Sujet Précédent Sujet Suivant

Publicites intempestives

Résolu/Fermé
lulugar34 Messages postés 31 Date d'inscription dimanche 9 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008 - 9 nov. 2008 à 16:24
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 14 nov. 2008 à 21:18
Bonjour,à tous g depuis qq jours des pub qui apparaissent tres souvent qd je navigue sur internet g telecharge spybot et ad aware g fais une analyse ça pourai venir d internet game box g supprime le fichier mais g toujours autant e pub !
aidez moi svp ! utilisez des mots simples car je ne suis pas tres douee merci (je suis sur vista)
A voir également:

47 réponses

Réponse 1 / 47
Utilisateur anonyme
9 nov. 2008 à 16:26
Salut,

télécharge hijackthis
-> enregistre la cible sous .... "le bureau"

-> Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

-> Clique sur Install ensuite sur "I Accept"

-> Clique sur" Do a scan system and save log file"

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

->Tuto hijackthis
0
Réponse 2 / 47
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
9 nov. 2008 à 16:27
Bonjour et bienvenue sur CCM

Ja vais te guider pour la désinfection de ton PC

Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
* Double-clique sur RSIT.exe afin de lancer RSIT.
* Clique sur Continue à l'écran Disclaimer.
* Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

--> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés C:\rsit
0
Réponse 3 / 47
Utilisateur anonyme
9 nov. 2008 à 16:34
Re,

Bon laisse finir EP44.

Bon courage.

@+
0
Réponse 4 / 47
lulugar34 Messages postés 31 Date d'inscription dimanche 9 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
9 nov. 2008 à 16:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:55, on 09/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\vVX1000.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\luce\AppData\Local\befcdf.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Users\luce\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Users\luce\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\WerCon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DT Task] "C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{1DE3C184-CBFC-4606-A1EB-F79F44D022DF}
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [befcdf] "c:\users\luce\appdata\local\befcdf.exe" befcdf
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\luce\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\luce\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.leaderphoto.com/uploaders/aurigma_4_7_16/ImageUploader4.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 47
lulugar34 Messages postés 31 Date d'inscription dimanche 9 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
9 nov. 2008 à 16:38
merci pour ta reponse si rapide j espere que je ne me suis pas trompee
0
Réponse 6 / 47
lulugar34 Messages postés 31 Date d'inscription dimanche 9 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
9 nov. 2008 à 16:43
Logfile of random's system information tool 1.04 (written by random/random)
Run by luce at 2008-11-09 16:40:28
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 160 GB (69%) free of 230 GB
Total RAM: 1014 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:40:32, on 09/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\vVX1000.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\luce\AppData\Local\befcdf.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Users\luce\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Users\luce\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\WerCon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\luce\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\luce.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DT Task] "C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{1DE3C184-CBFC-4606-A1EB-F79F44D022DF}
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [befcdf] "c:\users\luce\appdata\local\befcdf.exe" befcdf
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\luce\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\luce\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.leaderphoto.com/uploaders/aurigma_4_7_16/ImageUploader4.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
0
Réponse 7 / 47
lulugar34 Messages postés 31 Date d'inscription dimanche 9 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
9 nov. 2008 à 16:44
info.txt logfile of random's system information tool 1.04 2008-11-09 16:40:39

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Alice ADSL - Installation principale-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE5D7CE8-27E7-4452-AF33-F38F074BBD08}\setup.exe" -l0x40c -eth -pri
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Dealio Toolbar 3.4-->MsiExec.exe /X{6105648C-0C3C-481D-8C11-1F4952D6FB53}
Droppix Recorder 2-->"C:\Program Files\Droppix\Droppix Recorder 2\unins001.exe"
EasyBits Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Favorit-->c:\users\luce\appdata\local\befcdf.bat
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 8.0-->C:\Program Files\HP\Digital Imaging\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}\setup\hpzscr01.exe -datfile hposcr12.dat
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP My Display-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84288B51-B162-47FB-A74E-25C6D67E44BB}\setup.exe" -l0x40c -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP PhotoBack Plug-in-->MsiExec.exe /X{E13A66A4-8A37-451E-B4C5-E60BA0A777E3}
HP Photosmart Essential 3.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LightScribe System Software 1.12.29.2-->MsiExec.exe /X{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}
LimeWire 4.18.3-->"C:\Users\luce\Desktop\shared\LimeWire\uninstall.exe"
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft LifeCam-->MsiExec.exe /X{968D41C3-25BB-4632-A6DF-2E1C8F0143A4}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}\setup.exe -runfromtemp -l0x040c -removeonly
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 Antivirus System-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1-->"C:\Program Files\Eset\unins000.exe"
oggcodecs-->MsiExec.exe /I{D65F0073-A820-4085-B997-A061171595A7}
OpenOffice.org 2.3-->MsiExec.exe /I{B087B0C3-F595-485A-B86B-73326BA8693A}
Outils de diagnostic du matériel-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PDFCreator Toolbar-->"C:\Windows\PDFCreator_Toolbar_Uninstaller_4249.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Solution de clavier multimédia amélioré-->C:\HP\KBD\Install.exe /u
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}

======Security center information======

AV: ESET NOD32 antivirus system 2.70
AS: Avira AntiVir PersonalEdition
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Services en ligne

-----------------EOF-----------------
0
Réponse 8 / 47
lulugar34 Messages postés 31 Date d'inscription dimanche 9 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
9 nov. 2008 à 16:46
voila c fait ep44 j espere pas d erreur de ma part
0
Réponse 9 / 47
lulugar34 Messages postés 31 Date d'inscription dimanche 9 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
9 nov. 2008 à 16:50
ep 44 faut il que je fasse d autre manipulation ?
0
Réponse 10 / 47
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
9 nov. 2008 à 17:17
Oui en effet il va y avoir surement plusieurs manipulation car ton PC est bien infecté

Pour la suite


Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre</gras.

Ensuite


Télécharge <gras>combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Déconnecte toi d'internet et ferme toutes tes applications.

* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,

* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.

* Si la console de récupération n'est pas installer il va te proposer de l'installer fait le et laisse toi guider 

* /!\ Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!\

* Attends que Combofix ait terminé, un rapport sera créé.

* réactive ton parefeu, ton antivirus, la garde de ton antispyware

* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt

* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.


@+
0
Réponse 11 / 47
lulugar34
9 nov. 2008 à 18:03
ComboFix 08-11-07.01 - luce 2008-11-09 17:48:19.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.350 [GMT 1:00]
Lancé depuis: c:\users\luce\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\internetgamebox
c:\program files\internetgamebox\InternetGameBox.exe
c:\program files\internetgamebox\language
c:\program files\internetgamebox\ressources\AttenteOff.html
c:\program files\internetgamebox\ressources\AttenteOn.html
c:\program files\internetgamebox\ressources\configv2_en.xml
c:\program files\internetgamebox\ressources\configv2_es.xml
c:\program files\internetgamebox\ressources\configv2_fr.xml
c:\program files\internetgamebox\ressources\favoris\defaultv2.swf
c:\program files\internetgamebox\skins\skinv2.skn
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Désinstaller.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.url
c:\users\luce\AppData\Local\befcdf.dat
c:\users\luce\AppData\Local\befcdf.exe
c:\users\luce\AppData\Local\befcdf_nav.dat
c:\users\luce\AppData\Local\befcdf_navps.dat
c:\windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-09 au 2008-11-09 ))))))))))))))))))))))))))))))))))))
.

2008-11-09 16:40 . 2008-11-09 16:40 <REP> d-------- C:\rsit
2008-11-09 16:30 . 2008-11-09 16:30 <REP> d-------- c:\program files\Trend Micro
2008-11-09 08:00 . 2008-11-09 12:47 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-11-09 08:00 . 2008-11-09 12:47 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2008-11-09 08:00 . 2008-11-09 08:00 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-08 18:04 . 2008-11-08 18:05 <REP> d-------- c:\users\All Users\Lavasoft
2008-11-08 18:04 . 2008-11-08 18:05 <REP> d-------- c:\programdata\Lavasoft
2008-11-08 18:04 . 2008-11-08 18:04 <REP> d-------- c:\program files\Lavasoft
2008-11-08 18:03 . 2008-11-08 18:03 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-03 12:19 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-03 12:19 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-03 12:19 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-03 12:19 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-03 12:19 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 08:42 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 08:42 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 08:42 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-16 11:42 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-16 11:42 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-16 11:42 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-16 11:42 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-16 11:42 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-16 11:41 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 11:51 --------- d-----w c:\users\luce\AppData\Roaming\OpenOffice.org2
2008-11-09 11:44 --------- d-----w c:\program files\Everest Poker
2008-11-01 14:02 --------- d-----w c:\users\luce\AppData\Roaming\LimeWire
2008-10-17 06:12 --------- d-----w c:\program files\Windows Mail
2008-10-17 06:04 --------- d-----w c:\programdata\Microsoft Help
2008-10-06 14:30 --------- d-----w c:\program files\oovooToolbar
2008-10-06 14:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-06 14:16 --------- d-----w c:\users\luce\AppData\Roaming\ooVoo Details
2008-10-02 13:53 --------- d-----w c:\program files\Microsoft LifeCam
2008-09-30 20:10 --------- d-----w c:\program files\Intel
2008-09-30 20:02 --------- d-----w c:\users\luce\AppData\Roaming\Image Zone Express
2008-09-19 13:33 --------- d-----w c:\programdata\Sony Ericsson
2008-09-19 13:33 --------- d-----w c:\program files\Sony Ericsson
2008-09-19 13:31 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-17 20:30 174 --sha-w c:\program files\desktop.ini
2008-09-17 20:22 --------- d-----w c:\program files\Windows Sidebar
2008-09-17 20:22 --------- d-----w c:\program files\Windows Photo Gallery
2008-09-17 20:22 --------- d-----w c:\program files\Windows Journal
2008-09-17 20:22 --------- d-----w c:\program files\Windows Defender
2008-09-17 20:22 --------- d-----w c:\program files\Windows Collaboration
2008-09-17 20:22 --------- d-----w c:\program files\Windows Calendar
2008-09-17 19:45 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-17 19:45 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-17 19:13 --------- d-----w c:\program files\Windows Live
2008-09-17 19:11 --------- d-----w c:\program files\MSN Messenger
2008-09-17 19:03 --------- d-----w c:\programdata\WLInstaller
2008-09-16 15:34 --------- d-----w c:\users\luce\AppData\Roaming\InstallShield
2008-09-10 07:23 --------- d-----w c:\program files\Microsoft Works
2008-04-20 11:15 63,488 ----a-w c:\users\luce\xobglu16.dll
2008-04-20 11:15 23,552 ----a-w c:\users\luce\xobglu32.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2008-01-19 12800]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"DT Task"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2006-11-03 264704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-08 949376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\users\luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
Outil de notification Live Search.lnk - c:\users\luce\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-05 143360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-07-22 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2008-01-21 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72DD83E0-4D27-41C9-A1EC-8C3D7F5D31B7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C9414CF8-1FA5-4313-B40A-7E591E7A8E55}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{233B72E7-E510-4821-A2B6-1AC6438FE0F0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B42FC54E-0F3C-40D8-8AE2-E8A941C39090}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E5F61583-2E84-449A-BCDB-919E06871F8B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EBCFE79C-3412-47AA-9A04-C412B6C9FD7F}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D04FD3A4-E378-44FD-B615-6B055485B243}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{98FD8090-C19B-42A7-856B-1CE5FEB19594}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{32718E1D-44C9-4A5F-B99D-6B992ACB1DD3}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{A37C43B9-D2CE-4F3D-AE1D-7378F8A7C2BD}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BFD0D5ED-F2E4-43A6-97FA-8DC9DE5B2ECC}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{56BBC8CD-4B1E-4574-A9AC-F49BDF84E296}"= UDP:c:\program files\ESET\nod32.exe:NOD32
"{222D3508-6C52-4CB8-9BE3-EF3CA4894795}"= TCP:c:\program files\ESET\nod32.exe:NOD32
"{EDE5818E-C8A8-4BFE-A9C4-BB6F8F12EF9A}"= UDP:c:\program files\ESET\nod32kui.exe:NOD32 Control Center
"{03924C09-61BF-4D3A-8129-0B412D001D53}"= TCP:c:\program files\ESET\nod32kui.exe:NOD32 Control Center
"{15168C84-89D5-48C1-91FD-AA2E076435E6}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1EB64B6E-F27C-4AC9-A069-8BCDB0BD11AB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D3049732-9624-4D78-9C2B-A5F5C2F179C4}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F226C08C-85B5-477A-A13E-EBFC4C1329A4}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{74B60682-BA3B-4E29-A830-1C8EED7130AC}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{1BA01925-33DD-4424-BF7C-3F65FF8C6997}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{2057978E-A4F2-4D69-99B9-9085E35D30C4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7B09D2A3-AF90-4412-BC21-B54A01B42B1B}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{50DC97D4-CC35-47CA-998E-3BED103B81E2}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{E2496D18-7672-4763-8F8A-9A93C1023215}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{0324D3EF-E29C-43E4-AA7E-DF93B022596F}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{554F64D2-44EB-4372-99BD-EF90A14A9C0C}c:\\program files\\oovoo\\oovoo.exe"= UDP:c:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{8238661E-6ED4-4E2C-AB86-44D56A05EECA}c:\\program files\\oovoo\\oovoo.exe"= TCP:c:\program files\oovoo\oovoo.exe:ooVoo
"{B874F3F6-0D39-4F6D-8D8D-E5DCA644301F}"= Disabled:UDP:443:TCP port 443 ooVoo
"{DCF0307F-1CDC-4798-86F7-A560C0AE8982}"= Disabled:TCP:443:UDP port 443 ooVoo
"{5CC3ABA6-0733-4E75-A07B-C3FE998FFC7E}"= Disabled:UDP:37674:TCP port 37674 ooVoo
"{171052F1-420C-4E75-A4E8-66D68D7CA419}"= Disabled:TCP:37674:UDP port 37674 ooVoo
"{1B6D856D-80CB-4EBC-AACC-AAB6C6F65E9E}"= Disabled:TCP:37675:UDP port 37675 ooVoo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;c:\windows\system32\ezNTSvc.exe [2008-01-21 33792]
R2 MSCamSvc;MSCamSvc;c:\program files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
R3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [2008-02-01 151552]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s916obex.sys [2007-11-02 100008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb5cc877-6841-11dd-81e2-001bfc23b411}]
\shell\AutoRun\command - J:\memorybar.exe

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-11-03 c:\windows\Tasks\Norton Internet Security - Analyse système complète - luce.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-11-08 c:\windows\Tasks\User_Feed_Synchronization-{1DE3C184-CBFC-4606-A1EB-F79F44D022DF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]

2008-01-20 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
HKCU-Run-befcdf - c:\users\luce\appdata\local\befcdf.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\luce\AppData\Roaming\Mozilla\Firefox\Profiles\xhizm8qh.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/intl/fr/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 17:53:24
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-09 17:55:04
ComboFix-quarantined-files.txt 2008-11-09 16:55:00

Avant-CF: 168 462 327 808 octets libres
Après-CF: 168,484,327,424 octets libres

236 --- E O F --- 2008-11-08 10:12:36
0
Réponse 12 / 47
lulugar34
9 nov. 2008 à 18:06
voila ep44 j espere que g envoye le bon rapport merci de ta patience
0
Réponse 13 / 47
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
9 nov. 2008 à 18:50
selectionne ceci 

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings]       

File::
c:\program files\Everest Poker

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt 


Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

@+
0
Réponse 14 / 47
lulugar34 Messages postés 31 Date d'inscription dimanche 9 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
10 nov. 2008 à 08:22
ComboFix 08-11-07.01 - luce 2008-11-10 8:13:15.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.309 [GMT 1:00]
Lancé depuis: c:\users\luce\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\luce\Desktop\CFScript.lnk
* Un nouveau point de restauration a été créé
* Resident AV is active

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-10 au 2008-11-10 ))))))))))))))))))))))))))))))))))))
.

2008-11-09 16:40 . 2008-11-09 16:40 <REP> d-------- C:\rsit
2008-11-09 16:30 . 2008-11-09 16:30 <REP> d-------- c:\program files\Trend Micro
2008-11-09 08:00 . 2008-11-09 12:47 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-11-09 08:00 . 2008-11-09 12:47 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2008-11-09 08:00 . 2008-11-09 08:00 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-08 18:04 . 2008-11-08 18:05 <REP> d-------- c:\users\All Users\Lavasoft
2008-11-08 18:04 . 2008-11-08 18:05 <REP> d-------- c:\programdata\Lavasoft
2008-11-08 18:04 . 2008-11-08 18:04 <REP> d-------- c:\program files\Lavasoft
2008-11-08 18:03 . 2008-11-08 18:03 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-03 12:19 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-03 12:19 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-03 12:19 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-03 12:19 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-03 12:19 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 08:42 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 08:42 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 08:42 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-16 11:42 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-16 11:42 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-16 11:42 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-16 11:42 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-16 11:42 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-16 11:41 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 06:52 --------- d-----w c:\users\luce\AppData\Roaming\OpenOffice.org2
2008-11-09 11:44 --------- d-----w c:\program files\Everest Poker
2008-11-01 14:02 --------- d-----w c:\users\luce\AppData\Roaming\LimeWire
2008-10-17 06:12 --------- d-----w c:\program files\Windows Mail
2008-10-17 06:04 --------- d-----w c:\programdata\Microsoft Help
2008-10-06 14:30 --------- d-----w c:\program files\oovooToolbar
2008-10-06 14:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-06 14:16 --------- d-----w c:\users\luce\AppData\Roaming\ooVoo Details
2008-10-02 13:53 --------- d-----w c:\program files\Microsoft LifeCam
2008-09-30 20:10 --------- d-----w c:\program files\Intel
2008-09-30 20:02 --------- d-----w c:\users\luce\AppData\Roaming\Image Zone Express
2008-09-19 13:33 --------- d-----w c:\programdata\Sony Ericsson
2008-09-19 13:33 --------- d-----w c:\program files\Sony Ericsson
2008-09-19 13:31 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-17 20:30 174 --sha-w c:\program files\desktop.ini
2008-09-17 20:22 --------- d-----w c:\program files\Windows Sidebar
2008-09-17 20:22 --------- d-----w c:\program files\Windows Photo Gallery
2008-09-17 20:22 --------- d-----w c:\program files\Windows Journal
2008-09-17 20:22 --------- d-----w c:\program files\Windows Defender
2008-09-17 20:22 --------- d-----w c:\program files\Windows Collaboration
2008-09-17 20:22 --------- d-----w c:\program files\Windows Calendar
2008-09-17 19:45 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-17 19:45 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-17 19:13 --------- d-----w c:\program files\Windows Live
2008-09-17 19:11 --------- d-----w c:\program files\MSN Messenger
2008-09-17 19:03 --------- d-----w c:\programdata\WLInstaller
2008-09-16 15:34 --------- d-----w c:\users\luce\AppData\Roaming\InstallShield
2008-09-10 07:23 --------- d-----w c:\program files\Microsoft Works
2008-04-20 11:15 63,488 ----a-w c:\users\luce\xobglu16.dll
2008-04-20 11:15 23,552 ----a-w c:\users\luce\xobglu32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-09_17.54.02,43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-09 11:50:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-10 06:51:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-09 11:50:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-10 06:51:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-09 11:52:00 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-10 06:52:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-10 06:52:36 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-09 11:51:55 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-10 06:52:31 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-10 06:52:31 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-04 10:40:43 101,052 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-09 17:27:21 101,052 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-04 10:40:43 123,350 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-11-09 17:27:21 123,350 ----a-w c:\windows\System32\perfc00C.dat
- 2008-11-04 10:40:43 586,980 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-09 17:27:21 586,980 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-04 10:40:43 669,328 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-11-09 17:27:21 669,328 ----a-w c:\windows\System32\perfh00C.dat
- 2008-11-09 11:52:24 11,192 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-239344008-4258272380-537787552-1000_UserData.bin
+ 2008-11-10 06:53:23 11,192 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-239344008-4258272380-537787552-1000_UserData.bin
- 2008-11-09 11:52:24 58,300 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-10 06:53:23 58,300 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-09 11:52:19 50,492 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-10 06:53:21 50,548 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-11-09 14:45:38 228,664 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-11-10 06:42:38 228,830 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2008-01-19 12800]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"DT Task"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2006-11-03 264704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-08 949376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\users\luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
Outil de notification Live Search.lnk - c:\users\luce\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-05 143360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-07-22 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2008-01-21 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72DD83E0-4D27-41C9-A1EC-8C3D7F5D31B7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C9414CF8-1FA5-4313-B40A-7E591E7A8E55}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{233B72E7-E510-4821-A2B6-1AC6438FE0F0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B42FC54E-0F3C-40D8-8AE2-E8A941C39090}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E5F61583-2E84-449A-BCDB-919E06871F8B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EBCFE79C-3412-47AA-9A04-C412B6C9FD7F}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D04FD3A4-E378-44FD-B615-6B055485B243}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{98FD8090-C19B-42A7-856B-1CE5FEB19594}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{32718E1D-44C9-4A5F-B99D-6B992ACB1DD3}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{A37C43B9-D2CE-4F3D-AE1D-7378F8A7C2BD}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BFD0D5ED-F2E4-43A6-97FA-8DC9DE5B2ECC}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{56BBC8CD-4B1E-4574-A9AC-F49BDF84E296}"= UDP:c:\program files\ESET\nod32.exe:NOD32
"{222D3508-6C52-4CB8-9BE3-EF3CA4894795}"= TCP:c:\program files\ESET\nod32.exe:NOD32
"{EDE5818E-C8A8-4BFE-A9C4-BB6F8F12EF9A}"= UDP:c:\program files\ESET\nod32kui.exe:NOD32 Control Center
"{03924C09-61BF-4D3A-8129-0B412D001D53}"= TCP:c:\program files\ESET\nod32kui.exe:NOD32 Control Center
"{15168C84-89D5-48C1-91FD-AA2E076435E6}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1EB64B6E-F27C-4AC9-A069-8BCDB0BD11AB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D3049732-9624-4D78-9C2B-A5F5C2F179C4}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F226C08C-85B5-477A-A13E-EBFC4C1329A4}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{74B60682-BA3B-4E29-A830-1C8EED7130AC}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{1BA01925-33DD-4424-BF7C-3F65FF8C6997}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{2057978E-A4F2-4D69-99B9-9085E35D30C4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7B09D2A3-AF90-4412-BC21-B54A01B42B1B}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{50DC97D4-CC35-47CA-998E-3BED103B81E2}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{E2496D18-7672-4763-8F8A-9A93C1023215}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{0324D3EF-E29C-43E4-AA7E-DF93B022596F}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{554F64D2-44EB-4372-99BD-EF90A14A9C0C}c:\\program files\\oovoo\\oovoo.exe"= UDP:c:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{8238661E-6ED4-4E2C-AB86-44D56A05EECA}c:\\program files\\oovoo\\oovoo.exe"= TCP:c:\program files\oovoo\oovoo.exe:ooVoo
"{B874F3F6-0D39-4F6D-8D8D-E5DCA644301F}"= Disabled:UDP:443:TCP port 443 ooVoo
"{DCF0307F-1CDC-4798-86F7-A560C0AE8982}"= Disabled:TCP:443:UDP port 443 ooVoo
"{5CC3ABA6-0733-4E75-A07B-C3FE998FFC7E}"= Disabled:UDP:37674:TCP port 37674 ooVoo
"{171052F1-420C-4E75-A4E8-66D68D7CA419}"= Disabled:TCP:37674:UDP port 37674 ooVoo
"{1B6D856D-80CB-4EBC-AACC-AAB6C6F65E9E}"= Disabled:TCP:37675:UDP port 37675 ooVoo

R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;c:\windows\system32\ezNTSvc.exe [2008-01-21 33792]
R2 MSCamSvc;MSCamSvc;c:\program files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
R3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [2008-02-01 151552]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s916obex.sys [2007-11-02 100008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb5cc877-6841-11dd-81e2-001bfc23b411}]
\shell\AutoRun\command - J:\memorybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-11-03 c:\windows\Tasks\Norton Internet Security - Analyse système complète - luce.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-11-10 c:\windows\Tasks\User_Feed_Synchronization-{1DE3C184-CBFC-4606-A1EB-F79F44D022DF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]

2008-01-20 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 08:17:37
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-10 8:19:47
ComboFix-quarantined-files.txt 2008-11-10 07:19:41
ComboFix2.txt 2008-11-09 16:55:05

Avant-CF: 167 794 188 288 octets libres
Après-CF: 167,765,970,944 octets libres

229 --- E O F --- 2008-11-08 10:12:36
0
Réponse 15 / 47
lulugar34 Messages postés 31 Date d'inscription dimanche 9 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
10 nov. 2008 à 08:24
salut ep44 voila le rapport demandé je suis désolée pour le retard je n avais pas vu ton message
0
Réponse 16 / 47
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
10 nov. 2008 à 08:44
Bonjour

Décidément Hier au soir j'étais vraiment fatiguer j'ai tout fait à l'envers :(

recommence la manip stp

mais avec ceci

selectionne ceci 

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"SearchSettings"=-


Folder::
c:\program files\Everest Poker


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


Ensuite

Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69


Ensuite


* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68


=> Installe le
=> Ensuite va en mode sans echec


Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel


=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport


@+

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.
0
Réponse 17 / 47
lulugar34 Messages postés 31 Date d'inscription dimanche 9 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
10 nov. 2008 à 09:01
ComboFix 08-11-07.01 - luce 2008-11-10 8:54:32.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.267 [GMT 1:00]
Lancé depuis: c:\users\luce\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\luce\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Everest Poker
c:\program files\Everest Poker\data\fonts\kgp-en.ttf
c:\program files\Everest Poker\data\mp-lobby\fr.gvt
c:\program files\Everest Poker\data\mp-lobby\shared.gvt
c:\program files\Everest Poker\data\mp-poker\background\default.gvt
c:\program files\Everest Poker\data\mp-poker\fr\bitmaps.gvt
c:\program files\Everest Poker\data\mp-poker\fr\mp-poker_strings.txt
c:\program files\Everest Poker\data\mp-poker\fr\mp-poker_tutorial.txt
c:\program files\Everest Poker\data\mp-poker\shared.gvt
c:\program files\Everest Poker\data\shared\fr\country.txt
c:\program files\Everest Poker\data\shared\fr\language.txt
c:\program files\Everest Poker\data\shared\fr\ordinal.txt
c:\program files\Everest Poker\data\shared\shared\bitmaps\check.art
c:\program files\Everest Poker\data\startup\en\startup_strings.txt
c:\program files\Everest Poker\data\startup\fr\cstart.txt
c:\program files\Everest Poker\data\startup\fr\startup_strings.txt
c:\program files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art
c:\program files\Everest Poker\history\4.txt
c:\program files\Everest Poker\history\5.txt
c:\program files\Everest Poker\history\7.txt
c:\program files\Everest Poker\history\8.txt

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-10 au 2008-11-10 ))))))))))))))))))))))))))))))))))))
.

2008-11-09 16:40 . 2008-11-09 16:40 <REP> d-------- C:\rsit
2008-11-09 16:30 . 2008-11-09 16:30 <REP> d-------- c:\program files\Trend Micro
2008-11-09 08:00 . 2008-11-09 12:47 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-11-09 08:00 . 2008-11-09 12:47 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2008-11-09 08:00 . 2008-11-09 08:00 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-08 18:04 . 2008-11-08 18:05 <REP> d-------- c:\users\All Users\Lavasoft
2008-11-08 18:04 . 2008-11-08 18:05 <REP> d-------- c:\programdata\Lavasoft
2008-11-08 18:04 . 2008-11-08 18:04 <REP> d-------- c:\program files\Lavasoft
2008-11-08 18:03 . 2008-11-08 18:03 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-03 12:19 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-03 12:19 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-03 12:19 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-03 12:19 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-03 12:19 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 08:42 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 08:42 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 08:42 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-16 11:42 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-16 11:42 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-16 11:42 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-16 11:42 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-16 11:42 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-16 11:41 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 06:52 --------- d-----w c:\users\luce\AppData\Roaming\OpenOffice.org2
2008-11-01 14:02 --------- d-----w c:\users\luce\AppData\Roaming\LimeWire
2008-10-17 06:12 --------- d-----w c:\program files\Windows Mail
2008-10-17 06:04 --------- d-----w c:\programdata\Microsoft Help
2008-10-06 14:30 --------- d-----w c:\program files\oovooToolbar
2008-10-06 14:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-06 14:16 --------- d-----w c:\users\luce\AppData\Roaming\ooVoo Details
2008-10-02 13:53 --------- d-----w c:\program files\Microsoft LifeCam
2008-09-30 20:10 --------- d-----w c:\program files\Intel
2008-09-30 20:02 --------- d-----w c:\users\luce\AppData\Roaming\Image Zone Express
2008-09-19 13:33 --------- d-----w c:\programdata\Sony Ericsson
2008-09-19 13:33 --------- d-----w c:\program files\Sony Ericsson
2008-09-19 13:31 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-17 20:30 174 --sha-w c:\program files\desktop.ini
2008-09-17 20:22 --------- d-----w c:\program files\Windows Sidebar
2008-09-17 20:22 --------- d-----w c:\program files\Windows Photo Gallery
2008-09-17 20:22 --------- d-----w c:\program files\Windows Journal
2008-09-17 20:22 --------- d-----w c:\program files\Windows Defender
2008-09-17 20:22 --------- d-----w c:\program files\Windows Collaboration
2008-09-17 20:22 --------- d-----w c:\program files\Windows Calendar
2008-09-17 19:45 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-17 19:45 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-17 19:13 --------- d-----w c:\program files\Windows Live
2008-09-17 19:11 --------- d-----w c:\program files\MSN Messenger
2008-09-17 19:03 --------- d-----w c:\programdata\WLInstaller
2008-09-16 15:34 --------- d-----w c:\users\luce\AppData\Roaming\InstallShield
2008-09-10 07:23 --------- d-----w c:\program files\Microsoft Works
2008-04-20 11:15 63,488 ----a-w c:\users\luce\xobglu16.dll
2008-04-20 11:15 23,552 ----a-w c:\users\luce\xobglu32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-09_17.54.02,43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-09 11:50:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-10 06:51:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-09 11:50:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-10 06:51:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-09 11:52:00 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-10 06:52:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-10 06:52:36 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-09 11:51:55 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-10 06:52:31 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-10 06:52:31 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-04 10:40:43 101,052 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-09 17:27:21 101,052 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-04 10:40:43 123,350 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-11-09 17:27:21 123,350 ----a-w c:\windows\System32\perfc00C.dat
- 2008-11-04 10:40:43 586,980 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-09 17:27:21 586,980 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-04 10:40:43 669,328 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-11-09 17:27:21 669,328 ----a-w c:\windows\System32\perfh00C.dat
- 2008-11-09 11:52:24 11,192 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-239344008-4258272380-537787552-1000_UserData.bin
+ 2008-11-10 06:53:23 11,192 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-239344008-4258272380-537787552-1000_UserData.bin
- 2008-11-09 11:52:24 58,300 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-10 06:53:23 58,300 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-09 11:52:19 50,492 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-10 06:53:21 50,548 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-11-09 14:45:38 228,664 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-11-10 06:42:38 228,830 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2008-01-19 12800]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"DT Task"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2006-11-03 264704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-08 949376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\users\luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
Outil de notification Live Search.lnk - c:\users\luce\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-05 143360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-07-22 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2008-01-21 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72DD83E0-4D27-41C9-A1EC-8C3D7F5D31B7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C9414CF8-1FA5-4313-B40A-7E591E7A8E55}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{233B72E7-E510-4821-A2B6-1AC6438FE0F0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B42FC54E-0F3C-40D8-8AE2-E8A941C39090}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E5F61583-2E84-449A-BCDB-919E06871F8B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EBCFE79C-3412-47AA-9A04-C412B6C9FD7F}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D04FD3A4-E378-44FD-B615-6B055485B243}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{98FD8090-C19B-42A7-856B-1CE5FEB19594}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{32718E1D-44C9-4A5F-B99D-6B992ACB1DD3}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{A37C43B9-D2CE-4F3D-AE1D-7378F8A7C2BD}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BFD0D5ED-F2E4-43A6-97FA-8DC9DE5B2ECC}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{56BBC8CD-4B1E-4574-A9AC-F49BDF84E296}"= UDP:c:\program files\ESET\nod32.exe:NOD32
"{222D3508-6C52-4CB8-9BE3-EF3CA4894795}"= TCP:c:\program files\ESET\nod32.exe:NOD32
"{EDE5818E-C8A8-4BFE-A9C4-BB6F8F12EF9A}"= UDP:c:\program files\ESET\nod32kui.exe:NOD32 Control Center
"{03924C09-61BF-4D3A-8129-0B412D001D53}"= TCP:c:\program files\ESET\nod32kui.exe:NOD32 Control Center
"{15168C84-89D5-48C1-91FD-AA2E076435E6}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1EB64B6E-F27C-4AC9-A069-8BCDB0BD11AB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D3049732-9624-4D78-9C2B-A5F5C2F179C4}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F226C08C-85B5-477A-A13E-EBFC4C1329A4}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{74B60682-BA3B-4E29-A830-1C8EED7130AC}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{1BA01925-33DD-4424-BF7C-3F65FF8C6997}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{2057978E-A4F2-4D69-99B9-9085E35D30C4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7B09D2A3-AF90-4412-BC21-B54A01B42B1B}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{50DC97D4-CC35-47CA-998E-3BED103B81E2}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{E2496D18-7672-4763-8F8A-9A93C1023215}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{0324D3EF-E29C-43E4-AA7E-DF93B022596F}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{554F64D2-44EB-4372-99BD-EF90A14A9C0C}c:\\program files\\oovoo\\oovoo.exe"= UDP:c:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{8238661E-6ED4-4E2C-AB86-44D56A05EECA}c:\\program files\\oovoo\\oovoo.exe"= TCP:c:\program files\oovoo\oovoo.exe:ooVoo
"{B874F3F6-0D39-4F6D-8D8D-E5DCA644301F}"= Disabled:UDP:443:TCP port 443 ooVoo
"{DCF0307F-1CDC-4798-86F7-A560C0AE8982}"= Disabled:TCP:443:UDP port 443 ooVoo
"{5CC3ABA6-0733-4E75-A07B-C3FE998FFC7E}"= Disabled:UDP:37674:TCP port 37674 ooVoo
"{171052F1-420C-4E75-A4E8-66D68D7CA419}"= Disabled:TCP:37674:UDP port 37674 ooVoo
"{1B6D856D-80CB-4EBC-AACC-AAB6C6F65E9E}"= Disabled:TCP:37675:UDP port 37675 ooVoo

R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;c:\windows\system32\ezNTSvc.exe [2008-01-21 33792]
R2 MSCamSvc;MSCamSvc;c:\program files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
R3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [2008-02-01 151552]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s916obex.sys [2007-11-02 100008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb5cc877-6841-11dd-81e2-001bfc23b411}]
\shell\AutoRun\command - J:\memorybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-11-03 c:\windows\Tasks\Norton Internet Security - Analyse système complète - luce.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-11-10 c:\windows\Tasks\User_Feed_Synchronization-{1DE3C184-CBFC-4606-A1EB-F79F44D022DF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]

2008-01-20 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 08:57:52
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-10 8:59:18
ComboFix-quarantined-files.txt 2008-11-10 07:59:14
ComboFix2.txt 2008-11-10 07:19:48
ComboFix3.txt 2008-11-09 16:55:05

Avant-CF: 169 033 318 400 octets libres
Après-CF: 169,002,389,504 octets libres

253 --- E O F --- 2008-11-08 10:12:36
0
Réponse 18 / 47
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
10 nov. 2008 à 09:07
Fait Démarrer > Exécuter et suit ce chemin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Run\SearchSettings
et supprime ce SearchSettings

ensuite


Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69


Ensuite


* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68


=> Installe le
=> Ensuite va en mode sans echec


Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel


=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport

0
Réponse 19 / 47
luluga34
10 nov. 2008 à 10:12
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1379
Windows 6.0.6001 Service Pack 1

10/11/2008 10:01:11
mbam-log-2008-11-10 (10-01-11).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 149626
Temps écoulé: 24 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 20 / 47
lulugar34 Messages postés 31 Date d'inscription dimanche 9 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
10 nov. 2008 à 10:25
voila j ai ete longue mais je crois que j ai reussi.g travaillée toute la nuit donc je fais une pause je reviendrai dans l apres midi merci encore pour ton aide. juste un détail depuis toutes c manipulations qd je veux ouvrir hotmail voila ce qui s affiche : alerte sécurité : la connexion que vous allez utiliser n'est pas sécurisée d'autres utilisateurs du web pourront accéder aux informations que vous envoyez voulez vous continuer? que dois je faire pour sécuriser a nouveau hotmail? a tout a l heure
0

Discussions similaires

Message "Un bloqueur de publicité empêche la lecture..."
pistouri -
pistouri -

0 réponse
Impossible de créer un compte Facebook Business Manager
Lely -
Malkii -

35 réponses
Publicité s'ouvre toute seule ! ?
RRD91 -
Vinz -

52 réponses
Pub intempestive sur smartphone Android.
Camitte -
Yoyo -

31 réponses
Dailymotion sans désactiver l'Adblocker, possible ?
Vitamine -
HelpiOS -

5 réponses