Mon ordi rame

Résolu
fabou -  
cedric241 Messages postés 3380 Statut Membre -
Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:44, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\fabrice chambe\local settings\application data\rskdqxpkd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\FSPC\fspc.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6C65156C-BD92-41F7-BA26-0CA21B846D2A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {A16D89EA-B695-4DDA-B31D-7FA01A57F1BD} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [rskdqxpkd] c:\documents and settings\fabrice chambe\local settings\application data\rskdqxpkd.exe rskdqxpkd
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?5cf13ed795014580ab231e254a34243
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?5cf13ed795014580ab231e254a34243
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1207930240156
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/gameshell/online/fr/luxor_amun_rising/mjolauncher.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://fabou69france.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Media Bar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/fabrice%20chambe/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7ED6E60F-342B-4B34-9D16-DDF718816B9E}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{891E530A-47E7-4D77-9829-9853C22903AD}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC657D75-98AD-402D-B30C-FAF3C3FBF32C}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 12800 bytes
Configuration: Windows XP
Internet Explorer 7.0

34 réponses

  • 1
  • 2
  1. cedric241 Messages postés 3380 Statut Membre 119
     
    salut supprime ces lignes :

    O2 - BHO: (no name) - {6C65156C-BD92-41F7-BA26-0CA21B846D2A} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O3 - Toolbar: (no name) - {A16D89EA-B695-4DDA-B31D-7FA01A57F1BD} - (no file)

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/gameshell/online/fr/luxor_amun_rising/mjolauncher.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://fabou69france.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Media Bar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/fabrice%20chambe/Local%20Settings/Application%20Data­/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7ED6E60F-342B-4B34-9D16-DDF718816B9E}: NameServer = 85.255.116.92,85.255.112.146
    O17 - HKLM\System\CCS\Services\Tcpip\..\{891E530A-47E7-4D77-9829-9853C22903AD}: NameServer = 85.255.116.92,85.255.112.146
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DC657D75-98AD-402D-B30C-FAF3C3FBF32C}: NameServer = 85.255.116.92,85.255.112.146
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146

    pour les supprimer tu les coches ensuite tu clic sur fix checked

    apres désinstal java car il n est pas a jours (faille de sécurité) et telecharge et instal cette version :

    https://www.java.com/fr/download/manual.jsp

    ensuite fais ça ;

    telecharge et instal btfix sur ce lien :

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/40698.html

    puis lance la recherche et supprime

    poste moi le rapport s il te plait
    0
  2. fabou
     
    BTFix 1.098 (par bibi26) - 21/04/2008 14:28:13 - Analyse
    Lancé depuis C:\Documents and Settings\fabrice chambe\Mes documents\BTFix\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvés

    - C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\

    ---> Analyse terminée le 21/04/2008 14:28:15
    0
  3. cedric241 Messages postés 3380 Statut Membre 119
     
    Fais un scan avec cet antispyware :

    Telecharge malwarebytes + tutoriel :

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.
    0
  4. fabou
     
    au bout d un moment l analyse s arrete
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. cedric241 Messages postés 3380 Statut Membre 119
     
    ??
    t as un rapport ??

    regarde dans l onglet rapport/log

    as tu supprimé ??
    0
  7. cedric241 Messages postés 3380 Statut Membre 119
     
    OK Et l analyse est en cours

    sinon recommence et fais la rapide
    0
  8. fabou
     
    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 665

    Type de recherche: Examen rapide
    Eléments examinés: 59130
    Temps écoulé: 19 minute(s), 15 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 12
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 23
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{812ff14f-e17b-4f8a-b6a5-f39dbb2e29f0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{db6633ad-12a9-4aa5-a33a-2f9aed6078d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f1ebacef-d6bf-4d1d-851a-90895eca9448} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{85134ee0-0f54-4d88-a9f2-b58cbbfcb2b2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{b8438c60-53fc-4988-be0a-6d1493c44597} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger) -> Data: kdrfu.exe -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\contexts (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\images (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\Starware\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\Starware\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\Starware\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\Starware\PopupBlocker (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\Starware\Reference (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\Starware\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\Starware\Screensavers (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\Starware\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\Starware\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\Starware\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\Starware\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\chambe\Application Data\Starware\Weather (Adware.Starware) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\kdrfu.exe (Rootkit.DNSChanger) -> Delete on reboot.
    C:\Documents and Settings\chambe\Local Settings\Temp\GLKA4.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
    C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    0
  9. cedric241 Messages postés 3380 Statut Membre 119
     
    réouvre maleware byte
    va dans l onglet quarantaine
    supprime tout

    ensuite fais ça :

    Télécharge Clean:

    -> http://www.malekal.com/download/clean.zip

    -> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.

    Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

    -> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

    http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914
    0
  10. fabou
     
    21/04/2008 a 20:03:25,65

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32
    "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

    *** Recherche des fichiers dans C:\Program Files
    *** Fin du rapport !
    0
  11. cedric241 Messages postés 3380 Statut Membre 119
     
    tres bien

    réouvre clean passe l option 2

    puis poste moi le rapport + un rapport hijackthis stp
    0
  12. fabou
     
    rapport hijathisLogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:25:13, on 21/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\documents and settings\fabrice chambe\local settings\application data\rskdqxpkd.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\FSPC\fspc.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\Program Files\Securitoo\av_fw\FSAUA\program\fsus.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [rskdqxpkd] c:\documents and settings\fabrice chambe\local settings\application data\rskdqxpkd.exe rskdqxpkd
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?5cf13ed795014580ab231e254a34243
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?5cf13ed795014580ab231e254a34243
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    0
  13. cedric241 Messages postés 3380 Statut Membre 119
     
    dis moi comment va le pc apres tout ça

    et surtout j ai une question t as pas des pubs a l écran de temps en temps ?
    0
  14. fabou
     
    non j ai pas de pub qui s affiche.
    ca va un peut mieu
    0
  15. cedric241 Messages postés 3380 Statut Membre 119
     
    ok fais ça :

    Télécharge ceci: (by Moe) :
    http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

    Double clic sur Lopxpsetup.exe pour lancer l'installation
    Au menu, choisir l'option 1
    Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
    Une rapport sera alors crée, à copie/colle en entier sur le forum.
    0
  16. cedric241 Messages postés 3380 Statut Membre 119
     
    pendant qu on continue la désinfection

    on va lancer une défragmentation :

    va dans poste de travail
    fais un clic droit sur le disque C
    chosi prpriete
    va sur outil
    chosi defragmenter maintenant
    0
  17. fabou
     
    # Rapport Lopxp fait le 21/04/2008 à 20:52:24
    # Exécuté dans : C:\Program Files\Lopxp
    # Version 3.10 - Maj du 11/04/2008

    Killing 'iexplore.exe'
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" (3516)

    ========== Listing des dossiers Application Data

    +- C:\Documents and Settings\All Users\Application Data

    2006-01-06 à 16:26:38 - Apple Computer
    2006-03-30 à 12:12:35 - Exetender
    2006-02-27 à 16:43:04 - Microsoft
    2005-04-24 à 13:12:46 - nView_Profiles
    2006-01-10 à 16:42:49 - Oberon Media
    2006-02-22 à 16:39:33 - Sandlot Games
    2005-04-15 à 18:08:31 - SBT
    2006-03-28 à 16:03:25 - Windows Genuine Advantage
    2006-01-18 à 18:23:39 - Yahoo! Companion
    2006-01-07 à 15:58:58 - Zylom

    +- C:\Documents and Settings\All Users.WINDOWS\Application Data

    2008-04-19 à 13:15:06 - Adobe
    2006-04-15 à 10:06:22 - Ahead
    2007-08-16 à 12:30:42 - Apple
    2006-10-30 à 14:53:09 - Apple Computer
    2008-04-18 à 13:20:48 - F-Secure
    2007-06-27 à 18:41:33 - Friends Games
    2008-04-18 à 13:20:28 - fssg
    2006-11-22 à 17:31:00 - Google
    2007-12-24 à 17:50:01 - Grisoft
    2007-05-03 à 18:27:51 - InterAction studios
    2008-04-21 à 12:33:05 - Malwarebytes
    2006-04-29 à 16:37:33 - Microsoft
    2006-04-17 à 13:31:40 - MSN Search Toolbar
    2007-08-17 à 12:28:57 - MumboJumbo
    2008-03-20 à 19:54:35 - NannyMania
    2006-05-20 à 14:53:28 - PlayFirst
    2007-05-18 à 17:28:08 - PopCap
    2006-05-24 à 17:28:28 - Sandlot Games
    2006-04-15 à 10:58:27 - SBT
    2008-03-21 à 14:36:09 - TEMP
    2007-05-23 à 18:54:37 - TERMINAL Studio
    2006-04-24 à 16:39:00 - Windows Genuine Advantage
    2008-03-05 à 16:17:41 - WLInstaller
    2006-04-18 à 17:05:37 - Zylom

    +- C:\Documents and Settings\cedric\Application Data

    2006-04-19 à 16:15:17 - Dossier de téléchargement Share-to-Web
    2007-08-20 à 13:57:29 - Dossier de téléchargement Share-to-Web
    2006-04-19 à 16:15:00 - Identities
    2007-08-20 à 13:58:01 - ispnews
    2007-08-20 à 13:56:58 - Microsoft

    +- C:\Documents and Settings\cedric\Local Settings\Application Data

    2007-08-20 à 13:57:28 - Microsoft

    +- C:\Documents and Settings\chambe\Application Data

    2006-03-03 à 16:17:52 - Adobe
    2006-01-06 à 16:29:09 - Apple Computer
    2006-01-13 à 10:41:56 - Dossier de téléchargement Share-to-Web
    2006-01-12 à 15:39:20 - Dossier de téléchargement Share-to-Web
    2005-11-05 à 16:28:51 - DownloadManager
    2005-06-25 à 09:53:36 - eConf
    2005-11-03 à 18:43:29 - Google
    2006-04-12 à 15:25:32 - HbTools
    2005-04-15 à 18:03:30 - Help
    2006-02-06 à 18:37:04 - Hulabee
    2006-03-24 à 14:29:30 - Identities
    2006-03-03 à 16:17:51 - InterTrust
    2006-01-21 à 16:48:35 - Macromedia
    2006-03-30 à 18:48:41 - Microsoft
    2005-04-15 à 18:07:50 - Microsoft Web Folders
    2005-04-25 à 18:24:01 - MSNInstaller
    2005-06-25 à 09:00:40 - Sun
    2006-01-26 à 16:50:28 - Wannadoo
    2006-04-06 à 18:23:29 - WholeSecurity
    2006-03-24 à 14:29:28 - Zylom

    +- C:\Documents and Settings\chambe\Local Settings\Application Data

    2005-04-15 à 19:33:47 - Ahead
    2006-01-06 à 16:31:47 - Apple Computer
    2006-03-30 à 14:29:37 - ApplicationHistory
    2006-02-19 à 16:46:23 - Help
    2005-05-20 à 15:19:51 - Identities
    2006-03-29 à 16:08:54 - Microsoft
    2006-01-10 à 16:42:49 - Oberon Media
    2005-04-24 à 13:19:22 - WMTools Downloaded Files

    +- C:\Documents and Settings\fabrice chambe\Application Data

    2006-10-30 à 19:20:51 - Adobe
    2007-02-28 à 17:34:07 - AdobeUM
    2006-05-06 à 14:14:01 - Ahead
    2007-01-30 à 17:30:14 - Angkor
    2007-01-22 à 16:12:09 - Apple Computer
    2006-12-06 à 15:43:36 - Balloon Express
    2008-02-16 à 13:59:03 - Creative
    2007-08-01 à 14:12:07 - DialMessenger
    2006-10-24 à 19:04:25 - DivX
    2008-01-18 à 09:40:56 - Dossier de téléchargement Share-to-Web
    2006-04-17 à 13:17:38 - Dossier de téléchargement Share-to-Web
    2006-05-21 à 18:11:06 - eConf
    2007-01-02 à 11:49:33 - F-Secure
    2006-04-17 à 15:07:30 - Google
    2007-12-24 à 17:50:19 - Grisoft
    2006-10-29 à 11:43:33 - Help
    2006-04-15 à 09:44:30 - Identities
    2006-12-31 à 15:20:38 - ispnews
    2007-05-03 à 17:30:59 - iWin
    2006-11-17 à 17:30:17 - Leadertech
    2006-12-25 à 21:52:54 - Macromedia
    2008-04-21 à 12:33:13 - Malwarebytes
    2008-04-11 à 14:53:09 - Microsoft
    2006-04-15 à 10:52:49 - Microsoft Web Folders
    2006-07-07 à 20:32:18 - Mozilla
    2006-04-17 à 13:33:38 - MSN Search Toolbar
    2006-12-31 à 15:25:29 - PEX
    2006-05-20 à 14:53:28 - PlayFirst
    2007-12-10 à 17:14:22 - Sony Corporation
    2006-04-17 à 15:07:46 - Sun
    2006-07-07 à 20:32:48 - Talkback
    2007-11-17 à 16:12:24 - WinRAR

    +- C:\Documents and Settings\fabrice chambe\Local Settings\Application Data

    2006-10-30 à 19:21:19 - Adobe
    2006-10-23 à 16:43:08 - Ahead
    2007-08-16 à 12:31:54 - Apple
    2006-10-30 à 14:54:29 - Apple Computer
    2006-10-29 à 11:43:33 - Help
    2006-04-15 à 19:10:07 - Identities
    2008-04-19 à 09:23:23 - Microsoft
    2006-07-07 à 20:32:18 - Mozilla
    2008-04-18 à 13:13:23 - Neuf
    2007-03-23 à 14:41:41 - Oberon Media
    2006-05-27 à 18:40:53 - OD2
    2006-06-22 à 18:22:24 - WMTools Downloaded Files
    2006-10-29 à 14:14:35 - {3248F0A6-6813-11D6-A77B-00B0D0150040}

    ========== Listing du dossier Program Files

    +- C:\Program Files

    2008-03-23 à 16:46:42 - 3DBELOTE
    2008-04-21 à 17:59:01 - 7-Zip
    2006-10-30 à 11:03:55 - Adobe
    2006-04-15 à 10:18:24 - Ahead
    2007-08-16 à 12:31:51 - Apple Software Update
    2008-03-20 à 19:29:32 - BELOTE2000
    2005-04-12 à 10:16:05 - C-Media
    2007-11-02 à 16:27:40 - CCleaner
    2005-09-29 à 16:51:15 - Codemasters
    2006-05-14 à 13:12:22 - Common Files
    2006-04-15 à 09:32:53 - ComPlus Applications
    2006-10-21 à 18:28:26 - Creative
    2005-05-27 à 19:11:14 - Cryo Interactive
    2005-04-15 à 19:18:37 - Davilex
    2007-08-13 à 13:11:09 - DialMessenger
    2008-02-19 à 17:54:31 - DivX
    2006-12-31 à 16:14:13 - DownloadManager
    2005-09-22 à 17:24:35 - eBay
    2008-03-04 à 17:43:42 - eMule
    2008-04-14 à 16:27:00 - Fichiers communs
    2006-02-24 à 10:53:41 - Firstload
    2006-04-12 à 13:55:06 - fsupport
    2006-12-06 à 16:13:55 - Gamenext
    2006-08-07 à 15:10:28 - GameSpy Arcade
    2006-11-22 à 17:28:01 - Google
    2007-12-24 à 17:49:58 - Grisoft
    2006-10-29 à 14:45:28 - GT Interactive
    2006-04-15 à 11:09:02 - Hemera Products
    2005-04-15 à 15:58:06 - Hewlett-Packard
    2006-06-03 à 12:00:49 - ICom Plugins
    2005-05-27 à 17:53:19 - Immersion Corporation
    2007-12-10 à 16:55:04 - InstallShield Installation Information
    2007-06-27 à 18:51:54 - InterActual
    2008-04-21 à 16:41:09 - Internet Explorer
    2007-08-16 à 12:37:13 - iPod
    2005-08-26 à 11:56:54 - IrfanView
    2007-08-16 à 12:37:23 - iTunes
    2008-04-21 à 12:17:42 - Java
    2006-04-02 à 15:38:59 - Jeux classiques
    2005-05-13 à 16:35:15 - Kazaa
    2007-05-07 à 15:12:52 - LimeWire
    2008-04-21 à 18:52:38 - Lopxp
    2008-04-21 à 12:33:08 - Malwarebytes' Anti-Malware
    2006-04-20 à 19:24:29 - Messenger
    2005-05-27 à 18:55:05 - Metal Gear Solid
    2005-05-05 à 14:45:37 - Microids
    2005-04-12 à 09:24:57 - microsoft frontpage
    2005-04-15 à 18:08:38 - Microsoft Office
    2005-04-29 à 20:24:25 - MotoGP2
    2006-04-15 à 09:33:28 - Movie Maker
    2007-11-02 à 17:41:34 - Mozilla Firefox
    2005-04-25 à 18:59:19 - MSN
    2005-04-12 à 09:21:41 - MSN Gaming Zone
    2008-03-05 à 16:23:07 - MSN Messenger
    2006-04-17 à 13:32:10 - MSN Toolbar Suite
    2008-01-02 à 13:58:21 - Navilog1
    2006-04-15 à 09:33:20 - NetMeeting
    2008-04-18 à 13:13:16 - Neuf
    2006-01-13 à 20:10:49 - OneMX
    2005-04-12 à 09:21:47 - Online Services
    2006-06-09 à 18:16:45 - orange
    2007-06-13 à 19:31:18 - Outlook Express
    2006-03-30 à 12:12:36 - Player Metaboli
    2006-01-13 à 20:07:34 - QuickPar
    2007-08-16 à 12:34:30 - QuickTime
    2008-02-21 à 16:43:38 - Registry Mechanic
    2007-11-04 à 11:53:00 - SAGEM
    2007-09-04 à 15:34:55 - Securitoo
    2005-04-12 à 09:23:30 - Services en ligne
    2006-01-12 à 21:48:29 - Show
    2006-02-19 à 15:49:52 - Sierra On-Line
    2007-01-05 à 21:41:58 - sixteen tons entertainment
    2006-10-29 à 11:43:33 - Snapshot Viewer
    2007-12-10 à 16:52:27 - Sony
    2008-04-21 à 12:18:03 - Sun
    2007-11-02 à 16:11:26 - Trend Micro
    2006-03-03 à 15:31:52 - Ubisoft
    2005-04-12 à 09:30:39 - Uninstall Information
    2007-01-22 à 17:01:48 - Vimicro
    2008-04-16 à 12:41:55 - Wanadoo
    2007-01-05 à 21:43:31 - Wanadoo Jeux
    2008-03-05 à 16:22:30 - Windows Live
    2008-04-11 à 14:23:54 - Windows Live Safety Center
    2007-01-02 à 16:23:38 - Windows Media Connect 2
    2007-05-10 à 18:43:53 - Windows Media Player
    2006-04-15 à 09:31:47 - Windows NT
    2005-04-12 à 09:23:34 - WindowsUpdate
    2008-02-20 à 15:19:24 - WinRAR
    2005-04-12 à 09:24:57 - xerox
    2006-01-18 à 18:23:00 - Yahoo!
    2007-11-04 à 12:20:29 - YesMessenger
    2007-01-05 à 21:44:57 - Zylom Games

    ========== Tâches planifiées

    AppleSoftwareUpdate.job: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
    Scheduled scanning task.job: C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\report.txt
    User_Feed_Synchronization-{B0168734-30DB-474C-A268-17DEE6822767}.job: C:\WINDOWS\system32\msfeedssync.exe sync

    ========== Clés registre

    ========== Bloqueur popups Internet Explorer

    www.amateursexsite.tv
    www.upskirtfetish.tv
    www.inter-orgasms.com
    www.bubblebuttsgalore.com
    www.letelegramme.com
    www.14inch.com
    perso.wanadoo.fr
    *.zylom.com
    www.photos-de-cul.com
    www.video-hardcore.org
    www.ffsa.org
    www.asacardeche.com
    www.miniclip.com
    *.hyper-mecanic.fr.st
    membres.lycos.fr
    www.videos-gratuites.net
    www.gtliensmoto.com
    www.francesurf.net
    www.castingcouchteens.com
    www.moustiq.com
    *.lezbteens.com
    www.kylieteen.com
    www.teenfootclub.com
    www.exclusivetgirls.com
    www.harmonyfinn.com
    fredpro.nuxit.net
    www.zoeymodel.com
    www.prontovideos.com
    www.lequipe.fr
    www.staltp.com
    www.screg-se.com

    ========== Suggestion ( /!\ Nécessite une interprétation.) ==========

    C:\Documents and Settings\chambe\Application Data\DownloadManager
    C:\Program Files\DownloadManager

    +- Registre : Aucune suggestion.

    - Fin du rapport -
    0
  18. cedric241 Messages postés 3380 Statut Membre 119
     
    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en gras ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    C:\Documents and Settings\chambe\Application Data\DownloadManager
    C:\Program Files\DownloadManager

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles. + un rapport hijackthis

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    0
  19. cedric241 Messages postés 3380 Statut Membre 119
     
    essai celui ci :

    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    0
  • 1
  • 2