Sujet Précédent Sujet Suivant

Worms

Résolu
the bigwolf Messages postés 75 Statut Membre -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
slt j'ai eu un vers a l'instant, antivir la detecter, je les mis en quarantaine,
je voulais juste savoir si maintenant j'ai plus qu'a redemarer le pc ou si je dois faire autre chose????
merci d'avance

64 réponses

Précédent
Réponse 21 / 64
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
avec réseau, comme ça tu pourras poster au cas où !

++

0
Réponse 22 / 64
the bigwolf Messages postés 75 Statut Membre
 
ok
0
Réponse 23 / 64
the bigwolf Messages postés 75 Statut Membre
 
tous fonctionne sauf la fin,
lol
en faite je scan, il me demande de posté le fichier C:\upload_moi_PC-de-bigwolf.tar.gz
sur le site qui s'ouvre automatique http://upload.malekal.com

je l'ai posté et il me dise Le fichier choisi est invalide !

lol serieu il deconne eux
0
Réponse 24 / 64
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
essaye via ce site :

http://secubox.gateweb.org/mad.php

++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 64
the bigwolf Messages postés 75 Statut Membre
 
il demande de leur mettre un message c'est pas utile ???
0
Réponse 26 / 64
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
mets leur que tu as essayé de l'uploader sur le site de Malekal, mais que cela n'a pas fonctionné, donc que tu essayes que leur site !

++
0
Réponse 27 / 64
the bigwolf Messages postés 75 Statut Membre
 
ok
0
Réponse 28 / 64
the bigwolf Messages postés 75 Statut Membre
 
bon sa charge toujour mes c pas grave bizarement j'ai eu un rapport donc je pense que c'est se que tu voulais

DiagHelp version v1.4 - http://www.malekal.com
excute le 09/01/2008 à 18:43:07,16

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\Windows\prefetch\AgGlGlobalHistory.db -->09/01/2008 18:39:40
C:\Windows\prefetch\AgGlFgAppHistory.db -->09/01/2008 18:39:40
C:\Windows\prefetch\AgGlFaultHistory.db -->09/01/2008 18:39:40
C:\Windows\prefetch\PfSvPerfStats.bin -->09/01/2008 18:39:36
C:\Windows\prefetch\AgRobust.db -->09/01/2008 18:39:36
C:\Windows\prefetch\POQEXEC.EXE-69592829.pf -->09/01/2008 18:39:35
C:\Windows\prefetch\DRVINST.EXE-4CB4314A.pf -->09/01/2008 18:38:58
C:\Windows\prefetch\WUAUCLT.EXE-70318591.pf -->09/01/2008 18:38:44
C:\Windows\prefetch\LOGONUI.EXE-09140401.pf -->09/01/2008 18:38:39
C:\Windows\prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf -->09/01/2008 18:38:30

C:\Windows\System32\drivers\tcpip.sys -->09/01/2008 18:10:09
C:\Windows\System32\drivers\netio.sys -->09/01/2008 18:10:09
C:\Windows\System32\drivers\pciidex.sys -->09/01/2008 18:08:37
C:\Windows\System32\drivers\pciide.sys -->09/01/2008 18:08:37
C:\Windows\System32\drivers\ntfs.sys -->09/01/2008 18:08:37
C:\Windows\System32\drivers\ataport.sys -->09/01/2008 18:08:37
C:\Windows\System32\drivers\atapi.sys -->09/01/2008 18:08:37

C:\Windows\System32\tcpipcfg.dll -->09/01/2008 18:10:09
C:\Windows\System32\netiougc.exe -->09/01/2008 18:10:09
C:\Windows\System32\netcfg.exe -->09/01/2008 18:10:09
C:\Windows\System32\perfh00C.dat -->09/01/2008 18:08:59
C:\Windows\System32\perfh009.dat -->09/01/2008 18:08:59
C:\Windows\System32\perfc00C.dat -->09/01/2008 18:08:59
C:\Windows\System32\perfc009.dat -->09/01/2008 18:08:59
C:\Windows\System32\PerfStringBackup.INI -->09/01/2008 18:08:58
C:\Windows\System32\GameUXLegacyGDFs.dll -->09/01/2008 18:08:53
C:\Windows\System32\gameux.dll -->09/01/2008 18:08:53
C:\Windows\System32\sbunattend.exe -->09/01/2008 18:07:57
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -->09/01/2008 18:02:18
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -->09/01/2008 18:02:18
C:\Windows\System32\mrt.exe -->02/01/2008 19:21:36
C:\Windows\System32\rmoc3260.dll -->02/01/2008 00:11:26
C:\Windows\System32\pndx5032.dll -->02/01/2008 00:11:11
C:\Windows\System32\pndx5016.dll -->02/01/2008 00:11:11
C:\Windows\System32\pncrt.dll -->02/01/2008 00:11:09
C:\Windows\System32\MsiExec.exe.log -->29/12/2007 20:26:11
C:\Windows\System32\quartz.dll -->12/12/2007 19:33:32
C:\Windows\System32\WMASF.DLL -->12/12/2007 19:33:16
C:\Windows\System32\LAPRXY.DLL -->12/12/2007 19:33:16
C:\Windows\System32\asferror.dll -->12/12/2007 19:33:16
C:\Windows\System32\ieui.dll -->12/12/2007 19:32:24
C:\Windows\System32\ieframe.dll -->12/12/2007 19:32:23

C:\Windows\ntbtlog.txt -->09/01/2008 18:42:29
C:\Windows\bootstat.dat -->09/01/2008 18:41:21
C:\Windows\WindowsUpdate.log -->09/01/2008 18:38:54
C:\Windows\PFRO.log -->09/01/2008 17:50:05
C:\Windows\NeroDigital.ini -->09/12/2007 01:41:30
C:\Windows\dhdd0928.dat -->20/11/2007 13:13:05
C:\Windows\explorer.exe -->16/11/2007 21:42:35
C:\Windows\csup.txt -->16/10/2007 07:29:07
C:\Windows\win.ini -->01/01/2007 01:56:31
C:\Windows\WindowsShell.Manifest -->01/01/2007 01:43:20
C:\Windows\wmprffra.prx -->18/12/2006 09:56:16
C:\Windows\WMSysPr9.prx -->02/11/2006 13:35:57
C:\Windows\twunk_32.exe -->02/11/2006 13:34:41
C:\Windows\twunk_16.exe -->02/11/2006 13:34:41
C:\Windows\twain_32.dll -->02/11/2006 13:34:41

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1884
Command line: C:\Windows\Explorer.EXE

Base Size Version Path
0x00a70000 0x2cd000 6.00.6000.16549 C:\Windows\Explorer.EXE
0x77ab0000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll
0x779d0000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll
0x764a0000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll
0x76760000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll
0x76930000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll
0x776b0000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll
0x76880000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll
0x76440000 0x55000 6.00.6000.16386 C:\Windows\system32\SHLWAPI.dll
0x76be0000 0xace000 6.00.6000.16513 C:\Windows\system32\SHELL32.dll
0x77880000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll
0x76650000 0x8c000 6.00.6000.16386 C:\Windows\system32\OLEAUT32.dll
0x72d30000 0x107000 6.00.6000.16386 C:\Windows\system32\SHDOCVW.dll
0x750b0000 0x3f000 6.00.6000.16386 C:\Windows\system32\UxTheme.dll
0x756f0000 0x1a000 6.00.6000.16386 C:\Windows\system32\POWRPROF.dll
0x73a90000 0xc000 6.00.6000.16386 C:\Windows\system32\dwmapi.dll
0x74d50000 0x1aa000 5.02.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll
0x75c90000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll
0x74630000 0xb7000 6.00.6000.16386 C:\Windows\system32\PROPSYS.dll
0x72be0000 0x145000 6.00.6000.16386 C:\Windows\system32\BROWSEUI.dll
0x77c40000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.dll
0x76370000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll
0x75080000 0x30000 6.00.6000.16386 C:\Windows\system32\DUser.dll
0x77bd0000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL
0x765d0000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll
0x750f0000 0x194000 6.10.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
0x72b20000 0xb2000 6.00.6000.16493 C:\Windows\system32\WindowsCodecs.dll
0x73900000 0x6000 6.00.6000.16386 C:\Windows\system32\IconCodecService.dll
0x77c60000 0x84000 2001.12.6930.16386 C:\Windows\system32\CLBCatQ.DLL
0x75770000 0x38000 6.00.6000.16386 C:\Windows\system32\rsaenh.dll
0x72a60000 0xb2000 6.00.6000.16549 C:\Windows\system32\timedate.cpl
0x75520000 0x14000 3.05.2284.0000 C:\Windows\system32\ATL.DLL
0x75f50000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll
0x762d0000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
0x731b0000 0x38000 4.02.5406.0000 C:\Windows\system32\OLEACC.dll
0x757e0000 0xd7000 6.00.6000.16386 C:\Windows\system32\WINBRAND.dll
0x76220000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll
0x76200000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll
0x73180000 0x2b000 6.00.6000.16386 C:\Windows\system32\msutb.dll
0x748e0000 0x16000 6.00.6000.16386 C:\Windows\System32\shacct.dll
0x75e40000 0x11000 6.00.6000.16386 C:\Windows\System32\SAMLIB.dll
0x731f0000 0x2c000 6.00.6000.16386 C:\Windows\system32\apphelp.dll
0x729e0000 0x3c000 6.00.6000.16404 C:\Windows\System32\msshsq.dll
0x72840000 0xc5000 6.00.6000.16386 C:\Windows\System32\NaturalLanguage6.dll
0x75cd0000 0xf1000 6.00.6000.16425 C:\Windows\System32\CRYPT32.dll
0x75e20000 0x12000 6.00.6000.16386 C:\Windows\System32\MSASN1.dll
0x72320000 0x28c000 6.00.6000.16386 C:\Windows\System32\NLSData000c.dll
0x71720000 0x5f4000 6.00.6000.16386 C:\Windows\System32\NLSLexicons000c.dll
0x75290000 0x1e7000 6.00.6000.16513 C:\Windows\system32\authui.dll
0x756e0000 0x5000 6.00.6000.16386 C:\Windows\system32\MSIMG32.dll
0x73c20000 0x9000 6.00.6000.16386 C:\Windows\system32\LINKINFO.dll
0x71d50000 0x5cd000 7.00.6000.16575 C:\Windows\system32\ieframe.dll
0x77bf0000 0x45000 7.00.6000.16386 C:\Windows\system32\iertutil.dll
0x76980000 0xcf000 7.00.6000.16575 C:\Windows\system32\WININET.dll
0x77be0000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll
0x73280000 0x9000 6.00.6000.16386 C:\Windows\system32\ExplorerFrame.dll
0x77750000 0x127000 7.00.6000.16575 C:\Windows\system32\urlmon.dll
0x75710000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL
0x76830000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll
0x765a0000 0x2d000 6.00.6000.16386 C:\Windows\system32\WS2_32.dll
0x76560000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll
0x73680000 0x33000 6.00.6000.16386 C:\Windows\system32\WINMM.dll
0x73150000 0x30000 6.00.6000.16386 C:\Windows\system32\wdmaud.drv
0x72ec0000 0x4000 6.00.6000.16386 C:\Windows\system32\ksuser.dll
0x72eb0000 0x7000 6.00.6000.16386 C:\Windows\system32\AVRT.dll
0x72e80000 0x27000 6.00.6000.16386 C:\Windows\system32\MMDevAPI.DLL
0x72990000 0x4a000 6.00.6000.16386 C:\Windows\system32\ntshrui.dll
0x72e70000 0xa000 6.00.6000.16386 C:\Windows\system32\cscapi.dll
0x74960000 0x30000 6.00.6000.16386 C:\Windows\system32\MLANG.dll
0x72700000 0x92000 6.00.6000.16386 C:\Windows\system32\stobject.dll
0x72640000 0xb6000 6.00.6000.16386 C:\Windows\system32\BatMeter.dll
0x76a50000 0x188000 6.00.6000.16386 C:\Windows\system32\SETUPAPI.dll
0x75010000 0x9000 6.00.6000.16553 C:\Windows\system32\WTSAPI32.dll
0x761d0000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll
0x727f0000 0x45000 2001.12.6930.16386 C:\Windows\system32\es.dll
0x72960000 0x30000 6.00.6000.16386 C:\Windows\System32\SndVolSSO.dll
0x72930000 0x21000 6.00.6000.16386 C:\Windows\ehome\ehSSO.dll
0x74950000 0x9000 6.00.6000.16386 C:\Windows\system32\HID.DLL
0x75620000 0x63000 6.00.6000.16501 C:\Windows\system32\FirewallAPI.dll
0x75af0000 0x8000 6.00.6000.16386 C:\Windows\system32\VERSION.dll
0x71100000 0x30b000 6.00.6000.16386 C:\Windows\System32\netshell.dll
0x75c30000 0x19000 6.00.6000.16386 C:\Windows\System32\IPHLPAPI.DLL
0x75bf0000 0x35000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc.DLL
0x75e60000 0x2b000 6.00.6000.16386 C:\Windows\System32\DNSAPI.dll
0x75be0000 0x7000 6.00.6000.16386 C:\Windows\System32\WINNSI.DLL
0x75bc0000 0x20000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc6.DLL
0x75610000 0xf000 6.00.6000.16386 C:\Windows\System32\nlaapi.dll
0x70f40000 0x1bf000 6.00.6000.16386 C:\Windows\system32\pnidui.dll
0x74900000 0x17000 6.00.6000.16386 C:\Windows\system32\QUtil.dll
0x75c50000 0x3e000 6.00.6000.16386 C:\Windows\system32\wevtapi.dll
0x74aa0000 0x6000 6.00.6000.16386 C:\Windows\system32\wlanutil.dll
0x73c10000 0x8000 6.00.6000.16386 C:\Windows\System32\npmproxy.dll
0x74940000 0x7000 4.00.6000.16386 C:\Windows\system32\msiltcfg.dll
0x70a50000 0x204000 4.00.6000.16386 C:\Windows\system32\msi.dll
0x71d20000 0xe000 6.00.6000.16551 C:\Windows\system32\Wlanapi.dll
0x74fa0000 0x2d000 6.00.6000.16386 C:\Windows\system32\OneX.DLL
0x74f10000 0xd000 6.00.6000.16386 C:\Windows\system32\eappprxy.dll
0x74ab0000 0x28000 6.00.6000.16386 C:\Windows\system32\eappcfg.dll
0x75b20000 0x44000 6.00.6000.16386 C:\Windows\system32\bcrypt.dll
0x71650000 0xd000 6.00.6000.16386 C:\Windows\System32\AltTab.dll
0x715f0000 0x23000 6.00.6000.16386 C:\Windows\system32\wpdshserviceobj.dll
0x73c60000 0x5f000 6.00.6000.16386 C:\Windows\system32\WINHTTP.dll
0x714a0000 0x40000 6.00.6000.16386 C:\Windows\System32\srchadmin.dll
0x71460000 0x3c000 7.00.6000.16386 C:\Windows\system32\webcheck.dll
0x70310000 0x21c000 6.00.6000.16386 C:\Windows\System32\SyncCenter.dll
0x714e0000 0x39000 6.00.6000.16386 C:\Windows\system32\wscntfy.dll
0x71660000 0xb000 6.00.6000.16386 C:\Windows\system32\WSCAPI.dll
0x71430000 0x2b000 6.00.6000.16386 C:\Windows\system32\PortableDeviceTypes.dll
0x70990000 0x51000 6.00.6000.16386 C:\Windows\system32\imapi2.dll
0x70940000 0x46000 6.00.6000.16386 C:\Windows\system32\PortableDeviceApi.dll
0x730f0000 0x53000 6.00.6000.16386 C:\Windows\system32\actxprxy.dll
0x75540000 0x2d000 6.00.6000.16386 C:\Windows\system32\WINTRUST.dll
0x76570000 0x29000 6.00.6000.16470 C:\Windows\system32\imagehlp.dll
0x709f0000 0x2c000 6.00.6000.16386 C:\Windows\System32\QAgent.dll
0x74850000 0x8a000 6.00.6000.16386 C:\Windows\System32\fwpuclnt.dll
0x70840000 0xf9000 6.00.6000.16386 C:\Windows\system32\bthprops.cpl
0x76110000 0x5f000 6.00.6000.16386 C:\Windows\system32\SXS.DLL
0x70e80000 0x60000 6.00.6000.16386 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0x71410000 0x12000 6.00.6000.16386 C:\Windows\system32\thumbcache.dll
0x74c20000 0x22000 1.01.1002.0000 C:\Windows\system32\xmllite.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 544
Command line: winlogon.exe

Base Size Version Path
0x00540000 0x4e000 6.00.6000.16386 C:\Windows\system32\winlogon.exe
0x77ab0000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll
0x779d0000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll
0x764a0000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll
0x76760000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll
0x776b0000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll
0x76930000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll
0x76880000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll
0x76200000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll
0x761d0000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll
0x762d0000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
0x76220000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll
0x77c40000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.DLL
0x76370000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll
0x77bd0000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL
0x765d0000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll
0x75710000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL
0x76830000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll
0x765a0000 0x2d000 6.00.6000.16386 C:\Windows\system32\WS2_32.dll
0x76560000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll
0x75e40000 0x11000 6.00.6000.16386 C:\Windows\system32\SAMLIB.dll
0x77880000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll
0x73220000 0x3e000 6.00.6000.16386 C:\Windows\system32\SHSVCS.dll
0x75f50000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll
0x75c90000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll
0x75dd0000 0x14000 6.00.6000.16386 C:\Windows\system32\MPR.dll

Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est C8AE-BD61

Répertoire de C:\Windows\system32

02/11/2006 10:45 7 680 csrss.exe
1 fichier(s) 7 680 octets
0 Rép(s) 107 334 836 224 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est C8AE-BD61

Répertoire de C:\Windows\Downloaded Program Files

27/12/2007 15:58 <REP> .
27/12/2007 15:58 <REP> ..
07/12/2004 17:07 32 bdcore.dll
25/05/2006 01:21 118 784 bdupd.dll
18/09/2006 22:26 65 desktop.ini
30/06/2006 12:00 29 616 dwusplay.dll
30/06/2006 12:00 201 648 dwusplay.exe
28/09/2007 04:41 381 960 GAME_UNO1.dll
17/01/2007 15:44 316 GAME_UNO1.INF
25/05/2006 01:21 53 248 ipsupd.dll
11/09/2006 04:40 484 272 isusweb.dll
08/08/2006 11:45 576 kavwebscan.inf
16/03/2005 12:34 7 407 lang.ini
07/12/2004 17:07 32 libfn.dll
14/03/2005 14:38 126 live.ini
22/02/2007 23:41 304 544 MessengerStatsPAClient.dll
28/02/2007 14:21 131 472 msgrchkr.dll
29/10/2007 16:45 1 244 oscan8.inf
25/10/2007 16:54 471 040 oscan8.ocx
14/03/2005 14:58 7 073 scanoptions.tsi
18 fichier(s) 2 193 455 octets

Total des fichiers listés :
18 fichier(s) 2 193 455 octets
2 Rép(s) 107 334 832 128 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]

exports des policies
REGEDIT4

[System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000

[System\UIPI]

[System\UIPI\Clipboard]

[System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 activexupdate.com
127.0.0.1 www.activexupdate.com
127.0.0.1 avpcheckupdate.com
127.0.0.1 www.avpcheckupdate.com
127.0.0.1 client.exeupdate.com
127.0.0.1 eupdatepage.com
127.0.0.1 www.eupdatepage.com
127.0.0.1 exeupdate.com
127.0.0.1 www.exeupdate.com
127.0.0.1 hotwinupdates.com
127.0.0.1 www.hotwinupdates.com
127.0.0.1 lavasoftupdate.com
127.0.0.1 www.lavasoftupdate.com
127.0.0.1 malwarewipeupdate.com
127.0.0.1 www.malwarewipeupdate.com
127.0.0.1 msupdate.net
127.0.0.1 www.msupdate.net
127.0.0.1 msupdater.net
127.0.0.1 www.msupdater.net
127.0.0.1 necessaryupdates.com
127.0.0.1 www.necessaryupdates.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 redirect.msupdate.net
127.0.0.1 search.keyword.exeupdate.com
127.0.0.1 securityupdatesite.com
127.0.0.1 www.securityupdatesite.com
127.0.0.1 settings.updatemysettings.com
127.0.0.1 spyaxeupdate.com
127.0.0.1 www.spyaxeupdate.com
127.0.0.1 spyfalconupdate.com
127.0.0.1 www.spyfalconupdate.com
127.0.0.1 systemupdates.net
127.0.0.1 www.systemupdates.net
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 updatemysettings.com
127.0.0.1 www.updatemysettings.com
127.0.0.1 updates.spywarequake.com
127.0.0.1 urgentsystemupdate.biz
127.0.0.1 www.urgentsystemupdate.biz
127.0.0.1 urgentsystemupdate.com
127.0.0.1 www.urgentsystemupdate.com
127.0.0.1 windupdates.com
127.0.0.1 update.680180.net
127.0.0.1 pandaantivirus-2007.com
127.0.0.1 www.pandaantivirus-2007.com
127.0.0.1 pandadownload-now.com
127.0.0.1 www.pandadownload-now.com
127.0.0.1 panda-hq.com
127.0.0.1 www.panda-hq.com
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 18:43:31
Windows 6.0.6000 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5C16146D-2D0E-4455-3C80-E185DF94A22D}]
"hadapghcddgocgih"=hex:6b,61,62,61,63,70,68,6a,70,66,6b,61,69,62,6e,63,62,6e,6b,69,6d,..
"iafbniikmccjhhhkao"=hex:6b,61,62,61,63,70,68,6a,70,66,6b,61,69,62,6e,63,62,6e,6b,69,6d,..

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Sorry, this version supports only Win2K/XP

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Sorry, this version supports only Win2K/XP

Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est C8AE-BD61

Répertoire de C:\Program Files

02/01/2008 23:18 <REP> .
02/01/2008 23:18 <REP> ..
01/01/2007 02:22 <REP> Activation Assistant for the 2007 Microsoft Office suites
19/11/2007 13:29 <REP> Adobe
07/12/2007 15:02 <REP> Ahead
02/12/2007 18:25 <REP> Alwil Software
04/12/2007 11:10 <REP> Apple Software Update
17/11/2007 09:05 <REP> AskTBar
18/12/2007 21:05 <REP> Avanquest update
09/12/2007 16:20 <REP> Avira
21/11/2007 04:07 <REP> AVS4YOU
09/12/2007 16:55 <REP> CamStudio
04/12/2007 06:52 <REP> CCleaner
02/01/2008 00:11 <REP> Common Files
01/01/2007 01:54 <REP> CONEXANT
01/01/2007 02:11 <REP> CyberLink
16/12/2007 03:14 <REP> eMule
21/11/2007 04:09 <REP> EoRezo
27/12/2007 09:31 <REP> Google
01/01/2007 02:03 <REP> HDReg
12/12/2007 19:36 <REP> Internet Explorer
29/11/2007 09:49 <REP> IrfanView
09/01/2008 03:12 <REP> LogMeIn
24/12/2007 12:11 <REP> Messenger Plus! Live
16/11/2007 21:39 <REP> Microsoft CAPICOM 2.1.0.2
02/11/2006 13:37 <REP> Microsoft Games
01/01/2007 02:20 <REP> Microsoft Office
03/12/2007 21:32 <REP> Microsoft Works
01/01/2007 02:19 <REP> Microsoft.NET
01/01/2007 09:55 <REP> Movie Maker
04/12/2007 13:23 <REP> Mozilla Firefox
02/11/2006 13:37 <REP> MSBuild
02/11/2006 13:37 <REP> MSN
16/11/2007 21:35 <REP> MSXML 4.0
07/12/2007 15:21 <REP> Nero
03/12/2007 21:56 <REP> Norton 360
04/12/2007 06:59 <REP> Packard Bell
21/11/2007 12:05 <REP> Parity Software
20/11/2007 13:13 <REP> PhotoFiltre Studio
03/12/2007 21:32 <REP> Picasa2
04/12/2007 11:14 <REP> QuickTime
02/01/2008 00:11 <REP> Real
01/01/2007 01:58 <REP> Realtek Semiconductor Corp
22/11/2007 17:44 <REP> ReaSoft
02/11/2006 13:37 <REP> Reference Assemblies
01/01/2007 02:09 <REP> Roxio
01/01/2007 02:22 <REP> Skype
18/12/2007 21:11 <REP> Sony Ericsson
10/12/2007 10:39 <REP> Spybot - Search & Destroy
01/01/2007 01:55 <REP> Synaptics
09/12/2007 14:54 <REP> Trend Micro
22/12/2007 03:32 <REP> TubeMaster
03/12/2007 20:31 <REP> Unlocker
17/11/2007 01:25 <REP> VideoLAN
01/01/2007 10:04 <REP> Windows Calendar
01/01/2007 09:55 <REP> Windows Collaboration
01/01/2007 10:19 <REP> Windows Defender
01/01/2007 09:55 <REP> Windows Journal
16/11/2007 21:15 <REP> Windows Live
09/01/2008 18:39 <REP> Windows Mail
17/11/2007 00:22 <REP> Windows Media Player
16/11/2007 19:51 <REP> Windows NT
01/01/2007 09:55 <REP> Windows Photo Gallery
09/01/2008 18:39 <REP> Windows Sidebar
20/12/2007 09:34 <REP> WinRAR
29/12/2007 14:41 <REP> Xilisoft
17/11/2007 16:46 <REP> Yahoo!
0 fichier(s) 0 octets
67 Rép(s) 107 318 222 848 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est C8AE-BD61

Répertoire de C:\Program Files\fichiers communs

Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est C8AE-BD61

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

01/01/2007 02:20 <REP> .
01/01/2007 02:20 <REP> ..
01/01/2007 02:17 <REP> 1036
26/10/2006 20:12 40 256 MSOSV.DLL
1 fichier(s) 40 256 octets
3 Rép(s) 107 318 218 752 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est C8AE-BD61

Répertoire de C:\Program Files\common files

02/01/2008 00:11 <REP> .
02/01/2008 00:11 <REP> ..
19/11/2007 13:30 <REP> Adobe
07/12/2007 15:02 <REP> Ahead
21/11/2007 01:16 <REP> AVSMedia
01/01/2007 02:20 <REP> DESIGNER
10/12/2007 10:45 <REP> InstallShield
07/12/2007 14:59 <REP> microsoft shared
02/01/2008 00:11 <REP> Real
01/01/2007 02:09 <REP> Roxio Shared
02/11/2006 12:18 <REP> Services
03/12/2007 21:32 <REP> Skype
01/01/2007 02:09 <REP> Sonic Shared
02/11/2006 12:18 <REP> SpeechEngines
01/01/2007 02:09 <REP> SureThing Shared
07/12/2007 15:05 <REP> Symantec Shared
01/01/2007 09:56 <REP> System
02/01/2008 00:11 <REP> xing shared
0 fichier(s) 0 octets
18 Rép(s) 107 318 218 752 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est C8AE-BD61

Répertoire de C:\

24/05/2001 12:59 162 304 UNWISE.EXE
1 fichier(s) 162 304 octets
0 Rép(s) 107 318 218 752 octets libres

****** Fin du rapport DiagHelp
0
Réponse 29 / 64
the bigwolf Messages postés 75 Statut Membre
 
je ne sais pas si c'est le rapport rechercher????
0
Réponse 30 / 64
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
je dois filer, retour dans la soirée, et je te dis quoi ...

++

;-)
0
Réponse 31 / 64
the bigwolf Messages postés 75 Statut Membre
 
ok tu crois que je peut allez sur msn sans risque sachant qu'il est en quarantaine????
0
Réponse 32 / 64
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok, oui, tu peux y aller ...

fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++
0
Réponse 33 / 64
the bigwolf Messages postés 75 Statut Membre
 
voici le rapport AVG

--------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 09:28:35 10/01/2008

+ Résultat de l'analyse:

C:\Users\bigwolf\AppData\Roaming\Microsoft\Windows\Cookies\bigwolf@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.12:C:\Users\bigwolf\AppData\Roaming\Mozilla\Firefox\Profiles\ing4mxy3.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.

Fin du rapport
0
Réponse 34 / 64
the bigwolf Messages postés 75 Statut Membre
 
donc alor je recommence,

rapport AVG

--------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 09:28:35 10/01/2008

+ Résultat de l'analyse:

C:\Users\bigwolf\AppData\Roaming\Microsoft\Windows\Cookies\bigwolf@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.12:C:\Users\bigwolf\AppData\Roaming\Mozilla\Firefox\Profiles\ing4mxy3.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.

Fin du rapport

ensuite j'ai essayé plusieurs analyse en ligne je n'y arrivé pas
donc j'ai fait une analyse avec avira en sans echec, mais je ne pense pas que se soit pareil


AntiVir PersonalEdition Classic
Report file date: jeudi 10 janvier 2008 11:18

Scanning for 1021624 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: bigwolf
Computer name: PC-DE-BIGWOLF

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 15:22:56
ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08/01/2008 14:05:40
ANTIVIR3.VDF : 7.0.1.214 72704 Bytes 09/01/2008 18:54:02
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 21/12/2007 01:30:46
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 21/12/2007 01:30:46
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 10 janvier 2008 11:18

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
22 processes with 22 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '19' files ).

Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\' <LACIE>
E:\logiciel\Program Files\Spyware-Secure\uninst.exe
[DETECTION] Contains detection pattern of the dropper DR/NaviPromo.BV.25
[INFO] The file was moved to '47ef0425.qua'!
E:\logiciel\Program Files\WebMediaPlayer\uninst.exe
[DETECTION] Contains detection pattern of the dropper DR/NaviPromo.BV.14
[INFO] The file was moved to '47ef0436.qua'!
E:\logiciel\Users\bigwolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPPUQA4Q\patch[1].exe
[DETECTION] Contains detection pattern of the dropper DR/NaviPromo.BV.2
[INFO] The file was moved to '47fa0448.qua'!
E:\logiciel\Users\bigwolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S534BKA\SpywareSecure_trial_setup[1].exe
[DETECTION] Contains detection pattern of the dropper DR/NaviPromo.BV.2
[INFO] The file was moved to '47ff045b.qua'!
E:\logiciel\Users\bigwolf\AppData\Local\Mozilla\Firefox\Profiles\6a9znf8g.default\Cache\93310745d01
[DETECTION] Contains detection pattern of the dropper DR/NaviPromo.BV.2
[INFO] The file was moved to '47b90422.qua'!
E:\logiciel\WINDOWS\Temp\NSIS_SpywareSecure_trial_setup.exe
[DETECTION] Contains detection pattern of the dropper DR/NaviPromo.BV.24
[INFO] The file was moved to '47cf05e1.qua'!

End of the scan: jeudi 10 janvier 2008 12:49
Used time: 1:30:20 min

The scan has been done completely.

18949 Scanning directories
394456 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
394450 Files not concerned
2435 Archives were scanned
1 Warnings
0 Notes

maintenant je fait Hijack this

anLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:38:15, on 10/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\BisonCam\BisonHK.exe
C:\Windows\BisonCam\EasyMIC.exe
C:\Program Files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\Explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [EasyMIC] C:\Windows\BisonCam\EasyMIC.exe
O4 - HKLM\..\Run: [CardReaderMonitor] C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 35 / 64
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

E:\logiciel\Program Files\Spyware-Secure
E:\logiciel\Program Files\WebMediaPlayer
E:\photos\images bigwolf\116007422011.jpg

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

++
0
Réponse 36 / 64
the bigwolf Messages postés 75 Statut Membre
 
j'arrive po a trouver le rapport j'i po C:\_OTMoveIt\MovedFiles\01102008_181057.log.
0
Réponse 37 / 64
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
??

tu as bien fais démarrer < poste de travail < disque local C:\ < puis le dossier _OTMoveIt

++
0
Réponse 38 / 64
the bigwolf Messages postés 75 Statut Membre
 
quand je clique sur MoveIt

le message :

Cannot create file C:\_OTMovedIT\MovedFiles\01102008_182217.log.
0
Réponse 39 / 64
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Ah ! ...

peux tu essaye de refaire un scan avec combo stp

++
0
Réponse 40 / 64
the bigwolf Messages postés 75 Statut Membre
 
oui
0

Discussions similaires

WORMS ARMAGEDDON GRATUIT SUR MAC OS X
rom1.lafontaine -
Chris 94 -

9 réponses
probleme avec worms 3d sur pc
baboupool -
yan -

2 réponses
WORMS DS = se déplacer
laureen26 -
h alex -

8 réponses
problème avec worms world party et vista
chtimi4103 -
MathGaul -

26 réponses