Sujet Précédent Sujet Suivant

Site web qui s ouvre tt seul

Résolu
hanan -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
aidez moi svp pour arreter cette pluie de site pub qui s ouvrent sans arret une apres l autre et sa rend le pc trééééééééé lourd je vous remercie.
hanan
A voir également:

31 réponses

Précédent
  • 1
  • 2
Réponse 21 / 31
HANAN
 
VOILA LE RAPPORT ET MERCI
BEAUCOUPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP

ComboFix 08-11-23.01 - HANAN 2008-11-24 13:58:00.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.883 [GMT 1:00]
Lancé depuis: C:\Users\HANAN\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ppcbooster
C:\Program Files\ppcbooster\ppcb_32.exe
C:\Program Files\ppcbooster\ppcbu_32.exe
C:\Users\CHRISTOPHE\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp2D3C.tmp
C:\Users\CHRISTOPHE\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp33D1.tmp
C:\Users\HANAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppcb_32.lnk

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-24 au 2008-11-24 ))))))))))))))))))))))))))))))))))))
.

2008-11-24 11:12 . 2008-11-24 11:12 <REP> d-------- C:\Program Files\Panda Security
2008-11-24 11:12 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-11-24 09:50 . 2008-11-24 09:50 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-11-24 09:50 . 2008-11-24 09:50 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-11-21 18:38 . 2008-11-21 18:38 <REP> d-------- C:\Users\CHRISTOPHE\AppData\Roaming\Malwarebytes
2008-11-21 14:53 . 2008-11-21 14:53 <REP> d-------- C:\rsit
2008-11-21 09:30 . 2007-01-04 10:15 9,336 --a------ C:\Windows\System32\WinIo.sys
2008-11-20 19:50 . 2008-11-20 19:52 <REP> d-------- C:\ToolBar SD
2008-11-20 16:09 . 2008-11-21 14:48 <REP> d-------- C:\Program Files\Navilog1
2008-11-20 15:48 . 2008-11-21 14:53 <REP> d-------- C:\Program Files\trend micro
2008-11-20 14:29 . 2008-10-16 22:13 1,809,944 --a------ C:\Windows\System32\wuaueng.dll
2008-11-20 14:29 . 2008-10-16 21:56 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-11-20 14:29 . 2008-10-16 22:09 51,224 --a------ C:\Windows\System32\wuauclt.exe
2008-11-20 14:29 . 2008-10-16 22:09 43,544 --a------ C:\Windows\System32\wups2.dll
2008-11-20 14:28 . 2008-10-16 22:12 561,688 --a------ C:\Windows\System32\wuapi.dll
2008-11-20 14:28 . 2008-10-16 14:08 162,064 --a------ C:\Windows\System32\wuwebv.dll
2008-11-20 14:28 . 2008-10-16 21:55 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-11-20 14:28 . 2008-10-16 22:08 34,328 --a------ C:\Windows\System32\wups.dll
2008-11-20 14:28 . 2008-10-16 13:56 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-11-18 14:59 . 2008-11-18 14:59 <REP> d-------- C:\Users\HANAN\AppData\Roaming\Malwarebytes
2008-11-18 14:59 . 2008-11-18 14:59 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-11-18 14:59 . 2008-11-18 14:59 <REP> d-------- C:\ProgramData\Malwarebytes
2008-11-18 14:59 . 2008-11-18 14:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-18 14:59 . 2008-10-22 16:10 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-11-18 14:59 . 2008-10-22 16:10 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-11-13 16:38 . 2008-11-13 16:38 <REP> d-------- C:\Users\HANAN\AppData\Roaming\Icone
2008-11-12 21:41 . 2008-09-05 06:14 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-11-12 21:41 . 2008-08-27 02:05 212,480 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-11-12 21:40 . 2008-09-10 04:40 1,334,272 --a------ C:\Windows\System32\msxml6.dll
2008-10-31 16:35 . 2008-11-21 15:46 <REP> d-a------ C:\Users\All Users\TEMP
2008-10-31 16:35 . 2008-11-21 15:46 <REP> d-a------ C:\ProgramData\TEMP
2008-10-31 16:35 . 2008-11-21 15:46 <REP> d-------- C:\Program Files\Spyware Doctor
2008-10-31 16:23 . 2008-10-31 16:23 <REP> d-------- C:\Users\HANAN\AppData\Roaming\.wyzo
2008-10-31 14:31 . 2008-11-18 16:23 <REP> d-------- C:\Program Files\PremierOpinion
2008-10-31 14:21 . 2008-10-31 14:21 <REP> d-------- C:\Users\CHRISTOPHE\AppData\Roaming\Wyzo
2008-10-31 14:21 . 2008-10-31 14:21 <REP> d-------- C:\Users\CHRISTOPHE\AppData\Roaming\.wyzo
2008-10-29 10:24 . 2008-08-12 04:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-29 10:24 . 2008-09-18 05:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-29 10:24 . 2008-09-18 05:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-27 11:49 . 2008-10-27 11:49 <REP> d-------- C:\Users\All Users\FLEXnet
2008-10-27 11:49 . 2008-10-27 11:49 <REP> d-------- C:\ProgramData\FLEXnet
2008-10-26 09:44 . 2008-10-26 09:54 <REP> d-------- C:\Users\CHRISTOPHE\AppData\Roaming\Autodesk
2008-10-26 09:42 . 2008-10-26 09:42 <REP> d-------- C:\Users\CHRISTOPHE\AppData\Roaming\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 12:20 --------- d-----w C:\Program Files\FusionSoft DVD Player XP
2008-11-24 09:05 --------- d-----w C:\Program Files\Windows Live
2008-11-24 09:02 --------- d-----w C:\ProgramData\WLInstaller
2008-11-24 07:57 27,335 ----a-w C:\Users\HANAN\AppData\Roaming\nvModes.dat
2008-11-21 14:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-11-21 14:53 --------- d-----w C:\Program Files\Google
2008-11-18 08:38 --------- d-----w C:\ProgramData\Microsoft Help
2008-11-13 23:08 --------- d-----w C:\Users\HANAN\AppData\Roaming\skypePM
2008-11-13 22:59 --------- d-----w C:\Users\HANAN\AppData\Roaming\Skype
2008-11-12 09:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-31 21:31 --------- d-----w C:\Users\CHRISTOPHE\AppData\Roaming\LimeWire
2008-10-28 10:48 --------- d-----w C:\Users\HANAN\AppData\Roaming\Autodesk
2008-10-28 10:48 --------- d-----w C:\ProgramData\Autodesk
2008-10-26 08:57 27,810 ----a-w C:\Users\CHRISTOPHE\AppData\Roaming\nvModes.dat
2008-10-23 13:31 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-10-23 13:20 --------- d-----w C:\Program Files\DivX
2008-10-23 00:41 --------- d-----w C:\Users\HANAN\AppData\Roaming\LimeWire
2008-10-21 15:02 70,599 ----a-w C:\Windows\pptb1948.exe
2008-10-21 13:30 --------- d-----w C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-21 13:30 --------- d-----w C:\Program Files\iTunes
2008-10-21 13:29 --------- d-----w C:\Program Files\iPod
2008-10-18 01:14 --------- d-----w C:\Program Files\Windows Mail
2008-10-12 20:38 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-10-12 19:06 --------- d-----w C:\Program Files\Java
2008-10-12 19:06 --------- d-----w C:\Program Files\Autodesk
2008-10-12 19:05 --------- d-----w C:\Program Files\Autodesk Network License Manager
2008-10-12 18:42 --------- d-----w C:\Program Files\AutoCAD 2008
2008-10-12 18:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-12 17:50 --------- d-----w C:\ProgramData\Symantec
2008-10-09 17:17 --------- d-----w C:\Program Files\Common Files\logishrd
2008-10-02 03:49 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-10-01 12:20 --------- d-----w C:\Users\HANAN\AppData\Roaming\mIRC
2008-10-01 11:01 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-09-30 15:43 1,286,152 ----a-w C:\Windows\System32\msxml4.dll
2008-09-29 16:50 --------- d-----w C:\Program Files\DORO
2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys
2008-09-12 21:12 118 ----a-w C:\Users\CHRISTOPHE\AppData\Roaming\wklnhst.dat
2008-09-12 21:09 91,136 ----a-w C:\Windows\System32\ezUninst.exe
2008-09-12 21:09 49,152 ----a-w C:\Windows\System32\ezUPBHook.dll
2008-09-12 21:09 268,288 ----a-w C:\Windows\System32\ezSetup.exe
2008-09-12 21:09 15,872 ----a-w C:\Windows\System32\ezMAPIHelper.exe
2008-09-12 21:09 111,104 ----a-w C:\Windows\System32\ezShellStart.exe
2008-08-29 08:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 10:34 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 13:12 1688872]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 03:25 202240]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 03:25 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 13:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 13:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 13:05 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 10:41 845360]
"CardReaderMonitor"="C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe" [2007-07-25 16:45 643072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 15:52 51048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 14:09 413696]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2008-01-21 03:23 215552]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 17:57 289576]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-18 22:59 185896]

C:\Users\HANAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Skype with Doro212.lnk - C:\Program Files\DORO\Skype with Doro212 2.4\Skype with Doro212.exe [2005-05-19 14:34:25 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6AC960E7-77F0-49D2-803D-52CDF0472152}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{4FF1D532-6210-4332-9F37-EA377364E001}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{804BD551-CCDB-49BA-ABAF-90528B8C5C64}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{369A9B28-E6D3-4F18-B6F3-008165F2B748}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1F9A3087-8488-4708-B3C8-62EAA3BBE186}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3721BFB5-2674-41AE-B385-5E9AFD2847E3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2D5A6120-3894-4361-859C-C80B6FEDFB5C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A14BAF10-6661-481B-8DCE-FA0829DAF5FE}"= UDP:990:LocalSubnet:LocalSubnet|IF={4C8CBC47-5EB6-4609-BA34-B627011626AB}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{307F7890-0F28-4701-8EFF-5C7E8890F1C6}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0AC7899E-759D-4FBE-8930-0BD935FBF578}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6008D009-4F52-40FB-A2BB-C91EDABA7F82}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{ABD7C11B-E561-4F4B-84F2-B3CBA3D419C5}"= UDP:990:LocalSubnet:LocalSubnet|IF={11CFA8E9-3215-4588-946C-FB51626E8C12}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{504A4E8B-24DD-415D-A6E1-52522A5D51EC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{31D8B64F-6A84-496B-8D3D-BA51CFE02626}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B3BF7D28-99D1-4388-9C21-3E20CB10F203}"= UDP:C:\Program Files\PremierOpinion\pmropn.exe:pmropn.exe
"{D2582C87-6992-4AEC-9823-67C6685DBBAF}"= TCP:C:\Program Files\PremierOpinion\pmropn.exe:pmropn.exe
"TCP Query User{A53CD3AA-C41F-491D-9FEF-7AA4039EA635}C:\\program files\\wyzo\\wyzo.exe"= UDP:C:\program files\wyzo\wyzo.exe:Wyzo
"UDP Query User{DFF7A90F-1182-4AB1-9F34-C122B2663947}C:\\program files\\wyzo\\wyzo.exe"= TCP:C:\program files\wyzo\wyzo.exe:Wyzo

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081120.001\IDSvix86.sys [2008-11-21 09:54:23 270384]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 23:45:04 124832]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2008-01-21 03:23:43 21504]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-06 20:48:00 149352]
R2 PremierOpinion;PremierOpinion;C:\Program Files\PremierOpinion\pmservice.exe /service [2008-10-31 14:31:40 45056]
R3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 20:32:00 23888]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2008-06-24 13:22:40 288256]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-24 04:15:17 47616]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 13:13:40 41008]
R3 vm331avs;Bison Webcam;C:\Windows\system32\Drivers\vm331avs.sys [2008-06-24 04:14:28 943016]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:13:20 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:10:19 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-11-24 C:\Windows\Tasks\Extension de garantie-HANAN.job
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-02-04 11:13]

2008-11-21 C:\Windows\Tasks\GoogleUpdateTaskUser.job
- C:\Users\CHRISTOPHE\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-11 21:45]

2008-09-29 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - HANAN.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 08:05]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\HANAN\AppData\Roaming\Mozilla\Firefox\Profiles\r1395c9x.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
.
0
Réponse 22 / 31
HANAN
 
VOILA LE RAPPORT ET MERCI
BEAUCOUPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP

ComboFix 08-11-23.01 - HANAN 2008-11-24 13:58:00.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.883 [GMT 1:00]
Lancé depuis: C:\Users\HANAN\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ppcbooster
C:\Program Files\ppcbooster\ppcb_32.exe
C:\Program Files\ppcbooster\ppcbu_32.exe
C:\Users\CHRISTOPHE\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp2D3C.tmp
C:\Users\CHRISTOPHE\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp33D1.tmp
C:\Users\HANAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppcb_32.lnk

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-24 au 2008-11-24 ))))))))))))))))))))))))))))))))))))
.

2008-11-24 11:12 . 2008-11-24 11:12 <REP> d-------- C:\Program Files\Panda Security
2008-11-24 11:12 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-11-24 09:50 . 2008-11-24 09:50 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-11-24 09:50 . 2008-11-24 09:50 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-11-21 18:38 . 2008-11-21 18:38 <REP> d-------- C:\Users\CHRISTOPHE\AppData\Roaming\Malwarebytes
2008-11-21 14:53 . 2008-11-21 14:53 <REP> d-------- C:\rsit
2008-11-21 09:30 . 2007-01-04 10:15 9,336 --a------ C:\Windows\System32\WinIo.sys
2008-11-20 19:50 . 2008-11-20 19:52 <REP> d-------- C:\ToolBar SD
2008-11-20 16:09 . 2008-11-21 14:48 <REP> d-------- C:\Program Files\Navilog1
2008-11-20 15:48 . 2008-11-21 14:53 <REP> d-------- C:\Program Files\trend micro
2008-11-20 14:29 . 2008-10-16 22:13 1,809,944 --a------ C:\Windows\System32\wuaueng.dll
2008-11-20 14:29 . 2008-10-16 21:56 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-11-20 14:29 . 2008-10-16 22:09 51,224 --a------ C:\Windows\System32\wuauclt.exe
2008-11-20 14:29 . 2008-10-16 22:09 43,544 --a------ C:\Windows\System32\wups2.dll
2008-11-20 14:28 . 2008-10-16 22:12 561,688 --a------ C:\Windows\System32\wuapi.dll
2008-11-20 14:28 . 2008-10-16 14:08 162,064 --a------ C:\Windows\System32\wuwebv.dll
2008-11-20 14:28 . 2008-10-16 21:55 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-11-20 14:28 . 2008-10-16 22:08 34,328 --a------ C:\Windows\System32\wups.dll
2008-11-20 14:28 . 2008-10-16 13:56 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-11-18 14:59 . 2008-11-18 14:59 <REP> d-------- C:\Users\HANAN\AppData\Roaming\Malwarebytes
2008-11-18 14:59 . 2008-11-18 14:59 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-11-18 14:59 . 2008-11-18 14:59 <REP> d-------- C:\ProgramData\Malwarebytes
2008-11-18 14:59 . 2008-11-18 14:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-18 14:59 . 2008-10-22 16:10 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-11-18 14:59 . 2008-10-22 16:10 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-11-13 16:38 . 2008-11-13 16:38 <REP> d-------- C:\Users\HANAN\AppData\Roaming\Icone
2008-11-12 21:41 . 2008-09-05 06:14 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-11-12 21:41 . 2008-08-27 02:05 212,480 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-11-12 21:40 . 2008-09-10 04:40 1,334,272 --a------ C:\Windows\System32\msxml6.dll
2008-10-31 16:35 . 2008-11-21 15:46 <REP> d-a------ C:\Users\All Users\TEMP
2008-10-31 16:35 . 2008-11-21 15:46 <REP> d-a------ C:\ProgramData\TEMP
2008-10-31 16:35 . 2008-11-21 15:46 <REP> d-------- C:\Program Files\Spyware Doctor
2008-10-31 16:23 . 2008-10-31 16:23 <REP> d-------- C:\Users\HANAN\AppData\Roaming\.wyzo
2008-10-31 14:31 . 2008-11-18 16:23 <REP> d-------- C:\Program Files\PremierOpinion
2008-10-31 14:21 . 2008-10-31 14:21 <REP> d-------- C:\Users\CHRISTOPHE\AppData\Roaming\Wyzo
2008-10-31 14:21 . 2008-10-31 14:21 <REP> d-------- C:\Users\CHRISTOPHE\AppData\Roaming\.wyzo
2008-10-29 10:24 . 2008-08-12 04:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-29 10:24 . 2008-09-18 05:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-29 10:24 . 2008-09-18 05:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-27 11:49 . 2008-10-27 11:49 <REP> d-------- C:\Users\All Users\FLEXnet
2008-10-27 11:49 . 2008-10-27 11:49 <REP> d-------- C:\ProgramData\FLEXnet
2008-10-26 09:44 . 2008-10-26 09:54 <REP> d-------- C:\Users\CHRISTOPHE\AppData\Roaming\Autodesk
2008-10-26 09:42 . 2008-10-26 09:42 <REP> d-------- C:\Users\CHRISTOPHE\AppData\Roaming\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 12:20 --------- d-----w C:\Program Files\FusionSoft DVD Player XP
2008-11-24 09:05 --------- d-----w C:\Program Files\Windows Live
2008-11-24 09:02 --------- d-----w C:\ProgramData\WLInstaller
2008-11-24 07:57 27,335 ----a-w C:\Users\HANAN\AppData\Roaming\nvModes.dat
2008-11-21 14:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-11-21 14:53 --------- d-----w C:\Program Files\Google
2008-11-18 08:38 --------- d-----w C:\ProgramData\Microsoft Help
2008-11-13 23:08 --------- d-----w C:\Users\HANAN\AppData\Roaming\skypePM
2008-11-13 22:59 --------- d-----w C:\Users\HANAN\AppData\Roaming\Skype
2008-11-12 09:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-31 21:31 --------- d-----w C:\Users\CHRISTOPHE\AppData\Roaming\LimeWire
2008-10-28 10:48 --------- d-----w C:\Users\HANAN\AppData\Roaming\Autodesk
2008-10-28 10:48 --------- d-----w C:\ProgramData\Autodesk
2008-10-26 08:57 27,810 ----a-w C:\Users\CHRISTOPHE\AppData\Roaming\nvModes.dat
2008-10-23 13:31 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-10-23 13:20 --------- d-----w C:\Program Files\DivX
2008-10-23 00:41 --------- d-----w C:\Users\HANAN\AppData\Roaming\LimeWire
2008-10-21 15:02 70,599 ----a-w C:\Windows\pptb1948.exe
2008-10-21 13:30 --------- d-----w C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-21 13:30 --------- d-----w C:\Program Files\iTunes
2008-10-21 13:29 --------- d-----w C:\Program Files\iPod
2008-10-18 01:14 --------- d-----w C:\Program Files\Windows Mail
2008-10-12 20:38 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-10-12 19:06 --------- d-----w C:\Program Files\Java
2008-10-12 19:06 --------- d-----w C:\Program Files\Autodesk
2008-10-12 19:05 --------- d-----w C:\Program Files\Autodesk Network License Manager
2008-10-12 18:42 --------- d-----w C:\Program Files\AutoCAD 2008
2008-10-12 18:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-12 17:50 --------- d-----w C:\ProgramData\Symantec
2008-10-09 17:17 --------- d-----w C:\Program Files\Common Files\logishrd
2008-10-02 03:49 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-10-01 12:20 --------- d-----w C:\Users\HANAN\AppData\Roaming\mIRC
2008-10-01 11:01 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-09-30 15:43 1,286,152 ----a-w C:\Windows\System32\msxml4.dll
2008-09-29 16:50 --------- d-----w C:\Program Files\DORO
2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys
2008-09-12 21:12 118 ----a-w C:\Users\CHRISTOPHE\AppData\Roaming\wklnhst.dat
2008-09-12 21:09 91,136 ----a-w C:\Windows\System32\ezUninst.exe
2008-09-12 21:09 49,152 ----a-w C:\Windows\System32\ezUPBHook.dll
2008-09-12 21:09 268,288 ----a-w C:\Windows\System32\ezSetup.exe
2008-09-12 21:09 15,872 ----a-w C:\Windows\System32\ezMAPIHelper.exe
2008-09-12 21:09 111,104 ----a-w C:\Windows\System32\ezShellStart.exe
2008-08-29 08:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 10:34 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 13:12 1688872]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 03:25 202240]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 03:25 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 13:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 13:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 13:05 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 10:41 845360]
"CardReaderMonitor"="C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe" [2007-07-25 16:45 643072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 15:52 51048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 14:09 413696]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2008-01-21 03:23 215552]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 17:57 289576]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-18 22:59 185896]

C:\Users\HANAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Skype with Doro212.lnk - C:\Program Files\DORO\Skype with Doro212 2.4\Skype with Doro212.exe [2005-05-19 14:34:25 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6AC960E7-77F0-49D2-803D-52CDF0472152}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{4FF1D532-6210-4332-9F37-EA377364E001}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{804BD551-CCDB-49BA-ABAF-90528B8C5C64}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{369A9B28-E6D3-4F18-B6F3-008165F2B748}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1F9A3087-8488-4708-B3C8-62EAA3BBE186}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3721BFB5-2674-41AE-B385-5E9AFD2847E3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2D5A6120-3894-4361-859C-C80B6FEDFB5C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A14BAF10-6661-481B-8DCE-FA0829DAF5FE}"= UDP:990:LocalSubnet:LocalSubnet|IF={4C8CBC47-5EB6-4609-BA34-B627011626AB}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{307F7890-0F28-4701-8EFF-5C7E8890F1C6}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0AC7899E-759D-4FBE-8930-0BD935FBF578}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6008D009-4F52-40FB-A2BB-C91EDABA7F82}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{ABD7C11B-E561-4F4B-84F2-B3CBA3D419C5}"= UDP:990:LocalSubnet:LocalSubnet|IF={11CFA8E9-3215-4588-946C-FB51626E8C12}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{504A4E8B-24DD-415D-A6E1-52522A5D51EC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{31D8B64F-6A84-496B-8D3D-BA51CFE02626}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B3BF7D28-99D1-4388-9C21-3E20CB10F203}"= UDP:C:\Program Files\PremierOpinion\pmropn.exe:pmropn.exe
"{D2582C87-6992-4AEC-9823-67C6685DBBAF}"= TCP:C:\Program Files\PremierOpinion\pmropn.exe:pmropn.exe
"TCP Query User{A53CD3AA-C41F-491D-9FEF-7AA4039EA635}C:\\program files\\wyzo\\wyzo.exe"= UDP:C:\program files\wyzo\wyzo.exe:Wyzo
"UDP Query User{DFF7A90F-1182-4AB1-9F34-C122B2663947}C:\\program files\\wyzo\\wyzo.exe"= TCP:C:\program files\wyzo\wyzo.exe:Wyzo

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081120.001\IDSvix86.sys [2008-11-21 09:54:23 270384]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 23:45:04 124832]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2008-01-21 03:23:43 21504]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-06 20:48:00 149352]
R2 PremierOpinion;PremierOpinion;C:\Program Files\PremierOpinion\pmservice.exe /service [2008-10-31 14:31:40 45056]
R3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 20:32:00 23888]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2008-06-24 13:22:40 288256]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-24 04:15:17 47616]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 13:13:40 41008]
R3 vm331avs;Bison Webcam;C:\Windows\system32\Drivers\vm331avs.sys [2008-06-24 04:14:28 943016]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:13:20 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:10:19 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-11-24 C:\Windows\Tasks\Extension de garantie-HANAN.job
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-02-04 11:13]

2008-11-21 C:\Windows\Tasks\GoogleUpdateTaskUser.job
- C:\Users\CHRISTOPHE\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-11 21:45]

2008-09-29 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - HANAN.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 08:05]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\HANAN\AppData\Roaming\Mozilla\Firefox\Profiles\r1395c9x.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
.
0
Réponse 23 / 31
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
/!\ Seul HANAN peut suivre cette procédure /!\

1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

KillAll::

Driver::
PremierOpinion

File::
C:\Windows\pptb1948.exe
C:\Windows\aldie20938.exe
C:\Windows\odtb2482.exe
C:\Windows\akcfdj29387.exe
C:\Windows\lpib7535.exe
C:\Windows\jutb6721.exe
C:\Windows\kdiue021.exe
C:\Windows\ldoie0293.exe
C:\Program Files\FusionSoft DVD Player XP\bmptojpeg.exe

Folder::
C:\Program Files\PremierOpinion

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B3BF7D28-99D1-4388-9C21-3E20CB10F203}"=-
"{D2582C87-6992-4AEC-9823-67C6685DBBAF}"=-

---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes

2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix\Combofix.txt
0
Réponse 24 / 31
HANAN
 
VOILA LE RAPPORT ET BRAVO!!!!JE SENS QUE LE PB EST RESOLU J ESPERE QUE JE ME TROMPE PAS:))))))))

ComboFix 08-11-23.02 - HANAN 2008-11-24 15:15:57.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.964 [GMT 1:00]
Lancé depuis: c:\users\HANAN\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\HANAN\Desktop\CFScript.txt.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\program files\FusionSoft DVD Player XP\bmptojpeg.exe
c:\windows\akcfdj29387.exe
c:\windows\aldie20938.exe
c:\windows\jutb6721.exe
c:\windows\kdiue021.exe
c:\windows\ldoie0293.exe
c:\windows\lpib7535.exe
c:\windows\odtb2482.exe
c:\windows\pptb1948.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\PremierOpinion
c:\program files\PremierOpinion\pmservice.exe
c:\windows\pptb1948.exe
.
---- Previous Run -------
.
c:\program files\ppcbooster
c:\program files\ppcbooster\ppcb_32.exe
c:\program files\ppcbooster\ppcbu_32.exe
c:\users\CHRISTOPHE\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp2D3C.tmp
c:\users\CHRISTOPHE\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp33D1.tmp
c:\users\HANAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppcb_32.lnk

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PremierOpinion

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-24 au 2008-11-24 ))))))))))))))))))))))))))))))))))))
.

2008-11-24 11:12 . 2008-11-24 11:12 <REP> d-------- c:\program files\Panda Security
2008-11-24 11:12 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2008-11-24 09:50 . 2008-11-24 09:50 <REP> d-------- c:\users\All Users\Kaspersky Lab Setup Files
2008-11-24 09:50 . 2008-11-24 09:50 <REP> d-------- c:\programdata\Kaspersky Lab Setup Files
2008-11-21 18:38 . 2008-11-21 18:38 <REP> d-------- c:\users\CHRISTOPHE\AppData\Roaming\Malwarebytes
2008-11-21 14:53 . 2008-11-21 14:53 <REP> d-------- C:\rsit
2008-11-21 09:30 . 2007-01-04 10:15 9,336 --a------ c:\windows\System32\WinIo.sys
2008-11-20 19:50 . 2008-11-20 19:52 <REP> d-------- C:\ToolBar SD
2008-11-20 16:09 . 2008-11-21 14:48 <REP> d-------- c:\program files\Navilog1
2008-11-20 15:48 . 2008-11-21 14:53 <REP> d-------- c:\program files\trend micro
2008-11-20 14:29 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-20 14:29 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-20 14:29 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-20 14:29 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-20 14:28 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-20 14:28 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-20 14:28 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-20 14:28 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-20 14:28 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-18 14:59 . 2008-11-18 14:59 <REP> d-------- c:\users\HANAN\AppData\Roaming\Malwarebytes
2008-11-18 14:59 . 2008-11-18 14:59 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-18 14:59 . 2008-11-18 14:59 <REP> d-------- c:\programdata\Malwarebytes
2008-11-18 14:59 . 2008-11-18 14:59 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-18 14:59 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-18 14:59 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-13 16:38 . 2008-11-13 16:38 <REP> d-------- c:\users\HANAN\AppData\Roaming\Icone
2008-11-12 21:41 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 21:41 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 21:40 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-10-31 16:35 . 2008-11-21 15:46 <REP> d-a------ c:\users\All Users\TEMP
2008-10-31 16:35 . 2008-11-21 15:46 <REP> d-a------ c:\programdata\TEMP
2008-10-31 16:23 . 2008-10-31 16:23 <REP> d-------- c:\users\HANAN\AppData\Roaming\.wyzo
2008-10-31 14:21 . 2008-10-31 14:21 <REP> d-------- c:\users\CHRISTOPHE\AppData\Roaming\Wyzo
2008-10-31 14:21 . 2008-10-31 14:21 <REP> d-------- c:\users\CHRISTOPHE\AppData\Roaming\.wyzo
2008-10-29 10:24 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 10:24 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 10:24 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-27 11:49 . 2008-10-27 11:49 <REP> d-------- c:\users\All Users\FLEXnet
2008-10-27 11:49 . 2008-10-27 11:49 <REP> d-------- c:\programdata\FLEXnet
2008-10-26 09:44 . 2008-10-26 09:54 <REP> d-------- c:\users\CHRISTOPHE\AppData\Roaming\Autodesk
2008-10-26 09:42 . 2008-10-26 09:42 <REP> d-------- c:\users\CHRISTOPHE\AppData\Roaming\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 13:16 --------- d-----w c:\program files\Google
2008-11-24 12:20 --------- d-----w c:\program files\FusionSoft DVD Player XP
2008-11-24 09:05 --------- d-----w c:\program files\Windows Live
2008-11-24 09:02 --------- d-----w c:\programdata\WLInstaller
2008-11-24 07:57 27,335 ----a-w c:\users\HANAN\AppData\Roaming\nvModes.dat
2008-11-21 14:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-18 08:38 --------- d-----w c:\programdata\Microsoft Help
2008-11-13 23:08 --------- d-----w c:\users\HANAN\AppData\Roaming\skypePM
2008-11-13 22:59 --------- d-----w c:\users\HANAN\AppData\Roaming\Skype
2008-11-12 09:50 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-31 21:31 --------- d-----w c:\users\CHRISTOPHE\AppData\Roaming\LimeWire
2008-10-28 10:48 --------- d-----w c:\users\HANAN\AppData\Roaming\Autodesk
2008-10-28 10:48 --------- d-----w c:\programdata\Autodesk
2008-10-26 08:57 27,810 ----a-w c:\users\CHRISTOPHE\AppData\Roaming\nvModes.dat
2008-10-23 13:31 --------- d-----w c:\program files\Common Files\AVSMedia
2008-10-23 13:20 --------- d-----w c:\program files\DivX
2008-10-23 00:41 --------- d-----w c:\users\HANAN\AppData\Roaming\LimeWire
2008-10-21 13:30 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-21 13:30 --------- d-----w c:\program files\iTunes
2008-10-21 13:29 --------- d-----w c:\program files\iPod
2008-10-18 01:14 --------- d-----w c:\program files\Windows Mail
2008-10-12 20:38 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-10-12 19:06 --------- d-----w c:\program files\Java
2008-10-12 19:06 --------- d-----w c:\program files\Autodesk
2008-10-12 19:05 --------- d-----w c:\program files\Autodesk Network License Manager
2008-10-12 18:42 --------- d-----w c:\program files\AutoCAD 2008
2008-10-12 18:27 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-12 17:50 --------- d-----w c:\programdata\Symantec
2008-10-09 17:17 --------- d-----w c:\program files\Common Files\logishrd
2008-10-01 12:20 --------- d-----w c:\users\HANAN\AppData\Roaming\mIRC
2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-29 16:50 --------- d-----w c:\program files\DORO
2008-09-12 21:12 118 ----a-w c:\users\CHRISTOPHE\AppData\Roaming\wklnhst.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-11-24_14.06.03,49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-11-21 08:34:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-24 14:19:50 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-21 08:34:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-24 14:19:50 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-24 13:04:47 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-24 14:20:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-24 14:20:36 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-24 13:04:25 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-24 14:20:36 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-24 14:20:36 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-24 12:19:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-24 14:19:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-24 12:19:29 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-24 14:19:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-24 12:19:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-24 14:19:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-24 12:57:24 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-24 14:15:28 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-11-21 08:36:58 6,852 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2160285476-4177163778-3982406758-1000_UserData.bin
+ 2008-11-24 13:19:52 6,868 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2160285476-4177163778-3982406758-1000_UserData.bin
- 2008-11-21 08:36:58 65,256 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-24 13:19:51 65,364 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-26 16:43:44 4,458 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-11-24 14:18:39 4,458 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-11-21 08:36:56 41,024 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-24 13:19:50 41,072 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360]
"CardReaderMonitor"="c:\program files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe" [2007-07-25 643072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-18 185896]

c:\users\HANAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Skype with Doro212.lnk - c:\program files\DORO\Skype with Doro212 2.4\Skype with Doro212.exe [2005-05-19 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6AC960E7-77F0-49D2-803D-52CDF0472152}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{4FF1D532-6210-4332-9F37-EA377364E001}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{804BD551-CCDB-49BA-ABAF-90528B8C5C64}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{369A9B28-E6D3-4F18-B6F3-008165F2B748}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1F9A3087-8488-4708-B3C8-62EAA3BBE186}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3721BFB5-2674-41AE-B385-5E9AFD2847E3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2D5A6120-3894-4361-859C-C80B6FEDFB5C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A14BAF10-6661-481B-8DCE-FA0829DAF5FE}"= UDP:990:LocalSubnet:LocalSubnet|IF={4C8CBC47-5EB6-4609-BA34-B627011626AB}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{307F7890-0F28-4701-8EFF-5C7E8890F1C6}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0AC7899E-759D-4FBE-8930-0BD935FBF578}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{6008D009-4F52-40FB-A2BB-C91EDABA7F82}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ABD7C11B-E561-4F4B-84F2-B3CBA3D419C5}"= UDP:990:LocalSubnet:LocalSubnet|IF={11CFA8E9-3215-4588-946C-FB51626E8C12}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{504A4E8B-24DD-415D-A6E1-52522A5D51EC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{31D8B64F-6A84-496B-8D3D-BA51CFE02626}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{A53CD3AA-C41F-491D-9FEF-7AA4039EA635}c:\\program files\\wyzo\\wyzo.exe"= UDP:c:\program files\wyzo\wyzo.exe:Wyzo
"UDP Query User{DFF7A90F-1182-4AB1-9F34-C122B2663947}c:\\program files\\wyzo\\wyzo.exe"= TCP:c:\program files\wyzo\wyzo.exe:Wyzo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-24 28544]
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081120.001\IDSvix86.sys [2008-11-21 270384]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-06 149352]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2008-06-24 288256]
R3 RTSTOR;USB Mass Storage Device;c:\windows\system32\drivers\RTSTOR.SYS [2008-06-24 47616]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 vm331avs;Bison Webcam;c:\windows\system32\Drivers\vm331avs.sys [2008-06-24 943016]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]
S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Tâches planifiées'

2008-11-24 c:\windows\Tasks\Extension de garantie-HANAN.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-02-04 11:13]

2008-11-24 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\CHRISTOPHE\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-11 21:45]

2008-09-29 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - HANAN.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 08:05]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 15:20:38
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2008-11-24 15:24:33 - La machine a redémarré [HANAN]
ComboFix-quarantined-files.txt 2008-11-24 14:24:03

Avant-CF: 13,362,049,024 octets libres
Après-CF: 12,986,335,232 octets libres

267 --- E O F --- 2008-11-21 08:40:58
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 31
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Oui, ça s'est bien passé ;)

1/

---> Clique sur le logo Vista, tape Exécuter dans la barre Rechercher et valide.

---> Tape combofix /u dans la fenêtre Exécuter puis valide.

2/

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
* Lance-le. Va dans Outils puis Programmes de désinstallations.
* Sélectionne Favorit puis clique sur Efface l'Entrée.
* Fais de même pour PPC Booster.

3/

---> Désinstalle les programmes suivants :
- Java 2 Runtime Environment, SE v1.4.2_04
- Java 6 Update 7

---> Mets à jour Adobe Reader :
https://get2.adobe.com/reader/otherversions/

---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp

4/

---> Supprime le dossier RSIT situé dans C:\

---> Refais un scan RSIT et poste les deux rapports.
0
Réponse 26 / 31
HANAN
 
voila les deux rapports mille merci

Logfile of random's system information tool 1.04 (written by random/random)
Run by HANAN at 2008-11-24 16:11:28
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 12 GB (18%) free of 66 GB
Total RAM: 1790 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:37, on 24/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Users\HANAN\Desktop\RSIT.exe
C:\Program Files\trend micro\HANAN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CardReaderMonitor] C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: Skype with Doro212.lnk = C:\Program Files\DORO\Skype with Doro212 2.4\Skype with Doro212.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
0
Réponse 27 / 31
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> N'oublie pas de mettre à jour Adobe Reader pour ta sécurité.

Si tu n'as plus de problème, fais ceci :

1/

---> Télécharge OTCleanIt sur ton Bureau :
* Double-clique sur OTCleanIt pour le lancer.
* Clique sur CleanUp! puis clique sur Yes à la fenêtre Confirm.
* Redémarre ton PC comme demandé.

2/

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).

3/

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://forums.cnetfrance.fr

Je m'absente, je reviens plus tard sur le forum.
0
Réponse 28 / 31
HANAN
 
Bonjour,
je tiens toujours à te remercier vivement pour tout ton suivi et tes efforts et je voudrais savoir l origine de ce probleme et s q je dois pas faire pour tomber dans la meme chose merci et bonne journee
0
Réponse 29 / 31
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Il faut être plus vigilant.

Ce que je peux te dire, c'est que tu as installé InternetGameBox qui est un programme qui installe une infection.

Après, je ne sais pas où tu as eu les autres infections.

N'oublie pas de réactiver l'UAC de Vista si ce n'est pas fait.

Des questions, des remarques ?
0
Réponse 30 / 31
HANAN
 
J AI COMPRIS MERCI BEAUCOUP
0
Réponse 31 / 31
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Bonne journée ;)
0

Discussions similaires

Chemin Logo du site de la Cité de l'espace
Keiios -
blux -

11 réponses