Sujet Précédent Sujet Suivant

Alerte IE

Fermé
antoine_canada Messages postés 32 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 15 décembre 2013 - 21 mai 2011 à 12:49
antoine_canada Messages postés 32 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 15 décembre 2013 - 23 mai 2011 à 19:35
Bonjour,

J'ai reçu le message suivant alors que je naviguais:
"Caution! Your computer contains a variety of suspicious programs. Your System reuires immediate checking! The system will perform a fast and free check PC for malicious programs" - ok - ou - cancel -

Même après avoir appuyer sur cancel, le check a été lancé.
J'ai immédiatement débranché mon cable internet et lancer un scan avast, malwarebyte et un ccleaner.

Est ce que quelq'un a déjà été confronté à ce message et à ce "scan". Si oui, est-il malfaisant? Dois-je entreprendre d'autres actions de protection et de nettoyage?

Merci de votre aide.

Cordialement,

Antoine


A voir également:

17 réponses

Réponse 1 / 17
Utilisateur anonyme
21 mai 2011 à 12:55
salut....^^

desactive tes protections puis enregistre ceci sur ton bureau

Pre_Scan

s'il n'est pas sur ton bureau coupe-le de ton dossier telechargements et colle-le sur ton bureau

Avertissement: Il y aura une extinction courte du bureau --> pas de panique.

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan.txt" sur le bureau.

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

si l'outil semble ne pas avoir fonctionné clique plusieurs fois très rapidement dessus ou renomme-le winlogon , ou change son extension en .com ou .scr

Il se peut que l'outil soit un peu long sur la reattribution des fichiers tout depend combien tu en as , laisse-le travailler

Poste Pre_Scan.txt qui apparaitre sur le bureau en fin de scan
1
Réponse 2 / 17
antoine_canada Messages postés 32 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 15 décembre 2013 1
22 mai 2011 à 19:19
Salut,

J'ai suivi tes instructions mais j'ai eu qq problème: le bureau ne s'est jamais remis, même après avoir laissé mouliner une journée.
Après avoir rebooté mon PC et lancé Pre_Script.exe (qui était apparu sur mon bureau au redemarrage), voici le résultat:
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤

Utilisateur : Antoine (Administrateurs)
Ordinateur : TONIO

Système d'exploitation : Microsoft Windows XP (32 bits)
Internet Explorer : 7.0.5730.11
Mozilla Firefox : 2.0.0.2 (fr)

Script : 19:06:09

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

explorer.exe -> Processus redémarré

Fin : 19:06:09

¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤

Ca me semble pas mal par rapport à mon problème initial, non?

Par contre, plusieurs nouvelles questions:
- par rapport à Pre_Scan, je fais quoi?
- j'avais, avant le scan, Rainlander2 sur mon bureau qui se lancait automatiquement; maintenant, impossible de le lancer ???
- j'ai un Desktop.ini qui est apparu dans mes raccourcis ???

Que dois-je faire pour tout remettre en ordre?

A+
0
antoine_canada Messages postés 32 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 15 décembre 2013 1
22 mai 2011 à 19:24
Dernière chose: ma page s'acceuil IE est devenu Google.
0
Réponse 3 / 17
Utilisateur anonyme
22 mai 2011 à 19:26
je ne t'ai pas demandé de lancer Pre_Script

tu as C:\Pre_Scan.txt ?
0
Réponse 4 / 17
antoine_canada Messages postés 32 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 15 décembre 2013 1
22 mai 2011 à 19:31
oups... vu que j'avais pas trouvé de .txt sur le bureau, j'avais cru bien faire...

J'ai trouvé ce que tu demandes:

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan 1.0.1.10 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤

Mis à jour le 21/05/2011 | 12.45 par g3n-h@ckm@n
Utilisateur : Antoine (Administrateurs)
Ordinateur : TONIO

Système d'exploitation : Microsoft Windows XP (32 bits)
Internet Explorer : 7.0.5730.11
Mozilla Firefox : 2.0.0.2 (fr)

Scan : 13:57:29 | 21/05/2011

¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

428 | C:\WINDOWS\System32\smss.exe - SYSTEM - Normal - \SystemRoot\System32\smss.exe - 4
896 | C:\WINDOWS\system32\csrss.exe - SYSTEM - Normal - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 - 428
920 | C:\WINDOWS\system32\winlogon.exe - SYSTEM - High - winlogon.exe - 428
972 | C:\WINDOWS\system32\services.exe - SYSTEM - Normal - C:\WINDOWS\system32\services.exe - 920
984 | C:\WINDOWS\system32\lsass.exe - SYSTEM - Normal - C:\WINDOWS\system32\lsass.exe - 920
1152 | C:\WINDOWS\system32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\system32\svchost -k DcomLaunch - 972
1220 | C:\WINDOWS\system32\svchost.exe - - Normal - C:\WINDOWS\system32\svchost -k rpcss - 972
1364 | C:\WINDOWS\System32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\System32\svchost.exe -k netsvcs - 972
1384 | C:\Program Files\Ahead\InCD\InCDsrv.exe - SYSTEM - Normal - "C:\Program Files\Ahead\InCD\InCDsrv.exe" - 972
1512 | C:\WINDOWS\system32\svchost.exe - NETWORK SERVICE - Normal - C:\WINDOWS\system32\svchost.exe -k NetworkService - 972
1644 | C:\WINDOWS\system32\svchost.exe - LOCAL SERVICE - Normal - C:\WINDOWS\system32\svchost.exe -k LocalService - 972
1756 | C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe - SYSTEM - Normal - "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" - 972
1908 | C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - SYSTEM - Normal - "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" - 972
640 | C:\WINDOWS\system32\spoolsv.exe - SYSTEM - Normal - C:\WINDOWS\system32\spoolsv.exe - 972
844 | C:\WINDOWS\system32\svchost.exe - - Normal - C:\WINDOWS\system32\svchost.exe -k LocalService - 972
364 | C:\Program Files\Dassault Systemes\B10\intel_a\code\bin\CATSysDemon.exe - SYSTEM - Normal - "C:\Program Files\Dassault Systemes\B10\intel_a\code\bin\CATSysDemon.exe" -service - 972
1256 | C:\WINDOWS\system32\bgsvcgen.exe - SYSTEM - Normal - C:\WINDOWS\system32\bgsvcgen.exe - 972
1336 | C:\Program Files\Java\jre6\bin\jqs.exe - SYSTEM - Idle - "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" - 972
1408 | C:\Program Files\Common Files\LightScribe\LSSrvc.exe - SYSTEM - Normal - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" - 972
1428 | C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe - SYSTEM - Normal - "C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe" - 972
1508 | C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe - SYSTEM - Normal - "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" - 972
1536 | C:\WINDOWS\system32\nvsvc32.exe - SYSTEM - Normal - C:\WINDOWS\system32\nvsvc32.exe - 972
1592 | C:\WINDOWS\system32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\system32\svchost.exe -k imgsvc - 972
1672 | C:\WINDOWS\system32\wbem\unsecapp.exe - SYSTEM - Normal - C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding - 1152
2092 | C:\WINDOWS\system32\wbem\wmiprvse.exe - SYSTEM - Normal - C:\WINDOWS\system32\wbem\wmiprvse.exe - 1152
2108 | C:\WINDOWS\System32\alg.exe - LOCAL SERVICE - Normal - C:\WINDOWS\System32\alg.exe - 972
3040 | C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe - Antoine - Normal - "C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe" /keymon - 1428
3408 | C:\WINDOWS\system32\sstray.exe - Antoine - Normal - "C:\WINDOWS\system32\sstray.exe" /r - 2932
3648 | C:\Program Files\Ahead\InCD\InCD.exe - Antoine - Normal - "C:\Program Files\Ahead\InCD\InCD.exe" - 2932
3660 | C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe - Antoine - Normal - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" - 2932
3688 | C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe - Antoine - Normal - "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" - 2932
3836 | C:\Program Files\Logitech\QuickCam\Quickcam.exe - Antoine - Normal - "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide - 2932
3872 | C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe - Antoine - Normal - "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" - 2932
3924 | C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - Antoine - Normal - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" - 2932
3936 | C:\Program Files\Alwil Software\Avast5\avastUI.exe - Antoine - Normal - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui - 2932
1316 | C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe - Antoine - Normal - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" - 2932
1624 | C:\Program Files\QuickTime\QTTask.exe - Antoine - Normal - "C:\Program Files\QuickTime\QTTask.exe" -atboottime - 2932
1572 | C:\Program Files\Common Files\Java\Java Update\jusched.exe - Antoine - Normal - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" - 2932
1444 | C:\Program Files\DivX\DivX Update\DivXUpdate.exe - Antoine - Normal - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW - 2932
2212 | C:\WINDOWS\system32\ctfmon.exe - Antoine - Normal - "C:\WINDOWS\system32\ctfmon.exe" - 2932
2316 | C:\Program Files\SuperCopier2\SuperCopier2.exe - Antoine - Normal - "C:\Program Files\SuperCopier2\SuperCopier2.exe" - 2932
2592 | C:\Program Files\Rainlendar2\Rainlendar2.exe - Antoine - Normal - "C:\Program Files\Rainlendar2\Rainlendar2.exe" - 2932
3760 | C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe - Antoine - Normal - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe" - 2932
3816 | C:\Program Files\WinZip\WZQKPICK.EXE - Antoine - Normal - "C:\Program Files\WinZip\WZQKPICK.EXE" - 2932
3980 | C:\Program Files\Micro Application\LauncherMA.exe - Antoine - Normal - "C:\Program Files\Micro Application\LauncherMA.exe" - 2932
2628 | C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe - Antoine - Normal - "C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding - 1152
1404 | C:\Program Files\OpenOffice.org 2.2\program\soffice.exe - Antoine - Normal - "C:\Program Files\OpenOffice.org 2.2\program\soffice.exe" -quickstart - 1684
320 | C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN - Antoine - Normal - "C:\Program Files\OpenOffice.org 2.2\program\soffice.exe" -quickstart - 1404
496 | C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe - Antoine - Normal - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding - 1152
336 | C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe - Antoine - Normal - "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp psc 2100 series#1206877466" /Startup - 496
5196 | C:\Program Files\Windows Live\Messenger\wlcsdk.exe - Antoine - Normal - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -Embedding - 1152
4980 | C:\Documents and Settings\Antoine\Desktop\Pre_scan.exe - Antoine - High - "C:\Documents and Settings\Antoine\Desktop\Pre_scan.exe" - 2932
4684 | C:\WINDOWS\system32\cmd.exe - Antoine - Normal - cmd /c ""C:\Kill'em\Pv.bat" " - 4980
4548 | C:\Kill'em\Pv.exe - Antoine - Normal - C:\Kill'em\pv.exe -o"%i | %f - %u - %p - %l - %r" - 4684

¤¤¤¤¤¤¤¤¤¤ Winlogon

[HKLM | Winlogon] | Shell : Explorer.exe
[HKLM | Winlogon] | AutoRestartShell : 1
[HKLM | Winlogon] | userinit : C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe,
[HKLM | Winlogon] | PowerDownAfterShutdown : 0 -> 1
[HKLM | Winlogon] | System :

¤¤¤¤¤¤¤¤¤¤ Associations

[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : comfile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : rundll32.exe ieframe.dll,OpenURL %l -> "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : %SystemRoot%\Explorer.exe /idlist,%I,%L -> C:\WINDOWS\explorer.exe

¤

[Firefox | Command] | @ : C:\Program Files\Mozilla Firefox\firefox.exe -> "C:\Program Files\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ : "C:\Program Files\Mozilla Firefox\firefox.exe" -safemode -> "C:\Program Files\Mozilla Firefox\Firefox.exe" -safe-mode
[IE | Command] | @ : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[Assoc | Applications] | @ : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

¤¤¤¤¤¤¤¤¤¤ Divers

[HKLM | HideDesktopIcons\NewStartPanel] | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel] | {208D2C60-3AEA-1069-A2D7-08002B30309D} : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel] | {871C5380-42A0-1069-A2EA-08002B30309D} : 1 -> 0
[HKCU | Desktop] | Wallpaper : C:\WINDOWS\ACD Wallpaper.bmp
[HKCU | policies\Explorer] | NoDriveTypeAutoRun : 0x91000000 -> 145
[HKLM | policies\Explorer] | HonorAutoRunSetting : 1

¤¤¤¤¤¤¤¤¤¤ Services

[Ndisuio] | Start : 3
[lmhosts] | Start : 2 : Actif
[LanmanWorkstation] | Start : 2 : Actif
[LanmanServer] | Start : 2 : Actif
[Audiosrv] | Start : 2 : Actif
[ERSvc] | Start : 2 : Actif
[Bits] | Start : 2 : Actif
[CryptSvc] | Start : 2 : Actif
[EapHost] | Start : 3 -> 2 : Redémarré
[SharedAccess] | Start : 2 : Actif
[wuauserv] | Start : 2 : Actif
[wscsvc] | Start : 2 : Actif
[wzcsvc] | Start : 2 : Actif

¤¤¤¤¤¤¤¤¤¤ Internet Explorer

[HKCU | Main] | Start Page : http://neufportail.fr/ -> https://www.google.com/?gws_rd=ssl
[HKCU | Main] | Local Page : C:\windows\system32\blank.htm
[HKCU | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKLM | Main] | Start Page : http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Local Page : C:\windows\system32\blank.htm
[HKLM | Main] | Default_Search_URL : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | Main] | Default_Page_URL : http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ Processus

C:\WINDOWS\ATKKBService.exe -> Processus stoppé
C:\WINDOWS\explorer.exe -> Processus stoppé
\WINDOWS\explorer.exe -> Processus stoppé

¤¤¤¤¤¤¤¤¤¤ Traitement Fichiers | Dossiers | Registre

Mise en quarantaine : C:\DOCUME~1\Antoine\LOCALS~1\Temp\TCD1E9.tmp
Erreur de suppression : C:\DOCUME~1\Antoine\LOCALS~1\Temp\TCD1E9.tmp
Mise en quarantaine : C:\DOCUME~1\Antoine\LOCALS~1\Temp\TCD1F1.tmp
Erreur de suppression : C:\DOCUME~1\Antoine\LOCALS~1\Temp\TCD1F1.tmp

¤¤¤¤¤¤¤¤¤¤ IFEO


¤¤¤¤¤¤¤¤¤¤ Mountpoints2

Supprimé : [{711fa5d4-680f-11e0-8553-806d6172696f} | Autorun\command] -> E:\setup.exe /autorun

¤¤¤¤¤¤¤¤¤¤ Listing %AppData%

[05/01/2008 | 13:26:29] | C:\Documents and Settings\Antoine\Application Data\ACD Systems
[27/05/2007 | 17:14:38] | C:\Documents and Settings\Antoine\Application Data\Adobe
[27/05/2007 | 17:46:04] | C:\Documents and Settings\Antoine\Application Data\Ahead
[16/09/2007 | 08:45:51] | C:\Documents and Settings\Antoine\Application Data\Apple Computer
[03/01/2008 | 21:24:53] | C:\Documents and Settings\Antoine\Application Data\Calendrier Xtra
[20/11/2010 | 10:29:20] | C:\Documents and Settings\Antoine\Application Data\CheckPoint
[24/06/2007 | 21:02:34] | C:\Documents and Settings\Antoine\Application Data\CyberLink
[07/07/2007 | 13:34:55] | C:\Documents and Settings\Antoine\Application Data\DassaultSystemes
[27/05/2007 | 00:32:44] | C:\Documents and Settings\Antoine\Application Data\desktop.ini
[29/07/2007 | 15:54:32] | C:\Documents and Settings\Antoine\Application Data\DivX
[30/05/2010 | 19:35:21] | C:\Documents and Settings\Antoine\Application Data\Facebook
[27/05/2007 | 15:33:06] | C:\Documents and Settings\Antoine\Application Data\Google
[30/03/2008 | 19:32:08] | C:\Documents and Settings\Antoine\Application Data\Hewlett-Packard
[27/05/2007 | 00:32:48] | C:\Documents and Settings\Antoine\Application Data\Identities
[06/06/2007 | 18:15:11] | C:\Documents and Settings\Antoine\Application Data\ImageFox
[27/05/2007 | 17:10:34] | C:\Documents and Settings\Antoine\Application Data\IsolatedStorage
[10/07/2010 | 20:48:57] | C:\Documents and Settings\Antoine\Application Data\La Bataille pour la Terre du Milieu
[27/05/2007 | 14:53:44] | C:\Documents and Settings\Antoine\Application Data\Lavasoft
[04/09/2008 | 19:27:09] | C:\Documents and Settings\Antoine\Application Data\Leadertech
[27/05/2007 | 01:16:07] | C:\Documents and Settings\Antoine\Application Data\Macromedia
[15/11/2008 | 22:36:07] | C:\Documents and Settings\Antoine\Application Data\Malwarebytes
[27/05/2007 | 00:32:43] | C:\Documents and Settings\Antoine\Application Data\Microsoft
[29/07/2007 | 15:32:29] | C:\Documents and Settings\Antoine\Application Data\Mozilla
[22/03/2009 | 19:34:23] | C:\Documents and Settings\Antoine\Application Data\NeroDCTemplates
[19/08/2007 | 12:28:11] | C:\Documents and Settings\Antoine\Application Data\OpenOffice.org2
[28/06/2008 | 00:12:25] | C:\Documents and Settings\Antoine\Application Data\SecuROM
[27/05/2007 | 15:35:38] | C:\Documents and Settings\Antoine\Application Data\Skype
[24/07/2009 | 11:34:42] | C:\Documents and Settings\Antoine\Application Data\Stardock
[27/05/2007 | 19:08:08] | C:\Documents and Settings\Antoine\Application Data\Sun
[29/07/2007 | 15:32:33] | C:\Documents and Settings\Antoine\Application Data\Talkback
[22/03/2009 | 18:15:52] | C:\Documents and Settings\Antoine\Application Data\U3
[10/06/2007 | 20:53:56] | C:\Documents and Settings\Antoine\Application Data\vlc
[27/05/2007 | 18:28:22] | C:\Documents and Settings\Antoine\Application Data\webex
[06/02/2008 | 23:07:14] | C:\Documents and Settings\Antoine\Application Data\WinRAR
[19/08/2009 | 07:37:08] | C:\Documents and Settings\Antoine\Application Data\Xilisoft Corporation
[22/08/2008 | 21:44:06] | C:\Documents and Settings\Antoine\Application Data\Yahoo!

¤¤¤¤¤¤¤¤¤¤ Listing %CommonAppData%

[27/05/2007 | 17:34:25] | C:\Documents and Settings\All Users\Application Data\ACD Systems
[27/05/2007 | 17:14:17] | C:\Documents and Settings\All Users\Application Data\Adobe
[19/09/2010 | 11:56:02] | C:\Documents and Settings\All Users\Application Data\Alwil Software
[19/09/2008 | 16:56:35] | C:\Documents and Settings\All Users\Application Data\Apple
[26/01/2011 | 15:46:11] | C:\Documents and Settings\All Users\Application Data\Apple Computer
[24/06/2007 | 20:02:37] | C:\Documents and Settings\All Users\Application Data\CyberLink
[07/07/2007 | 13:34:55] | C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[27/05/2007 | 14:40:41] | C:\Documents and Settings\All Users\Application Data\desktop.ini
[15/07/2010 | 20:37:49] | C:\Documents and Settings\All Users\Application Data\DivX
[27/05/2007 | 15:33:00] | C:\Documents and Settings\All Users\Application Data\Google
[30/03/2008 | 13:39:46] | C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[24/07/2009 | 11:59:50] | C:\Documents and Settings\All Users\Application Data\Ironclad Games
[01/05/2008 | 07:51:42] | C:\Documents and Settings\All Users\Application Data\Lavasoft
[06/06/2007 | 17:55:57] | C:\Documents and Settings\All Users\Application Data\LogiShrd
[06/06/2007 | 17:56:46] | C:\Documents and Settings\All Users\Application Data\Logitech
[15/11/2008 | 20:26:53] | C:\Documents and Settings\All Users\Application Data\MailFrontier
[15/11/2008 | 22:36:02] | C:\Documents and Settings\All Users\Application Data\Malwarebytes
[19/08/2009 | 07:35:33] | C:\Documents and Settings\All Users\Application Data\Micro Application
[27/05/2007 | 14:40:23] | C:\Documents and Settings\All Users\Application Data\Microsoft
[20/05/2011 | 11:20:42] | C:\Documents and Settings\All Users\Application Data\Microsoft Help
[29/07/2007 | 15:32:05] | C:\Documents and Settings\All Users\Application Data\Mozilla
[15/11/2009 | 14:46:18] | C:\Documents and Settings\All Users\Application Data\NOS
[27/05/2007 | 14:52:47] | C:\Documents and Settings\All Users\Application Data\nView_Profiles
[27/01/2011 | 17:36:15] | C:\Documents and Settings\All Users\Application Data\Pinnacle
[27/05/2007 | 17:00:08] | C:\Documents and Settings\All Users\Application Data\PowerQuest
[15/09/2007 | 22:57:00] | C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[21/06/2007 | 21:30:06] | C:\Documents and Settings\All Users\Application Data\QuickTime
[27/05/2007 | 15:35:23] | C:\Documents and Settings\All Users\Application Data\Skype
[24/07/2009 | 11:34:26] | C:\Documents and Settings\All Users\Application Data\Stardock
[30/03/2010 | 21:49:42] | C:\Documents and Settings\All Users\Application Data\Sun
[27/05/2007 | 13:26:21] | C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[22/08/2008 | 21:44:06] | C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[24/07/2009 | 11:34:32] | C:\Documents and Settings\All Users\Application Data\{297D8FE5-CB8B-4047-9AE4-B08E854E45BB}
[10/07/2010 | 11:22:40] | C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}

¤¤¤¤¤¤¤¤¤¤ Listing Tasks

[12/04/2010 | 19:16:11] | C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[21/02/2008 | 20:31:48] | C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[30/03/2008 | 19:32:12] | C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1206877466.job
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan 1.0.1.10 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤

Mis à jour le 21/05/2011 | 12.45 par g3n-h@ckm@n
Utilisateur : Antoine (Administrateurs)
Ordinateur : TONIO

Système d'exploitation : Microsoft Windows XP (32 bits)
Internet Explorer : 7.0.5730.11
Mozilla Firefox : 2.0.0.2 (fr)

Scan : 08:43:21 | 22/05/2011

¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

428 | C:\WINDOWS\System32\smss.exe - SYSTEM - Normal - \SystemRoot\System32\smss.exe - 4
892 | C:\WINDOWS\system32\csrss.exe - SYSTEM - Normal - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 - 428
916 | C:\WINDOWS\system32\winlogon.exe - SYSTEM - High - winlogon.exe - 428
968 | C:\WINDOWS\system32\services.exe - SYSTEM - Normal - C:\WINDOWS\system32\services.exe - 916
980 | C:\WINDOWS\system32\lsass.exe - SYSTEM - Normal - C:\WINDOWS\system32\lsass.exe - 916
1148 | C:\WINDOWS\system32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\system32\svchost -k DcomLaunch - 968
1216 | C:\WINDOWS\system32\svchost.exe - - Normal - C:\WINDOWS\system32\svchost -k rpcss - 968
1384 | C:\WINDOWS\System32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\System32\svchost.exe -k netsvcs - 968
1408 | C:\Program Files\Ahead\InCD\InCDsrv.exe - SYSTEM - Normal - "C:\Program Files\Ahead\InCD\InCDsrv.exe" - 968
1580 | C:\WINDOWS\system32\svchost.exe - NETWORK SERVICE - Normal - C:\WINDOWS\system32\svchost.exe -k NetworkService - 968
1668 | C:\WINDOWS\system32\svchost.exe - LOCAL SERVICE - Normal - C:\WINDOWS\system32\svchost.exe -k LocalService - 968
1900 | C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - SYSTEM - Normal - "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" - 968
620 | C:\WINDOWS\system32\spoolsv.exe - SYSTEM - Normal - C:\WINDOWS\system32\spoolsv.exe - 968
1316 | C:\WINDOWS\system32\svchost.exe - - Normal - C:\WINDOWS\system32\svchost.exe -k LocalService - 968
1420 | C:\Program Files\Dassault Systemes\B10\intel_a\code\bin\CATSysDemon.exe - SYSTEM - Normal - "C:\Program Files\Dassault Systemes\B10\intel_a\code\bin\CATSysDemon.exe" -service - 968
1588 | C:\WINDOWS\system32\bgsvcgen.exe - SYSTEM - Normal - C:\WINDOWS\system32\bgsvcgen.exe - 968
1628 | C:\WINDOWS\System32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\System32\svchost.exe -k eapsvcs - 968
1764 | C:\Program Files\Java\jre6\bin\jqs.exe - SYSTEM - Idle - "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" - 968
1832 | C:\Program Files\Common Files\LightScribe\LSSrvc.exe - SYSTEM - Normal - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" - 968
1728 | C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe - SYSTEM - Normal - "C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe" - 968
252 | C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe - SYSTEM - Normal - "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" - 968
292 | C:\WINDOWS\system32\nvsvc32.exe - SYSTEM - Normal - C:\WINDOWS\system32\nvsvc32.exe - 968
460 | C:\WINDOWS\system32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\system32\svchost.exe -k imgsvc - 968
944 | C:\WINDOWS\system32\sstray.exe - Antoine - Normal - "C:\WINDOWS\system32\sstray.exe" /r - 1268
1636 | C:\Program Files\Ahead\InCD\InCD.exe - Antoine - Normal - "C:\Program Files\Ahead\InCD\InCD.exe" - 1268
1644 | C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe - Antoine - Normal - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" - 1268
1712 | C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe - Antoine - Normal - "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" - 1268
2096 | C:\Program Files\Logitech\QuickCam\Quickcam.exe - Antoine - Normal - "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide - 1268
2156 | C:\Program Files\Alwil Software\Avast5\avastUI.exe - Antoine - Normal - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui - 1268
2188 | C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe - Antoine - Normal - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" - 1268
2256 | C:\Program Files\QuickTime\QTTask.exe - Antoine - Normal - "C:\Program Files\QuickTime\QTTask.exe" -atboottime - 1268
2288 | C:\Program Files\Common Files\Java\Java Update\jusched.exe - Antoine - Normal - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" - 1268
2404 | C:\Program Files\DivX\DivX Update\DivXUpdate.exe - Antoine - Normal - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW - 1268
2432 | C:\WINDOWS\system32\ctfmon.exe - Antoine - Normal - "C:\WINDOWS\system32\ctfmon.exe" - 1268
2704 | C:\Program Files\Rainlendar2\Rainlendar2.exe - Antoine - Normal - "C:\Program Files\Rainlendar2\Rainlendar2.exe" - 1268
2776 | D:\Steam\Steam.exe - Antoine - Normal - "D:\Steam\Steam.exe" -silent - 1268
2856 | C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe - Antoine - Normal - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe" - 1268
2864 | C:\Program Files\WinZip\WZQKPICK.EXE - Antoine - Normal - "C:\Program Files\WinZip\WZQKPICK.EXE" - 1268
2880 | C:\Program Files\Micro Application\LauncherMA.exe - Antoine - Normal - "C:\Program Files\Micro Application\LauncherMA.exe" - 1268
2956 | C:\WINDOWS\system32\wbem\unsecapp.exe - SYSTEM - Normal - C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding - 1148
3284 | C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe - Antoine - Normal - "C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe" /keymon - 1728
3332 | C:\Program Files\OpenOffice.org 2.2\program\soffice.exe - Antoine - Normal - "C:\Program Files\OpenOffice.org 2.2\program\soffice.exe" -quickstart - 2896
3440 | C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN - Antoine - Normal - "C:\Program Files\OpenOffice.org 2.2\program\soffice.exe" -quickstart - 3332
3540 | C:\WINDOWS\System32\alg.exe - LOCAL SERVICE - Normal - C:\WINDOWS\System32\alg.exe - 968
3572 | C:\WINDOWS\system32\wbem\wmiprvse.exe - SYSTEM - Normal - C:\WINDOWS\system32\wbem\wmiprvse.exe - 1148
3772 | C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe - Antoine - Normal - "C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding - 1148
3864 | C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe - Antoine - Normal - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding - 1148
1248 | C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe - Antoine - Normal - "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp psc 2100 series#1206877466" /Startup - 3864
2620 | C:\WINDOWS\system32\wscntfy.exe - Antoine - Normal - C:\WINDOWS\system32\wscntfy.exe - 1384
2504 | C:\Documents and Settings\Antoine\Desktop\Pre_scan.exe - Antoine - High - "C:\Documents and Settings\Antoine\Desktop\Pre_scan.exe" - 1268
1732 | C:\WINDOWS\system32\cmd.exe - Antoine - Normal - cmd /c ""C:\Kill'em\Pv.bat" " - 2504
3016 | C:\Kill'em\Pv.exe - Antoine - Normal - C:\Kill'em\pv.exe -o"%i | %f - %u - %p - %l - %r" - 1732

¤¤¤¤¤¤¤¤¤¤ Winlogon

[HKLM | Winlogon] | Shell : Explorer.exe
[HKLM | Winlogon] | AutoRestartShell : 1
[HKLM | Winlogon] | userinit : C:\WINDOWS\system32\userinit.exe,
[HKLM | Winlogon] | PowerDownAfterShutdown : 1
[HKLM | Winlogon] | System :

¤¤¤¤¤¤¤¤¤¤ Associations

[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : comfile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : C:\WINDOWS\explorer.exe

¤

[Firefox | Command] | @ : "C:\Program Files\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ : "C:\Program Files\Mozilla Firefox\Firefox.exe" -safe-mode
[IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[Assoc | Applications] | @ : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

¤¤¤¤¤¤¤¤¤¤ Divers

[HKLM | HideDesktopIcons\NewStartPanel] | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {208D2C60-3AEA-1069-A2D7-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {871C5380-42A0-1069-A2EA-08002B30309D} : 0
[HKCU | Desktop] | Wallpaper : C:\WINDOWS\ACD Wallpaper.bmp
[HKCU | policies\Explorer] | NoDriveTypeAutoRun : 145
[HKLM | policies\Explorer] | HonorAutoRunSetting : 1

¤¤¤¤¤¤¤¤¤¤ Services

[Ndisuio] | Start : 3
[lmhosts] | Start : 2 : Actif
[LanmanWorkstation] | Start : 2 : Actif
[LanmanServer] | Start : 2 : Actif
[Audiosrv] | Start : 2 : Actif
[ERSvc] | Start : 2 : Actif
[Bits] | Start : 2 : Actif
[CryptSvc] | Start : 2 : Actif
[EapHost] | Start : 2 : Actif
[SharedAccess] | Start : 2 : Actif
[wuauserv] | Start : 2 : Actif
[wscsvc] | Start : 2 : Actif
[wzcsvc] | Start : 2 : Actif

¤¤¤¤¤¤¤¤¤¤ Internet Explorer

[HKCU | Main] | Start Page : about:blank -> https://www.google.com/?gws_rd=ssl
[HKCU | Main] | Local Page : C:\windows\system32\blank.htm
[HKCU | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKLM | Main] | Start Page : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Local Page : C:\windows\system32\blank.htm
[HKLM | Main] | Default_Search_URL : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | Main] | Default_Page_URL : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Search Page : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ Processus

C:\WINDOWS\ATKKBService.exe -> Processus stoppé
C:\WINDOWS\explorer.exe -> Processus stoppé
\WINDOWS\explorer.exe -> Processus stoppé
C:\WINDOWS\ATKKBService.exe -> Processus stoppé
\WINDOWS\explorer.exe -> Processus stoppé

¤¤¤¤¤¤¤¤¤¤ Traitement Fichiers | Dossiers | Registre

Mise en quarantaine : C:\DOCUME~1\Antoine\LOCALS~1\Temp\div1.tmp
Erreur de suppression : C:\DOCUME~1\Antoine\LOCALS~1\Temp\div1.tmp
Mise en quarantaine : C:\DOCUME~1\Antoine\LOCALS~1\Temp\div2.tmp
Erreur de suppression : C:\DOCUME~1\Antoine\LOCALS~1\Temp\div2.tmp
Mise en quarantaine : C:\DOCUME~1\Antoine\LOCALS~1\Temp\sv7l7.tmp
Erreur de suppression : C:\DOCUME~1\Antoine\LOCALS~1\Temp\sv7l7.tmp
Mise en quarantaine : C:\DOCUME~1\Antoine\LOCALS~1\Temp\TCD1E9.tmp
Erreur de suppression : C:\DOCUME~1\Antoine\LOCALS~1\Temp\TCD1E9.tmp
Mise en quarantaine : C:\DOCUME~1\Antoine\LOCALS~1\Temp\TCD1F1.tmp
Erreur de suppression : C:\DOCUME~1\Antoine\LOCALS~1\Temp\TCD1F1.tmp

¤¤¤¤¤¤¤¤¤¤ IFEO


¤¤¤¤¤¤¤¤¤¤ Mountpoints2


¤¤¤¤¤¤¤¤¤¤ Listing %AppData%

[05/01/2008 | 13:26:29] | C:\Documents and Settings\Antoine\Application Data\ACD Systems
[27/05/2007 | 17:14:38] | C:\Documents and Settings\Antoine\Application Data\Adobe
[27/05/2007 | 17:46:04] | C:\Documents and Settings\Antoine\Application Data\Ahead
[16/09/2007 | 08:45:51] | C:\Documents and Settings\Antoine\Application Data\Apple Computer
[03/01/2008 | 21:24:53] | C:\Documents and Settings\Antoine\Application Data\Calendrier Xtra
[20/11/2010 | 10:29:20] | C:\Documents and Settings\Antoine\Application Data\CheckPoint
[24/06/2007 | 21:02:34] | C:\Documents and Settings\Antoine\Application Data\CyberLink
[07/07/2007 | 13:34:55] | C:\Documents and Settings\Antoine\Application Data\DassaultSystemes
[27/05/2007 | 00:32:44] | C:\Documents and Settings\Antoine\Application Data\desktop.ini
[29/07/2007 | 15:54:32] | C:\Documents and Settings\Antoine\Application Data\DivX
[30/05/2010 | 19:35:21] | C:\Documents and Settings\Antoine\Application Data\Facebook
[27/05/2007 | 15:33:06] | C:\Documents and Settings\Antoine\Application Data\Google
[30/03/2008 | 19:32:08] | C:\Documents and Settings\Antoine\Application Data\Hewlett-Packard
[27/05/2007 | 00:32:48] | C:\Documents and Settings\Antoine\Application Data\Identities
[06/06/2007 | 18:15:11] | C:\Documents and Settings\Antoine\Application Data\ImageFox
[27/05/2007 | 17:10:34] | C:\Documents and Settings\Antoine\Application Data\IsolatedStorage
[10/07/2010 | 20:48:57] | C:\Documents and Settings\Antoine\Application Data\La Bataille pour la Terre du Milieu
[27/05/2007 | 14:53:44] | C:\Documents and Settings\Antoine\Application Data\Lavasoft
[04/09/2008 | 19:27:09] | C:\Documents and Settings\Antoine\Application Data\Leadertech
[27/05/2007 | 01:16:07] | C:\Documents and Settings\Antoine\Application Data\Macromedia
[15/11/2008 | 22:36:07] | C:\Documents and Settings\Antoine\Application Data\Malwarebytes
[27/05/2007 | 00:32:43] | C:\Documents and Settings\Antoine\Application Data\Microsoft
[29/07/2007 | 15:32:29] | C:\Documents and Settings\Antoine\Application Data\Mozilla
[22/03/2009 | 19:34:23] | C:\Documents and Settings\Antoine\Application Data\NeroDCTemplates
[19/08/2007 | 12:28:11] | C:\Documents and Settings\Antoine\Application Data\OpenOffice.org2
[28/06/2008 | 00:12:25] | C:\Documents and Settings\Antoine\Application Data\SecuROM
[27/05/2007 | 15:35:38] | C:\Documents and Settings\Antoine\Application Data\Skype
[24/07/2009 | 11:34:42] | C:\Documents and Settings\Antoine\Application Data\Stardock
[27/05/2007 | 19:08:08] | C:\Documents and Settings\Antoine\Application Data\Sun
[29/07/2007 | 15:32:33] | C:\Documents and Settings\Antoine\Application Data\Talkback
[22/03/2009 | 18:15:52] | C:\Documents and Settings\Antoine\Application Data\U3
[10/06/2007 | 20:53:56] | C:\Documents and Settings\Antoine\Application Data\vlc
[27/05/2007 | 18:28:22] | C:\Documents and Settings\Antoine\Application Data\webex
[06/02/2008 | 23:07:14] | C:\Documents and Settings\Antoine\Application Data\WinRAR
[19/08/2009 | 07:37:08] | C:\Documents and Settings\Antoine\Application Data\Xilisoft Corporation
[22/08/2008 | 21:44:06] | C:\Documents and Settings\Antoine\Application Data\Yahoo!

¤¤¤¤¤¤¤¤¤¤ Listing %CommonAppData%

[27/05/2007 | 17:34:25] | C:\Documents and Settings\All Users\Application Data\ACD Systems
[27/05/2007 | 17:14:17] | C:\Documents and Settings\All Users\Application Data\Adobe
[19/09/2010 | 11:56:02] | C:\Documents and Settings\All Users\Application Data\Alwil Software
[19/09/2008 | 16:56:35] | C:\Documents and Settings\All Users\Application Data\Apple
[26/01/2011 | 15:46:11] | C:\Documents and Settings\All Users\Application Data\Apple Computer
[24/06/2007 | 20:02:37] | C:\Documents and Settings\All Users\Application Data\CyberLink
[07/07/2007 | 13:34:55] | C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[27/05/2007 | 14:40:41] | C:\Documents and Settings\All Users\Application Data\desktop.ini
[15/07/2010 | 20:37:49] | C:\Documents and Settings\All Users\Application Data\DivX
[27/05/2007 | 15:33:00] | C:\Documents and Settings\All Users\Application Data\Google
[30/03/2008 | 13:39:46] | C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[24/07/2009 | 11:59:50] | C:\Documents and Settings\All Users\Application Data\Ironclad Games
[01/05/2008 | 07:51:42] | C:\Documents and Settings\All Users\Application Data\Lavasoft
[06/06/2007 | 17:55:57] | C:\Documents and Settings\All Users\Application Data\LogiShrd
[06/06/2007 | 17:56:46] | C:\Documents and Settings\All Users\Application Data\Logitech
[15/11/2008 | 20:26:53] | C:\Documents and Settings\All Users\Application Data\MailFrontier
[15/11/2008 | 22:36:02] | C:\Documents and Settings\All Users\Application Data\Malwarebytes
[19/08/2009 | 07:35:33] | C:\Documents and Settings\All Users\Application Data\Micro Application
[27/05/2007 | 14:40:23] | C:\Documents and Settings\All Users\Application Data\Microsoft
[20/05/2011 | 11:20:42] | C:\Documents and Settings\All Users\Application Data\Microsoft Help
[29/07/2007 | 15:32:05] | C:\Documents and Settings\All Users\Application Data\Mozilla
[15/11/2009 | 14:46:18] | C:\Documents and Settings\All Users\Application Data\NOS
[27/05/2007 | 14:52:47] | C:\Documents and Settings\All Users\Application Data\nView_Profiles
[27/01/2011 | 17:36:15] | C:\Documents and Settings\All Users\Application Data\Pinnacle
[27/05/2007 | 17:00:08] | C:\Documents and Settings\All Users\Application Data\PowerQuest
[15/09/2007 | 22:57:00] | C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[21/06/2007 | 21:30:06] | C:\Documents and Settings\All Users\Application Data\QuickTime
[27/05/2007 | 15:35:23] | C:\Documents and Settings\All Users\Application Data\Skype
[24/07/2009 | 11:34:26] | C:\Documents and Settings\All Users\Application Data\Stardock
[30/03/2010 | 21:49:42] | C:\Documents and Settings\All Users\Application Data\Sun
[27/05/2007 | 13:26:21] | C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[22/08/2008 | 21:44:06] | C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[24/07/2009 | 11:34:32] | C:\Documents and Settings\All Users\Application Data\{297D8FE5-CB8B-4047-9AE4-B08E854E45BB}
[10/07/2010 | 11:22:40] | C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}

¤¤¤¤¤¤¤¤¤¤ Listing Tasks

[12/04/2010 | 19:16:11] | C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[21/02/2008 | 20:31:48] | C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[30/03/2008 | 19:32:12] | C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1206877466.job
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
Utilisateur anonyme
22 mai 2011 à 19:34
supprime-le rapport supprime les deux executables sur ton bureau , retelecharge-le et relance-le
0
Réponse 6 / 17
antoine_canada Messages postés 32 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 15 décembre 2013 1
22 mai 2011 à 19:36
ok.
Normalement, l'interruption du bureau doit durer combien de temps?
0
Réponse 7 / 17
Utilisateur anonyme
22 mai 2011 à 19:37
pas longtemps j'ai retiré le module qui faisait bloquer l'outil
0
Réponse 8 / 17
antoine_canada Messages postés 32 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 15 décembre 2013 1
22 mai 2011 à 19:37
ok, je relance.
Merci
0
Réponse 9 / 17
antoine_canada Messages postés 32 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 15 décembre 2013 1
22 mai 2011 à 19:54
Salut,

Ca y est, voici le rapport ci-dessous.
Par contre, j'ai du quand même rebooté mon PC: après la fenêtre "réinitialiser fichier ....", j'avais plus que mon fond d'écran et ma souris.

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan 1.0.1.10 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤

Mis à jour le 21/05/2011 | 12.45 par g3n-h@ckm@n
Utilisateur : Antoine (Administrateurs)
Ordinateur : TONIO

Système d'exploitation : Microsoft Windows XP (32 bits)
Internet Explorer : 7.0.5730.11
Mozilla Firefox : 2.0.0.2 (fr)

Scan : 19:39:46 | 22/05/2011

¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

428 | C:\WINDOWS\System32\smss.exe - SYSTEM - Normal - \SystemRoot\System32\smss.exe - 4
896 | C:\WINDOWS\system32\csrss.exe - SYSTEM - Normal - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 - 428
920 | C:\WINDOWS\system32\winlogon.exe - SYSTEM - High - winlogon.exe - 428
972 | C:\WINDOWS\system32\services.exe - SYSTEM - Normal - C:\WINDOWS\system32\services.exe - 920
984 | C:\WINDOWS\system32\lsass.exe - SYSTEM - Normal - C:\WINDOWS\system32\lsass.exe - 920
1144 | C:\WINDOWS\system32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\system32\svchost -k DcomLaunch - 972
1212 | C:\WINDOWS\system32\svchost.exe - - Normal - C:\WINDOWS\system32\svchost -k rpcss - 972
1268 | C:\WINDOWS\System32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\System32\svchost.exe -k netsvcs - 972
1292 | C:\Program Files\Ahead\InCD\InCDsrv.exe - SYSTEM - Normal - "C:\Program Files\Ahead\InCD\InCDsrv.exe" - 972
1472 | C:\WINDOWS\system32\svchost.exe - NETWORK SERVICE - Normal - C:\WINDOWS\system32\svchost.exe -k NetworkService - 972
1564 | C:\WINDOWS\system32\svchost.exe - LOCAL SERVICE - Normal - C:\WINDOWS\system32\svchost.exe -k LocalService - 972
1684 | C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - SYSTEM - Normal - "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" - 972
1948 | C:\WINDOWS\system32\spoolsv.exe - SYSTEM - Normal - C:\WINDOWS\system32\spoolsv.exe - 972
184 | C:\WINDOWS\system32\svchost.exe - - Normal - C:\WINDOWS\system32\svchost.exe -k LocalService - 972
236 | C:\Program Files\Dassault Systemes\B10\intel_a\code\bin\CATSysDemon.exe - SYSTEM - Normal - "C:\Program Files\Dassault Systemes\B10\intel_a\code\bin\CATSysDemon.exe" -service - 972
252 | C:\WINDOWS\system32\bgsvcgen.exe - SYSTEM - Normal - C:\WINDOWS\system32\bgsvcgen.exe - 972
292 | C:\WINDOWS\System32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\System32\svchost.exe -k eapsvcs - 972
324 | C:\Program Files\Java\jre6\bin\jqs.exe - SYSTEM - Idle - "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" - 972
424 | C:\Program Files\Common Files\LightScribe\LSSrvc.exe - SYSTEM - Normal - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" - 972
460 | C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe - SYSTEM - Normal - "C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe" - 972
484 | C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe - SYSTEM - Normal - "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" - 972
512 | C:\WINDOWS\system32\nvsvc32.exe - SYSTEM - Normal - C:\WINDOWS\system32\nvsvc32.exe - 972
560 | C:\WINDOWS\system32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\system32\svchost.exe -k imgsvc - 972
884 | C:\WINDOWS\System32\alg.exe - LOCAL SERVICE - Normal - C:\WINDOWS\System32\alg.exe - 972
144 | C:\WINDOWS\system32\wbem\wmiprvse.exe - SYSTEM - Normal - C:\WINDOWS\system32\wbem\wmiprvse.exe - 1144
3412 | C:\WINDOWS\system32\sstray.exe - Antoine - Normal - "C:\WINDOWS\system32\sstray.exe" /r - 3176
3512 | C:\Program Files\Ahead\InCD\InCD.exe - Antoine - Normal - "C:\Program Files\Ahead\InCD\InCD.exe" - 3176
3528 | C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe - Antoine - Normal - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" - 3176
3548 | C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe - Antoine - Normal - "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" - 3176
3580 | C:\Program Files\Logitech\QuickCam\Quickcam.exe - Antoine - Normal - "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide - 3176
3732 | C:\Program Files\Alwil Software\Avast5\avastUI.exe - Antoine - Normal - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui - 3176
3744 | C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe - Antoine - Normal - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" - 3176
3756 | C:\Program Files\QuickTime\QTTask.exe - Antoine - Normal - "C:\Program Files\QuickTime\QTTask.exe" -atboottime - 3176
3808 | C:\Program Files\Common Files\Java\Java Update\jusched.exe - Antoine - Normal - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" - 3176
3892 | C:\Program Files\DivX\DivX Update\DivXUpdate.exe - Antoine - Normal - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW - 3176
3920 | C:\WINDOWS\system32\ctfmon.exe - Antoine - Normal - "C:\WINDOWS\system32\ctfmon.exe" - 3176
3968 | C:\Program Files\SuperCopier2\SuperCopier2.exe - Antoine - Normal - "C:\Program Files\SuperCopier2\SuperCopier2.exe" - 3176
4016 | C:\Program Files\Rainlendar2\Rainlendar2.exe - Antoine - Normal - "C:\Program Files\Rainlendar2\Rainlendar2.exe" - 3176
4080 | D:\Steam\Steam.exe - Antoine - Normal - "D:\Steam\Steam.exe" -silent - 3176
860 | C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe - Antoine - Normal - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe" - 3176
756 | C:\Program Files\WinZip\WZQKPICK.EXE - Antoine - Normal - "C:\Program Files\WinZip\WZQKPICK.EXE" - 3176
2152 | C:\Program Files\Micro Application\LauncherMA.exe - Antoine - Normal - "C:\Program Files\Micro Application\LauncherMA.exe" - 3176
1184 | C:\Program Files\OpenOffice.org 2.2\program\soffice.exe - Antoine - Normal - "C:\Program Files\OpenOffice.org 2.2\program\soffice.exe" -quickstart - 2232
2484 | C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe - Antoine - Normal - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding - 1144
2288 | C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe - Antoine - Normal - "C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding - 1144
2736 | C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN - Antoine - Normal - "C:\Program Files\OpenOffice.org 2.2\program\soffice.exe" -quickstart - 1184
2852 | C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe - Antoine - Normal - "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp psc 2100 series#1206877466" /Startup - 2484
3588 | C:\WINDOWS\system32\wscntfy.exe - Antoine - Normal - C:\WINDOWS\system32\wscntfy.exe - 1268
2844 | C:\Documents and Settings\Antoine\Desktop\Pre_scan.exe - Antoine - High - "C:\Documents and Settings\Antoine\Desktop\Pre_scan.exe" - 3288
3772 | C:\WINDOWS\system32\cmd.exe - Antoine - Normal - cmd /c ""C:\Kill'em\Pv.bat" " - 2844
4072 | C:\Kill'em\Pv.exe - Antoine - Normal - C:\Kill'em\pv.exe -o"%i | %f - %u - %p - %l - %r" - 3772

¤¤¤¤¤¤¤¤¤¤ Winlogon

[HKLM | Winlogon] | Shell : Explorer.exe
[HKLM | Winlogon] | AutoRestartShell : 1
[HKLM | Winlogon] | userinit : C:\WINDOWS\system32\userinit.exe,
[HKLM | Winlogon] | PowerDownAfterShutdown : 1
[HKLM | Winlogon] | System :

¤¤¤¤¤¤¤¤¤¤ Associations

[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : comfile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : C:\WINDOWS\explorer.exe

¤

[Firefox | Command] | @ : "C:\Program Files\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ : "C:\Program Files\Mozilla Firefox\Firefox.exe" -safe-mode
[IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[Assoc | Applications] | @ : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

¤¤¤¤¤¤¤¤¤¤ Divers

[HKLM | HideDesktopIcons\NewStartPanel] | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {208D2C60-3AEA-1069-A2D7-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {871C5380-42A0-1069-A2EA-08002B30309D} : 0
[HKCU | Desktop] | Wallpaper : C:\WINDOWS\ACD Wallpaper.bmp
[HKCU | policies\Explorer] | NoDriveTypeAutoRun : 145
[HKLM | policies\Explorer] | HonorAutoRunSetting : 1

¤¤¤¤¤¤¤¤¤¤ Services

[Ndisuio] | Start : 3
[lmhosts] | Start : 2 : Actif
[LanmanWorkstation] | Start : 2 : Actif
[LanmanServer] | Start : 2 : Actif
[Audiosrv] | Start : 2 : Actif
[ERSvc] | Start : 2 : Actif
[Bits] | Start : 2 : Actif
[CryptSvc] | Start : 2 : Actif
[EapHost] | Start : 2 : Actif
[SharedAccess] | Start : 2 : Actif
[wuauserv] | Start : 2 : Actif
[wscsvc] | Start : 2 : Actif
[wzcsvc] | Start : 2 : Actif

¤¤¤¤¤¤¤¤¤¤ Internet Explorer

[HKCU | Main] | Start Page : https://www.sfr.fr/ -> https://www.google.com/?gws_rd=ssl
[HKCU | Main] | Local Page : C:\windows\system32\blank.htm
[HKCU | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKLM | Main] | Start Page : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Local Page : C:\windows\system32\blank.htm
[HKLM | Main] | Default_Search_URL : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | Main] | Default_Page_URL : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Search Page : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ Processus

C:\WINDOWS\ATKKBService.exe -> Processus stoppé
C:\WINDOWS\explorer.exe -> Processus stoppé
\WINDOWS\explorer.exe -> Processus stoppé
C:\WINDOWS\ATKKBService.exe -> Processus stoppé
\WINDOWS\explorer.exe -> Processus stoppé
C:\WINDOWS\ATKKBService.exe -> Processus stoppé
C:\WINDOWS\explorer.exe -> Processus stoppé

¤¤¤¤¤¤¤¤¤¤ Traitement Fichiers | Dossiers | Registre

Mise en quarantaine : C:\DOCUME~1\Antoine\LOCALS~1\Temp\div1.tmp
Erreur de suppression : C:\DOCUME~1\Antoine\LOCALS~1\Temp\div1.tmp
Mise en quarantaine : C:\DOCUME~1\Antoine\LOCALS~1\Temp\div2.tmp
Erreur de suppression : C:\DOCUME~1\Antoine\LOCALS~1\Temp\div2.tmp
Mise en quarantaine : C:\DOCUME~1\Antoine\LOCALS~1\Temp\div3.tmp
Erreur de suppression : C:\DOCUME~1\Antoine\LOCALS~1\Temp\div3.tmp
Mise en quarantaine : C:\DOCUME~1\Antoine\LOCALS~1\Temp\sv3ck.tmp
Erreur de suppression : C:\DOCUME~1\Antoine\LOCALS~1\Temp\sv3ck.tmp
Mise en quarantaine : C:\DOCUME~1\Antoine\LOCALS~1\Temp\TCD1E9.tmp
Erreur de suppression : C:\DOCUME~1\Antoine\LOCALS~1\Temp\TCD1E9.tmp
Mise en quarantaine : C:\DOCUME~1\Antoine\LOCALS~1\Temp\TCD1F1.tmp
Erreur de suppression : C:\DOCUME~1\Antoine\LOCALS~1\Temp\TCD1F1.tmp

¤¤¤¤¤¤¤¤¤¤ IFEO


¤¤¤¤¤¤¤¤¤¤ Mountpoints2


¤¤¤¤¤¤¤¤¤¤ Listing %AppData%

[05/01/2008 | 13:26:29] | C:\Documents and Settings\Antoine\Application Data\ACD Systems
[27/05/2007 | 17:14:38] | C:\Documents and Settings\Antoine\Application Data\Adobe
[27/05/2007 | 17:46:04] | C:\Documents and Settings\Antoine\Application Data\Ahead
[16/09/2007 | 08:45:51] | C:\Documents and Settings\Antoine\Application Data\Apple Computer
[03/01/2008 | 21:24:53] | C:\Documents and Settings\Antoine\Application Data\Calendrier Xtra
[20/11/2010 | 10:29:20] | C:\Documents and Settings\Antoine\Application Data\CheckPoint
[24/06/2007 | 21:02:34] | C:\Documents and Settings\Antoine\Application Data\CyberLink
[07/07/2007 | 13:34:55] | C:\Documents and Settings\Antoine\Application Data\DassaultSystemes
[27/05/2007 | 00:32:44] | C:\Documents and Settings\Antoine\Application Data\desktop.ini
[29/07/2007 | 15:54:32] | C:\Documents and Settings\Antoine\Application Data\DivX
[30/05/2010 | 19:35:21] | C:\Documents and Settings\Antoine\Application Data\Facebook
[27/05/2007 | 15:33:06] | C:\Documents and Settings\Antoine\Application Data\Google
[30/03/2008 | 19:32:08] | C:\Documents and Settings\Antoine\Application Data\Hewlett-Packard
[27/05/2007 | 00:32:48] | C:\Documents and Settings\Antoine\Application Data\Identities
[06/06/2007 | 18:15:11] | C:\Documents and Settings\Antoine\Application Data\ImageFox
[27/05/2007 | 17:10:34] | C:\Documents and Settings\Antoine\Application Data\IsolatedStorage
[10/07/2010 | 20:48:57] | C:\Documents and Settings\Antoine\Application Data\La Bataille pour la Terre du Milieu
[27/05/2007 | 14:53:44] | C:\Documents and Settings\Antoine\Application Data\Lavasoft
[04/09/2008 | 19:27:09] | C:\Documents and Settings\Antoine\Application Data\Leadertech
[27/05/2007 | 01:16:07] | C:\Documents and Settings\Antoine\Application Data\Macromedia
[15/11/2008 | 22:36:07] | C:\Documents and Settings\Antoine\Application Data\Malwarebytes
[27/05/2007 | 00:32:43] | C:\Documents and Settings\Antoine\Application Data\Microsoft
[29/07/2007 | 15:32:29] | C:\Documents and Settings\Antoine\Application Data\Mozilla
[22/03/2009 | 19:34:23] | C:\Documents and Settings\Antoine\Application Data\NeroDCTemplates
[19/08/2007 | 12:28:11] | C:\Documents and Settings\Antoine\Application Data\OpenOffice.org2
[28/06/2008 | 00:12:25] | C:\Documents and Settings\Antoine\Application Data\SecuROM
[27/05/2007 | 15:35:38] | C:\Documents and Settings\Antoine\Application Data\Skype
[24/07/2009 | 11:34:42] | C:\Documents and Settings\Antoine\Application Data\Stardock
[27/05/2007 | 19:08:08] | C:\Documents and Settings\Antoine\Application Data\Sun
[29/07/2007 | 15:32:33] | C:\Documents and Settings\Antoine\Application Data\Talkback
[22/03/2009 | 18:15:52] | C:\Documents and Settings\Antoine\Application Data\U3
[10/06/2007 | 20:53:56] | C:\Documents and Settings\Antoine\Application Data\vlc
[27/05/2007 | 18:28:22] | C:\Documents and Settings\Antoine\Application Data\webex
[06/02/2008 | 23:07:14] | C:\Documents and Settings\Antoine\Application Data\WinRAR
[19/08/2009 | 07:37:08] | C:\Documents and Settings\Antoine\Application Data\Xilisoft Corporation
[22/08/2008 | 21:44:06] | C:\Documents and Settings\Antoine\Application Data\Yahoo!

¤¤¤¤¤¤¤¤¤¤ Listing %CommonAppData%

[27/05/2007 | 17:34:25] | C:\Documents and Settings\All Users\Application Data\ACD Systems
[27/05/2007 | 17:14:17] | C:\Documents and Settings\All Users\Application Data\Adobe
[19/09/2010 | 11:56:02] | C:\Documents and Settings\All Users\Application Data\Alwil Software
[19/09/2008 | 16:56:35] | C:\Documents and Settings\All Users\Application Data\Apple
[26/01/2011 | 15:46:11] | C:\Documents and Settings\All Users\Application Data\Apple Computer
[24/06/2007 | 20:02:37] | C:\Documents and Settings\All Users\Application Data\CyberLink
[07/07/2007 | 13:34:55] | C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[27/05/2007 | 14:40:41] | C:\Documents and Settings\All Users\Application Data\desktop.ini
[15/07/2010 | 20:37:49] | C:\Documents and Settings\All Users\Application Data\DivX
[27/05/2007 | 15:33:00] | C:\Documents and Settings\All Users\Application Data\Google
[30/03/2008 | 13:39:46] | C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[24/07/2009 | 11:59:50] | C:\Documents and Settings\All Users\Application Data\Ironclad Games
[01/05/2008 | 07:51:42] | C:\Documents and Settings\All Users\Application Data\Lavasoft
[06/06/2007 | 17:55:57] | C:\Documents and Settings\All Users\Application Data\LogiShrd
[06/06/2007 | 17:56:46] | C:\Documents and Settings\All Users\Application Data\Logitech
[15/11/2008 | 20:26:53] | C:\Documents and Settings\All Users\Application Data\MailFrontier
[15/11/2008 | 22:36:02] | C:\Documents and Settings\All Users\Application Data\Malwarebytes
[19/08/2009 | 07:35:33] | C:\Documents and Settings\All Users\Application Data\Micro Application
[27/05/2007 | 14:40:23] | C:\Documents and Settings\All Users\Application Data\Microsoft
[20/05/2011 | 11:20:42] | C:\Documents and Settings\All Users\Application Data\Microsoft Help
[29/07/2007 | 15:32:05] | C:\Documents and Settings\All Users\Application Data\Mozilla
[15/11/2009 | 14:46:18] | C:\Documents and Settings\All Users\Application Data\NOS
[27/05/2007 | 14:52:47] | C:\Documents and Settings\All Users\Application Data\nView_Profiles
[27/01/2011 | 17:36:15] | C:\Documents and Settings\All Users\Application Data\Pinnacle
[27/05/2007 | 17:00:08] | C:\Documents and Settings\All Users\Application Data\PowerQuest
[15/09/2007 | 22:57:00] | C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[21/06/2007 | 21:30:06] | C:\Documents and Settings\All Users\Application Data\QuickTime
[27/05/2007 | 15:35:23] | C:\Documents and Settings\All Users\Application Data\Skype
[24/07/2009 | 11:34:26] | C:\Documents and Settings\All Users\Application Data\Stardock
[30/03/2010 | 21:49:42] | C:\Documents and Settings\All Users\Application Data\Sun
[27/05/2007 | 13:26:21] | C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[22/08/2008 | 21:44:06] | C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[24/07/2009 | 11:34:32] | C:\Documents and Settings\All Users\Application Data\{297D8FE5-CB8B-4047-9AE4-B08E854E45BB}
[10/07/2010 | 11:22:40] | C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}

¤¤¤¤¤¤¤¤¤¤ Listing Tasks

[12/04/2010 | 19:16:11] | C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[21/02/2008 | 20:31:48] | C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[30/03/2008 | 19:32:12] | C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1206877466.job
0
Réponse 10 / 17
Utilisateur anonyme
22 mai 2011 à 20:17
bref ,

▶ Télécharge ZHPDiag (de Nicolas Coolman)

ou :ZHPDiag

Enregistre le sur ton Bureau.

Une fois le téléchargement achevé,

▶ lance ZHPDiag.exe et clique sur Unzip dans la fenêtre qui s'ouvre.

▶ Clique sur le tournevis puis sur Tous pour cocher toutes les cases des options.

▶ Clique sur la loupe pour lancer l'analyse.

A la fin de l'analyse,

▶ clique sur l'appareil photo et enregistre le rapport sur ton Bureau.

Pour me le transmettre clique sur ce lien :

http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\.ZHPDiag.txt

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.
0
Réponse 11 / 17
antoine_canada Messages postés 32 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 15 décembre 2013 1
22 mai 2011 à 20:38
Salut,
C'est en cours.
Par contre, c'est nromal qu'on me demande d'accepter les EULA pour SigCheck?
0
Réponse 12 / 17
antoine_canada Messages postés 32 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 15 décembre 2013 1
22 mai 2011 à 20:50
Salut,

Voici le lien.
En tout cas, merci de t'occuper de mon cas un dimanche soir.

http://www.cijoint.fr/cjlink.php?file=cj201105/cijdjzq3Kw.txt


A+
0
Réponse 13 / 17
Utilisateur anonyme
22 mai 2011 à 22:25
▶ Télécharge ici : Ad-remover sur ton bureau :


▶ Déconnecte toi et ferme toutes applications en cours !

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

▶ sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

▶ clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

▶ Au menu principal choisis "option Nettoyer" et tape sur [entrée] .

▶ Laisse travailler l'outil et ne touche à rien ...

▶ Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

0
Réponse 14 / 17
antoine_canada Messages postés 32 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 15 décembre 2013 1
23 mai 2011 à 07:42
Bonjour,

Voici le rapport:

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 07:31:02 on 23/05/2011, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)
Antoine@TONIO ( )

============== ACTION(S) ==============


Folder deleted: C:\Documents and Settings\Antoine\Local Settings\Application Data\Conduit

(!) -- Temporary files deleted.


Key deleted: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key deleted: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key deleted: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}
Key deleted: HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Key deleted: HKLM\Software\Classes\Toolbar.CT2613520
Key deleted: HKCU\Software\Conduit
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [2.0.0.2 (fr)] ****

FIREFOX.EXE\Shell\Open\Command - "C:\Program Files\Mozilla Firefox\Firefox.exe"
Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
HKLM_MozillaPlugins\@checkpoint.com/FFApi (x)
HKLM_MozillaPlugins\@neuf/vlc,version=0.8.6.1 (x)
Components\jar50.dll (Mozilla Foundation)
Components\jsd3250.dll (Mozilla Foundation)
Components\myspell.dll (Mozilla Foundation)
Components\nsBookmarkTransactionManager.js
Components\nsCloseAllWindows.js
Components\nsDictionary.js
Components\nsPostUpdateWin.js
Components\nsUrlClassifierTable.js
Components\nsXmlRpcClient.js
Components\spellchk.dll (Mozilla Foundation)
Components\xpinstal.dll (Mozilla Foundation)
Extensions\divx@partners.mozilla.com (DivX Settings)
Extensions\talkback@mozilla.org (Talkback)
HKLM_Extensions|{3112ca9c-de6d-4884-a869-9855de68056c} - C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

-- C:\Documents and Settings\Antoine\Application Data\Mozilla\FireFox\Profiles\gjhn41p1.default --
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{d7f26d0e-9801-45c3-a091-8a65e4ed73b5} (Protection ZoneAlarm Toolbar)
Prefs.js - browser.search.defaultenginename, Google
Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage_override.mstone, rv:1.8.1.2

========================================

**** Internet Explorer Version [7.0.5730.11] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKLM_ElevationPolicy\{44295CB8-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (?)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 2 File(s)
C:\Program Files\Ad-Remover\Backup: 13 File(s)

C:\Ad-Report-CLEAN[1].txt - 23/05/2011 07:31:48 (2735 Byte(s))

End at: 07:32:30, 23/05/2011

============== E.O.F ==============
0
Réponse 15 / 17
Utilisateur anonyme
23 mai 2011 à 11:39
hello refais zhpdiag stp
0
Réponse 16 / 17
antoine_canada Messages postés 32 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 15 décembre 2013 1
23 mai 2011 à 19:35
Salut,

Voici le lien pour récupérer le rapport:
http://www.cijoint.fr/cjlink.php?file=cj201105/cijJra33y7.txt

A+
0
Réponse 17 / 17
Utilisateur anonyme
21 mai 2011 à 12:53
tu as eu raison de débrancher le cable ethernet. c'est un virus si tu aurais fait oui sa t'aurais proposer d'acheter un antivirus et dans la foulé sa t'aurais mis un virus
-2

Discussions similaires

Facture de google 380€ !
Misternet -
okapi -

61 réponses
Arnaque frauduleuse Ireland ltd
Mymy -
mel -

4 réponses
arnaque cb google sur mon compte bancaire
patooun -
samgunsjovirow -

1 réponse
alerte cobra en stearming
ABOU 75 -
ferrari52 -

7 réponses
Arnaque de Google Ireland Limited
Sortideli -
jordane45 -

1 réponse