pages bup "cid"

Question

Bonjour,
ben mon ordi est infecté.....j'ai des pages pub intempestives qui s'ouvre toutes seules..que dois_je faire svp..aidez moi 

merci d'avance

abcde · Answer

ben j'ai effectué un scan avc hijackthis ..voci le log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:30, on 17-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WARN POP TRUST LIES] C:\Documents and Settings\All Users\Application Data\Camp Mess Warn Pop\TYPE NAME.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [delete trans] C:\DOCUME~1\ADMINI~1\APPLIC~1\CASHCR~1\Log Platform.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF039ACA-F681-476F-BAB9-B6A7F923BD92}: NameServer = 41.221.20.4 193.251.169.165
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe

abcde · Answer

comme personne ne m'a repondu j'ai fixé cette ligne :

O4 - HKCU\..\Run: [delete trans] C:\DOCUME~1\ADMINI~1\APPLIC~1\CASHCR~1\Log Platform.exe


en attendant la suite...

_je pense que je vais procéder tt seule_

Lyonnais92 · Answer

Bonjour,

pas sur que ça le fasse.

=======
C'est toi qui a posé des restrictions sur Internet Explorer ?

============


Télécharge Lop S&D ici :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double-clique dessus pour lancer l'installation

Puis double-clique [b]sur le raccourci Lop S&D/b présent sur ton bureau

Séléctionne la langue souhaitée , puis choisis [b]l'Option 1/b ( Recherche )

Patiente jusqu'à la fin du scan

Poste le rapport généré ( C:lopR.txt )

abcde · Answer

slt...d'abord merci de m'avoir repondu si vite 


ben..dites moi svp c koi ces restrictions ((chuis nulle en informatique))..mais je croix que j'ai rien fait..en fait j'ai browser + firefox  comme navigateurs

remercie

abcde · Answer

voici le rapport --------------------\ Lop S&D 4.2.4-9c XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) III CPU 1133MHz ) BIOS : Award Modular BIOS v6.00PG USER : Administrateur ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated) Firewall : COMODO Firewall Pro 3.0 (Not Activated) C:\ (Local Disk) - FAT32 - Total:4 Go (Free:0 Go) D:\ (Local Disk) - FAT32 - Total:4 Go (Free:4 Go) E:\ (Local Disk) - FAT32 - Total:4 Go (Free:4 Go) F:\ (Local Disk) - FAT32 - Total:4 Go (Free:4 Go) G:\ (CD or DVD) "C:\Lop SD" ( MAJ : 01-11-2008|16:30 ) Option : [1] ( Wed 12/17/2008|10:06 ) --------------------\ Listing des dossiers dans APPLIC~1 [05/19/2008|02:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Microsoft [06/09/2008|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Avg7 [06/09/2008|09:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Avira [12/11/2008|11:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Camp Mess Warn Pop [06/13/2008|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ comodo [05/19/2008|04:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Google [06/15/2008|07:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Malwarebytes [12/11/2008|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Messenger Plus! [05/19/2008|02:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Microsoft [05/19/2008|04:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Skype [06/18/2008|04:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Spybot - Search & Destroy [08/17/2008|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ TEMP [05/20/2008|08:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ UDL [05/19/2008|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Windows Genuine Advantage [09/13/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Winferno [09/08/2008|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Yahoo! [05/19/2008|02:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\ Microsoft [05/19/2008|02:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\ Microsoft [09/13/2008|11:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\ Mozilla [05/20/2008|01:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Adobe [05/21/2008|12:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\ AdobeUM [09/21/2008|11:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Avant Profiles [12/11/2008|11:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\ cash creative wma [06/13/2008|12:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Comodo [05/19/2008|07:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\ COWON [08/27/2008|12:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\ DMCache [05/19/2008|06:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Google [08/24/2008|08:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Help [05/19/2008|02:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Identities [11/06/2008|12:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\ IDM [05/19/2008|07:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Macromedia [06/15/2008|07:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Malwarebytes [05/19/2008|02:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Microsoft [05/19/2008|09:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Mozilla [12/11/2008|10:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Nuotex [06/26/2008|12:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Opera [05/19/2008|04:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Skype [09/12/2008|04:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\ TeamViewer [06/16/2008|08:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Uniblue [08/17/2008|09:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\ URSoft [05/20/2008|09:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\ WinRAR [05/22/2008|01:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Yahoo! --------------------\ Tâches planifiées dans C:\WINDOWS asks [12/17/2008 10:00 AM][--ah-----] C:\WINDOWS asks\AE0ECF53903547FF.job [12/17/2008 07:13 AM][--a------] C:\WINDOWS asks\PCConfidential.job [12/17/2008 07:13 AM][--ah-----] C:\WINDOWS asks\SA.DAT [08/24/2001 04:00 PM][-r-h-----] C:\WINDOWS asks\desktop.ini ( AE0ECF53903547FF.job )=( c:\docume~1\admini~1\applic~1\cashcr~1\filecopybolt.exe ) --------------------\ Listing des dossiers dans C:\Program Files [10/07/2008|02:47] C:\Program Files\ ADSL Autoconnect [10/31/2008|12:16] C:\Program Files\ Avant Browser [12/16/2008|12:21] C:\Program Files\ Avira [12/11/2008|11:44] C:\Program Files\ cash creative wma [06/15/2008|10:38] C:\Program Files\ CCleaner [10/07/2008|01:53] C:\Program Files\ cFosSpeed [12/11/2008|11:42] C:\Program Files\ Circle Developement [06/19/2008|07:46] C:\Program Files\ CleanUp! [05/19/2008|02:25] C:\Program Files\ ComPlus Applications [09/13/2008|10:17] C:\Program Files\ DrvIcon 4ALGERIA [05/20/2008|08:24] C:\Program Files\ EPSON [05/19/2008|02:17] C:\Program Files\ Fichiers communs [06/12/2008|12:20] C:\Program Files\ Foxit Software [08/19/2008|12:11] C:\Program Files\ Gadwin Systems [05/19/2008|04:25] C:\Program Files\ Google [05/19/2008|04:00] C:\Program Files\ InstallShield Installation Information [11/06/2008|12:21] C:\Program Files\ Internet Download Manager [05/19/2008|02:27] C:\Program Files\ Internet Explorer [06/15/2008|07:39] C:\Program Files\ Malwarebytes' Anti-Malware [05/28/2008|02:23] C:\Program Files\ Mattel Interactive [12/11/2008|11:42] C:\Program Files\ Messenger Plus! Live [05/19/2008|02:32] C:\Program Files\ microsoft frontpage [05/23/2008|09:24] C:\Program Files\ Microsoft Office [05/19/2008|02:32] C:\Program Files\ movie maker [05/19/2008|09:36] C:\Program Files\ Mozilla Firefox [11/06/2008|10:54] C:\Program Files\ MSECache [09/25/2008|01:05] C:\Program Files\ msn gaming zone [08/31/2008|04:09] C:\Program Files\ MSN Messenger [09/14/2008|08:52] C:\Program Files\ MyWebSearch [05/19/2008|02:27] C:\Program Files\ NetMeeting [08/31/2008|04:00] C:\Program Files\ Netscape [05/19/2008|02:27] C:\Program Files\ Outlook Express [11/05/2008|07:20] C:\Program Files\ QuickTime [10/05/2008|09:45] C:\Program Files\ SCREEN2EXE [05/19/2008|02:28] C:\Program Files\ Services en ligne [05/19/2008|04:25] C:\Program Files\ Skype [06/13/2008|03:25] C:\Program Files\ Trend Micro [12/11/2008|11:42] C:\Program Files\ Windows Live [05/19/2008|02:25] C:\Program Files\ Windows Media Player [05/19/2008|02:24] C:\Program Files\ Windows NT [05/19/2008|02:29] C:\Program Files\ WindowsUpdate [05/19/2008|03:56] C:\Program Files\ WinRAR [05/19/2008|02:32] C:\Program Files\ xerox [05/19/2008|04:35] C:\Program Files\ Yahoo! --------------------\ Listing des dossiers dans C:\Program Files\Fichiers communs [05/23/2008|09:25] C:\Program Files\Fichiers communs\ DESIGNER [05/19/2008|03:59] C:\Program Files\Fichiers communs\ InstallShield [05/19/2008|02:17] C:\Program Files\Fichiers communs\ Microsoft Shared [05/19/2008|02:27] C:\Program Files\Fichiers communs\ MSSoap [05/19/2008|02:17] C:\Program Files\Fichiers communs\ ODBC [05/19/2008|02:27] C:\Program Files\Fichiers communs\ Services [05/19/2008|04:26] C:\Program Files\Fichiers communs\ Skype [05/19/2008|02:17] C:\Program Files\Fichiers communs\ SpeechEngines [05/19/2008|02:27] C:\Program Files\Fichiers communs\ System --------------------\ Process ( 31 Processes ) iexplore.exe ~ [PID:1584] iexplore.exe ~ [PID:1632] --------------------\ Recherche avec S_Lop C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bis7A.exe --------------------\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\ALLUSE~1\APPLIC~1\Camp Mess Warn Pop C:\DOCUME~1\ALLUSE~1\APPLIC~1\Camp Mess Warn Pop\TYPE NAME.exe C:\DOCUME~1\ADMINI~1\APPLIC~1\cashcr~1 C:\DOCUME~1\ADMINI~1\APPLIC~1\cashcr~1\Log Platform.exe C:\DOCUME~1\ADMINI~1\APPLIC~1\cashcr~1\azngsfox.exe C:\DOCUME~1\ADMINI~1\APPLIC~1\cashcr~1\16 NURB BYTE IDLE.exe C:\DOCUME~1\ADMINI~1\APPLIC~1\cashcr~1\filecopybolt.exe C:\Program Files\cashcr~1 C:\Program Files\Circle Developement C:\Program Files\Circle Developement\Uninstall.exe C:\WINDOWS\Tasks\AE0ECF53903547FF.job --------------------\ Verification du Registre [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "delete trans"="C:\DOCUME~1\ADMINI~1\APPLIC~1\CASHCR~1\Log Platform.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WARN POP TRUST LIES"="C:\Documents and Settings\All Users\Application Data\Camp Mess Warn Pop\TYPE NAME.exe" --------------------\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-17 10:08:41 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\ Recherche d'autres infections --------------------\ Cracks & Keygens .. C:\DOCUME~1\ADMINI~1\Bureau\Keygen.rar [F:254][D:6]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp [F:22][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies [F:1242][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5 [F:2][D:0]-> C:\Recycled 1 - "C:\Lop SD\LopR_1.txt" - Wed 12/17/2008|10:10 - Option : [1] --------------------\ Fin du rapport a 10:10:23

Lyonnais92 · Answer

Re,

tu devrais supprimer ça :

C:\DOCUME~1\ADMINI~1\Bureau\Keygen.rar 

Déjà, c'est dangereux en soi, mais si, comme tu le dis, tu n'y connais rien, c'est encore pire.

============

Il est possible que les restrictions viennent de l'exécution de  PCConfidential.job 

Tu as installé PCConfidential ?

=================
Relance Lop S&D

Choisis cette fois ci l'Option 2 ( Suppression )

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,

 Nouvelle tâche, tape explorer.exe et valide )

abcde · Answer

C:\DOCUME~1\ADMINI~1\Bureau\Keygen.rar 

Déjà, c'est dangereux en soi, mais si, comme tu le dis, tu n'y connais rien, c'est encore pire. ============ 

svp dites moi..c quoi ce truk "keygen.rar" ..je me souviens que je l'ai telecharger ...mai j'ai oublié prkoi!!!!
prquoi est siiiiiiii dangereux???!!!svp

Il est possible que les restrictions viennent de l'exécution de PCConfidential.job 

Tu as installé PCConfidential ? 
 
la verité je n'ai jamais entendu parler de ce logiciel ...jamais 

@+
merci bcp je suis ''trop'' reconnaissante

abcde · Answer

ci dessous le rapport --------------------\ Lop S&D 4.2.4-9c XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) III CPU 1133MHz ) BIOS : Award Modular BIOS v6.00PG USER : Administrateur ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated) Firewall : COMODO Firewall Pro 3.0 (Not Activated) C:\ (Local Disk) - FAT32 - Total:4 Go (Free:0 Go) D:\ (Local Disk) - FAT32 - Total:4 Go (Free:4 Go) E:\ (Local Disk) - FAT32 - Total:4 Go (Free:4 Go) F:\ (Local Disk) - FAT32 - Total:4 Go (Free:4 Go) G:\ (CD or DVD) "C:\Lop SD" ( MAJ : 01-11-2008|16:30 ) Option : [2] ( Wed 12/17/2008|10:33 ) \\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Camp Mess Warn Pop\TYPE NAME.exe Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\cashcr~1\Log Platform.exe Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\cashcr~1\azngsfox.exe Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\cashcr~1\16 NURB BYTE IDLE.exe Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\cashcr~1\filecopybolt.exe Supprime! - C:\Program Files\Circle Developement\Uninstall.exe Supprime! - C:\WINDOWS\Tasks\AE0ECF53903547FF.job Supprime! - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bis7A.exe Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Camp Mess Warn Pop Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\cashcr~1 Supprime! - C:\Program Files\cashcr~1 Supprime! - C:\Program Files\Circle Developement - [ Fichier Hosts ] .. Restaure! \\\\\\\\\\\\\\\ --------------------\ Listing des dossiers dans APPLIC~1 [05/19/2008|02:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Microsoft [06/09/2008|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Avg7 [06/09/2008|09:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Avira [06/13/2008|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ comodo [05/19/2008|04:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Google [06/15/2008|07:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Malwarebytes [12/11/2008|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Messenger Plus! [05/19/2008|02:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Microsoft [05/19/2008|04:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Skype [06/18/2008|04:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Spybot - Search & Destroy [08/17/2008|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ TEMP [05/20/2008|08:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ UDL [05/19/2008|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Windows Genuine Advantage [09/13/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Winferno [09/08/2008|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Yahoo! [05/19/2008|02:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\ Microsoft [05/19/2008|02:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\ Microsoft [09/13/2008|11:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\ Mozilla [05/20/2008|01:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Adobe [05/21/2008|12:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\ AdobeUM [09/21/2008|11:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Avant Profiles [06/13/2008|12:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Comodo [05/19/2008|07:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\ COWON [08/27/2008|12:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\ DMCache [05/19/2008|06:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Google [08/24/2008|08:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Help [05/19/2008|02:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Identities [11/06/2008|12:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\ IDM [05/19/2008|07:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Macromedia [06/15/2008|07:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Malwarebytes [05/19/2008|02:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Microsoft [05/19/2008|09:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Mozilla [12/11/2008|10:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Nuotex [06/26/2008|12:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Opera [05/19/2008|04:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Skype [09/12/2008|04:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\ TeamViewer [06/16/2008|08:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Uniblue [08/17/2008|09:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\ URSoft [05/20/2008|09:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\ WinRAR [05/22/2008|01:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Yahoo! --------------------\ Tâches planifiées dans C:\WINDOWS asks [12/17/2008 07:13 AM][--a------] C:\WINDOWS asks\PCConfidential.job [12/17/2008 07:13 AM][--ah-----] C:\WINDOWS asks\SA.DAT [08/24/2001 04:00 PM][-r-h-----] C:\WINDOWS asks\desktop.ini --------------------\ Listing des dossiers dans C:\Program Files [10/07/2008|02:47] C:\Program Files\ ADSL Autoconnect [10/31/2008|12:16] C:\Program Files\ Avant Browser [12/16/2008|12:21] C:\Program Files\ Avira [06/15/2008|10:38] C:\Program Files\ CCleaner [10/07/2008|01:53] C:\Program Files\ cFosSpeed [06/19/2008|07:46] C:\Program Files\ CleanUp! [05/19/2008|02:25] C:\Program Files\ ComPlus Applications [09/13/2008|10:17] C:\Program Files\ DrvIcon 4ALGERIA [05/20/2008|08:24] C:\Program Files\ EPSON [05/19/2008|02:17] C:\Program Files\ Fichiers communs [06/12/2008|12:20] C:\Program Files\ Foxit Software [08/19/2008|12:11] C:\Program Files\ Gadwin Systems [05/19/2008|04:25] C:\Program Files\ Google [05/19/2008|04:00] C:\Program Files\ InstallShield Installation Information [11/06/2008|12:21] C:\Program Files\ Internet Download Manager [05/19/2008|02:27] C:\Program Files\ Internet Explorer [06/15/2008|07:39] C:\Program Files\ Malwarebytes' Anti-Malware [05/28/2008|02:23] C:\Program Files\ Mattel Interactive [12/11/2008|11:42] C:\Program Files\ Messenger Plus! Live [05/19/2008|02:32] C:\Program Files\ microsoft frontpage [05/23/2008|09:24] C:\Program Files\ Microsoft Office [05/19/2008|02:32] C:\Program Files\ movie maker [05/19/2008|09:36] C:\Program Files\ Mozilla Firefox [11/06/2008|10:54] C:\Program Files\ MSECache [09/25/2008|01:05] C:\Program Files\ msn gaming zone [08/31/2008|04:09] C:\Program Files\ MSN Messenger [09/14/2008|08:52] C:\Program Files\ MyWebSearch [05/19/2008|02:27] C:\Program Files\ NetMeeting [08/31/2008|04:00] C:\Program Files\ Netscape [05/19/2008|02:27] C:\Program Files\ Outlook Express [11/05/2008|07:20] C:\Program Files\ QuickTime [10/05/2008|09:45] C:\Program Files\ SCREEN2EXE [05/19/2008|02:28] C:\Program Files\ Services en ligne [05/19/2008|04:25] C:\Program Files\ Skype [06/13/2008|03:25] C:\Program Files\ Trend Micro [12/11/2008|11:42] C:\Program Files\ Windows Live [05/19/2008|02:25] C:\Program Files\ Windows Media Player [05/19/2008|02:24] C:\Program Files\ Windows NT [05/19/2008|02:29] C:\Program Files\ WindowsUpdate [05/19/2008|03:56] C:\Program Files\ WinRAR [05/19/2008|02:32] C:\Program Files\ xerox [05/19/2008|04:35] C:\Program Files\ Yahoo! --------------------\ Listing des dossiers dans C:\Program Files\Fichiers communs [05/23/2008|09:25] C:\Program Files\Fichiers communs\ DESIGNER [05/19/2008|03:59] C:\Program Files\Fichiers communs\ InstallShield [05/19/2008|02:17] C:\Program Files\Fichiers communs\ Microsoft Shared [05/19/2008|02:27] C:\Program Files\Fichiers communs\ MSSoap [05/19/2008|02:17] C:\Program Files\Fichiers communs\ ODBC [05/19/2008|02:27] C:\Program Files\Fichiers communs\ Services [05/19/2008|04:26] C:\Program Files\Fichiers communs\ Skype [05/19/2008|02:17] C:\Program Files\Fichiers communs\ SpeechEngines [05/19/2008|02:27] C:\Program Files\Fichiers communs\ System --------------------\ Process ( 28 Processes ) ... OK ! --------------------\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\ Verification du Registre ..... OK ! --------------------\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-17 10:37:11 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\ Recherche d'autres infections --------------------\ Cracks & Keygens .. C:\DOCUME~1\ADMINI~1\Recent\Keygen.rar.lnk [F:252][D:6]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp [F:22][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies [F:1427][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5 [F:3][D:0]-> C:\Recycled 1 - "C:\Lop SD\LopR_1.txt" - Wed 12/17/2008|10:10 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - Wed 12/17/2008|10:38 - Option : [2] --------------------\ Fin du rapport a 10:38:35

Lyonnais92 · Answer

Bonjour,

c'est probablement un outil qui génère des clés pour cracker des logiciels protégés par des clés d'activation.

Les sites où on les trouve et les fichiers de ce type eux-mêmes sont souvent infectés.

==========

Relance déjà lop S&D cmme dit au post 6 pour supprimer tes pubs.

On verra après pour PCConfidential et les restrictions.

Lyonnais92 · Answer

Re,

Ok, on s'est croisé :)

Fais ceci :

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

abcde · Answer

oui t'as raison lionnais92...j'ai telechargé un logiciel avc in crack ..c vrai ...

..
bon
==========
voici les 2 rapports

===================

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-12-17 11:00:26
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 1 GB (24%) free of 5 GB
Total RAM: 119 MB (6% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:51, on 17-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF039ACA-F681-476F-BAB9-B6A7F923BD92}: NameServer = 41.221.20.4 193.251.169.165
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe

abcde · Answer

et voici le 2eme

=)==============
info.txt logfile of random's system information tool 1.04 2008-12-17 11:02:04

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ADSL Autoconnect-->C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe -u
Avant Browser (remove only)-->"C:\Program Files\Avant Browser\uninst.exe"
Avira AntiVir Personal – Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
cFosSpeed v4.24-->"C:\Program Files\cFosSpeed\setup.exe" -uninstall
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
DrvIcon 4ALGERIA-->"C:\WINDOWS\DrvIcon 4ALGERIA\uninstall.exe" "/U:C:\Program Files\DrvIcon 4ALGERIA\Uninstall\uninstall.xml"
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x40c uninst
EPSON PRINT Image Framer Tool2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x40c anything
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
ESC66 Guide de référence-->C:\Program Files\EPSON\TPMANUAL\ESC66\REF_G\DOCUNINS.EXE
ESC66 Guide des logiciels-->C:\Program Files\EPSON\TPMANUAL\ESC66\PQU_G\DOCUNINS.EXE
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}\SETUP.EXE" -l0x40c anything
SCREEN2EXE-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=SCREEN2EXE
Skype 3.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype add-on for IE-->rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-5QCOO.exe" /REG
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-5QCOO.exe" /REG
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-5QCOO.exe" /REG
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-5QCOO.exe" /REG
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-5QCOO.exe" /REG
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-5QCOO.exe" /REG
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O4 - HKCU\..\Run: [delete trans] C:\DOCUME~1\ADMINI~1\APPLIC~1\CASHCR~1\Log Platform.exe

======Security center information======

AV: Avira AntiVir PersonalEdition (outdated)
FW: COMODO Firewall Pro (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 11 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0b01
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Lyonnais92 · Answer

Re,

tu as téléchargé ceci :

[09/13/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Winferno 

le 13 septembre.

Tu sais ce que c'est ?

je suis toujours sur la piste de PCConfidential.

=================

Il semble que ton antivirus n'est pas à jour.

Tu peux vérifier ?

===========

Il semble que ton parefeu Comodo est désactivé.

le parefeu de Windows est activé ?

==================

C'est toi qui a fixé des lignes dans Hijackthis ?

ou tu as été aidée ?

abcde · Answer

Re, 

tu as téléchargé ceci : 

[09/13/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Winferno 

le 13 septembre. 

Tu sais ce que c'est ? 

je suis toujours sur la piste de PCConfidential. 

=========
bon..je pense que je n'ai jamais telechargeé ce logiciel....bizarre!!!!
que dois-je faire alors!!!est il grave???

================= 

Il semble que ton antivirus n'est pas à jour. 

Tu peux vérifier ? 
===============
ahhhhhhh..t'as raison mon antivir n'est pas a jour...je dois telecharger alors la nouvelle version d'antivir...looooooool
=========== 

Il semble que ton parefeu Comodo est désactivé. 

le parefeu de Windows est activé ? 
=======================
oui normalement qu'il est activé....j'ai rencontré des probleme avec comodo alors je l'ai desinstallé..

================== 

C'est toi qui a fixé des lignes dans Hijackthis ? 

ou tu as été aidée ? 

========================

moi..j'ai fixé qlq ligne tt seule ...
pour les autres je l'ai fixé ici a ccm...et il y a une personne que je connais qui m'a aider ainsi...

abcde · Answer

salut

que dois-je faire mainant svp !???????
est ce que c'est bon????

abcde · Answer

svp!!!!! :-(

Lyonnais92 · Answer

Bonjour,

tu as eu raison de faire remonter le topic.

Tu mets à jour Internet explorer :

démarrer, aide et support, maintenez votre ordinateur à jour ... et tu suis les instructions.


===========


Télécharge Toolbar-S&D (Team IDN) sur ton Bureau :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)

abcde · Answer

si notre version d'xp est illegale est ce qu'on mettre ie a jour? psk j'ai eu un tel probleme et ils m'ont demandé de désactiver l'option des  mises a jour 
==================

le rapport:


   -----------\  ToolBar S&D 1.2.6   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) III CPU             1133MHz )
   BIOS : Award Modular BIOS v6.00PG
   USER : Administrateur ( Administrator )
   BOOT : Normal boot
   Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated)
   Firewall  : COMODO Firewall Pro 3.0 (Not Activated)
   C:\ (Local Disk) - FAT32 - Total:4 Go (Free:1 Go)
   D:\ (Local Disk) - FAT32 - Total:4 Go (Free:4 Go)
   E:\ (Local Disk) - FAT32 - Total:4 Go (Free:4 Go)
   F:\ (Local Disk) - FAT32 - Total:4 Go (Free:4 Go)
   G:\ (CD or DVD)
   H:\ (USB) - FAT - Total:1011 Mo (Free:0 Go)

   "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
   Option : [1] ( Fri 12/19/2008|10:01 )

   -----------\  Recherche de Fichiers / Dossiers ...

   [Service] MyWebSearchService
   C:\Program Files\MyWebSearch
   C:\Program Files\MyWebSearch\SrchAstt
   C:\Program Files\MyWebSearch\SrchAstt\1.bin
   C:\DOCUME~1\ADMINI~1\Cookies\administrateur@software-emule.powered-by.zango[1].txt
   C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll

   -----------\  Extensions

   (Administrateur) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
   (Administrateur) - {EEE6C361-6118-11DC-9C72-001320C79847} => sweetim-toolbar


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://my.yahoo.com/"
   "CustomizeSearch"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
   "Search Bar"="http://www.bing.com/spresults.aspx"
   "SearchAssistant"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
   "CustomizeSearch"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\ADMINI~1\Local Settings\Temporary Internet Files\Content.IE5\I3YR2P8F\Partiton_Magic_v80_Crack[1].htm
   C:\DOCUME~1\ADMINI~1\Local Settings\Temporary Internet Files\Content.IE5\I3YR2P8F\Partiton_Magic_v80_Crack[2].htm
   C:\DOCUME~1\ADMINI~1\Local Settings\Temporary Internet Files\Content.IE5\SWLM5CDB\Partiton_Magic_v80_Crack[1].html
   C:\DOCUME~1\ADMINI~1\Local Settings\Temporary Internet Files\Content.IE5\6NM6G8TJ\Partiton_Magic_v80_Crack[1].htm



   1 - "C:\ToolBar SD\TB_1.txt" - Fri 12/19/2008|10:02 - Option : [1]

   -----------\  Fin du rapport a 10:02:23.85



merci

Lyonnais92 · Answer

Re,

se balader avec un OS illégitime est, en soi, un risque de sécurité.

Les failles de sécurité d'Internet Explorer sont systématiquement utilisées par les auteurs de malwares. Tu peux regarder ce lien par exemple sur les risques encourus :

https://forum.malekal.com/viewtopic.php?f=45&t=12405

Je te conseille donc d'utiliser Firefox et non IE.

Un lien de téléchargement : http://www.commentcamarche.net/telecharger/telecharger 111 firefox

Le téléchargement et l'utilisation de cracks est aussi un danger potentiel.

===============
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

abcde · Answer

voici le rapport : 

   -----------\  ToolBar S&D 1.2.6   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) III CPU             1133MHz )
   BIOS : Award Modular BIOS v6.00PG
   USER : Administrateur ( Administrator )
   BOOT : Normal boot
   Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated)
   Firewall  : COMODO Firewall Pro 3.0 (Not Activated)
   C:\ (Local Disk) - FAT32 - Total:4 Go (Free:1 Go)
   D:\ (Local Disk) - FAT32 - Total:4 Go (Free:4 Go)
   E:\ (Local Disk) - FAT32 - Total:4 Go (Free:4 Go)
   F:\ (Local Disk) - FAT32 - Total:4 Go (Free:4 Go)
   G:\ (CD or DVD)
   H:\ (USB) - FAT - Total:1011 Mo (Free:0 Go)

   "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
   Option : [2] ( Fri 12/19/2008|20:36 )

   -----------\ SUPPRESSION

   Supprime! - [Service] MyWebSearchService
   Supprime! - C:\Program Files\MyWebSearch\SrchAstt
   Supprime! - C:\DOCUME~1\ADMINI~1\Cookies\administrateur@software-emule.powered-by.zango[1].txt
   Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
   Supprime! - C:\Program Files\MyWebSearch

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  Extensions

   (Administrateur) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
   (Administrateur) - {EEE6C361-6118-11DC-9C72-001320C79847} => sweetim-toolbar


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://my.yahoo.com/"
   "CustomizeSearch"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="https://www.msn.com/fr-fr/"
   "Search Bar"="http://www.bing.com/spresults.aspx"
   "SearchAssistant"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
   "CustomizeSearch"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\ADMINI~1\Local Settings\Temporary Internet Files\Content.IE5\I3YR2P8F\Partiton_Magic_v80_Crack[1].htm
   C:\DOCUME~1\ADMINI~1\Local Settings\Temporary Internet Files\Content.IE5\I3YR2P8F\Partiton_Magic_v80_Crack[2].htm
   C:\DOCUME~1\ADMINI~1\Local Settings\Temporary Internet Files\Content.IE5\SWLM5CDB\Partiton_Magic_v80_Crack[1].html
   C:\DOCUME~1\ADMINI~1\Local Settings\Temporary Internet Files\Content.IE5\6NM6G8TJ\Partiton_Magic_v80_Crack[1].htm



   1 - "C:\ToolBar SD\TB_1.txt" - Fri 12/19/2008|10:02 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - Fri 12/19/2008|20:46 - Option : [2]

   -----------\  Fin du rapport a 20:46:40.26



merci lyonnais de m'avertir ..vraiment c'est 'trop' dangereux .....!!!!
mé le plus souvent j'utilise firefox et avant browser 
bonne nuit

Lyonnais92 · Answer

Bonsoir,

remets un rapport RSIT.

abcde · Answer

bonjour....



   -----------\  ToolBar S&D 1.2.6   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) III CPU             1133MHz )
   BIOS : Award Modular BIOS v6.00PG
   USER : Administrateur ( Administrator )
   BOOT : Normal boot
   Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated)
   Firewall  : COMODO Firewall Pro 3.0 (Not Activated)
   C:\ (Local Disk) - FAT32 - Total:4 Go (Free:1 Go)
   D:\ (Local Disk) - FAT32 - Total:4 Go (Free:4 Go)
   E:\ (Local Disk) - FAT32 - Total:4 Go (Free:4 Go)
   F:\ (Local Disk) - FAT32 - Total:4 Go (Free:4 Go)
   G:\ (CD or DVD)
   H:\ (USB) - FAT - Total:1011 Mo (Free:0 Go)

   "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
   Option : [2] ( Sat 12/20/2008|12:38 )

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  Extensions

   (Administrateur) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
   (Administrateur) - {EEE6C361-6118-11DC-9C72-001320C79847} => sweetim-toolbar


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://my.yahoo.com/"
   "CustomizeSearch"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="https://www.msn.com/fr-fr/"
   "Search Bar"="http://www.bing.com/spresults.aspx"
   "SearchAssistant"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
   "CustomizeSearch"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\ADMINI~1\Local Settings\Temporary Internet Files\Content.IE5\I3YR2P8F\Partiton_Magic_v80_Crack[1].htm
   C:\DOCUME~1\ADMINI~1\Local Settings\Temporary Internet Files\Content.IE5\I3YR2P8F\Partiton_Magic_v80_Crack[2].htm
   C:\DOCUME~1\ADMINI~1\Local Settings\Temporary Internet Files\Content.IE5\SWLM5CDB\Partiton_Magic_v80_Crack[1].html
   C:\DOCUME~1\ADMINI~1\Local Settings\Temporary Internet Files\Content.IE5\6NM6G8TJ\Partiton_Magic_v80_Crack[1].htm



   1 - "C:\ToolBar SD\TB_1.txt" - Fri 12/19/2008|10:02 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - Fri 12/19/2008|20:46 - Option : [2]
   3 - "C:\ToolBar SD\TB_3.txt" - Sat 12/20/2008|12:40 - Option : [2]

   -----------\  Fin du rapport a 12:40:56.37

Lyonnais92 · Answer

Bonjour,

remets un rapport RSIT, pas un rapport Toolbar

abcde · Answer

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-12-20 15:17:53
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 1 GB (26%) free of 5 GB
Total RAM: 119 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:06, on 20-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Downloads\Programs\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF039ACA-F681-476F-BAB9-B6A7F923BD92}: NameServer = 41.221.20.4 193.251.169.165
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe

abcde · Answer

bonjour...

c'est koi au juste ce" PCConfidential"??

Lyonnais92 · Answer

Bonjour,

cela semble être un nettoyeur :

http://www.winferno.com/help/pcconfidential/delete_windows_temporary_files.aspx

Il en existe de plus connu.

Je te propose de l'enlever.

Regarde dans Panneau de configuration, Ajoit/suppression de programmes.

Si tu le trouves, désinstalle le.

abcde · Answer

dois-je le desinstaller ??

Lyonnais92 · Answer

re,

nos messages se sont croisés.

Oui, désinstalle le.

abcde · Answer

ben j'ai pas trouvé le PCConfidential dans ajout/supp des programmes mais je l'ai trouvé avec taches planifiées!!!
alors je l'ai supprimé

abcde · Answer

rapport rsit:


Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-12-21 14:54:20
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 1 GB (25%) free of 5 GB
Total RAM: 119 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:00, on 21-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Downloads\Programs\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF039ACA-F681-476F-BAB9-B6A7F923BD92}: NameServer = 41.221.20.4 193.251.169.165
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe

Lyonnais92 · Answer

Re,

    Ouvre le registre et navigue avec les + et les - jusqu'à la clé

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg

    Clique successivement sur Fichier puis sur Exporter et choisis un nom (XXXXXX par exemple). Tu retiens le nom du répertoire (Mes documents par défaut).

    Ferme le registre et ouvre l'explorateur Windows.

    Clique droit sur le fichier et choisis Modifier.

    Le bloc-notes s'ouvre avec le contenu de la clé.

    Copie le dans ta réponse.

abcde · Answer

bonsoir
ouuuuuuuuuuuuuuuuuuuuuuuuf...enfin....c'etait trop dur pour moi pour ouvrir le registre et naviguer jusqu'a 



mais je pense que j'ai réussi:la voici:
 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cFosSpeed]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="cFosSpeed"
"hkey"="HKLM"
"command"="C:\Program Files\cFosSpeed\cFosSpeed.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DrvIcon]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="DrvIcon"
"hkey"="HKLM"
"command"="C:\Program Files\DrvIcon 4ALGERIA\DrvIcon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON Stylus C66 Series]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="E_S4I0S2"
"hkey"="HKLM"
"command"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 \"EPSON Stylus C66 Series\" /O6 \"USB001\" /M \"Stylus C66\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\Program Files\MSN Messenger\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSPY2002]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="ImScInst"
"hkey"="HKLM"
"command"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegPowerClean]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="RegPowerClean"
"hkey"="HKCU"
"command"="\"C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="Yahoo! Pager"
"hkey"="HKCU"
"command"="\"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE\" -quiet"
"inimapping"="0"


bonne nuit

Lyonnais92 · Answer

Bonsoir,

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\Program Files\DrvIcon 4ALGERIA\DrvIcon.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse. 

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

abcde · Answer

salut

c'est ça le rapport?

File size: 45056 bytes
MD5...: 53a63d37acc05e8ffbad4e9a1622ab59
SHA1..: b040e1e621512350c878b2d6984f6d4640054c3d
SHA256: 3ffdb9ac783714dad863b561578cbff9bfd1c42eec77236e53d658cbac2131a7
SHA512: 4bfc07eaae91ed5a52cdd076adc4a29d8ad56b7d50b0541e39ea713d40a9cbea
c72f0bf5b744d7472d093c1871d64275d29b4b601ede55cf2f380a5a2ede8215
ssdeep: 384:S0AYLEWMlhc6y75YAs5bSDYsAWscDQe7rqJAR8vhleky:SnY9MLniGPqVB1i
JA4hjy
PEiD..: -
TrID..: File type identification
Win32 Executable Microsoft Visual Basic 6 (86.2%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.1%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401444
timedatestamp.....: 0x468bfc06 (Wed Jul 04 19:59:02 2007)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x378c 0x4000 5.08 e347d0bafb117c4d1ea87b7982b315f9
.data 0x5000 0xbbc 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x6000 0x4998 0x5000 4.26 858877cbaa323b4b408363a88c9a0a1f

( 1 imports )
> MSVBVM60.DLL: __vbaVarSub, __vbaStrI2, _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, -, _adj_fprem1, -, __vbaForEachCollAd, __vbaStrCat, -, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, -, __vbaLateMemSt, -, __vbaForEachCollObj, __vbaVarForInit, __vbaVarPow, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, -, _CIsin, __vbaNextEachCollObj, -, __vbaChkstk, -, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, -, __vbaObjVar, DllFunctionCall, __vbaCySub, _adj_fpatan, __vbaR8Cy, EVENT_SINK_Release, _CIsqrt, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaExceptHandler, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, __vbaI2Str, -, __vbaFPException, -, __vbaInStrVar, __vbaStrVarVal, __vbaVarCat, -, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, -, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, -, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaStrToAnsi, __vbaVarDup, -, __vbaVarCopy, __vbaVarTstGe, __vbaLateMemCallLd, _CIatan, __vbaCastObj, __vbaI2ErrVar, __vbaStrMove, -, _allmul, __vbaLenVarB, _CItan, __vbaNextEachCollAd, __vbaFPInt, __vbaVarForNext, _CIexp, __vbaFreeStr, __vbaFreeObj

( 0 exports )
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=53a63d37acc05e8ffbad4e9a1622ab59' target='_blank'>https://www.symantec.com?md5=53a63d37acc05e8ffbad4e9a1622ab59</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=53a63d37acc05e8ffbad4e9a1622ab59' target='_blank'>http://research.sunbelt-software.com/...

Lyonnais92 · Answer

Re,

ceci est seulement la fin du rapport.

Avant, tu as le diagnostic des scanners.

Tu as bien fait "réanalyser" ?

abcde · Answer

Antivirus 	Version 	Dernière mise à jour 	Résultat
AhnLab-V3 	2008.12.19.3 	2008.12.21 	-
AntiVir 	7.9.0.45 	2008.12.21 	-
Authentium 	5.1.0.4 	2008.12.21 	-
Avast 	4.8.1281.0 	2008.12.21 	-
AVG 	8.0.0.199 	2008.12.21 	-
BitDefender 	7.2 	2008.12.21 	-
CAT-QuickHeal 	10.00 	2008.12.20 	-
ClamAV 	0.94.1 	2008.12.20 	-
Comodo 	793 	2008.12.21 	-
DrWeb 	4.44.0.09170 	2008.12.21 	-
eSafe 	7.0.17.0 	2008.12.21 	-
eTrust-Vet 	31.6.6271 	2008.12.20 	-
Ewido 	4.0 	2008.12.21 	-
F-Prot 	4.4.4.56 	2008.12.21 	-
F-Secure 	8.0.14332.0 	2008.12.21 	-
Fortinet 	3.117.0.0 	2008.12.21 	-
GData 	19 	2008.12.21 	-
Ikarus 	T3.1.1.45.0 	2008.12.21 	-
K7AntiVirus 	7.10.560 	2008.12.20 	-
Kaspersky 	7.0.0.125 	2008.12.21 	-
McAfee 	5471 	2008.12.21 	-
McAfee+Artemis 	5471 	2008.12.21 	-
Microsoft 	1.4205 	2008.12.21 	-
NOD32 	3709 	2008.12.20 	-
Norman 	5.80.02 	2008.12.19 	-
Panda 	9.0.0.4 	2008.12.21 	-
PCTools 	4.4.2.0 	2008.12.21 	-
Prevx1 	V2 	2008.12.21 	-
Rising 	21.08.62.00 	2008.12.21 	-
SecureWeb-Gateway 	6.7.6 	2008.12.21 	-
Sophos 	4.37.0 	2008.12.21 	-
Sunbelt 	3.2.1801.2 	2008.12.11 	-
Symantec 	10 	2008.12.21 	-
TheHacker 	6.3.1.4.195 	2008.12.20 	-
TrendMicro 	8.700.0.1004 	2008.12.19 	-
VBA32 	3.12.8.10 	2008.12.21 	-
ViRobot 	2008.12.20.1528 	2008.12.21 	-
VirusBuster 	4.5.11.0 	2008.12.21 	-
Information additionnelle
File size: 45056 bytes
MD5...: 53a63d37acc05e8ffbad4e9a1622ab59
SHA1..: b040e1e621512350c878b2d6984f6d4640054c3d
SHA256: 3ffdb9ac783714dad863b561578cbff9bfd1c42eec77236e53d658cbac2131a7
SHA512: 4bfc07eaae91ed5a52cdd076adc4a29d8ad56b7d50b0541e39ea713d40a9cbea
c72f0bf5b744d7472d093c1871d64275d29b4b601ede55cf2f380a5a2ede8215
ssdeep: 384:S0AYLEWMlhc6y75YAs5bSDYsAWscDQe7rqJAR8vhleky:SnY9MLniGPqVB1i
JA4hjy
PEiD..: -
TrID..: File type identification
Win32 Executable Microsoft Visual Basic 6 (86.2%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.1%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401444
timedatestamp.....: 0x468bfc06 (Wed Jul 04 19:59:02 2007)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x378c 0x4000 5.08 e347d0bafb117c4d1ea87b7982b315f9
.data 0x5000 0xbbc 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x6000 0x4998 0x5000 4.26 858877cbaa323b4b408363a88c9a0a1f

( 1 imports )
> MSVBVM60.DLL: __vbaVarSub, __vbaStrI2, _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, -, _adj_fprem1, -, __vbaForEachCollAd, __vbaStrCat, -, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, -, __vbaLateMemSt, -, __vbaForEachCollObj, __vbaVarForInit, __vbaVarPow, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, -, _CIsin, __vbaNextEachCollObj, -, __vbaChkstk, -, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, -, __vbaObjVar, DllFunctionCall, __vbaCySub, _adj_fpatan, __vbaR8Cy, EVENT_SINK_Release, _CIsqrt, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaExceptHandler, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, __vbaI2Str, -, __vbaFPException, -, __vbaInStrVar, __vbaStrVarVal, __vbaVarCat, -, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, -, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, -, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaStrToAnsi, __vbaVarDup, -, __vbaVarCopy, __vbaVarTstGe, __vbaLateMemCallLd, _CIatan, __vbaCastObj, __vbaI2ErrVar, __vbaStrMove, -, _allmul, __vbaLenVarB, _CItan, __vbaNextEachCollAd, __vbaFPInt, __vbaVarForNext, _CIexp, __vbaFreeStr, __vbaFreeObj

( 0 exports )
ThreatExpert info: https://www.symantec.com?md5=53a63d37acc05e8ffbad4e9a1622ab59
CWSandbox info: http://research.sunbelt-software.com/...

Lyonnais92 · Answer

Re,

Télécharge OTMoveIt3 de OldTimer sur ton Bureau en cliquant sur ce lien :

http://oldtimer.geekstogo.com/OTMoveIt3.exe

Double-clique sur OTMoveIt3.exe pour le lancer.

Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.

Copie la liste qui se trouve en gras ci-dessous,

et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".


:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]       => Microsoft Explorer ShellExecuteHooks  
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=-

:files
C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
C:\Program Files\Winferno\RegistryPowerCleaner

:commands
[reboot]


Clique sur "MoveIt!" pour lancer la suppression.

Le résultat apparaitra dans le cadre "Results".

Clique sur "Exit" pour fermer.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .

Normalement, le PC aura redémarré durant la procédure.

abcde · Answer

bonsoir....

Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] => Microsoft Explorer ShellExecuteHooks> in the current context!
Error: Unable to interpret <"{4F07DA45-8170-4859-9B5F-037EF2970034}"=-> in the current context!
========== FILES ==========
File/Folder C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe not found.
File/Folder C:\Program Files\Winferno\RegistryPowerCleaner not found.
========== COMMANDS ==========

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12222008_221817

bonne nuit et a++

Lyonnais92 · Answer

Bonsoir,

tu n'aurais pas omis les : avant reg ?

Si oui, recommence.

abcde · Answer

bonjour
ok...c'est vrai vous avez raison ;-p

Lyonnais92 · Answer

Bonjour,

tu relances et tu postes le rapport ?

abcde · Answer

salut


========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] => Microsoft Explorer ShellExecuteHook not found.
========== FILES ==========
File/Folder C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe not found.
File/Folder C:\Program Files\Winferno\RegistryPowerCleaner not found.
========== COMMANDS ==========
 
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12232008_120942

Lyonnais92 · Answer

Bonjour,

c'est mieux !

Remets un rapport RSIT.

abcde · Answer

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-12-23 12:40:30
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 1 GB (24%) free of 5 GB
Total RAM: 119 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:09, on 23-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Downloads\Programs\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF039ACA-F681-476F-BAB9-B6A7F923BD92}: NameServer = 41.221.20.4 193.251.169.165
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe

Lyonnais92 · Answer

Re,

mets à jour Internet explorer (version 7).

La version 6 est une faille de sécurité très importante.

abcde · Answer

quel dommage!!!!!! je peux pas l'installer !!!!


mais malgré tout merci beaucoup pour votre aide et votre temps 

je pense que mainant le probleme est resolu 

cordialement 
et bon courage

Lyonnais92 · Answer

Re,

comment ça "je ne peux pas l'installer" ?

ca va rester une faille de sécurité et cette faille va devenir de plus en plus dangereuse !

Pages bup "cid"

47 réponses

Votre réponse

Discussions similaires

Newsletters