forum.

0
Réponse 23 / 54
miidos Messages postés 29 Date d'inscription dimanche 21 novembre 2010 Statut Membre Dernière intervention 15 décembre 2010
23 nov. 2010 à 18:59
merci deja ^^

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A11
USER : Administrateur ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:78 Go (Free:9 Go)
D:\ (Local Disk) - NTFS - Total:219 Go (Free:218 Go)
E:\ (CD or DVD)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 23/11/2010|18:55 )

--------------------\\ Listing des dossiers dans APPLIC~1

[31/10/2010|09:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\4shared Desktop
[12/01/2010|17:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\ACD Systems
[22/07/2010|20:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Acronis
[17/06/2010|15:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[01/01/2010|23:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\app
[03/06/2010|17:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[23/12/2009|06:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
[01/07/2010|23:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\CheckPoint
[10/03/2010|18:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
[20/11/2010|20:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Dofus 2
[24/04/2010|11:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[24/04/2010|11:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[25/04/2010|01:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[16/11/2010|23:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\fizzy
[22/12/2009|11:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\FlashFXP
[30/09/2010|07:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\GetRightToGo
[19/02/2010|15:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[23/12/2009|06:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
[23/12/2009|14:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[27/06/2010|22:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[17/10/2010|17:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
[12/09/2010|18:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[26/12/2009|21:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[30/01/2010|11:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\MusicIP
[05/07/2010|20:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Opera
[09/04/2010|20:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[01/01/2010|23:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[28/02/2010|18:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sahmon Games
[23/11/2010|18:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
[17/11/2010|00:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\skypePM
[22/12/2009|11:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[22/12/2009|11:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Thunderbird
[22/12/2009|12:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\TMP
[31/10/2010|00:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Uniblue
[25/12/2009|16:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
[20/06/2010|16:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Yahoo!

[22/12/2009|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
[23/12/2009|23:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acronis
[30/10/2010|23:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[10/01/2010|03:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[22/12/2009|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[23/12/2009|06:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[13/06/2010|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[10/03/2010|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[23/12/2009|06:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell
[07/01/2010|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\KONAMI
[22/12/2009|11:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[27/06/2010|22:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[26/01/2010|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[24/01/2010|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee Security Scan
[01/10/2010|16:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/12/2009|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[22/12/2009|11:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[05/07/2010|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[22/12/2009|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[05/02/2010|18:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[31/10/2010|00:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpeedBit
[02/07/2010|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sun
[23/11/2010|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[30/12/2009|22:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[22/12/2009|11:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[05/07/2010|01:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/12/2009|11:41] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[23/11/2010 13:01][--a------] C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[23/11/2010 13:16][--a------] C:\WINDOWS\tasks\FlockUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500UA.job
[22/11/2010 19:16][--a------] C:\WINDOWS\tasks\FlockUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500Core.job
[25/04/2010 20:43][--a------] C:\WINDOWS\tasks\Install.job.non.job
[23/11/2010 12:49][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[23/11/2010 12:58][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500UA.job
[17/11/2010 17:58][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500Core.job
[23/11/2010 18:50][--ah-----] C:\WINDOWS\tasks\SA.DAT
[07/09/2002 01:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[22/12/2009|11:43] C:\Program Files\ACD Systems
[22/12/2009|11:45] C:\Program Files\Acronis
[17/04/2010|21:05] C:\Program Files\Activision
[30/10/2010|23:25] C:\Program Files\Adobe
[22/12/2009|11:46] C:\Program Files\Alwil Software
[10/01/2010|03:06] C:\Program Files\Apple Software Update
[18/06/2010|13:58] C:\Program Files\Ares
[03/11/2010|18:01] C:\Program Files\Ask.com
[23/12/2009|06:12] C:\Program Files\ATI Technologies
[13/06/2010|22:11] C:\Program Files\Avira
[02/07/2010|13:38] C:\Program Files\BYOND
[29/12/2009|15:08] C:\Program Files\CAPCOM
[20/08/2010|00:57] C:\Program Files\CCleaner
[22/11/2010|19:54] C:\Program Files\Cheat Engine
[01/07/2010|23:57] C:\Program Files\CheckPoint
[22/12/2009|11:50] C:\Program Files\Chrono
[22/12/2009|11:52] C:\Program Files\Combined Community Codec Pack
[16/07/2010|21:16] C:\Program Files\Common Files
[22/12/2009|11:37] C:\Program Files\ComPlus Applications
[24/12/2009|22:16] C:\Program Files\Conduit
[22/12/2009|11:51] C:\Program Files\CyberLink
[22/12/2009|11:59] C:\Program Files\DAEMON Tools
[31/10/2010|00:34] C:\Program Files\DAP
[14/08/2010|18:36] C:\Program Files\Defraggler
[24/12/2009|12:06] C:\Program Files\Dell
[22/12/2009|11:37] C:\Program Files\Desktop
[04/09/2010|05:00] C:\Program Files\Dofus
[30/12/2009|22:57] C:\Program Files\Dofus 2
[22/12/2009|11:50] C:\Program Files\ElcomSoft
[05/07/2010|10:51] C:\Program Files\ERUNT
[30/10/2010|23:25] C:\Program Files\Fichiers communs
[22/12/2009|11:52] C:\Program Files\FlashFXP
[02/10/2010|20:08] C:\Program Files\Garena
[16/07/2010|20:37] C:\Program Files\gPotato.eu
[22/12/2009|11:46] C:\Program Files\HashTab Shell Extension
[25/09/2010|17:30] C:\Program Files\Hotspot Shield
[30/10/2010|23:23] C:\Program Files\Hotspot_Shield
[23/12/2009|07:05] C:\Program Files\IDT
[05/07/2010|10:11] C:\Program Files\Iminent
[21/11/2010|01:16] C:\Program Files\InstallShield Installation Information
[23/12/2009|06:02] C:\Program Files\Intel
[30/06/2010|12:38] C:\Program Files\Internet Explorer
[02/07/2010|15:17] C:\Program Files\Java
[14/08/2010|01:13] C:\Program Files\KONAMI
[22/12/2009|11:50] C:\Program Files\Kristanix
[22/12/2009|11:45] C:\Program Files\Lavasoft
[04/09/2010|02:12] C:\Program Files\LogMeIn Hamachi
[27/06/2010|22:09] C:\Program Files\Malwarebytes' Anti-Malware
[22/12/2009|12:12] C:\Program Files\Marvell
[22/12/2009|11:52] C:\Program Files\Media Player Classic
[23/12/2009|23:44] C:\Program Files\Microsoft
[01/01/2010|13:18] C:\Program Files\Microsoft Games
[22/12/2009|11:56] C:\Program Files\Microsoft Office
[23/12/2009|23:44] C:\Program Files\Microsoft Office Outlook Connector
[02/10/2010|08:06] C:\Program Files\Microsoft Silverlight
[23/12/2009|23:42] C:\Program Files\Microsoft SQL Server Compact Edition
[23/12/2009|23:43] C:\Program Files\Microsoft Sync Framework
[22/12/2009|11:56] C:\Program Files\Microsoft Visual Studio
[22/12/2009|11:56] C:\Program Files\Microsoft Works
[22/12/2009|11:56] C:\Program Files\Microsoft.NET
[22/12/2009|11:38] C:\Program Files\Movie Maker
[28/10/2010|18:32] C:\Program Files\Mozilla Firefox
[02/07/2010|13:38] C:\Program Files\Mozilla Thunderbird
[22/12/2009|11:36] C:\Program Files\MSN Gaming Zone
[22/12/2009|11:40] C:\Program Files\MSXML 4.0
[05/09/2010|04:20] C:\Program Files\MultiTranse
[22/12/2009|11:52] C:\Program Files\My Company Name
[31/10/2010|00:50] C:\Program Files\MyPlayCity.com
[16/07/2010|15:29] C:\Program Files\Neffy
[22/12/2009|11:44] C:\Program Files\Nero
[22/12/2009|11:38] C:\Program Files\NetMeeting
[19/07/2010|19:40] C:\Program Files\Nmap
[05/07/2010|15:33] C:\Program Files\NOS
[05/07/2010|20:54] C:\Program Files\Opera
[22/12/2009|11:38] C:\Program Files\Outlook Express
[03/11/2010|18:24] C:\Program Files\palmolino
[17/11/2010|21:47] C:\Program Files\Protection_ZoneAlarm
[22/12/2009|11:50] C:\Program Files\PuTTY
[22/12/2009|11:50] C:\Program Files\QuickPar
[10/01/2010|03:07] C:\Program Files\QuickTime Alternative
[30/10/2010|23:23] C:\Program Files\radiodofus
[21/11/2010|01:19] C:\Program Files\REACTOR
[09/04/2010|20:27] C:\Program Files\Real
[22/12/2009|11:52] C:\Program Files\Real Alternative
[23/12/2009|07:04] C:\Program Files\Realtek
[17/04/2010|21:09] C:\Program Files\Rome
[31/08/2010|18:21] C:\Program Files\RomStation
[26/10/2005|11:02] C:\Program Files\rtwbi
[06/07/2010|12:03] C:\Program Files\Safari
[05/06/2010|16:37] C:\Program Files\SAGEM
[04/09/2010|02:57] C:\Program Files\serveur dofus
[22/12/2009|11:39] C:\Program Files\Services en ligne
[05/02/2010|18:20] C:\Program Files\Skype
[22/12/2009|11:43] C:\Program Files\SlySoft
[16/11/2010|23:14] C:\Program Files\SpeedBit Video Accelerator
[16/11/2010|23:39] C:\Program Files\SSIII Solo Ultratus
[31/10/2010|08:52] C:\Program Files\Star Downloader
[30/10/2010|23:23] C:\Program Files\ToggleEN
[01/07/2010|23:51] C:\Program Files\Trend Micro
[30/06/2010|12:38] C:\Program Files\Uninstall Information
[31/10/2010|08:40] C:\Program Files\Unlocker
[01/10/2010|21:59] C:\Program Files\Valve
[24/12/2009|12:03] C:\Program Files\WIDCOMM
[30/01/2010|11:55] C:\Program Files\Winamp
[23/12/2009|23:43] C:\Program Files\Windows Live
[10/09/2010|17:17] C:\Program Files\Windows Live Safety Center
[23/12/2009|23:41] C:\Program Files\Windows Live SkyDrive
[22/12/2009|11:36] C:\Program Files\Windows Media Connect 2
[22/12/2009|11:40] C:\Program Files\Windows Media Player
[22/12/2009|11:48] C:\Program Files\Windows NT
[22/12/2009|11:39] C:\Program Files\WindowsUpdate
[19/07/2010|19:40] C:\Program Files\WinPcap
[22/12/2009|11:50] C:\Program Files\WinRAR
[22/12/2009|11:50] C:\Program Files\Xtremsplit
[31/10/2010|00:52] C:\Program Files\Yahoo!
[17/07/2010|22:55] C:\Program Files\Yu-Gi-Oh Power Of Chaos trilogy
[01/07/2010|23:57] C:\Program Files\Zone Labs

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[22/12/2009|11:43] C:\Program Files\Fichiers communs\ACD Systems
[22/12/2009|11:45] C:\Program Files\Fichiers communs\Acronis
[20/11/2010|20:00] C:\Program Files\Fichiers communs\Adobe AIR
[22/12/2009|11:44] C:\Program Files\Fichiers communs\Ahead
[10/01/2010|03:06] C:\Program Files\Fichiers communs\Apple
[22/12/2009|11:56] C:\Program Files\Fichiers communs\DESIGNER
[22/12/2009|12:13] C:\Program Files\Fichiers communs\InstallShield
[02/07/2010|15:18] C:\Program Files\Fichiers communs\Java
[23/12/2009|23:41] C:\Program Files\Fichiers communs\Microsoft Shared
[22/12/2009|11:38] C:\Program Files\Fichiers communs\MSSoap
[22/12/2009|12:30] C:\Program Files\Fichiers communs\ODBC
[09/04/2010|20:27] C:\Program Files\Fichiers communs\Real
[22/12/2009|11:38] C:\Program Files\Fichiers communs\Services
[20/07/2010|12:02] C:\Program Files\Fichiers communs\Skype
[22/12/2009|12:30] C:\Program Files\Fichiers communs\SpeechEngines
[22/12/2009|11:54] C:\Program Files\Fichiers communs\System
[23/12/2009|23:23] C:\Program Files\Fichiers communs\Windows Live
[22/12/2009|11:45] C:\Program Files\Fichiers communs\Wise Installation Wizard
[09/04/2010|20:27] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 67 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 18:56:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:247][D:29]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:78][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:1783][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 23/11/2010|18:57 - Option : [1]

--------------------\\ Fin du rapport a 18:57:52
0
Réponse 24 / 54
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
23 nov. 2010 à 22:23
Télécharges AD-Remover sur ton bureau :


/!\ Déconnectes toi et fermes toutes applications en cours

? Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
? Double clique sur l'icône Ad-removersituée sur ton bureau
? Au menu principal choisi l'option "Scanner"
? Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 54
miidos Messages postés 29 Date d'inscription dimanche 21 novembre 2010 Statut Membre Dernière intervention 15 décembre 2010
Modifié par miidos le 24/11/2010 à 08:10
enfaite je le a trouvé deja telechargé et installé dans son emplacement

et dit moi si je doit refaire les scan car le dossier je lefface chaque fois j'ouvre lordinateur comme je t'ai dit

voiala :)

======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 11/11/10 à 11:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 08:08:17 le 24/11/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 2 (X86)
Administrateur@SWEET-4DF474995 ( )

============== RECHERCHE ==============


Fichier trouvé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Fichier trouvé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Fichier trouvé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\searchplugins\askcom.xml
Dossier trouvé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\conduit
Dossier trouvé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\ConduitEngine
Dossier trouvé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\extensions\engine@conduit.com
Fichier trouvé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\searchplugins\conduit.xml
Dossier trouvé: C:\Program Files\Ask.com
Dossier trouvé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\AskToolbar
Dossier trouvé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit
Dossier trouvé: C:\Program Files\Conduit

-- Fichier ouvert: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\Prefs.js --
Ligne trouvée: user_pref("CT1561552.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT156...
Ligne trouvée: user_pref("CT2077543.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Ligne trouvée: user_pref("CT2077543.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT207...
Ligne trouvée: user_pref("CT2613520.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...
Ligne trouvée: user_pref("CT2613520.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261...
Ligne trouvée: user_pref("CT2613520.ct2613520.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=U...
Ligne trouvée: user_pref("browser.search.defaultengine", "Ask.com");
Ligne trouvée: user_pref("browser.search.defaultenginename", "Ask.com");
Ligne trouvée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680812&Sea...
Ligne trouvée: user_pref("browser.search.order.1", "Ask.com");
Ligne trouvée: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2680812&SearchSource=13");
Ligne trouvée: user_pref("extensions.asktb.cbid", "SQ");
Ligne trouvée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}...
Ligne trouvée: user_pref("extensions.asktb.fresh-install", false);
Ligne trouvée: user_pref("extensions.asktb.l", "dis");
Ligne trouvée: user_pref("extensions.asktb.last-config-req", "1288805127449");
Ligne trouvée: user_pref("extensions.asktb.locale", "en_US");
Ligne trouvée: user_pref("extensions.asktb.o", "14088");
Ligne trouvée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Ligne trouvée: user_pref("extensions.asktb.qsrc", "2871");
Ligne trouvée: user_pref("extensions.asktb.r", "2");
Ligne trouvée: user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=...
Ligne trouvée: user_pref("extensions.asktb.search-suggestions-enabled", true);
-- Fichier Fermé --


Clé trouvée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé trouvée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé trouvée: HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Clé trouvée: HKLM\Software\Classes\Toolbar.CT1561552
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2032792
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2077543
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2095689
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2187070
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2613520
Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKCU\Software\Ask.com
Clé trouvée: HKCU\Software\AskToolbar
Clé trouvée: HKCU\Software\Conduit
Clé trouvée: HKCU\Software\AppDataLow\AskBarDis
Clé trouvée: HKCU\Software\AppDataLow\AskToolbarInfo
Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchTheWeb

Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.12 (fr)] **

-- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\Administrateur\\Bureau
browser.search.defaultenginename, Ask.com
browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680812&SearchSource=3&q={searchTerms}
browser.search.selectedEngine, Google
browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT2680812&SearchSource=13
browser.startup.homepage_override.mstone, rv:1.9.2.12
privacy.popups.showBrowserMessage, false

========================================

** Internet Explorer Version [7.0.5730.13] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: ${URL_SEARCHPAGE}
Show_ToolBar: yes
Start Page: hxxp://www.ask.com/?o=14090&l=dis
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: ${URL_SEARCHPAGE}
Start Page: ${URL_STARTPAGE}

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 2 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 24/11/2010 (8493 Octet(s))
C:\Ad-Report-SCAN[2].txt - 24/11/2010 (6718 Octet(s))

Fin à: 08:09:20, 24/11/2010

============== E.O.F ==============
0
Réponse 26 / 54
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
24 nov. 2010 à 18:31
! Déconnectes toi et fermes toutes applications en cours !

? Relances "Ad-remover" : au menu principal choisi l'option "Nettoyer" .

? Postes le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides)
0
Réponse 27 / 54
miidos Messages postés 29 Date d'inscription dimanche 21 novembre 2010 Statut Membre Dernière intervention 15 décembre 2010
24 nov. 2010 à 21:24
ok et enfaite je fait dhabitute sur les pc de mes amis Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" bureau mai sa ne marche pas sur mon pc
bon
======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 11/11/10 à 11:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 21:21:00 le 24/11/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 2 (X86)
Administrateur@SWEET-4DF474995 ( )

============== ACTION(S) ==============


Fichier supprimé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Fichier supprimé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Fichier supprimé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\searchplugins\askcom.xml
Dossier supprimé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\conduit
Dossier supprimé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\ConduitEngine
Dossier supprimé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\extensions\engine@conduit.com
Fichier supprimé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\searchplugins\conduit.xml
Dossier supprimé: C:\Program Files\Ask.com
Dossier supprimé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\AskToolbar
Dossier supprimé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit
Dossier supprimé: C:\Program Files\Conduit

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\Prefs.js --
Ligne supprimée:
Ligne supprimée:
Ligne supprimée: user_pref("CT1561552.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT156...
Ligne supprimée: user_pref("CT2077543.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Ligne supprimée: user_pref("CT2077543.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT207...
Ligne supprimée: user_pref("CT2613520.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...
Ligne supprimée: user_pref("CT2613520.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261...
Ligne supprimée: user_pref("CT2613520.ct2613520.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=U...
Ligne supprimée: user_pref("browser.search.defaultengine", "Ask.com");
Ligne supprimée: user_pref("browser.search.defaultenginename", "Ask.com");
Ligne supprimée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680812&Sea...
Ligne supprimée: user_pref("browser.search.order.1", "Ask.com");
Ligne supprimée: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2680812&SearchSource=13");
Ligne supprimée: user_pref("extensions.asktb.cbid", "SQ");
Ligne supprimée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}...
Ligne supprimée: user_pref("extensions.asktb.fresh-install", false);
Ligne supprimée: user_pref("extensions.asktb.l", "dis");
Ligne supprimée: user_pref("extensions.asktb.last-config-req", "1288805127449");
Ligne supprimée: user_pref("extensions.asktb.locale", "en_US");
Ligne supprimée: user_pref("extensions.asktb.o", "14088");
Ligne supprimée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Ligne supprimée: user_pref("extensions.asktb.qsrc", "2871");
Ligne supprimée: user_pref("extensions.asktb.r", "2");
Ligne supprimée: user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=...
Ligne supprimée: user_pref("extensions.asktb.search-suggestions-enabled", true);
-- Fichier Fermé --


Clé supprimée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé supprimée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé supprimée: HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Erreur suppression clé: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Erreur suppression clé: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Clé supprimée: HKLM\Software\Classes\Toolbar.CT1561552
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2032792
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2077543
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2095689
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2187070
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2613520
Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKCU\Software\Ask.com
Clé supprimée: HKCU\Software\AskToolbar
Clé supprimée: HKCU\Software\Conduit
Clé supprimée: HKCU\Software\AppDataLow\AskBarDis
Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo
Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchTheWeb

Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.12 (fr)] **

-- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\Administrateur\\Bureau
browser.search.selectedEngine, Google
browser.startup.homepage_override.mstone, rv:1.9.2.12
privacy.popups.showBrowserMessage, false

========================================

** Internet Explorer Version [7.0.5730.13] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 89 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 24/11/2010 (3966 Octet(s))
C:\Ad-Report-SCAN[1].txt - 24/11/2010 (8493 Octet(s))
C:\Ad-Report-SCAN[2].txt - 24/11/2010 (8549 Octet(s))

Fin à: 21:22:17, 24/11/2010

============== E.O.F ==============
0
Réponse 28 / 54
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
24 nov. 2010 à 21:51
C'est maintenant que ça va se corser :

Télécharges ComboFix à partir d'un de ces liens :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
la protection en temps réel de ton Antivirus et de tes Antispywares,
qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt,.
est automatiquement sauvegardé et rangé à C:\Combofix.txt)

? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares,
avant de te reconnecter à internet.

? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
Réponse 29 / 54
miidos Messages postés 29 Date d'inscription dimanche 21 novembre 2010 Statut Membre Dernière intervention 15 décembre 2010
25 nov. 2010 à 11:34
bonjour :D

enfaite il ma dit memoir insuffisante pr teminer le tri mai il a terminer en tout cas

ComboFix 10-11-24.04 - Administrateur 25/11/2010 11:23:11.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3580.2956 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
.
---- Exécution préalable -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\explorer.backup
c:\windows\system32\_000003_.tmp.dll
D:\main.exe

----- BITS: Il y a peut-être des sites infectés -----

hxxp://update.flock.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-25 au 2010-11-25 ))))))))))))))))))))))))))))))))))))
.

2010-11-25 10:18 . 2010-11-25 10:18 -------- d-----w- c:\windows\system32\xircom
2010-11-25 10:18 . 2010-11-25 10:18 -------- d-----w- c:\windows\system32\wbem\snmp
2010-11-25 10:18 . 2010-11-25 10:18 -------- d-----w- c:\windows\system32\oobe
2010-11-25 10:18 . 2010-11-25 10:18 -------- d-----w- c:\windows\srchasst
2010-11-25 10:18 . 2010-11-25 10:18 -------- d-----w- c:\program files\microsoft frontpage
2010-11-24 07:06 . 2010-11-24 07:06 -------- d-----w- c:\program files\Ad-Remover
2010-11-23 17:54 . 2010-11-23 17:57 -------- d-----w- C:\Lop SD
2010-11-23 11:49 . 2010-11-23 11:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Protection_ZoneAlarm
2010-11-21 00:16 . 2010-07-27 15:13 27136 ----a-w- c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
2010-11-21 00:16 . 2010-03-24 15:57 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
2010-11-21 00:16 . 2010-03-24 15:56 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2010-11-21 00:16 . 2010-11-21 00:19 -------- d-----w- c:\program files\REACTOR
2010-11-17 20:47 . 2010-11-17 20:47 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Protection_ZoneAlarm
2010-11-17 20:47 . 2010-11-17 20:47 -------- d-----w- c:\program files\Protection_ZoneAlarm
2010-11-16 22:43 . 2010-11-24 10:40 -------- d-----w- C:\Nouveau dossier (4)
2010-11-16 22:40 . 2010-11-16 22:40 -------- d-----w- c:\documents and settings\Administrateur\Application Data\fizzy
2010-11-16 22:40 . 2010-11-16 22:40 -------- d-sh--w- c:\windows\ftpcache
2010-11-16 22:39 . 2010-11-16 22:39 -------- d-----w- c:\program files\SSIII Solo Ultratus
2010-11-03 17:24 . 2010-11-03 17:24 -------- d-----w- c:\program files\palmolino
2010-11-02 11:49 . 2010-11-02 11:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ToggleEN
2010-10-31 08:45 . 2010-10-31 08:47 -------- d-----w- c:\documents and settings\Administrateur\Application Data\4shared Desktop
2010-10-30 23:40 . 2010-10-30 23:40 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Uniblue
2010-10-30 23:36 . 2010-11-16 22:14 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-10-30 23:29 . 2010-10-30 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-10-30 23:29 . 2010-10-30 23:34 -------- d-----w- c:\program files\DAP
2010-10-30 23:29 . 2010-10-30 23:29 172032 ----a-w- c:\windows\system32\AniGIF.ocx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-30 23:29 . 2010-10-30 23:34 252080 ----a-w- c:\program files\opera\program\plugins\dapop.dll
.

------- Sigcheck -------

[-] 2007-06-26 . C7BE59B07C6EB74BEA6FD67C1B164015 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys

[-] 2007-06-14 . C7BCEA1533BE5C9E15884D6C39B667F1 . 80216 . . [7.0.6000.374] . . c:\windows\icon_TMP\wuauclt.exe
[-] 2007-06-14 . C7BCEA1533BE5C9E15884D6C39B667F1 . 80216 . . [7.0.6000.374] . . c:\windows\system32\wuauclt.exe
[7] 2007-06-14 . 3A83A45E7DD5276315AA20245E7C32BF . 53080 . . [7.0.6000.374] . . c:\windows\system_backup\wuauclt.exe

[-] 2004-08-04 . E28D16A8D63ECA6246921FDF7CBDE42A . 1227264 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-04 . E28D16A8D63ECA6246921FDF7CBDE42A . 1227264 . . [6.00.2900.2180] . . c:\windows\icon_TMP\explorer.exe
[7] 2004-08-04 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\system_backup\explorer.exe


c:\windows\System32\wscntfy.exe ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b905bc9d-6059-4517-a6b4-950d26299a2b}"= "c:\program files\radiodofus\tbrad1.dll" [2010-09-04 2734688]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot0.dll" [2010-10-30 2735200]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2010-06-13 2734688]
"{d7f26d0e-9801-45c3-a091-8a65e4ed73b5}"= "c:\program files\Protection_ZoneAlarm\tbProt.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b905bc9d-6059-4517-a6b4-950d26299a2b}]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{d7f26d0e-9801-45c3-a091-8a65e4ed73b5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\ToggleEN\tbTogg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b905bc9d-6059-4517-a6b4-950d26299a2b}]
2010-09-04 03:10 2734688 ----a-w- c:\program files\radiodofus\tbrad1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2010-10-30 22:25 2735200 ----a-w- c:\program files\Hotspot_Shield\tbHot0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d7f26d0e-9801-45c3-a091-8a65e4ed73b5}]
2010-06-13 18:10 2734688 ----a-w- c:\program files\Protection_ZoneAlarm\tbProt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b905bc9d-6059-4517-a6b4-950d26299a2b}"= "c:\program files\radiodofus\tbrad1.dll" [2010-09-04 2734688]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot0.dll" [2010-10-30 2735200]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2010-06-13 2734688]
"{d7f26d0e-9801-45c3-a091-8a65e4ed73b5}"= "c:\program files\Protection_ZoneAlarm\tbProt.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b905bc9d-6059-4517-a6b4-950d26299a2b}]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{d7f26d0e-9801-45c3-a091-8a65e4ed73b5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B905BC9D-6059-4517-A6B4-950D26299A2B}"= "c:\program files\radiodofus\tbrad1.dll" [2010-09-04 2734688]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot0.dll" [2010-10-30 2735200]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b905bc9d-6059-4517-a6b4-950d26299a2b}]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-27 135664]
"ares"="c:\program files\Ares\Ares.exe" [2010-01-09 955392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Flock Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Flock\Update\FlockUpdate.exe" [2010-07-19 136312]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-10-30 2836656]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-11-16 1698064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="%ProgramFiles%\DAEMON Tools\daemon.exe -lang 1033" [X]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1185264]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-11-14 1708032]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2009-11-10 417792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-04-09 185784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"4shared Update"="d:\4s\4shared Desktop\checkUpdate.exe" [2010-10-29 608760]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-29 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-09-28 738808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-06-26 124928]

c:\documents and settings\Administrateur\Menu D'marrer\Programmes\D'marrage\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=


R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
R3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [2009-03-04 1656960]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-16 3453712]
R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-22 685816]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-09-22 325168]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-09-28 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-09-28 493048]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-07-16 35088]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-03-06 113024]
S3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\Drivers\OA009Afx.sys [2007-06-08 148056]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2008-10-06 144544]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2008-10-07 268992]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [2008-11-21 160256]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'

2010-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-11-24 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500Core.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-07-19 17:11]

2010-11-25 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500UA.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-07-19 17:11]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500Core.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-27 12:37]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500UA.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-27 12:37]

2010-04-25 c:\windows\Tasks\Install.job.non.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-04-25 17:30]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ask.com/?o=14090&l=dis
mStart Page = ${URL_STARTPAGE}
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download All using 4shared Desktop - d:\4s\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - d:\4s\4shared Desktop\down_link.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.search.selectedEngine - Google

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-25 11:27
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1252)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(1308)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
.
Heure de fin: 2010-11-25 11:28:57
ComboFix-quarantined-files.txt 2010-11-25 10:28

Avant-CF: 10 773 635 072 octets libres
Après-CF: 10 741 657 600 octets libres

- - End Of File - - F4A4CC949040E565771B623E2468112F
0
Réponse 30 / 54
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
25 nov. 2010 à 19:29
> Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
- Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie/colle dedans les lignes suivantes :



Folder::
c:\documents and settings\Administrateur\Local Settings\Application Data\Flock
File::
c:\windows\system32\ijjiProcessRestarter.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flock Update"=-

- Enregistre ce fichier sous le nom CFScript
- Fait un glisser/déposer de ce fichier CFScrïpt sur le fichier ComboFix.exe comme sur cette image. (Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris.) Combofix va démarrer.
- Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
- Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Note : Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 31 / 54
miidos Messages postés 29 Date d'inscription dimanche 21 novembre 2010 Statut Membre Dernière intervention 15 décembre 2010
26 nov. 2010 à 11:51
ComboFix 10-11-24.04 - Administrateur 26/11/2010 11:35:30.3.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3580.2965 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
.
PEV Error: ProfilesFile

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Il y a peut-être des sites infectés -----

hxxp://update.flock.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-26 au 2010-11-26 ))))))))))))))))))))))))))))))))))))
.

2010-11-25 10:18 . 2010-11-25 10:18 -------- d-----w- c:\windows\system32\xircom
2010-11-25 10:18 . 2010-11-25 10:18 -------- d-----w- c:\windows\system32\wbem\snmp
2010-11-25 10:18 . 2010-11-25 10:18 -------- d-----w- c:\windows\system32\oobe
2010-11-25 10:18 . 2010-11-25 10:18 -------- d-----w- c:\windows\srchasst
2010-11-25 10:18 . 2010-11-25 10:18 -------- d-----w- c:\program files\microsoft frontpage
2010-11-24 07:06 . 2010-11-24 07:06 -------- d-----w- c:\program files\Ad-Remover
2010-11-23 17:54 . 2010-11-23 17:57 -------- d-----w- C:\Lop SD
2010-11-23 11:49 . 2010-11-23 11:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Protection_ZoneAlarm
2010-11-21 00:16 . 2010-07-27 15:13 27136 ----a-w- c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
2010-11-21 00:16 . 2010-03-24 15:57 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
2010-11-21 00:16 . 2010-03-24 15:56 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2010-11-21 00:16 . 2010-11-21 00:19 -------- d-----w- c:\program files\REACTOR
2010-11-17 20:47 . 2010-11-17 20:47 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Protection_ZoneAlarm
2010-11-17 20:47 . 2010-11-17 20:47 -------- d-----w- c:\program files\Protection_ZoneAlarm
2010-11-16 22:43 . 2010-11-24 10:40 -------- d-----w- C:\Nouveau dossier (4)
2010-11-16 22:40 . 2010-11-16 22:40 -------- d-----w- c:\documents and settings\Administrateur\Application Data\fizzy
2010-11-16 22:40 . 2010-11-16 22:40 -------- d-sh--w- c:\windows\ftpcache
2010-11-16 22:39 . 2010-11-16 22:39 -------- d-----w- c:\program files\SSIII Solo Ultratus
2010-11-03 17:24 . 2010-11-03 17:24 -------- d-----w- c:\program files\palmolino
2010-11-02 11:49 . 2010-11-02 11:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ToggleEN
2010-10-31 08:45 . 2010-10-31 08:47 -------- d-----w- c:\documents and settings\Administrateur\Application Data\4shared Desktop
2010-10-30 23:40 . 2010-10-30 23:40 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Uniblue
2010-10-30 23:36 . 2010-11-16 22:14 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-10-30 23:29 . 2010-10-30 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-10-30 23:29 . 2010-10-30 23:34 -------- d-----w- c:\program files\DAP
2010-10-30 23:29 . 2010-10-30 23:29 172032 ----a-w- c:\windows\system32\AniGIF.ocx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-30 23:29 . 2010-10-30 23:34 252080 ----a-w- c:\program files\opera\program\plugins\dapop.dll
.

------- Sigcheck -------

[-] 2007-06-26 . C7BE59B07C6EB74BEA6FD67C1B164015 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys

[-] 2007-06-14 . C7BCEA1533BE5C9E15884D6C39B667F1 . 80216 . . [7.0.6000.374] . . c:\windows\icon_TMP\wuauclt.exe
[-] 2007-06-14 . C7BCEA1533BE5C9E15884D6C39B667F1 . 80216 . . [7.0.6000.374] . . c:\windows\system32\wuauclt.exe
[7] 2007-06-14 . 3A83A45E7DD5276315AA20245E7C32BF . 53080 . . [7.0.6000.374] . . c:\windows\system_backup\wuauclt.exe

[-] 2004-08-04 . E28D16A8D63ECA6246921FDF7CBDE42A . 1227264 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-04 . E28D16A8D63ECA6246921FDF7CBDE42A . 1227264 . . [6.00.2900.2180] . . c:\windows\icon_TMP\explorer.exe
[7] 2004-08-04 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\system_backup\explorer.exe


c:\windows\System32\wscntfy.exe ... manque !!
.
((((((((((((((((((((((((((((( SnapShot@2010-11-25_10.27.51 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b905bc9d-6059-4517-a6b4-950d26299a2b}"= "c:\program files\radiodofus\tbrad1.dll" [2010-09-04 2734688]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot0.dll" [2010-10-30 2735200]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2010-06-13 2734688]
"{d7f26d0e-9801-45c3-a091-8a65e4ed73b5}"= "c:\program files\Protection_ZoneAlarm\tbProt.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b905bc9d-6059-4517-a6b4-950d26299a2b}]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{d7f26d0e-9801-45c3-a091-8a65e4ed73b5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\ToggleEN\tbTogg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b905bc9d-6059-4517-a6b4-950d26299a2b}]
2010-09-04 03:10 2734688 ----a-w- c:\program files\radiodofus\tbrad1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2010-10-30 22:25 2735200 ----a-w- c:\program files\Hotspot_Shield\tbHot0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d7f26d0e-9801-45c3-a091-8a65e4ed73b5}]
2010-06-13 18:10 2734688 ----a-w- c:\program files\Protection_ZoneAlarm\tbProt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b905bc9d-6059-4517-a6b4-950d26299a2b}"= "c:\program files\radiodofus\tbrad1.dll" [2010-09-04 2734688]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot0.dll" [2010-10-30 2735200]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2010-06-13 2734688]
"{d7f26d0e-9801-45c3-a091-8a65e4ed73b5}"= "c:\program files\Protection_ZoneAlarm\tbProt.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b905bc9d-6059-4517-a6b4-950d26299a2b}]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{d7f26d0e-9801-45c3-a091-8a65e4ed73b5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B905BC9D-6059-4517-A6B4-950D26299A2B}"= "c:\program files\radiodofus\tbrad1.dll" [2010-09-04 2734688]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot0.dll" [2010-10-30 2735200]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b905bc9d-6059-4517-a6b4-950d26299a2b}]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-27 135664]
"ares"="c:\program files\Ares\Ares.exe" [2010-01-09 955392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-10-30 2836656]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-11-16 1698064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="%ProgramFiles%\DAEMON Tools\daemon.exe -lang 1033" [X]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1185264]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-11-14 1708032]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2009-11-10 417792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-04-09 185784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"4shared Update"="d:\4s\4shared Desktop\checkUpdate.exe" [2010-10-29 608760]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-29 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-09-28 738808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-06-26 124928]

c:\documents and settings\Administrateur\Menu D'marrer\Programmes\D'marrage\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=


R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
R3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [2009-03-04 1656960]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-16 3453712]
R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-22 685816]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-09-22 325168]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-09-28 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-09-28 493048]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-07-16 35088]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-03-06 113024]
S3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\Drivers\OA009Afx.sys [2007-06-08 148056]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2008-10-06 144544]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2008-10-07 268992]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [2008-11-21 160256]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'

2010-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-11-25 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500Core.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-07-19 17:11]

2010-11-25 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500UA.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-07-19 17:11]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500Core.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-27 12:37]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500UA.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-27 12:37]

2010-04-25 c:\windows\Tasks\Install.job.non.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-04-25 17:30]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ask.com/?o=14090&l=dis
mStart Page = ${URL_STARTPAGE}
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download All using 4shared Desktop - d:\4s\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - d:\4s\4shared Desktop\down_link.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.search.selectedEngine - Google

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-26 11:47
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1252)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(1308)
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Heure de fin: 2010-11-26 11:49:02
ComboFix-quarantined-files.txt 2010-11-26 10:48
ComboFix2.txt 2010-11-25 10:28

Avant-CF: 10 556 936 192 octets libres
Après-CF: 10 533 232 640 octets libres

- - End Of File - - 579B41B2D3D839D1010C6B88C4CFFAF2
0
Réponse 32 / 54
miidos Messages postés 29 Date d'inscription dimanche 21 novembre 2010 Statut Membre Dernière intervention 15 décembre 2010
26 nov. 2010 à 20:44
j'ai tout fait correctement je suis sur :/ et je document texte disparait apres le scan est ce que c normal ? enfaite j'ai tout refai

ComboFix 10-11-24.04 - Administrateur 26/11/2010 20:07:27.4.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3580.2975 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Il y a peut-être des sites infectés -----

hxxp://update.flock.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-26 au 2010-11-26 ))))))))))))))))))))))))))))))))))))
.

2010-11-26 12:41 . 2010-11-26 12:41 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-26 12:41 . 2010-11-26 12:41 -------- d-----w- c:\program files\ConduitEngine
2010-11-26 12:35 . 2010-11-26 12:35 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Conduit
2010-11-25 10:18 . 2010-11-25 10:18 -------- d-----w- c:\windows\system32\xircom
2010-11-25 10:18 . 2010-11-25 10:18 -------- d-----w- c:\windows\system32\wbem\snmp
2010-11-25 10:18 . 2010-11-25 10:18 -------- d-----w- c:\windows\system32\oobe
2010-11-25 10:18 . 2010-11-25 10:18 -------- d-----w- c:\windows\srchasst
2010-11-25 10:18 . 2010-11-25 10:18 -------- d-----w- c:\program files\microsoft frontpage
2010-11-24 07:06 . 2010-11-24 07:06 -------- d-----w- c:\program files\Ad-Remover
2010-11-23 17:54 . 2010-11-23 17:57 -------- d-----w- C:\Lop SD
2010-11-23 11:49 . 2010-11-23 11:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Protection_ZoneAlarm
2010-11-21 00:16 . 2010-07-27 15:13 27136 ----a-w- c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
2010-11-21 00:16 . 2010-03-24 15:57 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
2010-11-21 00:16 . 2010-03-24 15:56 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2010-11-21 00:16 . 2010-11-21 00:19 -------- d-----w- c:\program files\REACTOR
2010-11-17 20:47 . 2010-11-26 12:39 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Protection_ZoneAlarm
2010-11-17 20:47 . 2010-11-17 20:47 -------- d-----w- c:\program files\Protection_ZoneAlarm
2010-11-16 22:43 . 2010-11-24 10:40 -------- d-----w- C:\Nouveau dossier (4)
2010-11-16 22:40 . 2010-11-16 22:40 -------- d-----w- c:\documents and settings\Administrateur\Application Data\fizzy
2010-11-16 22:40 . 2010-11-16 22:40 -------- d-sh--w- c:\windows\ftpcache
2010-11-16 22:39 . 2010-11-16 22:39 -------- d-----w- c:\program files\SSIII Solo Ultratus
2010-11-03 17:24 . 2010-11-03 17:24 -------- d-----w- c:\program files\palmolino
2010-11-02 11:49 . 2010-11-02 11:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ToggleEN
2010-10-31 08:45 . 2010-10-31 08:47 -------- d-----w- c:\documents and settings\Administrateur\Application Data\4shared Desktop
2010-10-30 23:40 . 2010-10-30 23:40 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Uniblue
2010-10-30 23:36 . 2010-11-16 22:14 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-10-30 23:29 . 2010-10-30 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-10-30 23:29 . 2010-10-30 23:34 -------- d-----w- c:\program files\DAP
2010-10-30 23:29 . 2010-10-30 23:29 172032 ----a-w- c:\windows\system32\AniGIF.ocx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-30 23:29 . 2010-10-30 23:34 252080 ----a-w- c:\program files\opera\program\plugins\dapop.dll
.

------- Sigcheck -------

[-] 2007-06-26 . C7BE59B07C6EB74BEA6FD67C1B164015 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys

[-] 2007-06-14 . C7BCEA1533BE5C9E15884D6C39B667F1 . 80216 . . [7.0.6000.374] . . c:\windows\icon_TMP\wuauclt.exe
[-] 2007-06-14 . C7BCEA1533BE5C9E15884D6C39B667F1 . 80216 . . [7.0.6000.374] . . c:\windows\system32\wuauclt.exe
[7] 2007-06-14 . 3A83A45E7DD5276315AA20245E7C32BF . 53080 . . [7.0.6000.374] . . c:\windows\system_backup\wuauclt.exe

[-] 2004-08-04 . E28D16A8D63ECA6246921FDF7CBDE42A . 1227264 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-04 . E28D16A8D63ECA6246921FDF7CBDE42A . 1227264 . . [6.00.2900.2180] . . c:\windows\icon_TMP\explorer.exe
[7] 2004-08-04 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\system_backup\explorer.exe


c:\windows\System32\wscntfy.exe ... manque !!
.
((((((((((((((((((((((((((((( SnapShot@2010-11-25_10.27.51 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b905bc9d-6059-4517-a6b4-950d26299a2b}"= "c:\program files\radiodofus\tbrad2.dll" [2010-10-18 3908192]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot2.dll" [2010-10-18 3908192]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2010-06-13 2734688]
"{d7f26d0e-9801-45c3-a091-8a65e4ed73b5}"= "c:\program files\Protection_ZoneAlarm\tbProt.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b905bc9d-6059-4517-a6b4-950d26299a2b}]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{d7f26d0e-9801-45c3-a091-8a65e4ed73b5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\ToggleEN\tbTogg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b905bc9d-6059-4517-a6b4-950d26299a2b}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\radiodofus\tbrad2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Hotspot_Shield\tbHot2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d7f26d0e-9801-45c3-a091-8a65e4ed73b5}]
2010-06-13 18:10 2734688 ----a-w- c:\program files\Protection_ZoneAlarm\tbProt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b905bc9d-6059-4517-a6b4-950d26299a2b}"= "c:\program files\radiodofus\tbrad2.dll" [2010-10-18 3908192]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot2.dll" [2010-10-18 3908192]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2010-06-13 2734688]
"{d7f26d0e-9801-45c3-a091-8a65e4ed73b5}"= "c:\program files\Protection_ZoneAlarm\tbProt.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b905bc9d-6059-4517-a6b4-950d26299a2b}]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{d7f26d0e-9801-45c3-a091-8a65e4ed73b5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B905BC9D-6059-4517-A6B4-950D26299A2B}"= "c:\program files\radiodofus\tbrad2.dll" [2010-10-18 3908192]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot2.dll" [2010-10-18 3908192]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b905bc9d-6059-4517-a6b4-950d26299a2b}]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-27 135664]
"ares"="c:\program files\Ares\Ares.exe" [2010-01-09 955392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-10-30 2836656]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-11-16 1698064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="%ProgramFiles%\DAEMON Tools\daemon.exe -lang 1033" [X]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1185264]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-11-14 1708032]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2009-11-10 417792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-04-09 185784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"4shared Update"="d:\4s\4shared Desktop\checkUpdate.exe" [2010-10-29 608760]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-29 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-09-28 738808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-06-26 124928]

c:\documents and settings\Administrateur\Menu D'marrer\Programmes\D'marrage\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=


R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
R3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [2009-03-04 1656960]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-16 3453712]
R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-22 685816]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-09-22 325168]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-09-28 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-09-28 493048]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-07-16 35088]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-03-06 113024]
S3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\Drivers\OA009Afx.sys [2007-06-08 148056]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2008-10-06 144544]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2008-10-07 268992]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [2008-11-21 160256]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'

2010-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-11-26 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500Core.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-07-19 17:11]

2010-11-26 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500UA.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-07-19 17:11]

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500Core.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-27 12:37]

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500UA.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-27 12:37]

2010-04-25 c:\windows\Tasks\Install.job.non.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-04-25 17:30]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ask.com/?o=14090&l=dis
mStart Page = ${URL_STARTPAGE}
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download All using 4shared Desktop - d:\4s\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - d:\4s\4shared Desktop\down_link.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.search.selectedEngine - Google

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-26 20:11
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1252)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(1308)
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Heure de fin: 2010-11-26 20:12:39
ComboFix-quarantined-files.txt 2010-11-26 19:12
ComboFix2.txt 2010-11-26 10:49
ComboFix3.txt 2010-11-25 10:28

Avant-CF: 10 315 214 848 octets libres
Après-CF: 10 349 068 288 octets libres

- - End Of File - - 82E7FB51289853845F433BC463F7D1A5
0
Réponse 33 / 54
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
26 nov. 2010 à 21:15
recolle moi un nouveau log ZhpDiag .
0
Réponse 34 / 54
miidos Messages postés 29 Date d'inscription dimanche 21 novembre 2010 Statut Membre Dernière intervention 15 décembre 2010
27 nov. 2010 à 08:12
dans le cijoint i l me di erreur interne erreur 500
0
Réponse 35 / 54
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
27 nov. 2010 à 09:17
Le site déconne un peu ces temps ci ,utilise celui ci ==> https://www.cjoint.com/
0
Réponse 36 / 54
miidos Messages postés 29 Date d'inscription dimanche 21 novembre 2010 Statut Membre Dernière intervention 15 décembre 2010
27 nov. 2010 à 15:45
ok :D voiala
https://www.cjoint.com/?0lBpSNNHhWy
0
Réponse 37 / 54
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
27 nov. 2010 à 19:20
Télécharge OTM de OldTimer sur ton Bureau en cliquant sur ce lien :

http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

Double-clique sur OTMoveIt3.exe pour le lancer.

Copie la liste qui se trouve en gras ci-dessous,

et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".





:files
c:\documents and settings\administrateur\local settings\application data\flock
C:\Program Files\BYOND
C:\WINDOWS\Tasks\FlockUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500Core.job
C:\WINDOWS\Tasks\FlockUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500UA.job
C:\WINDOWS\Tasks\Install.job.non.job
C:\WINDOWS\System32\ijjiProcessRestarter.exe

:commands
[emptytemp]
[start explorer]
[reboot]



Clique sur "MoveIt!" pour lancer la suppression.

Le résultat apparaitra dans le cadre "Results".

Clique sur "Exit" pour fermer.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .

Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
0
Réponse 38 / 54
miidos Messages postés 29 Date d'inscription dimanche 21 novembre 2010 Statut Membre Dernière intervention 15 décembre 2010
Modifié par miidos le 28/11/2010 à 08:32
est je peut enlever le reboot pr ne pa redemmarrer?

nan rien laisse tomber
quand j'ai redemmarer la premiere fois le bureau na pas apparai et je n pouvai pa ouvrir la gestionnaire des tache (juste une remarque)
et autre chose ; la premiere fois que cette daube apparai g essayer de leffacer en mode sans echec mai elle na pa apparu
0
Réponse 39 / 54
miidos Messages postés 29 Date d'inscription dimanche 21 novembre 2010 Statut Membre Dernière intervention 15 décembre 2010
28 nov. 2010 à 08:41
All processes killed
========== FILES ==========
c:\documents and settings\administrateur\local settings\application data\Flock\User Data-95123-mlkpojionoi\Default\Sync Data folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data-95123-mlkpojionoi\Default\Plugin Data\Google Gears folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data-95123-mlkpojionoi\Default\Plugin Data folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data-95123-mlkpojionoi\Default\Local Storage folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data-95123-mlkpojionoi\Default\databases\chrome-extension_flock_people_0 folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data-95123-mlkpojionoi\Default\databases folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data-95123-mlkpojionoi\Default\Cached Theme Images folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data-95123-mlkpojionoi\Default\Cache folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data-95123-mlkpojionoi\Default folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data-95123-mlkpojionoi folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data\Default\Plugin Data\Google Gears folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data\Default\Plugin Data folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data\Default\Local Storage folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data\Default\databases\chrome-extension_flock_people_0 folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data\Default\databases folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data\Default\Cached Theme Images folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data\Default\Cache folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data\Default folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\User Data folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Update\Manifest\Initial folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Update\Manifest folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Update\Download folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Update\1.2.213.0 folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Update folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\CrashReports folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\Dictionaries folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Themes folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Resources\Inspector\Images folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Resources\Inspector folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Resources\bookmark_manager\js\cr\ui folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Resources\bookmark_manager\js\cr folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Resources\bookmark_manager\js\bmm folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Resources\bookmark_manager\js folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Resources\bookmark_manager\images folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Resources\bookmark_manager\css folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Resources\bookmark_manager folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Resources folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Locales folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Installer folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\FlockComponents folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Extensions\People folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Extensions\FeedDetect folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Extensions\Contextifier folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281\Extensions folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1281 folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Themes folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Resources\Inspector\Images folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Resources\Inspector folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Resources\bookmark_manager\js\cr\ui folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Resources\bookmark_manager\js\cr folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Resources\bookmark_manager\js\bmm folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Resources\bookmark_manager\js folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Resources\bookmark_manager\images folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Resources\bookmark_manager\css folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Resources\bookmark_manager folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Resources folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Locales folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Installer folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\FlockComponents folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Extensions\People folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Extensions\FeedDetect folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Extensions\Contextifier folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280\Extensions folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application\5.0.375.1280 folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock\Application folder moved successfully.
c:\documents and settings\administrateur\local settings\application data\Flock folder moved successfully.
C:\Program Files\BYOND\help\ref folder moved successfully.
C:\Program Files\BYOND\help folder moved successfully.
C:\Program Files\BYOND\cfg folder moved successfully.
C:\Program Files\BYOND\bin folder moved successfully.
C:\Program Files\BYOND folder moved successfully.
C:\WINDOWS\Tasks\FlockUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500Core.job moved successfully.
C:\WINDOWS\Tasks\FlockUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500UA.job moved successfully.
C:\WINDOWS\Tasks\Install.job.non.job moved successfully.
C:\WINDOWS\System32\ijjiProcessRestarter.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 2037709 bytes
->Temporary Internet Files folder emptied: 3905050 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 34056520 bytes
->Google Chrome cache emptied: 298102213 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 357764 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 1051320 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 1051320 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114937 bytes
%systemroot%\System32 .tmp files removed: 580608 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1126376 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 329,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 11282010_082257

Files moved on Reboot...
C:\Documents and Settings\Administrateur\Local Settings\Temp\~DF3B25.tmp moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\urlclassifier3.sqlite moved successfully.
C:\WINDOWS\temp\ZLT066d6.TMP moved successfully.

Registry entries deleted on Reboot...

Files moved on Reboot...
File C:\Documents and Settings\Administrateur\Local Settings\Temp\~DF3B25.tmp not found!
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_001_ not found!
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_002_ not found!
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_003_ not found!
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_MAP_ not found!
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\urlclassifier3.sqlite not found!
File C:\WINDOWS\temp\ZLT066d6.TMP not found!

Registry entries deleted on Reboot...
0
Réponse 40 / 54
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
28 nov. 2010 à 09:01
Relance ZhpDiag et colle moi le nouveau rapport pour vérifier que les fichiers ont bien été supprimés .
0

Discussions similaires

Extraire le contenu de plusieurs fichiers
politicus -
Syl_tls1 -

11 réponses
comment donner les droits sur fichier partage
ch'ti du 57 -
fil1958 -

2 réponses