Page malveillante sur IE7

Résolu
foxs027 Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   -  
foxs027 Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour, voila jai un probleme avec internet explorer 7 quand je demar internet, une page maffichan des pub ou des faux message de windows en pleine ecran.

jai comme antivirus AVAST
comme anti spyware AVG anti spyware

mais quand je sacan mon pc il ne trouve rien dc je c pa ce que sa peut etre ni dout sa provient si quelqun peut maider sa serai syma merci davance
A voir également:

62 réponses

Précédent
Réponse 41 / 62
foxs027 Messages postés 51 Date d'inscription   Statut Membre Dernière intervention  
 
bon normalement jpence quon a fini tu me dira par toi meme si je pe supprimer avilog et otre ou si tu a encore des manipulation a me faire faire en tous cas je te remerci et jai aprecier ton aide a++
0
Réponse 42 / 62
Utilisateur anonyme
 
Re ,

Tu peux me refaire OAD avec :

SweetIM.exe


?

a+
0
Réponse 43 / 62
foxs027 Messages postés 51 Date d'inscription   Statut Membre Dernière intervention  
 
voila:

22/03/2008 ---- 17:03:19,60

----------------------------------
§§§§§§ [SweetIM.exe] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe]
@="C:\\_OTMOV~1\\MOVEDF~1\\032220~1\\PROGRA~1\\MACROG~1\\SweetIM\\SweetIM.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F]
"BF8532058170CB541B2457111F96D485"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"

[HKEY_USERS\S-1-5-21-4033519198-2885698927-3994710614-1006\Software\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"

[HKEY_USERS\S-1-5-21-4033519198-2885698927-3994710614-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"="SweetIM Instant Messenger Enhancer"

*******************
[Fichier]
*******************

c:\_OTMoveIt\MovedFiles\03222008_162310\Program Files\Macrogaming\SweetIM\SweetIM.exe


*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------



----------------------------------
§§§§§§ [SweetIM.exe] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F]
"BF8532058170CB541B2457111F96D485"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"

[HKEY_USERS\S-1-5-21-4033519198-2885698927-3994710614-1006\Software\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"

[HKEY_USERS\S-1-5-21-4033519198-2885698927-3994710614-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"="SweetIM Instant Messenger Enhancer"

*******************
[Fichier]
*******************

c:\_OTMoveIt\MovedFiles\03222008_162310\Program Files\Macrogaming\SweetIM\SweetIM.exe


*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
Réponse 44 / 62
Utilisateur anonyme
 
Re , un nouveau rapport si possible.

Supprime lui que tu viens de poster et recommence

a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 62
foxs027 Messages postés 51 Date d'inscription   Statut Membre Dernière intervention  
 
je vener de le refaire c le dernier pourquoi ya quelque chose qui va pas
0
Réponse 46 / 62
Utilisateur anonyme
 
Oui l'heure :

22/03/2008 ---- 17:03:19,60

Supprime le rapport que tu viens de poster et refais OAD.

A+
0
Réponse 47 / 62
foxs027 Messages postés 51 Date d'inscription   Statut Membre Dernière intervention  
 
voila :


22/03/2008 ---- 18:16:12,01

----------------------------------
§§§§§§ [SweetIM.exe] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F]
"BF8532058170CB541B2457111F96D485"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"

[HKEY_USERS\S-1-5-21-4033519198-2885698927-3994710614-1006\Software\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"

[HKEY_USERS\S-1-5-21-4033519198-2885698927-3994710614-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"="SweetIM Instant Messenger Enhancer"

*******************
[Fichier]
*******************

c:\_OTMoveIt\MovedFiles\03222008_162310\Program Files\Macrogaming\SweetIM\SweetIM.exe


*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
Réponse 48 / 62
Utilisateur anonyme
 
Re , voila :)

Refais le Fixreg avec :

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\­Components\BD746FB95FB8E5B45BF66BE54D5FD91F]
"BF8532058170CB541B2457111F96D485"=-
[HKEY_USERS\S-1-5-21-4033519198-2885698927-3994710614-1006\Software\Microsoft\Windows\Curr­entVersion\Run]
"SweetIM"=-
[HKEY_USERS\S-1-5-21-4033519198-2885698927-3994710614-1006\Software\Microsoft\Windows\Shel­lNoRoam\MUICache]
"C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"=-

N'oublie pas redémarrer en mode sans echec avant de le lancer.
a+


☼ ☼ ☼ ♪ See γou ℓater ♪ ☼ ☼ ☼
0
Réponse 49 / 62
foxs027 Messages postés 51 Date d'inscription   Statut Membre Dernière intervention  
 
ok ensuite
0
Réponse 50 / 62
Utilisateur anonyme
 
Un rapport Hijackthis

A+
0
Réponse 51 / 62
foxs027 Messages postés 51 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:33, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.carrefour-multimedia.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [USB Storage Toolbox] D:\logiciel\mp3 bluesky\Res.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Outil de mise à jour Google.lnk.disabled
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 52 / 62
Utilisateur anonyme
 
Re ,

Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\

N'y touche pas pour l'instant.

*************

Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )


Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\­­Components\BD746FB95FB8E5B45BF66BE54D5FD91F]
"BF8532058170CB541B2457111F96D485"=-
[HKEY_USERS\S-1-5-21-4033519198-2885698927-3994710614-1006\Software\Microsoft\Windows\Curr­­entVersion\Run]
"SweetIM"=-
[HKEY_USERS\S-1-5-21-4033519198-2885698927-3994710614-1006\Software\Microsoft\Windows\Shel­­lNoRoam\MUICache]
"C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"=-



Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.



Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

A+
0
Réponse 53 / 62
foxs027 Messages postés 51 Date d'inscription   Statut Membre Dernière intervention  
 
RAPPORT COMBOFIX:

ComboFix 08-03-22.1 - Dominique ROUSSEL 2008-03-22 18:54:45.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.534 [GMT 1:00]
Endroit: C:\Documents and Settings\Dominique ROUSSEL\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dominique ROUSSEL\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))))))
.

2008-03-22 16:23 . 2008-03-22 16:23 <REP> d--h----- C:\_OTMoveIt
2008-03-22 15:34 . 2008-03-22 15:53 <REP> d-------- C:\Program Files\Navilog1
2008-03-22 15:19 . 2008-03-22 15:19 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 15:10 . 2008-03-11 20:27 <REP> d-------- C:\Program Files\eMule
2008-03-07 14:21 . 2008-03-07 14:21 <REP> d-------- C:\Documents and Settings\Dominique ROUSSEL\Application Data\Samsung
2008-03-07 14:08 . 2008-03-07 14:08 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-03-07 14:08 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-03-07 14:08 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-03-07 14:08 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-03-07 14:08 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-03-07 14:08 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-03-07 14:08 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-03-07 14:08 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-03-07 14:08 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-03-07 14:07 . 2008-03-07 14:07 <REP> d-------- C:\Program Files\Samsung
2008-03-07 14:07 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-03-07 14:07 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-26 22:49 . 2008-02-26 22:49 <REP> dr-h----- C:\Documents and Settings\Dominique ROUSSEL\Application Data\SecuROM

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 23:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-07 13:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 21:49 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-14 18:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-13 13:50 --------- d-----w C:\Program Files\Windows Live
2008-02-13 13:49 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-13 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-12 05:21 --------- d-----w C:\Documents and Settings\Dominique ROUSSEL\Application Data\WinButler
2008-02-11 13:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-10 14:12 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-31 16:48 --------- d-----w C:\Documents and Settings\Dominique ROUSSEL\Application Data\InstallShield
2007-12-01 15:39 10 ----a-w C:\Program Files\.autoreg
2007-10-08 15:45 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 17:39 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-04-07 07:02 877568]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 06:03 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03 81920]
"USB Storage Toolbox"="D:\logiciel\mp3 bluesky\Res.EXE" [2005-09-14 20:44 65536]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 00:52 849280]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk.disabled [2007-08-08 18:43:47 950]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe /c
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Alcmtr"=ALCMTR.EXE
"CanalPlayerHelper"=C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
"ehTray"=C:\WINDOWS\ehome\ehtray.exe
"EoClock"=
"EoEngine"=
"EoPhoto"=
"EoRss"=
"EoSudoku"=
"EoWeather"=
"EPSON Stylus DX6000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S9A.tmp" /EF "HKLM"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SkyTel"=SkyTel.EXE
"USB Storage Toolbox"=C:\Program Files\USB Disk Win98 Driver\Res.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"=
"C:\\Program Files\\Ubisoft\\Demo\\Tom Clancy's Splinter Cell Double Agent Demo\\SCDA-Offline\\System\\SplinterCell4.exe"=
"C:\\Documents and Settings\\Dominique ROUSSEL\\Mes documents\\incredimail_install.exe"=
"D:\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 11:53]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 02:39]
S3 Service CANALPLAY;Service CANALPLAY;"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe" [2007-02-28 19:38]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-21 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 18:56:53
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-22 18:57:47
ComboFix-quarantined-files.txt 2008-03-22 17:57:20
.
2008-03-12 02:02:05 --- E O F ---




--------------------------------------------------------------------------------------------------------------------------------------------------------

RAPPORT HIJACKTHIS:


ComboFix 08-03-22.1 - Dominique ROUSSEL 2008-03-22 18:54:45.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.534 [GMT 1:00]
Endroit: C:\Documents and Settings\Dominique ROUSSEL\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dominique ROUSSEL\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))))))
.

2008-03-22 16:23 . 2008-03-22 16:23 <REP> d--h----- C:\_OTMoveIt
2008-03-22 15:34 . 2008-03-22 15:53 <REP> d-------- C:\Program Files\Navilog1
2008-03-22 15:19 . 2008-03-22 15:19 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 15:10 . 2008-03-11 20:27 <REP> d-------- C:\Program Files\eMule
2008-03-07 14:21 . 2008-03-07 14:21 <REP> d-------- C:\Documents and Settings\Dominique ROUSSEL\Application Data\Samsung
2008-03-07 14:08 . 2008-03-07 14:08 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-03-07 14:08 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-03-07 14:08 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-03-07 14:08 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-03-07 14:08 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-03-07 14:08 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-03-07 14:08 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-03-07 14:08 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-03-07 14:08 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-03-07 14:07 . 2008-03-07 14:07 <REP> d-------- C:\Program Files\Samsung
2008-03-07 14:07 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-03-07 14:07 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-26 22:49 . 2008-02-26 22:49 <REP> dr-h----- C:\Documents and Settings\Dominique ROUSSEL\Application Data\SecuROM

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 23:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-07 13:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 21:49 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-14 18:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-13 13:50 --------- d-----w C:\Program Files\Windows Live
2008-02-13 13:49 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-13 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-12 05:21 --------- d-----w C:\Documents and Settings\Dominique ROUSSEL\Application Data\WinButler
2008-02-11 13:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-10 14:12 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-31 16:48 --------- d-----w C:\Documents and Settings\Dominique ROUSSEL\Application Data\InstallShield
2007-12-01 15:39 10 ----a-w C:\Program Files\.autoreg
2007-10-08 15:45 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 17:39 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-04-07 07:02 877568]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 06:03 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03 81920]
"USB Storage Toolbox"="D:\logiciel\mp3 bluesky\Res.EXE" [2005-09-14 20:44 65536]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 00:52 849280]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk.disabled [2007-08-08 18:43:47 950]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe /c
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Alcmtr"=ALCMTR.EXE
"CanalPlayerHelper"=C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
"ehTray"=C:\WINDOWS\ehome\ehtray.exe
"EoClock"=
"EoEngine"=
"EoPhoto"=
"EoRss"=
"EoSudoku"=
"EoWeather"=
"EPSON Stylus DX6000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S9A.tmp" /EF "HKLM"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SkyTel"=SkyTel.EXE
"USB Storage Toolbox"=C:\Program Files\USB Disk Win98 Driver\Res.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"=
"C:\\Program Files\\Ubisoft\\Demo\\Tom Clancy's Splinter Cell Double Agent Demo\\SCDA-Offline\\System\\SplinterCell4.exe"=
"C:\\Documents and Settings\\Dominique ROUSSEL\\Mes documents\\incredimail_install.exe"=
"D:\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 11:53]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 02:39]
S3 Service CANALPLAY;Service CANALPLAY;"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe" [2007-02-28 19:38]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-21 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 18:56:53
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-22 18:57:47
ComboFix-quarantined-files.txt 2008-03-22 17:57:20
.
2008-03-12 02:02:05 --- E O F ---


je precise AUCUN REDEMARAGE
0
Réponse 54 / 62
Utilisateur anonyme
 
Re ,

Recommence le CFscript avec :

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-


+ un Hijackthis

A+
0
Réponse 55 / 62
foxs027 Messages postés 51 Date d'inscription   Statut Membre Dernière intervention  
 
rapport combofix :

ComboFix 08-03-22.1 - Dominique ROUSSEL 2008-03-22 19:07:15.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.517 [GMT 1:00]
Endroit: C:\Documents and Settings\Dominique ROUSSEL\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dominique ROUSSEL\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))))))
.

2008-03-22 16:23 . 2008-03-22 16:23 <REP> d--h----- C:\_OTMoveIt
2008-03-22 15:34 . 2008-03-22 15:53 <REP> d-------- C:\Program Files\Navilog1
2008-03-22 15:19 . 2008-03-22 15:19 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 15:10 . 2008-03-11 20:27 <REP> d-------- C:\Program Files\eMule
2008-03-07 14:21 . 2008-03-07 14:21 <REP> d-------- C:\Documents and Settings\Dominique ROUSSEL\Application Data\Samsung
2008-03-07 14:08 . 2008-03-07 14:08 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-03-07 14:08 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-03-07 14:08 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-03-07 14:08 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-03-07 14:08 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-03-07 14:08 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-03-07 14:08 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-03-07 14:08 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-03-07 14:08 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-03-07 14:07 . 2008-03-07 14:07 <REP> d-------- C:\Program Files\Samsung
2008-03-07 14:07 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-03-07 14:07 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-26 22:49 . 2008-02-26 22:49 <REP> dr-h----- C:\Documents and Settings\Dominique ROUSSEL\Application Data\SecuROM

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 23:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-07 13:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 21:49 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-14 18:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-13 13:50 --------- d-----w C:\Program Files\Windows Live
2008-02-13 13:49 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-13 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-12 05:21 --------- d-----w C:\Documents and Settings\Dominique ROUSSEL\Application Data\WinButler
2008-02-11 13:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-10 14:12 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-31 16:48 --------- d-----w C:\Documents and Settings\Dominique ROUSSEL\Application Data\InstallShield
2007-12-01 15:39 10 ----a-w C:\Program Files\.autoreg
2007-10-08 15:45 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 17:39 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-04-07 07:02 877568]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 06:03 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03 81920]
"USB Storage Toolbox"="D:\logiciel\mp3 bluesky\Res.EXE" [2005-09-14 20:44 65536]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 00:52 849280]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk.disabled [2007-08-08 18:43:47 950]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe /c
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Alcmtr"=ALCMTR.EXE
"CanalPlayerHelper"=C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
"ehTray"=C:\WINDOWS\ehome\ehtray.exe
"EoClock"=
"EoEngine"=
"EoPhoto"=
"EoRss"=
"EoSudoku"=
"EoWeather"=
"EPSON Stylus DX6000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S9A.tmp" /EF "HKLM"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SkyTel"=SkyTel.EXE
"USB Storage Toolbox"=C:\Program Files\USB Disk Win98 Driver\Res.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"=
"C:\\Program Files\\Ubisoft\\Demo\\Tom Clancy's Splinter Cell Double Agent Demo\\SCDA-Offline\\System\\SplinterCell4.exe"=
"C:\\Documents and Settings\\Dominique ROUSSEL\\Mes documents\\incredimail_install.exe"=
"D:\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 11:53]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 02:39]
S3 Service CANALPLAY;Service CANALPLAY;"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe" [2007-02-28 19:38]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-21 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 19:07:53
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-22 19:08:37
ComboFix-quarantined-files.txt 2008-03-22 18:08:07
ComboFix2.txt 2008-03-22 17:57:48
.
2008-03-12 02:02:05 --- E O F ---


----------------------------------------------------------------------------------------------------------------------------------------------------------
rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:01, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
D:\logiciel\mp3 bluesky\Res.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.carrefour-multimedia.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [USB Storage Toolbox] D:\logiciel\mp3 bluesky\Res.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Outil de mise à jour Google.lnk.disabled
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 56 / 62
Utilisateur anonyme
 
Re , parfait =)
Je t'envoi une procédure longue car je ne serait pas la ce soir.

*****************************************************************************************

Met à jour JAVA --> https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

*****************************************************************************************

Délaisse Avast au profit d'Antivir , contrairement à ce que tout le monde pense , Avast n'est pas aussi bien que l'on pourrais le croire regarde le classement des AV
et constate par toi même → Avast vs Antivir

Vire Avast → Désinstalle Avast 'proprement' ( merci espion3004)

Et télécharge Antivir ( PersonnalEdition Classic) → ici

Tuto Installation + configuration Antivir → https://www.malekal.com/avira-free-security-antivirus-gratuit/

Tuto Installation : → https://www.astucesinternet.com/modules/news/article.php?storyid=253

Pour le rendre encore plus discret....


*****************************************************************************************

Télécharge le pare-feu ZoneAlarm Lit bien tout l'article pour éviter les surprises.

Des soucis avec ?

*****************************************************************************************

→ Télécharge CleanUp452 ( Primary download site ... )

→ Lance-le et choisi l'option ' cleanup! '

Poste le rapport.

Tutorial: http://pageperso.aol.fr/balltrap34/democleanup.htm ( merci à balltrap34 )

*****************************************************************************************

1) Télécharge Ncleaner sur ton bureau , double clique sur le fichier d'installation et installe le logiciel.


2) Double clique sur l'icône crée sur le bureau et choisi ' cleansystem '

3) A gauche de l'écran , sous ' clean system and applications ' vérifie que seulement les 4 premières cases soit cochées , puis clique sur ' clean now ' > ' analyze '

--- Le programme va rechercher les fichier inutiles ---

Une fois l'analyse terminée , clique sur ' Clean ' et repond ' Yes ' a la demande de confirmation.

Cela terminé , clique sur ' Done '

4) Reprend l'étape 2 et choisi cette fois ci ' Registry clean and repair ' vérifie que toute les cases soient cochées et clique sur ' Clean now ' ( dans la colonne de droite cette fois-ci ) > ' Scan '

--- Le programme va rechercher les clées de registre invalides ---

Une fois le scan terminé , clique sur ' Remove ' et repond ' Yes ' a la demande de confirmation.

Cela terminé , clique sur ' Done '

*****************************************************************************************

→ Télécharge sur ton bureau ATF-Cleaner : http://www.atribune.org/ccount/click.php?id=1

→ Redémarre en MSE

Autre tutorials pour MSE :

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253


→ Lance ATF-Cleaner :

_Sous l'onglet Main, choisis : Select All
_Clique sur le bouton Empty Selected

→ Sous l'onglet Firefox (si présent) : Coche tout SAUF 'Firefox saved passwords' .
_Clique sur Empty selected

→ Sous l'onglet Opéra (si présent) : Coche tout SAUF 'Opera saved passwords' .
_Clique sur Empty selected

→ Quitte ATF-Cleaner.

tutorial : http://www.dualforum.com/viewtopic15681.html

*****************************************************************************************

→ Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

→ Double clique sur ToolsCleaner2.exe >
→ Clique sur .Recherche
→ puis sur Suppression quand la liste est trouvée.
→ Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )

**************************************************************************************

Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la, ce qui créer un point de restauration sain...

Désactivation :
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique patiente jusqu’à ce que cela soit marqué "désactivé" puis Ok.

Activation :
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique attends que cela soit à nouveau sur "surveillance" puis Ok. Redémarre l'ordinateur.

***************************************************************************************

Télécharge SpywareGuard ( ce logiciel complete très bien Spybot)

Tutorial : https://www.zebulon.fr/dossiers/securite/47-spywareguard.html

*****************************************************

Eventuellement Spyware blaster

Tutorial : https://www.malekal.com/tutorial-spywareblaster/

*****************************************************

-------------Infos-------------

Ce lien explique ce que sont les pirates , leurs méthodes , comment les contrer , et la prévention

Trojans .. Comment ça marche ?

( merci espion3004)

****************************


Pourquoi sécuriser mon pc ?

****************************

Voila beaucoup de travail pour toi =)
Poste le rapport Toolcleaner et ce sera fini.

A+



0
Réponse 57 / 62
foxs027 Messages postés 51 Date d'inscription   Statut Membre Dernière intervention  
 
ok ba jaller te demander si on pouver finir demain parceke moi oci fau que jy aille lol bon ba jte shouite bone soirer et en tous cas merci infiniment pour ton aide precieuse et sympatique si jai un probleme jte ferai signe sur le forum lol meme si je pence que jté deja fé asser chier comme sa depuis hier lol mé bon merci encore a++ bonne continuation si on ce revoi pas
0
Utilisateur anonyme
 
^^

On continura demain si tu veux ;)

Et puis non , c'est par passion que je fait ça , donc je ne me fait pas chier :)

Si tu as des questions n'hésite pas

++
0
Réponse 58 / 62
foxs027 Messages postés 51 Date d'inscription   Statut Membre Dernière intervention  
 
tient voila les dernier rapport que tu ma demander

RAPPORT CLEANUP:

CleanUp! started on 03/23/08 11:16:44.
...
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\incredicenter.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\indentLR.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\indentRL.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\infodlg.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\innerbutton.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\innercaption.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\insertimage.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\intheoffice.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\italic.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\jfp_getplus.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\jfp_getplus_ag.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\jfp_logo.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\junkbar.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\junksettings.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\languagedlg.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_alignbottom.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_aligncenter.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_aligntop.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_animimage.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_contentpacker.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_gifanimb.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_gifanimr.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_image.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_leftimg.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_link.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_linkcolor.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_new.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_nobg.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_noleftimg.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_norightimg.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_open.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_palette.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_play.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_redo.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_rightimg.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_sample.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_textcolor.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_tile.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lc_undo.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\leftalign.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\letters.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ListIcons.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\lookup.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\ManagerIcons.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\menubar.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\MenubarIcons.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\message.swf - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\messagebox.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\messagerules.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\messageviewer.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\moveto.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\newcontact.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\newgroup.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\newmail.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\next.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\nodrop.cur - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\noNotifierOptions.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\noNotifierPreview.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\noNotifierPreview.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\notifier.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\NotifierGoldLabel.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\NotifierInnerCaption.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\numbers.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Numbersgroup.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\outofoffice.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\outofoffice.swf - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\paint.cur - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\pencil.cur - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\play.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\popupbutton.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\premium.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\prev.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\print.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\progress.swf - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\progressplus.swf - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\propertiesicons.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\question.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\quickbar.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\reading3d.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\receipt.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\receiptbg.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\receiving.swf - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\record.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\recorder.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\refresh.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\regagreementdlg.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\regcallserver.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\regfailed.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\register.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\registerbg.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\regsucceeded.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\reply.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\replyall.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\rightalign.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Save.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\save.cur - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\scrolldown.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\scrollleft.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\scrollright.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\scrollup.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\search.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\search_rect.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\SecurityDlg.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\send.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\sending.swf - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\sending3d.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\sendreceive.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\setadvanceddlg.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\setgeneraldlg.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\sidebox_close.wav - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\sidebox_open.wav - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\signature.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\signatureicon.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\skin.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\skinInnerCaption.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Sndimage.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\sound.swf - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\sounds.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\spelling.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\splash.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\splash.wav - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\splitters.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\static_export.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\static_import.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\status.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\status.swf - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\statusbar.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\status_off.swf - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\stop.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\stopspam.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\styleboxbar.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\stylebox_click.wav - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\textcolor.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\Thumbnail.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\thumbnailstatus.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\toolbar.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\transfer_Fallback.gif - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\typingsound.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\underline.bmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Application Data\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\VertScrollbar.bmp - deleted
C:\Documents and Settings\NetworkService\Cookies\index.dat - deleted
C:\Documents and Settings\NetworkService\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\NetworkService\Cookies\index.dat - deleted
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Documents and Settings\LocalService\Cookies\index.dat - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\LocalService\Cookies\index.dat - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Documents and Settings\IUSR_NMPR\Cookies\index.dat - deleted
C:\Documents and Settings\IUSR_NMPR\Cookies\index.dat - deleted
C:\Documents and Settings\Dominique ROUSSEL\Cookies\index.dat - deleted
C:\Documents and Settings\Dominique ROUSSEL\locals~1\tempor~1\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat - deleted
C:\Documents and Settings\Dominique ROUSSEL\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\Dominique ROUSSEL\locals~1\tempor~1\Content.IE5\YDET35S7\ReadMessageLight[5].htm - deleted
C:\Documents and Settings\Dominique ROUSSEL\Cookies\index.dat - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Temp\ginstall.dll - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Temp\~DF2F08.tmp - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Documents and Settings\Dominique ROUSSEL\Local Settings\Temporary Internet Files\Content.IE5\YDET35S7\ReadMessageLight[5].htm - deleted
C:\Documents and Settings\Default User\Cookies\index.dat - deleted
C:\Documents and Settings\Default User\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\Default User\Cookies\index.dat - deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Documents and Settings\Administrateur\Cookies\index.dat - deleted
C:\Documents and Settings\Administrateur\Cookies\index.dat - deleted
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 14.5 MB of disk space from 308 files.
CleanUp! finished on 03/23/08 11:16:52.


RAPPORT TOOLCLEANER2:

-->- Recherche:

C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Dominique ROUSSEL\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Dominique ROUSSEL\Bureau\OtMoveIt2.exe: trouvé !
C:\Documents and Settings\Dominique ROUSSEL\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Dominique ROUSSEL\Bureau\HJTInstall.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Dominique ROUSSEL\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Dominique ROUSSEL\Bureau\OtMoveIt2.exe: supprimé !
C:\Documents and Settings\Dominique ROUSSEL\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Dominique ROUSSEL\Bureau\HJTInstall.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !


au faite le fichier fix.reg jen fait quoi je peut le supprimer ou pas??
et si ta 2 min jorai une autre question a te poser a propos d'un lecteur de carte merci a++
0
Réponse 59 / 62
Utilisateur anonyme
 
Re ,

Oui supprime fix.reg , cleanup et toolcleaner.

D'autre questions ?

0
Réponse 60 / 62
foxs027 Messages postés 51 Date d'inscription   Statut Membre Dernière intervention  
 
ok c'est bon tous est supprimer merci

oui j'en aurai 2:

- depuis que jai installer zone alarme sur le 2eme PC celui de mon pere, ( ce matin vers 11h), il est deja a 600 tentative bloquer ( sa fait pas beaucoup ...??) moi jen suis qu'a 10 sur le mien alor que je lai installer hier

- et ma 2eme question ( qui na rien a voir avec tous sa ) enfet jai un lecteur de carte que jai recuperer sur un ancien pc mé impossible de lire les carte SD alor quel marche sur tous les autre PC ' jai chercher sur comment sa marche mé toute tentative on fini par un echeque (modif cle de registre ...) tous donc si ta une idee...
0

Discussions similaires

connection ok mais aucune page ne s'affiche
gandounet -
fabiennetitou -

10 réponses
Code erreur 80710A06
LeJoeurTriste -
Petibond -

27 réponses