Posez votre question Signaler

[virus] ouverture fenetre pub + ie tres lent [Résolu]

freddypark 48Messages postés 12 août 2007Date d'inscription 10 mars 2011Dernière intervention - Dernière réponse le 17 févr. 2011 à 06:56

Bonjour,
Comme vous m'avez deja tres bien aidé pour le meme probleme il y a 6 mois je reviens vers vous. donc depuis 1 mois environ ie est tres lent et plante. et depuis une semaine des pages internet souvrent toutes seules avec en plus des pages de pubs :des jeux (tanoth ou Ikarian), des pub antispyware ...
et depuis 2 jours firefox a les meme symptomes
j'ai effectuer un nettoyage ccleaner
d'avance je vous remerci de vous occuper de mon cas ci joint une analyse hijackthis et une analyse
navilog1
que dois je faire ensuite svp
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:53, on 11/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Windows\system32\CISVC.EXE
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\NMSAccessU.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\JMAPP3.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\PowerSave.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUomjKc.dll,#1
O4 - HKLM\..\Run: [6cc17e98] rundll32.exe "C:\Windows\system32\rgxfdvsi.dll",b
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SE946.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\frederic\AppData\Local\Temp\urqPjGvt.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\vtUopOhg.dll,c
O4 - HKCU\..\Run: [6cc17e98] rundll32.exe "C:\Users\frederic\AppData\Local\Temp\wnejmijg.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {3E9BAF2D-7A79-11D2-9334-0000F875AE17} - http://www.allocam.com/nm30.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: EPGService - Unknown owner - J:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

[virus] ouverture fenetre pub + ie tres lent »

Suggestions

[virus] ouverture fenetre pub + ie tres lent
Popups - Ouverture de fenêtres internet publicitaires (pop-up) » Fiches pratiques
Fenetre publicitaire intempestive (Résolu) » Forum
Ouverture fenêtre pub Internet (Résolu) » Forum
Fenetres pub IE à virer ! (Résolu) » Forum
Fenêtre pub IE même hors navigation (Résolu) » Forum

Plus

Réponse

-1

geoffrey5 13786Messages postés 20 mai 2007Date d'inscription 21 mai 2010Dernière intervention 11 juin 2008 à 12:27

Salut !!

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

télécharger sur le bureau Navilog1 : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Si votre antivirus s'affole , le désactiver
= double-clic dessus pour l'installer et le lancer
Quand installé
= taper F
= Appuyer sur une touche jusqu' arriver aux options
= Choisir Recherche ( = taper 1 )
ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes

un rapport : fixnavi.txt
dans ==> C :
le copier et le coller dans la réponse

Ajouter un commentaire - Site web

jlpjlp- 11 juin 2008 à 12:29

slt
il a mis navilog déjà dans le message de depart

Réponse

jlpjlp 50302Messages postés 18 mai 2007Date d'inscription 1 juin 2012Dernière intervention 11 juin 2008 à 12:28

slt
relance hijakchits, fais do a system scan only et selectionne ces lignes et fais fix cheked

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUomjKc.dll,#1
O4 - HKLM\..\Run: [6cc17e98] rundll32.exe "C:\Windows\system32\rgxfdvsi.dll",b
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\frederic\AppData\Local\Temp\urqPjGvt.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\vtUopOhg.dll,c
O4 - HKCU\..\Run: [6cc17e98] rundll32.exe "C:\Users\frederic\AppData\Local\Temp\wnejmijg.dll",b
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O16 - DPF: {3E9BAF2D-7A79-11D2-9334-0000F875AE17} - http://www.allocam.com/nm30.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab

________________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur http://up.sur-la-toile.com/sadW
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Windows\system32\vtUomjKc.dll
C:\Windows\system32\rgxfdvsi.dll
C:\Users\frederic\AppData\Local\Temp\urqPjGvt.dll
C:\Windows\system32\vtUopOhg.dll
C:\Users\frederic\AppData\Local\Temp\wnejmijg.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

______________________
vire ce qui est dans movedfiles en allant dans poste de travail puis C puis OTMOVIT

C:\_OTMoveIt\MovedFiles

_________________

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : http://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t121.htm

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Ajouter un commentaire

Réponse

geoffrey5 13786Messages postés 20 mai 2007Date d'inscription 21 mai 2010Dernière intervention 11 juin 2008 à 12:30

oups :s

- Double-Clic navilog1
- Choisir cette fois option 2 taper 2
note : le bureau disparaît
-Redémarrage du PC en mode normal

- mettre le rapport dans la réponse

Ajouter un commentaire - Site web

Réponse

jlpjlp 50302Messages postés 18 mai 2007Date d'inscription 1 juin 2012Dernière intervention 11 juin 2008 à 12:32

slt encore pas necessaire car rien dans navilog

Ajouter un commentaire

Réponse

geoffrey5 13786Messages postés 20 mai 2007Date d'inscription 21 mai 2010Dernière intervention 11 juin 2008 à 12:34

décidément je n ai vraiment pas fait attention !!

Pour les pubs fais ceci :

Télécharger et enregistrer sur le Bureau LopSD : http://eric.71.mespages.googlepages.com/LopSD.exe

= Double-clic Lop S&D
= Faire l'installation
Fermer toutes les applications
= Le lancer par un double-clic sur le raccourci qui est sur le bureau
Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur
= Taper F pour français , puis presser entrée
= Taper 1
= Presser Entrée
= Le PC va redémarrer
Note= si l'antivirus annonce une infection dans TEMP , l'ignorer
= Attendre l'apparition du rapport
Copier le rapport et le coller dans la réponse
le rapport se trouve aussi à C:\lopR
---------
Relancer Lop S&D

= Choisir cette fois 2

note:
Si le Bureau ne réapparait pas
= Presser Ctrl Alt Suppr
= Dans Fichier => Nouvelle tâche
=> Ecrire: explorer => entrée

puis fait un rapport hijack

Ajouter un commentaire - Site web

Réponse

tenshi002 1332Messages postés 3 août 2005Date d'inscription 20 juillet 2011Dernière intervention 11 juin 2008 à 12:35

non non geoffrey5 pas navi op2.

En plus pas de ligne O2 et O20 donc suspect pour une infection vundo.

Freddypark suit les instructions de jlpjlp. merci

Ajouter un commentaire

Réponse

freddypark 48Messages postés 12 août 2007Date d'inscription 10 mars 2011Dernière intervention 11 juin 2008 à 13:15

Voici le rapport de combofix

ComboFix 08-06-10.3 - frederic 2008-06-11 12:54:15.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1269 [GMT 2:00]
Endroit: C:\Users\frederic\Downloads\killbagle.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\config.ini
C:\Windows\fbdzj.exe
C:\Windows\ftebh.exe
C:\Windows\system32\cemkovlw.dll
C:\Windows\system32\ddcCUomk.dll
C:\Windows\system32\elgmepfq.dll
C:\Windows\System32\ENTDefhk.ini
C:\Windows\System32\ENTDefhk.ini2
C:\Windows\system32\ephukvfl.dll
C:\Windows\system32\evwexbea.dll
C:\Windows\System32\ghOpoUtv.ini
C:\Windows\System32\ghOpoUtv.ini2
C:\Windows\system32\hdrhxgtp.ini
C:\Windows\system32\isvdfxgr.ini
C:\Windows\system32\khfeDTNE.dll
C:\Windows\system32\kmdcrsul.ini
C:\Windows\system32\lusrcdmk.dll
C:\Windows\system32\obchytck.dll
C:\Windows\system32\rynbvksv.dll
C:\Windows\System32\UFNXayay.ini
C:\Windows\system32\urqQhHyA.dll
C:\Windows\system32\xfoykkvm.dll
C:\Windows\system32\yayaXNFU.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 11:03 --------- d-----w C:\ProgramData\STOPzilla!
2008-06-11 10:35 --------- d-----w C:\Program Files\Navilog1
2008-06-11 09:52 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-11 09:27 --------- d-----w C:\Program Files\Trend Micro
2008-06-10 14:00 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-06-10 12:47 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-06-10 10:05 --------- d-----w C:\ProgramData\Google Updater
2008-06-09 10:15 --------- d-----w C:\Users\frederic\AppData\Roaming\GrabIt
2008-06-06 10:48 --------- d-----w C:\Program Files\WarRock
2008-06-04 19:20 --------- d-----w C:\Program Files\GameSpy Arcade
2008-06-04 19:15 --------- d-----w C:\Program Files\Sudden Strike 3
2008-06-04 19:11 278,984 ----a-w C:\Windows\system32\drivers\atksgt.sys
2008-06-04 19:11 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys
2008-06-04 16:24 --------- d-----w C:\Program Files\PulsRadio
2008-06-04 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 12:53 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-06-04 11:58 --------- d-----w C:\Program Files\Microsoft Games
2008-06-04 11:28 --------- d-----w C:\Program Files\DivX
2008-06-04 11:20 --------- d-----w C:\Users\frederic\AppData\Roaming\DivX
2008-06-02 09:12 --------- d-----w C:\Program Files\IEDP2
2008-05-30 16:15 --------- d-----w C:\Users\frederic\AppData\Roaming\gtk-2.0
2008-05-29 10:11 --------- d-----w C:\Program Files\STOPzilla!
2008-05-29 09:13 --------- d-----w C:\Users\frederic\AppData\Roaming\teamspeak2
2008-05-29 08:44 --------- d-----w C:\Program Files\VentSrv
2008-05-29 08:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 09:41 --------- d-----w C:\Program Files\Micro Application
2008-05-24 20:50 --------- d-----w C:\Program Files\RayV
2008-05-23 14:49 --------- d-----w C:\Users\frederic\AppData\Roaming\tunebite
2008-05-20 18:01 --------- d-----w C:\ProgramData\SpinTop Games
2008-05-20 11:52 --------- d-----w C:\ProgramData\Zylom
2008-05-19 22:19 --------- d-----w C:\Program Files\Dream Chronicles 2
2008-05-19 22:14 --------- d-----w C:\Program Files\ReflexiveArcade
2008-05-19 21:58 --------- d-----w C:\ProgramData\PlayFirst
2008-05-19 21:13 --------- d-----w C:\Users\frederic\AppData\Roaming\PlayFirst
2008-05-15 20:41 --------- d-----w C:\Users\frederic\AppData\Roaming\EPSON
2008-05-15 05:41 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-15 05:41 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 14:18 --------- d-----w C:\Program Files\RealArcade
2008-05-14 14:17 --------- d-----w C:\Program Files\Winamp
2008-05-14 14:11 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-14 11:35 --------- d-----w C:\Program Files\Maxi-Motamo
2008-05-14 11:32 --------- d-----w C:\Users\frederic\AppData\Roaming\System
2008-05-13 06:29 --------- d-----w C:\Program Files\GIMP-2.0
2008-05-12 12:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-11 08:36 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-11 08:36 --------- d-----w C:\Program Files\Common Files\Real
2008-05-11 08:35 --------- d-----w C:\Program Files\Real
2008-05-05 21:48 --------- d-----w C:\ProgramData\HipSoft
2008-05-05 10:51 --------- d-----w C:\Program Files\Apple Software Update
2008-04-30 16:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-29 19:44 --------- d-----w C:\Program Files\Google
2008-04-29 15:02 --------- d-----w C:\Program Files\Replay Music 3
2008-04-29 15:01 737,280 ----a-w C:\Windows\iun6002.exe
2008-04-25 09:32 --------- d-----w C:\Users\Emilie\AppData\Roaming\Logitech
2008-04-23 16:16 --------- d-----w C:\Program Files\Freecorder Toolbar
2008-04-23 16:16 --------- d-----w C:\Program Files\Freecorder
2008-04-23 16:16 --------- d-----w C:\Program Files\Conduit
2008-04-23 10:15 --------- d-----w C:\Program Files\LogMeIn
2008-04-20 16:07 --------- d-----w C:\ProgramData\Aliasworlds
2008-04-19 09:29 --------- d-----w C:\ProgramData\Avira
2008-04-19 02:29 --------- d-----w C:\Program Files\Deep Space 3D Screensaver
2008-04-19 02:29 --------- d-----w C:\Program Files\3Planesoft Screensaver Manager
2008-04-19 02:21 --------- d-----w C:\Program Files\SereneScreen
2008-04-14 10:30 --------- d-----w C:\Program Files\Cheat 'O Matic
2008-04-12 17:02 --------- d-----w C:\Program Files\TF1Vision
2008-04-12 10:08 --------- d-----w C:\Program Files\CDex_170b2
2007-12-19 22:18 22,328 ----a-w C:\Users\frederic\AppData\Roaming\PnkBstrK.sys
2007-11-28 12:56 42 ----a-w C:\Program Files\Init
2007-08-31 15:10 174 --sha-w C:\Program Files\desktop.ini
2007-05-28 19:20 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-01-25 01:52 65,536 ----a-w C:\Program Files\Common Files\NMSAccessU.exe
2002-03-11 09:06 1,822,520 ----a-w C:\Users\frederic\instmsiw.exe
2002-03-11 08:45 1,708,856 ----a-w C:\Users\frederic\instmsia.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27D486FB-15CB-40F9-BF92-13081CFB721A}]
C:\Windows\system32\vtUopOhg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Packard Bell Software Suite"="C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2007-10-19 09:24 1790776]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-05-29 13:39 5724184]
"EPSON Stylus DX7400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 16:00 182272]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 21:39 68856]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-05-03 22:23 160592]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-04-14 19:41 262401]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\Windows\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"e-TF1"="C:\Program Files\TF1Vision\TF1vision.exe" [2008-03-05 12:47 397312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-11 10:35 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-19 20:16:46 789008]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-29 21:39:40 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnacVOD]
C:\Program Files\fnacVOD\fnacVOD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DDA51E78-7771-4E60-B0BD-0F909CC19315}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{23F7FA4B-30D2-4D5C-9D74-F99A26741094}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{16C0A37D-D82E-493F-8780-3B80C1DABA51}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{62EB5534-B5C1-452F-BE5E-CFDD57C458B2}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{699D9D3A-4053-4C32-AFE7-97D06CC37056}"= UDP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{F46F3874-B2DF-48C7-B2FE-9AA9A7BDFA47}"= TCP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{8EBC7797-3211-470B-BF78-8B4CAAF1C2DE}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{D597AEE9-2805-41C9-AC55-8756300A8C1A}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{B6CC8583-FBBA-4D90-8460-DFB5E0F8F73F}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{2DFFC29E-85AF-4B4C-B08A-8E4BCA225A4C}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{6E044BC1-3C3D-4A43-A36C-B9FA1F24C2F8}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{85565CB8-D766-4CE1-A1D7-EC2F06D56D0D}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{9E6271DA-D147-4D25-B8DB-4496680E1D2E}"= UDP:C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{6E95B806-4F8A-4BA7-9381-F24557389A3D}"= TCP:C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{13D787A6-DCF2-4651-83BD-D07DA13AC9CF}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{4EAEE5C2-CDA8-4255-99C8-D94DA4E1BCC5}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{DF763F49-9315-400D-828C-FD5B53BF2D13}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{F8F4AE8E-5D89-4FBE-849D-B6480125E811}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{72DCF2D9-2006-403F-813F-FA22245A991B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{EE600911-60C3-4C08-BF88-7FBC6D1784A7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CA211251-5672-4A84-BF2C-BC74450FFA21}"= UDP:C:\Program Files\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{117BA98D-97C1-4AE3-9648-3155F6B740A7}"= TCP:C:\Program Files\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{B186140F-19D9-4566-8F48-575FF5E3A23E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D3239B80-FBF6-40E9-8F48-C49AB64CD28A}C:\\users\\frederic\\desktop\\nexuiz-23\\nexuiz\\nexuiz.exe"= UDP:C:\users\frederic\desktop\nexuiz-23\nexuiz\nexuiz.exe:nexuiz.exe
"UDP Query User{CFCB1908-0B61-463D-94A9-905EE7E01255}C:\\users\\frederic\\desktop\\nexuiz-23\\nexuiz\\nexuiz.exe"= TCP:C:\users\frederic\desktop\nexuiz-23\nexuiz\nexuiz.exe:nexuiz.exe
"{47104578-6A78-4FAD-A71E-35354CC31E5E}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{8912BD10-9BD4-448F-B473-1AB1ECDEE71D}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{4DA9D651-C7B2-468C-831E-4E4B90DD307E}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{076F64E3-0829-4ED9-83D4-EA7996FE6BDC}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{2A38049E-8004-4395-9957-679A4FD2AC49}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{6E5710DE-16B3-4384-AC0E-923DA5C96295}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{79DE53FD-47DF-4EBF-BB8D-599BCCE8C242}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{C857DA63-0306-4D3F-830A-20A80ABB026B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{F19AF496-F1A4-4215-BE45-551EEC2295EA}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{14CE4F04-2D64-4E2E-B4A9-376046425F2C}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{CE89A6E4-3D87-450C-8D2A-6B37E1FAAED0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5A069EA-E9B4-4E8E-A377-430FEB888101}"= UDP:C:\Program Files\RealVNC\VNC4\winvnc4.exe:VNC Server
"{92397BC4-79E1-4FC7-949E-3A2F697953BD}"= TCP:C:\Program Files\RealVNC\VNC4\winvnc4.exe:VNC Server
"TCP Query User{DFDA3337-753C-4906-8AD3-E302ACA0A0AF}C:\\program files\\allocam multi visio\\allocam.exe"= UDP:C:\program files\allocam multi visio\allocam.exe:Multi Video
"UDP Query User{0027B833-14AB-402C-88EF-6BB2A721FB3D}C:\\program files\\allocam multi visio\\allocam.exe"= TCP:C:\program files\allocam multi visio\allocam.exe:Multi Video
"{A9EE2371-9F39-42D3-9468-BA7D3C57780D}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{C72BAA33-E96D-4531-9441-F0EB59A91051}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{111B2816-1B62-454A-9FE5-C5B2B47E107C}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9A8EAE1F-34D5-43F8-96E3-5C1E785BB9A4}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{B205DAAD-B42A-4333-A439-AB8693ACB72A}C:\\program files\\anti-leech\\alie_1.0.2.3\\alhlp.exe"= UDP:C:\program files\anti-leech\alie_1.0.2.3\alhlp.exe:Anti-Leech plugin helper program
"UDP Query User{E90F3CFE-45AF-486F-A62B-EC84DD144481}C:\\program files\\anti-leech\\alie_1.0.2.3\\alhlp.exe"= TCP:C:\program files\anti-leech\alie_1.0.2.3\alhlp.exe:Anti-Leech plugin helper program
"{6A0F86D2-2973-4164-A673-06C54933F0BD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{BB46A7FF-8203-4378-BDB0-D7810F943B6E}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{455C1855-25BA-4157-847A-36BDADDAC47B}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"TCP Query User{67E03889-E93C-4047-9BF5-0DFA6937C0B9}C:\\program files\\safari\\safari.exe"= UDP:C:\program files\safari\safari.exe:Safari Web Browser
"UDP Query User{607202CD-7C77-4A0F-BA58-DE499A85CC3D}C:\\program files\\safari\\safari.exe"= TCP:C:\program files\safari\safari.exe:Safari Web Browser
"{2538D5C3-8E2E-4872-9268-788A942B898C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B3E2F069-D82C-4EF9-ACD9-9CCDEE5BD28A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{065DF47C-B03A-48A9-B87A-16141A964B39}C:\\program files\\warrock\\system\\warrock.exe"= UDP:C:\program files\warrock\system\warrock.exe:WarRock
"UDP Query User{28EFD4CE-930B-4D0B-8B78-784BA7BE7774}C:\\program files\\warrock\\system\\warrock.exe"= TCP:C:\program files\warrock\system\warrock.exe:WarRock
"{F34B3DA7-43F6-4B23-85F6-FBC14F01A52D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{7467093A-3164-4E3F-8754-D25E7C52F8F8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{63037BD3-3934-43A2-8297-85C288F1F229}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{6F501AFF-DE91-4292-A487-8466EE07552B}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"{D456867E-EFB8-47F8-AA13-9F1A2CB859B6}"= UDP:C:\Program Files\RayV\RayV\RayV.exe:RayV
"{0156D569-342C-4AF2-A8D5-CED27026A6C8}"= TCP:C:\Program Files\RayV\RayV\RayV.exe:RayV
"TCP Query User{199AF94B-0162-4F36-9E52-8842FFF3BD07}C:\\program files\\ventsrv\\ventrilo_srv.exe"= UDP:C:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv
"UDP Query User{EBCF9274-59DC-4EF7-85FC-724CB9F00B6B}C:\\program files\\ventsrv\\ventrilo_srv.exe"= TCP:C:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv
"TCP Query User{EF92345B-6085-430B-B6AB-937235612DD4}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= UDP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"UDP Query User{A20B4E94-D633-4F7D-AB24-E0CB7F64C243}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= TCP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"{74DCB3D3-4180-4074-99EA-9B347CF84AF9}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{14A8A063-C4DD-4C4C-9AE6-8FBFFE341E36}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\PROGRA~1\\ALLOCA~1\\allocam.exe"= C:\PROGRA~1\ALLOCA~1\allocam.exe:*:Enabled:Multi Video
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"6667:UDP"= 6667:UDP:*:Enabled:TOTOCAM UDP
"6666:TCP"= 6666:TCP:*:Enabled:TOTOCAM TCP

R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-05-11 09:40]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-04-14 19:41]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-04-14 19:41]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 16:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-08-03 16:09]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 14:13]
R2 NMSAccessU;NMSAccessU;C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 03:52]
R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
S2 EPGService;EPGService;J:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe []
S3 netr73;Sitecom RT73 Wireless Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-05-11 17:40]
S3 USB28xxBGA;WinTV HVR-900;C:\Windows\system32\DRIVERS\emBDA.sys [2007-01-30 02:20]
S3 USB28xxOEM;WinTV OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-01-30 02:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
rsmsvcs REG_MULTI_SZ ntmssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8be4d5da-0d1e-11dc-9843-806e6f6e6963}]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7d92368-a33f-11dc-93d1-0018f3097dae}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-05 21:57:04 C:\Windows\Tasks\Auto Backup for frederic.job"
- C:\Program Files\Packard Bell\Packard Bell Software Suite\DSMsg.exe
"2008-06-11 10:45:25 C:\Windows\Tasks\User_Feed_Synchronization-{AF5C0371-3DE2-44D7-8718-0ABBC62C52B3}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 13:03:35
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\CISVC.EXE
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\System32\conime.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\dllhost.exe
C:\Windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-11 13:12:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 11:11:45

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.

324 --- E O F --- 2008-05-30 09:25:22

Ajouter un commentaire

Réponse

geoffrey5 13786Messages postés 20 mai 2007Date d'inscription 21 mai 2010Dernière intervention 11 juin 2008 à 13:18

Télécharger et enregistrer sur le Bureau LopSD : http://eric.71.mespages.googlepages.com/LopSD.exe

= Double-clic Lop S&D
= Faire l'installation
Fermer toutes les applications
= Le lancer par un double-clic sur le raccourci qui est sur le bureau
Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur
= Taper F pour français , puis presser entrée
= Taper 1
= Presser Entrée
= Le PC va redémarrer
Note= si l'antivirus annonce une infection dans TEMP , l'ignorer
= Attendre l'apparition du rapport
Copier le rapport et le coller dans la réponse
le rapport se trouve aussi à C:\lopR
---------
Relancer Lop S&D

= Choisir cette fois 2

note:
Si le Bureau ne réapparait pas
= Presser Ctrl Alt Suppr
= Dans Fichier => Nouvelle tâche
=> Ecrire: explorer => entrée

puis fait un rapport hijack

Ajouter un commentaire - Site web

Réponse

freddypark 48Messages postés 12 août 2007Date d'inscription 10 mars 2011Dernière intervention 11 juin 2008 à 13:22

-----------------------[ Lop S&D 4.2.1-3 XP/Vista ]---------------------

[ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
[ USER : frederic ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 11/06/2008 | 13:18:35,56 ] [ PC : PC-DE-FREDERIC ]
[ MAJ : 07-06-2008 | 22:15 ]
[ UAC => 0 ]

-------------[ Listing des dossiers dans Application Data ]------------

[31/03/2008|16:37] C:\Users\frederic\AppData\Roaming\ACD Systems\ACDSeePhotoEditor

[14/12/2007|17:13] C:\Users\frederic\AppData\Roaming\Adobe\Flash Player
[01/06/2007|17:46] C:\Users\frederic\AppData\Roaming\Adobe\Linguistics
[01/06/2007|17:45] C:\Users\frederic\AppData\Roaming\Adobe\Acrobat

[17/09/2007|23:45] C:\Users\frederic\AppData\Roaming\Ahead\NeroVision
[02/09/2007|15:39] C:\Users\frederic\AppData\Roaming\Ahead\Nero Recode
[09/07/2007|17:26] C:\Users\frederic\AppData\Roaming\Ahead\Nero Burning ROM

[21/05/2008|16:30] C:\Users\frederic\AppData\Roaming\AntiVir PersonalEdition Premium\MCACHEDB
[21/11/2007|19:39] C:\Users\frederic\AppData\Roaming\AntiVir PersonalEdition Premium\MAIL
[25/10/2007|12:36] C:\Users\frederic\AppData\Roaming\AntiVir PersonalEdition Premium\MCACHE

[07/06/2008|12:57] C:\Users\frederic\AppData\Roaming\Apple Computer\iTunes
[12/05/2008|14:35] C:\Users\frederic\AppData\Roaming\Apple Computer\Safari

[19/10/2007|14:44] C:\Users\frederic\AppData\Roaming\Arcsoft\Arcsoft PhotoImpression 5
[19/10/2007|14:43] C:\Users\frederic\AppData\Roaming\Arcsoft\ArcRegister
[19/10/2007|14:43] C:\Users\frederic\AppData\Roaming\Arcsoft\PhotoBase

[07/12/2007|01:15] C:\Users\frederic\AppData\Roaming\Datalayer\353946012526221

[04/06/2008|13:20] C:\Users\frederic\AppData\Roaming\DivX\DivX Player
[02/09/2007|16:26] C:\Users\frederic\AppData\Roaming\DivX\DivX Codec

[22/09/2007|22:28] C:\Users\frederic\AppData\Roaming\dvdcss\-0000000000000000
[06/09/2007|15:49] C:\Users\frederic\AppData\Roaming\dvdcss\-0ab928000ab97c00-0000000000
[04/09/2007|12:30] C:\Users\frederic\AppData\Roaming\dvdcss\-0d7320000d73d500-0000000000
[02/09/2007|14:27] C:\Users\frederic\AppData\Roaming\dvdcss\MERCENARY_FOR_JUSTICE-2006090117542100
[02/09/2007|14:22] C:\Users\frederic\AppData\Roaming\dvdcss\OVER_THE_HEDGE-3230303730393032
[02/09/2007|13:45] C:\Users\frederic\AppData\Roaming\dvdcss\OVER_THE_HEDGE-2006100613471900
[30/07/2007|21:36] C:\Users\frederic\AppData\Roaming\dvdcss\POLTERGAY-2007031316250800
[28/07/2007|16:48] C:\Users\frederic\AppData\Roaming\dvdcss\ECOLE_POUR_TOUS-2007022616390300-07aef40a64
[09/07/2007|16:09] C:\Users\frederic\AppData\Roaming\dvdcss\BANLIEUE_13-0000000000000000-0000000001
[01/07/2007|17:24] C:\Users\frederic\AppData\Roaming\dvdcss\WAIKA_DVD1-2006091411581600

[15/05/2008|22:41] C:\Users\frederic\AppData\Roaming\EPSON\ESCNDV
[31/03/2008|12:30] C:\Users\frederic\AppData\Roaming\EPSON\Creativity Suite

[16/06/2007|14:12] C:\Users\frederic\AppData\Roaming\F-Secure\System Control
[28/05/2007|20:51] C:\Users\frederic\AppData\Roaming\F-Secure\Spam Control

[11/06/2008|11:52] C:\Users\frederic\AppData\Roaming\Google\Local Search History
[13/07/2007|15:32] C:\Users\frederic\AppData\Roaming\Google\GoogleEarth

[09/06/2008|12:15] C:\Users\frederic\AppData\Roaming\GrabIt\Articles
[09/06/2008|12:15] C:\Users\frederic\AppData\Roaming\GrabIt\Temp
[26/04/2008|13:28] C:\Users\frederic\AppData\Roaming\GrabIt\Groups

[29/09/2007|00:26] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-JM9C-24JLMUCREVUJ}
[18/09/2007|16:45] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-LH31-23G9CBQV6VVM}
[18/09/2007|16:11] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG1-FP6A-248DTTL0QVVP}
[14/09/2007|21:59] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-4A90-24BL1LF8IVV6}
[14/09/2007|21:36] C:\Users\frederic\AppData\Roaming\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVIP}
[28/05/2007|17:04] C:\Users\frederic\AppData\Roaming\Identities\{AA352D25-1FA1-4C11-98C9-F59EE5CC16B8}

[26/08/2007|00:12] C:\Users\frederic\AppData\Roaming\InstallShield\ISEngine12.0

[25/03/2008|23:11] C:\Users\frederic\AppData\Roaming\iWin\PollyPride

[20/03/2008|02:16] C:\Users\frederic\AppData\Roaming\Logitech\SetPoint

[11/06/2008|11:56] C:\Users\frederic\AppData\Roaming\Macromedia\Flash Player

[10/06/2008|14:23] C:\Users\frederic\AppData\Roaming\Microsoft\Excel
[10/06/2008|13:30] C:\Users\frederic\AppData\Roaming\Microsoft\Word
[29/05/2008|21:36] C:\Users\frederic\AppData\Roaming\Microsoft\Office
[18/05/2008|23:57] C:\Users\frederic\AppData\Roaming\Microsoft\Templates
[14/05/2008|16:12] C:\Users\frederic\AppData\Roaming\Microsoft\Installer
[24/04/2008|08:58] C:\Users\frederic\AppData\Roaming\Microsoft\Credentials
[14/04/2008|17:39] C:\Users\frederic\AppData\Roaming\Microsoft\Publisher
[25/01/2008|17:12] C:\Users\frederic\AppData\Roaming\Microsoft\digital locker
[04/01/2008|17:29] C:\Users\frederic\AppData\Roaming\Microsoft\Windows
[13/12/2007|01:20] C:\Users\frederic\AppData\Roaming\Microsoft\InfoPath
[23/11/2007|01:11] C:\Users\frederic\AppData\Roaming\Microsoft\CLR Security Config
[22/11/2007|18:28] C:\Users\frederic\AppData\Roaming\Microsoft\CLView
[21/11/2007|19:41] C:\Users\frederic\AppData\Roaming\Microsoft\Outlook
[15/09/2007|12:01] C:\Users\frederic\AppData\Roaming\Microsoft\MSN Messenger
[15/09/2007|00:25] C:\Users\frederic\AppData\Roaming\Microsoft\UProof
[30/08/2007|12:56] C:\Users\frederic\AppData\Roaming\Microsoft\Internet Explorer
[22/08/2007|18:14] C:\Users\frederic\AppData\Roaming\Microsoft\Speech
[12/08/2007|14:10] C:\Users\frederic\AppData\Roaming\Microsoft\MMC
[06/08/2007|00:02] C:\Users\frederic\AppData\Roaming\Microsoft\Proof
[06/08/2007|00:02] C:\Users\frederic\AppData\Roaming\Microsoft\Document Building Blocks
[06/08/2007|00:02] C:\Users\frederic\AppData\Roaming\Microsoft\AddIns
[06/08/2007|00:01] C:\Users\frederic\AppData\Roaming\Microsoft\OIS
[11/07/2007|14:26] C:\Users\frederic\AppData\Roaming\Microsoft\Windows Live Call
[11/07/2007|14:26] C:\Users\frederic\AppData\Roaming\Microsoft\IdentityCRL
[28/06/2007|17:29] C:\Users\frederic\AppData\Roaming\Microsoft\Media Player
[22/06/2007|18:11] C:\Users\frederic\AppData\Roaming\Microsoft\eHome
[30/05/2007|16:24] C:\Users\frederic\AppData\Roaming\Microsoft\HTML Help
[29/05/2007|16:35] C:\Users\frederic\AppData\Roaming\Microsoft\SystemCertificates
[29/05/2007|16:34] C:\Users\frederic\AppData\Roaming\Microsoft\Crypto
[28/05/2007|17:04] C:\Users\frederic\AppData\Roaming\Microsoft\Protect

[28/03/2008|19:43] C:\Users\frederic\AppData\Roaming\Mozilla\Firefox

[13/06/2007|13:53] C:\Users\frederic\AppData\Roaming\NCH Swift Sound\SoundTap

[10/12/2007|00:30] C:\Users\frederic\AppData\Roaming\Nokia\Music Manager
[09/12/2007|22:43] C:\Users\frederic\AppData\Roaming\Nokia\LaunchApplication
[09/12/2007|22:43] C:\Users\frederic\AppData\Roaming\Nokia\GetConnectedWizard
[09/12/2007|22:38] C:\Users\frederic\AppData\Roaming\Nokia\ContactsEditor
[07/12/2007|01:12] C:\Users\frederic\AppData\Roaming\Nokia\PCSync

[29/07/2007|13:09] C:\Users\frederic\AppData\Roaming\OpenOffice.org2\user

[06/08/2007|10:42] C:\Users\frederic\AppData\Roaming\Paltalk\profile repository
[20/07/2007|11:41] C:\Users\frederic\AppData\Roaming\Paltalk\overlays
[20/07/2007|11:37] C:\Users\frederic\AppData\Roaming\Paltalk\groups

[25/11/2007|13:56] C:\Users\frederic\AppData\Roaming\Panasonic\phdb

[09/12/2007|23:06] C:\Users\frederic\AppData\Roaming\PC Suite\353946012526221
[09/12/2007|22:36] C:\Users\frederic\AppData\Roaming\PC Suite\Settings

[20/05/2008|13:42] C:\Users\frederic\AppData\Roaming\PlayFirst\dreamchronicles2
[17/01/2008|02:00] C:\Users\frederic\AppData\Roaming\PlayFirst\dreamchronicles
[09/07/2007|21:40] C:\Users\frederic\AppData\Roaming\PlayFirst\chocolatier
[15/06/2007|01:44] C:\Users\frederic\AppData\Roaming\PlayFirst\mysteryofsharkisland

[11/06/2008|11:52] C:\Users\frederic\AppData\Roaming\Real\RealPlayer
[11/05/2008|10:36] C:\Users\frederic\AppData\Roaming\Real\Msg
[11/05/2008|10:35] C:\Users\frederic\AppData\Roaming\Real\rnadmin
[30/08/2007|18:02] C:\Users\frederic\AppData\Roaming\Real\RealMediaSDK

[29/11/2007|22:43] C:\Users\frederic\AppData\Roaming\SecuROM\UserData

[29/11/2007|22:44] C:\Users\frederic\AppData\Roaming\Sierra Entertainment\Empire Earth III

[06/08/2007|10:35] C:\Users\frederic\AppData\Roaming\SlySoft\AnyDVD

[13/09/2007|12:13] C:\Users\frederic\AppData\Roaming\Sony Corporation\SonicStage
[31/07/2007|15:40] C:\Users\frederic\AppData\Roaming\Sony Corporation\OpenMG Jukebox

[06/02/2008|23:07] C:\Users\frederic\AppData\Roaming\Thunderbird\Profiles

[02/01/2008|19:19] C:\Users\frederic\AppData\Roaming\U3\00001871157015B2
[02/01/2008|19:17] C:\Users\frederic\AppData\Roaming\U3\temp

[10/06/2007|14:23] C:\Users\frederic\AppData\Roaming\UseNeXT\cache

[18/03/2008|19:47] C:\Users\frederic\AppData\Roaming\vlc\cache

[29/09/2007|00:26] C:\Users\frederic\AppData\Roaming\Zylom\2092
[18/09/2007|16:45] C:\Users\frederic\AppData\Roaming\Zylom\147
[18/09/2007|16:11] C:\Users\frederic\AppData\Roaming\Zylom\38
[14/09/2007|21:59] C:\Users\frederic\AppData\Roaming\Zylom\43
[14/09/2007|21:36] C:\Users\frederic\AppData\Roaming\Zylom\106

----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

[05/06/2008 23:57][--a------] C:\Windows\tasks\Auto Backup for frederic.job
[11/06/2008 12:45][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{AF5C0371-3DE2-44D7-8718-0ABBC62C52B3}.job
[11/06/2008 13:01][--ah-----] C:\Windows\tasks\SA.DAT
[11/06/2008 13:00][--a------] C:\Windows\tasks\SCHEDLGU.TXT

------[ Listing des dossiers dans C:\ProgramData ]------

[22/01/2008|21:47] C:\ProgramData\.zreglib
[31/03/2008|16:37] C:\ProgramData\ACD Systems
[25/08/2007|13:03] C:\ProgramData\addr_file.html
[05/02/2008|21:56] C:\ProgramData\Adobe
[29/06/2007|16:42] C:\ProgramData\Age of Empires 3
[02/09/2007|15:33] C:\ProgramData\Ahead
[20/04/2008|18:07] C:\ProgramData\Aliasworlds
[06/11/2007|17:05] C:\ProgramData\Apple
[10/04/2008|17:09] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[19/04/2008|11:29] C:\ProgramData\Avira
[23/08/2007|19:58] C:\ProgramData\BC Soft Games
[28/05/2007|16:26] C:\ProgramData\Bureau
[01/07/2007|21:26] C:\ProgramData\C9B086CE-4A3B-11DB-8373-B622A1EF5492
[28/05/2007|15:30] C:\ProgramData\CanonBJ
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[09/12/2007|22:37] C:\ProgramData\Downloaded Installations
[02/09/2007|14:28] C:\ProgramData\DVD Shrink
[30/09/2007|10:02] C:\ProgramData\Enkord
[16/03/2008|18:06] C:\ProgramData\EPSON
[28/05/2007|16:26] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[25/08/2007|13:05] C:\ProgramData\F-Secure
[28/05/2007|19:31] C:\ProgramData\fssg
[29/04/2008|21:40] C:\ProgramData\Google
[11/06/2008|13:13] C:\ProgramData\Google Updater
[05/05/2008|23:48] C:\ProgramData\HipSoft
[14/12/2007|13:26] C:\ProgramData\Installations
[28/05/2007|21:36] C:\ProgramData\JollyBear
[18/08/2007|12:34] C:\ProgramData\Lavasoft
[19/03/2008|20:21] C:\ProgramData\LogiShrd
[19/03/2008|20:16] C:\ProgramData\Logitech
[28/05/2007|16:26] C:\ProgramData\Menu D‚marrer
[02/01/2008|17:58] C:\ProgramData\Microsoft
[15/05/2008|07:41] C:\ProgramData\Microsoft Help
[28/05/2007|16:26] C:\ProgramData\ModŠles
[10/09/2007|23:17] C:\ProgramData\n7-89-o9-3r-4t-r9
[19/11/2007|19:38] C:\ProgramData\NCH Software
[08/07/2007|12:31] C:\ProgramData\Nero
[10/06/2008|18:25] C:\ProgramData\ntuser.pol
[05/12/2007|16:45] C:\ProgramData\NVIDIA
[14/06/2007|23:56] C:\ProgramData\Oberon Media
[09/12/2007|22:45] C:\ProgramData\PC Suite
[19/05/2008|23:58] C:\ProgramData\PlayFirst
[18/08/2007|12:53] C:\ProgramData\PopCap Games
[05/12/2007|21:44] C:\ProgramData\RapidSolution
[23/07/2007|13:40] C:\ProgramData\RoboForm
[16/03/2008|16:56] C:\ProgramData\SITEguard
[06/08/2007|10:34] C:\ProgramData\SlySoft
[31/07/2007|15:40] C:\ProgramData\SonicStage
[31/07/2007|15:40] C:\ProgramData\Sony Corporation
[20/05/2008|20:01] C:\ProgramData\SpinTop Games
[11/06/2008|11:52] C:\ProgramData\Spybot - Search & Destroy
[28/06/2007|15:56] C:\ProgramData\SRS Labs
[02/11/2006|15:02] C:\ProgramData\Start Menu
[11/06/2008|13:17] C:\ProgramData\STOPzilla!
[30/06/2007|19:10] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[14/09/2007|17:42] C:\ProgramData\tunebite
[16/03/2008|13:30] C:\ProgramData\UDL
[31/12/2007|13:32] C:\ProgramData\Winamp Toolbar
[30/05/2007|14:14] C:\ProgramData\Windows Genuine Advantage
[04/09/2007|12:23] C:\ProgramData\WindowsLiveInstaller
[10/11/2007|13:16] C:\ProgramData\WLInstaller
[31/05/2007|14:11] C:\ProgramData\Yahoo! Companion
[20/05/2008|13:52] C:\ProgramData\Zylom

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[19/04/2008|04:29] C:\Program Files\3Planesoft Screensaver Manager
[16/03/2008|13:26] C:\Program Files\ABBYY FineReader 6.0 Sprint
[02/09/2007|16:00] C:\Program Files\AC3Filter
[31/03/2008|16:37] C:\Program Files\ACD Systems
[05/02/2008|21:56] C:\Program Files\Adobe
[29/11/2007|22:32] C:\Program Files\AGEIA Technologies
[21/11/2007|22:26] C:\Program Files\Alex Feinman
[05/05/2008|12:51] C:\Program Files\Apple Software Update
[19/10/2007|14:37] C:\Program Files\ArcSoft
[22/10/2007|23:33] C:\Program Files\Avira
[14/05/2008|16:11] C:\Program Files\AviSynth 2.5
[21/03/2008|20:22] C:\Program Files\CCleaner
[12/04/2008|12:08] C:\Program Files\CDex_170b2
[14/04/2008|12:30] C:\Program Files\Cheat 'O Matic
[04/06/2008|14:53] C:\Program Files\Common Files
[23/04/2008|18:16] C:\Program Files\Conduit
[19/04/2008|04:29] C:\Program Files\Deep Space 3D Screensaver
[31/08/2007|17:10] C:\Program Files\desktop.ini
[09/12/2007|22:36] C:\Program Files\DIFX
[04/06/2008|13:28] C:\Program Files\DivX
[20/05/2008|00:19] C:\Program Files\Dream Chronicles 2
[30/07/2007|22:01] C:\Program Files\DVD Shrink
[16/03/2008|13:28] C:\Program Files\epson
[28/05/2007|16:26] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[13/11/2007|00:00] C:\Program Files\FLVPlayer
[01/03/2008|13:22] C:\Program Files\Free Audio Pack
[23/04/2008|18:16] C:\Program Files\Freecorder
[23/04/2008|18:16] C:\Program Files\Freecorder Toolbar
[04/06/2008|21:20] C:\Program Files\GameSpy Arcade
[25/01/2008|17:16] C:\Program Files\Ghost Navigator
[13/05/2008|08:29] C:\Program Files\GIMP-2.0
[29/04/2008|21:44] C:\Program Files\Google
[02/02/2008|21:04] C:\Program Files\GrabIt
[02/06/2008|11:12] C:\Program Files\IEDP2
[20/07/2007|18:10] C:\Program Files\iGO POI Explorer beta
[28/11/2007|14:56] C:\Program Files\Init
[04/06/2008|14:53] C:\Program Files\InstallShield Installation Information
[10/04/2008|16:49] C:\Program Files\Internet Explorer
[10/04/2008|17:09] C:\Program Files\iPod
[13/06/2007|13:19] C:\Program Files\i-Sound Pro
[10/04/2008|17:09] C:\Program Files\iTunes
[25/03/2008|23:05] C:\Program Files\Java
[18/08/2007|12:34] C:\Program Files\Lavasoft
[19/03/2008|20:16] C:\Program Files\Logitech
[23/04/2008|12:15] C:\Program Files\LogMeIn
[16/07/2007|20:57] C:\Program Files\Macrogaming
[14/05/2008|13:35] C:\Program Files\Maxi-Motamo
[24/01/2008|17:52] C:\Program Files\Metaboli Player
[27/05/2008|11:41] C:\Program Files\Micro Application
[04/06/2008|13:58] C:\Program Files\Microsoft Games
[30/05/2007|16:12] C:\Program Files\Microsoft LifeCam
[05/08/2007|23:56] C:\Program Files\Microsoft Office
[30/04/2008|18:42] C:\Program Files\Microsoft Silverlight
[28/10/2007|13:55] C:\Program Files\Microsoft SQL Server Compact Edition
[05/08/2007|23:56] C:\Program Files\Microsoft Visual Studio
[05/08/2007|23:47] C:\Program Files\Microsoft Visual Studio 8
[05/08/2007|23:58] C:\Program Files\Microsoft Works
[05/08/2007|23:52] C:\Program Files\Microsoft.NET
[20/07/2007|14:24] C:\Program Files\Mio Technology
[02/09/2007|14:54] C:\Program Files\MKVToolnix
[02/11/2006|14:42] C:\Program Files\Movie Maker
[22/04/2008|16:44] C:\Program Files\Mozilla Firefox
[21/03/2008|19:35] C:\Program Files\Mozilla Thunderbird
[05/08/2007|23:57] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[30/06/2007|00:34] C:\Program Files\MSXML 4.0
[22/06/2007|17:47] C:\Program Files\MuvExToE
[11/06/2008|12:35] C:\Program Files\Navilog1
[01/07/2007|17:08] C:\Program Files\NCH Swift Sound
[08/07/2007|12:31] C:\Program Files\Nero
[14/12/2007|13:33] C:\Program Files\Nokia
[26/08/2007|01:33] C:\Program Files\OpenAL
[05/12/2007|20:00] C:\Program Files\Packard Bell
[05/12/2007|20:01] C:\Program Files\Packard Bell External HDD
[19/10/2007|14:33] C:\Program Files\Panasonic
[14/12/2007|13:31] C:\Program Files\PC Connectivity Solution
[12/08/2007|14:04] C:\Program Files\PROnetworks
[04/06/2008|18:24] C:\Program Files\PulsRadio
[09/06/2007|21:02] C:\Program Files\QuickPar
[10/04/2008|17:08] C:\Program Files\QuickTime
[01/07/2007|21:24] C:\Program Files\Rapid Solution Software AG
[24/05/2008|22:50] C:\Program Files\RayV
[11/05/2008|10:35] C:\Program Files\Real
[14/05/2008|16:18] C:\Program Files\RealArcade
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[20/05/2008|00:14] C:\Program Files\ReflexiveArcade
[21/03/2008|20:33] C:\Program Files\RegCleaner
[17/01/2008|17:58] C:\Program Files\Replay Media Catcher
[29/04/2008|17:02] C:\Program Files\Replay Music 3
[05/12/2007|21:44] C:\Program Files\Ripp-it_AM
[28/05/2007|21:20] C:\Program Files\RngInterstitial.dll
[02/01/2008|17:54] C:\Program Files\SAGEM
[06/06/2007|12:47] C:\Program Files\Screamer Radio
[19/04/2008|04:21] C:\Program Files\SereneScreen
[23/07/2007|13:39] C:\Program Files\Siber Systems
[29/12/2007|16:36] C:\Program Files\Simpli Software
[02/01/2008|17:42] C:\Program Files\Sitecom
[21/01/2008|23:25] C:\Program Files\SlySoft
[22/11/2007|18:33] C:\Program Files\Softland
[13/09/2007|12:01] C:\Program Files\Sony
[06/08/2007|12:32] C:\Program Files\Spybot - Search & Destroy
[29/05/2008|12:11] C:\Program Files\STOPzilla!
[31/03/2008|17:53] C:\Program Files\StudioLine Photo Classic
[04/06/2008|21:15] C:\Program Files\Sudden Strike 3
[10/06/2008|14:47] C:\Program Files\Teamspeak2_RC2
[12/04/2008|19:02] C:\Program Files\TF1Vision
[11/06/2008|11:27] C:\Program Files\Trend Micro
[16/01/2008|23:16] C:\Program Files\Tunebite
[19/11/2007|22:47] C:\Program Files\UltraISO
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[29/05/2008|10:44] C:\Program Files\VentSrv
[09/06/2007|21:27] C:\Program Files\VideoLAN
[19/11/2007|22:52] C:\Program Files\VirtualDubMOD
[01/07/2007|17:03] C:\Program Files\vso
[20/12/2007|14:14] C:\Program Files\vtplus
[06/06/2008|12:48] C:\Program Files\WarRock
[14/05/2008|16:17] C:\Program Files\Winamp
[31/12/2007|13:32] C:\Program Files\Winamp Toolbar
[30/08/2007|11:22] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[28/05/2007|19:18] C:\Program Files\Windows Defender
[27/02/2008|23:42] C:\Program Files\Windows Live
[15/05/2008|07:41] C:\Program Files\Windows Mail
[08/01/2008|18:41] C:\Program Files\Windows Media Player
[28/05/2007|16:26] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[10/01/2008|02:12] C:\Program Files\Windows Sidebar
[24/01/2008|02:06] C:\Program Files\WinHTTrack
[14/02/2008|17:37] C:\Program Files\WinRAR
[20/12/2007|14:14] C:\Program Files\WinTV
[17/01/2008|23:10] C:\Program Files\Yahoo!

------[ Listing des dossiers dans C:\Program Files\Common Files ]------

[31/03/2008|16:37] C:\Program Files\Common Files\ACD Systems
[12/05/2008|14:06] C:\Program Files\Common Files\Adobe
[08/07/2007|12:36] C:\Program Files\Common Files\Ahead
[10/12/2007|19:22] C:\Program Files\Common Files\Apple
[19/10/2007|14:40] C:\Program Files\Common Files\ArcSoft
[29/12/2007|12:53] C:\Program Files\Common Files\Canon
[25/01/2008|17:14] C:\Program Files\Common Files\Concord
[05/08/2007|23:56] C:\Program Files\Common Files\DESIGNER
[19/11/2007|22:47] C:\Program Files\Common Files\EZB Systems
[02/01/2008|17:59] C:\Program Files\Common Files\France Telecom
[31/03/2008|12:25] C:\Program Files\Common Files\InstallShield
[06/08/2007|23:57] C:\Program Files\Common Files\iS3
[20/12/2007|14:14] C:\Program Files\Common Files\IviSDK
[31/05/2007|14:54] C:\Program Files\Common Files\Java
[19/03/2008|20:17] C:\Program Files\Common Files\Logishrd
[18/10/2007|15:37] C:\Program Files\Common Files\Logitech
[04/06/2008|14:53] C:\Program Files\Common Files\Microsoft Games
[19/03/2008|20:20] C:\Program Files\Common Files\microsoft shared
[25/01/2007|03:52] C:\Program Files\Common Files\NMSAccessU.exe
[14/12/2007|13:33] C:\Program Files\Common Files\Nokia
[14/12/2007|13:33] C:\Program Files\Common Files\PCSuite
[02/09/2007|15:50] C:\Program Files\Common Files\PX Storage Engine
[11/05/2008|10:36] C:\Program Files\Common Files\Real
[17/01/2008|23:10] C:\Program Files\Common Files\Scanner
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[31/07/2007|15:30] C:\Program Files\Common Files\Sony Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[05/08/2007|23:47] C:\Program Files\Common Files\System
[10/11/2007|13:21] C:\Program Files\Common Files\WindowsLiveInstaller
[29/05/2008|10:42] C:\Program Files\Common Files\Wise Installation Wizard
[11/05/2008|10:36] C:\Program Files\Common Files\xing shared

---------------------------[ Process ]--------------------------

... 75

iexplore.exe ~ [4876]

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 13:18:58
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack
=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack\SetupAnyDVD6160.exe
=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack.nfo
=> C:\Users\frederic\Favorites\5octo\This Site is LikeCrack.com -- Like Crack.url
=> C:\Users\frederic\Favorites\KEYGEN.url
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack\game
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack\game\dream2.exe

[F:4][D:1]-> C:\Users\frederic\AppData\Local\Temp
[F:27][D:1]-> C:\Users\frederic\AppData\Roaming\MICROS~1\Windows\Cookies
[F:113][D:4]-> C:\Users\frederic\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:60][D:4]-> C:\$Recycle.Bin

[ UAC => 1 ]

--------------------[ Fin du rapport a 13:19:30,66 ]----------------------

Ajouter un commentaire

Réponse

geoffrey5 13786Messages postés 20 mai 2007Date d'inscription 21 mai 2010Dernière intervention 11 juin 2008 à 13:27

ok ensuite :

Télécharger sur le bureau malware bytes : http://www.besttechie.net/tools/mbam-setup.exe

= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection

un rapport s'ouvre le copier et le coller dans la réponse

Puis redémarrer le pc !!

Et refais un rapport hijackthis

Ajouter un commentaire - Site web

Réponse

jlpjlp 50302Messages postés 18 mai 2007Date d'inscription 1 juin 2012Dernière intervention 11 juin 2008 à 13:28

vires ces cracks suspects:

=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack
=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack\SetupAnyDVD6160.exe
=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack.nfo
=> C:\Users\frederic\Favorites\5octo\This Site is LikeCrack.com -- Like Crack.url
=> C:\Users\frederic\Favorites\KEYGEN.url
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack\game
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack\game\dream2.exe

_________________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur http://up.sur-la-toile.com/sadW
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27D486FB-15CB-40F9-BF92-13081CFB721A}
C:\Windows\system32\vtUopOhg.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

______________________
vire ce qui est dans movedfiles en allant dans poste de travail puis C puis OTMOVIT

C:\_OTMoveIt\MovedFiles

_______________________

recolle un rapport hijackthis et colle un rapport antivir et dis tes soucis actuels

Ajouter un commentaire

Réponse

freddypark 48Messages postés 12 août 2007Date d'inscription 10 mars 2011Dernière intervention 11 juin 2008 à 13:34

-----------------------[ Lop S&D 4.2.1-3 XP/Vista ]---------------------

[ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
[ USER : frederic ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 11/06/2008 | 13:27:47,06 ] [ PC : PC-DE-FREDERIC ]
[ MAJ : 07-06-2008 | 22:15 ]
[ UAC => 0 ]

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Listing des dossiers dans Application Data ]------------

[31/03/2008|16:37] C:\Users\frederic\AppData\Roaming\ACD Systems\ACDSeePhotoEditor

[14/12/2007|17:13] C:\Users\frederic\AppData\Roaming\Adobe\Flash Player
[01/06/2007|17:46] C:\Users\frederic\AppData\Roaming\Adobe\Linguistics
[01/06/2007|17:45] C:\Users\frederic\AppData\Roaming\Adobe\Acrobat

[17/09/2007|23:45] C:\Users\frederic\AppData\Roaming\Ahead\NeroVision
[02/09/2007|15:39] C:\Users\frederic\AppData\Roaming\Ahead\Nero Recode
[09/07/2007|17:26] C:\Users\frederic\AppData\Roaming\Ahead\Nero Burning ROM

[21/05/2008|16:30] C:\Users\frederic\AppData\Roaming\AntiVir PersonalEdition Premium\MCACHEDB
[21/11/2007|19:39] C:\Users\frederic\AppData\Roaming\AntiVir PersonalEdition Premium\MAIL
[25/10/2007|12:36] C:\Users\frederic\AppData\Roaming\AntiVir PersonalEdition Premium\MCACHE

[07/06/2008|12:57] C:\Users\frederic\AppData\Roaming\Apple Computer\iTunes
[12/05/2008|14:35] C:\Users\frederic\AppData\Roaming\Apple Computer\Safari

[19/10/2007|14:44] C:\Users\frederic\AppData\Roaming\Arcsoft\Arcsoft PhotoImpression 5
[19/10/2007|14:43] C:\Users\frederic\AppData\Roaming\Arcsoft\ArcRegister
[19/10/2007|14:43] C:\Users\frederic\AppData\Roaming\Arcsoft\PhotoBase

[07/12/2007|01:15] C:\Users\frederic\AppData\Roaming\Datalayer\353946012526221

[04/06/2008|13:20] C:\Users\frederic\AppData\Roaming\DivX\DivX Player
[02/09/2007|16:26] C:\Users\frederic\AppData\Roaming\DivX\DivX Codec

[22/09/2007|22:28] C:\Users\frederic\AppData\Roaming\dvdcss\-0000000000000000
[06/09/2007|15:49] C:\Users\frederic\AppData\Roaming\dvdcss\-0ab928000ab97c00-0000000000
[04/09/2007|12:30] C:\Users\frederic\AppData\Roaming\dvdcss\-0d7320000d73d500-0000000000
[02/09/2007|14:27] C:\Users\frederic\AppData\Roaming\dvdcss\MERCENARY_FOR_JUSTICE-2006090117542100
[02/09/2007|14:22] C:\Users\frederic\AppData\Roaming\dvdcss\OVER_THE_HEDGE-3230303730393032
[02/09/2007|13:45] C:\Users\frederic\AppData\Roaming\dvdcss\OVER_THE_HEDGE-2006100613471900
[30/07/2007|21:36] C:\Users\frederic\AppData\Roaming\dvdcss\POLTERGAY-2007031316250800
[28/07/2007|16:48] C:\Users\frederic\AppData\Roaming\dvdcss\ECOLE_POUR_TOUS-2007022616390300-07aef40a64
[09/07/2007|16:09] C:\Users\frederic\AppData\Roaming\dvdcss\BANLIEUE_13-0000000000000000-0000000001
[01/07/2007|17:24] C:\Users\frederic\AppData\Roaming\dvdcss\WAIKA_DVD1-2006091411581600

[15/05/2008|22:41] C:\Users\frederic\AppData\Roaming\EPSON\ESCNDV
[31/03/2008|12:30] C:\Users\frederic\AppData\Roaming\EPSON\Creativity Suite

[16/06/2007|14:12] C:\Users\frederic\AppData\Roaming\F-Secure\System Control
[28/05/2007|20:51] C:\Users\frederic\AppData\Roaming\F-Secure\Spam Control

[11/06/2008|11:52] C:\Users\frederic\AppData\Roaming\Google\Local Search History
[13/07/2007|15:32] C:\Users\frederic\AppData\Roaming\Google\GoogleEarth

[09/06/2008|12:15] C:\Users\frederic\AppData\Roaming\GrabIt\Articles
[09/06/2008|12:15] C:\Users\frederic\AppData\Roaming\GrabIt\Temp
[26/04/2008|13:28] C:\Users\frederic\AppData\Roaming\GrabIt\Groups

[29/09/2007|00:26] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-JM9C-24JLMUCREVUJ}
[18/09/2007|16:45] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-LH31-23G9CBQV6VVM}
[18/09/2007|16:11] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG1-FP6A-248DTTL0QVVP}
[14/09/2007|21:59] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-4A90-24BL1LF8IVV6}
[14/09/2007|21:36] C:\Users\frederic\AppData\Roaming\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVIP}
[28/05/2007|17:04] C:\Users\frederic\AppData\Roaming\Identities\{AA352D25-1FA1-4C11-98C9-F59EE5CC16B8}

[26/08/2007|00:12] C:\Users\frederic\AppData\Roaming\InstallShield\ISEngine12.0

[25/03/2008|23:11] C:\Users\frederic\AppData\Roaming\iWin\PollyPride

[20/03/2008|02:16] C:\Users\frederic\AppData\Roaming\Logitech\SetPoint

[11/06/2008|11:56] C:\Users\frederic\AppData\Roaming\Macromedia\Flash Player

[10/06/2008|14:23] C:\Users\frederic\AppData\Roaming\Microsoft\Excel
[10/06/2008|13:30] C:\Users\frederic\AppData\Roaming\Microsoft\Word
[29/05/2008|21:36] C:\Users\frederic\AppData\Roaming\Microsoft\Office
[18/05/2008|23:57] C:\Users\frederic\AppData\Roaming\Microsoft\Templates
[14/05/2008|16:12] C:\Users\frederic\AppData\Roaming\Microsoft\Installer
[24/04/2008|08:58] C:\Users\frederic\AppData\Roaming\Microsoft\Credentials
[14/04/2008|17:39] C:\Users\frederic\AppData\Roaming\Microsoft\Publisher
[25/01/2008|17:12] C:\Users\frederic\AppData\Roaming\Microsoft\digital locker
[04/01/2008|17:29] C:\Users\frederic\AppData\Roaming\Microsoft\Windows
[13/12/2007|01:20] C:\Users\frederic\AppData\Roaming\Microsoft\InfoPath
[23/11/2007|01:11] C:\Users\frederic\AppData\Roaming\Microsoft\CLR Security Config
[22/11/2007|18:28] C:\Users\frederic\AppData\Roaming\Microsoft\CLView
[21/11/2007|19:41] C:\Users\frederic\AppData\Roaming\Microsoft\Outlook
[15/09/2007|12:01] C:\Users\frederic\AppData\Roaming\Microsoft\MSN Messenger
[15/09/2007|00:25] C:\Users\frederic\AppData\Roaming\Microsoft\UProof
[30/08/2007|12:56] C:\Users\frederic\AppData\Roaming\Microsoft\Internet Explorer
[22/08/2007|18:14] C:\Users\frederic\AppData\Roaming\Microsoft\Speech
[12/08/2007|14:10] C:\Users\frederic\AppData\Roaming\Microsoft\MMC
[06/08/2007|00:02] C:\Users\frederic\AppData\Roaming\Microsoft\Proof
[06/08/2007|00:02] C:\Users\frederic\AppData\Roaming\Microsoft\Document Building Blocks
[06/08/2007|00:02] C:\Users\frederic\AppData\Roaming\Microsoft\AddIns
[06/08/2007|00:01] C:\Users\frederic\AppData\Roaming\Microsoft\OIS
[11/07/2007|14:26] C:\Users\frederic\AppData\Roaming\Microsoft\Windows Live Call
[11/07/2007|14:26] C:\Users\frederic\AppData\Roaming\Microsoft\IdentityCRL
[28/06/2007|17:29] C:\Users\frederic\AppData\Roaming\Microsoft\Media Player
[22/06/2007|18:11] C:\Users\frederic\AppData\Roaming\Microsoft\eHome
[30/05/2007|16:24] C:\Users\frederic\AppData\Roaming\Microsoft\HTML Help
[29/05/2007|16:35] C:\Users\frederic\AppData\Roaming\Microsoft\SystemCertificates
[29/05/2007|16:34] C:\Users\frederic\AppData\Roaming\Microsoft\Crypto
[28/05/2007|17:04] C:\Users\frederic\AppData\Roaming\Microsoft\Protect

[28/03/2008|19:43] C:\Users\frederic\AppData\Roaming\Mozilla\Firefox

[13/06/2007|13:53] C:\Users\frederic\AppData\Roaming\NCH Swift Sound\SoundTap

[10/12/2007|00:30] C:\Users\frederic\AppData\Roaming\Nokia\Music Manager
[09/12/2007|22:43] C:\Users\frederic\AppData\Roaming\Nokia\LaunchApplication
[09/12/2007|22:43] C:\Users\frederic\AppData\Roaming\Nokia\GetConnectedWizard
[09/12/2007|22:38] C:\Users\frederic\AppData\Roaming\Nokia\ContactsEditor
[07/12/2007|01:12] C:\Users\frederic\AppData\Roaming\Nokia\PCSync

[29/07/2007|13:09] C:\Users\frederic\AppData\Roaming\OpenOffice.org2\user

[06/08/2007|10:42] C:\Users\frederic\AppData\Roaming\Paltalk\profile repository
[20/07/2007|11:41] C:\Users\frederic\AppData\Roaming\Paltalk\overlays
[20/07/2007|11:37] C:\Users\frederic\AppData\Roaming\Paltalk\groups

[25/11/2007|13:56] C:\Users\frederic\AppData\Roaming\Panasonic\phdb

[09/12/2007|23:06] C:\Users\frederic\AppData\Roaming\PC Suite\353946012526221
[09/12/2007|22:36] C:\Users\frederic\AppData\Roaming\PC Suite\Settings

[20/05/2008|13:42] C:\Users\frederic\AppData\Roaming\PlayFirst\dreamchronicles2
[17/01/2008|02:00] C:\Users\frederic\AppData\Roaming\PlayFirst\dreamchronicles
[09/07/2007|21:40] C:\Users\frederic\AppData\Roaming\PlayFirst\chocolatier
[15/06/2007|01:44] C:\Users\frederic\AppData\Roaming\PlayFirst\mysteryofsharkisland

[11/06/2008|11:52] C:\Users\frederic\AppData\Roaming\Real\RealPlayer
[11/05/2008|10:36] C:\Users\frederic\AppData\Roaming\Real\Msg
[11/05/2008|10:35] C:\Users\frederic\AppData\Roaming\Real\rnadmin
[30/08/2007|18:02] C:\Users\frederic\AppData\Roaming\Real\RealMediaSDK

[29/11/2007|22:43] C:\Users\frederic\AppData\Roaming\SecuROM\UserData

[29/11/2007|22:44] C:\Users\frederic\AppData\Roaming\Sierra Entertainment\Empire Earth III

[06/08/2007|10:35] C:\Users\frederic\AppData\Roaming\SlySoft\AnyDVD

[13/09/2007|12:13] C:\Users\frederic\AppData\Roaming\Sony Corporation\SonicStage
[31/07/2007|15:40] C:\Users\frederic\AppData\Roaming\Sony Corporation\OpenMG Jukebox

[06/02/2008|23:07] C:\Users\frederic\AppData\Roaming\Thunderbird\Profiles

[02/01/2008|19:19] C:\Users\frederic\AppData\Roaming\U3\00001871157015B2
[02/01/2008|19:17] C:\Users\frederic\AppData\Roaming\U3\temp

[10/06/2007|14:23] C:\Users\frederic\AppData\Roaming\UseNeXT\cache

[18/03/2008|19:47] C:\Users\frederic\AppData\Roaming\vlc\cache

[29/09/2007|00:26] C:\Users\frederic\AppData\Roaming\Zylom\2092
[18/09/2007|16:45] C:\Users\frederic\AppData\Roaming\Zylom\147
[18/09/2007|16:11] C:\Users\frederic\AppData\Roaming\Zylom\38
[14/09/2007|21:59] C:\Users\frederic\AppData\Roaming\Zylom\43
[14/09/2007|21:36] C:\Users\frederic\AppData\Roaming\Zylom\106

----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

[05/06/2008 23:57][--a------] C:\Windows\tasks\Auto Backup for frederic.job
[11/06/2008 12:45][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{AF5C0371-3DE2-44D7-8718-0ABBC62C52B3}.job
[11/06/2008 13:25][--ah-----] C:\Windows\tasks\SA.DAT
[11/06/2008 13:24][--a------] C:\Windows\tasks\SCHEDLGU.TXT

------[ Listing des dossiers dans C:\ProgramData ]------

[22/01/2008|21:47] C:\ProgramData\.zreglib
[31/03/2008|16:37] C:\ProgramData\ACD Systems
[25/08/2007|13:03] C:\ProgramData\addr_file.html
[05/02/2008|21:56] C:\ProgramData\Adobe
[29/06/2007|16:42] C:\ProgramData\Age of Empires 3
[02/09/2007|15:33] C:\ProgramData\Ahead
[20/04/2008|18:07] C:\ProgramData\Aliasworlds
[06/11/2007|17:05] C:\ProgramData\Apple
[10/04/2008|17:09] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[19/04/2008|11:29] C:\ProgramData\Avira
[23/08/2007|19:58] C:\ProgramData\BC Soft Games
[28/05/2007|16:26] C:\ProgramData\Bureau
[01/07/2007|21:26] C:\ProgramData\C9B086CE-4A3B-11DB-8373-B622A1EF5492
[28/05/2007|15:30] C:\ProgramData\CanonBJ
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[09/12/2007|22:37] C:\ProgramData\Downloaded Installations
[02/09/2007|14:28] C:\ProgramData\DVD Shrink
[30/09/2007|10:02] C:\ProgramData\Enkord
[16/03/2008|18:06] C:\ProgramData\EPSON
[28/05/2007|16:26] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[25/08/2007|13:05] C:\ProgramData\F-Secure
[28/05/2007|19:31] C:\ProgramData\fssg
[29/04/2008|21:40] C:\ProgramData\Google
[11/06/2008|13:13] C:\ProgramData\Google Updater
[05/05/2008|23:48] C:\ProgramData\HipSoft
[14/12/2007|13:26] C:\ProgramData\Installations
[28/05/2007|21:36] C:\ProgramData\JollyBear
[18/08/2007|12:34] C:\ProgramData\Lavasoft
[19/03/2008|20:21] C:\ProgramData\LogiShrd
[19/03/2008|20:16] C:\ProgramData\Logitech
[28/05/2007|16:26] C:\ProgramData\Menu D‚marrer
[02/01/2008|17:58] C:\ProgramData\Microsoft
[15/05/2008|07:41] C:\ProgramData\Microsoft Help
[28/05/2007|16:26] C:\ProgramData\ModŠles
[10/09/2007|23:17] C:\ProgramData\n7-89-o9-3r-4t-r9
[19/11/2007|19:38] C:\ProgramData\NCH Software
[08/07/2007|12:31] C:\ProgramData\Nero
[10/06/2008|18:25] C:\ProgramData\ntuser.pol
[05/12/2007|16:45] C:\ProgramData\NVIDIA
[14/06/2007|23:56] C:\ProgramData\Oberon Media
[09/12/2007|22:45] C:\ProgramData\PC Suite
[19/05/2008|23:58] C:\ProgramData\PlayFirst
[18/08/2007|12:53] C:\ProgramData\PopCap Games
[05/12/2007|21:44] C:\ProgramData\RapidSolution
[23/07/2007|13:40] C:\ProgramData\RoboForm
[16/03/2008|16:56] C:\ProgramData\SITEguard
[06/08/2007|10:34] C:\ProgramData\SlySoft
[31/07/2007|15:40] C:\ProgramData\SonicStage
[31/07/2007|15:40] C:\ProgramData\Sony Corporation
[20/05/2008|20:01] C:\ProgramData\SpinTop Games
[11/06/2008|11:52] C:\ProgramData\Spybot - Search & Destroy
[28/06/2007|15:56] C:\ProgramData\SRS Labs
[02/11/2006|15:02] C:\ProgramData\Start Menu
[11/06/2008|13:27] C:\ProgramData\STOPzilla!
[30/06/2007|19:10] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[14/09/2007|17:42] C:\ProgramData\tunebite
[16/03/2008|13:30] C:\ProgramData\UDL
[31/12/2007|13:32] C:\ProgramData\Winamp Toolbar
[30/05/2007|14:14] C:\ProgramData\Windows Genuine Advantage
[04/09/2007|12:23] C:\ProgramData\WindowsLiveInstaller
[10/11/2007|13:16] C:\ProgramData\WLInstaller
[31/05/2007|14:11] C:\ProgramData\Yahoo! Companion
[20/05/2008|13:52] C:\ProgramData\Zylom

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[19/04/2008|04:29] C:\Program Files\3Planesoft Screensaver Manager
[16/03/2008|13:26] C:\Program Files\ABBYY FineReader 6.0 Sprint
[02/09/2007|16:00] C:\Program Files\AC3Filter
[31/03/2008|16:37] C:\Program Files\ACD Systems
[05/02/2008|21:56] C:\Program Files\Adobe
[29/11/2007|22:32] C:\Program Files\AGEIA Technologies
[21/11/2007|22:26] C:\Program Files\Alex Feinman
[05/05/2008|12:51] C:\Program Files\Apple Software Update
[19/10/2007|14:37] C:\Program Files\ArcSoft
[22/10/2007|23:33] C:\Program Files\Avira
[14/05/2008|16:11] C:\Program Files\AviSynth 2.5
[21/03/2008|20:22] C:\Program Files\CCleaner
[12/04/2008|12:08] C:\Program Files\CDex_170b2
[14/04/2008|12:30] C:\Program Files\Cheat 'O Matic
[04/06/2008|14:53] C:\Program Files\Common Files
[23/04/2008|18:16] C:\Program Files\Conduit
[19/04/2008|04:29] C:\Program Files\Deep Space 3D Screensaver
[31/08/2007|17:10] C:\Program Files\desktop.ini
[09/12/2007|22:36] C:\Program Files\DIFX
[04/06/2008|13:28] C:\Program Files\DivX
[20/05/2008|00:19] C:\Program Files\Dream Chronicles 2
[30/07/2007|22:01] C:\Program Files\DVD Shrink
[16/03/2008|13:28] C:\Program Files\epson
[28/05/2007|16:26] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[13/11/2007|00:00] C:\Program Files\FLVPlayer
[01/03/2008|13:22] C:\Program Files\Free Audio Pack
[23/04/2008|18:16] C:\Program Files\Freecorder
[23/04/2008|18:16] C:\Program Files\Freecorder Toolbar
[04/06/2008|21:20] C:\Program Files\GameSpy Arcade
[25/01/2008|17:16] C:\Program Files\Ghost Navigator
[13/05/2008|08:29] C:\Program Files\GIMP-2.0
[29/04/2008|21:44] C:\Program Files\Google
[02/02/2008|21:04] C:\Program Files\GrabIt
[02/06/2008|11:12] C:\Program Files\IEDP2
[20/07/2007|18:10] C:\Program Files\iGO POI Explorer beta
[28/11/2007|14:56] C:\Program Files\Init
[04/06/2008|14:53] C:\Program Files\InstallShield Installation Information
[10/04/2008|16:49] C:\Program Files\Internet Explorer
[10/04/2008|17:09] C:\Program Files\iPod
[13/06/2007|13:19] C:\Program Files\i-Sound Pro
[10/04/2008|17:09] C:\Program Files\iTunes
[25/03/2008|23:05] C:\Program Files\Java
[18/08/2007|12:34] C:\Program Files\Lavasoft
[19/03/2008|20:16] C:\Program Files\Logitech
[23/04/2008|12:15] C:\Program Files\LogMeIn
[16/07/2007|20:57] C:\Program Files\Macrogaming
[14/05/2008|13:35] C:\Program Files\Maxi-Motamo
[24/01/2008|17:52] C:\Program Files\Metaboli Player
[27/05/2008|11:41] C:\Program Files\Micro Application
[04/06/2008|13:58] C:\Program Files\Microsoft Games
[30/05/2007|16:12] C:\Program Files\Microsoft LifeCam
[05/08/2007|23:56] C:\Program Files\Microsoft Office
[30/04/2008|18:42] C:\Program Files\Microsoft Silverlight
[28/10/2007|13:55] C:\Program Files\Microsoft SQL Server Compact Edition
[05/08/2007|23:56] C:\Program Files\Microsoft Visual Studio
[05/08/2007|23:47] C:\Program Files\Microsoft Visual Studio 8
[05/08/2007|23:58] C:\Program Files\Microsoft Works
[05/08/2007|23:52] C:\Program Files\Microsoft.NET
[20/07/2007|14:24] C:\Program Files\Mio Technology
[02/09/2007|14:54] C:\Program Files\MKVToolnix
[02/11/2006|14:42] C:\Program Files\Movie Maker
[22/04/2008|16:44] C:\Program Files\Mozilla Firefox
[21/03/2008|19:35] C:\Program Files\Mozilla Thunderbird
[05/08/2007|23:57] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[30/06/2007|00:34] C:\Program Files\MSXML 4.0
[22/06/2007|17:47] C:\Program Files\MuvExToE
[11/06/2008|12:35] C:\Program Files\Navilog1
[01/07/2007|17:08] C:\Program Files\NCH Swift Sound
[08/07/2007|12:31] C:\Program Files\Nero
[14/12/2007|13:33] C:\Program Files\Nokia
[26/08/2007|01:33] C:\Program Files\OpenAL
[05/12/2007|20:00] C:\Program Files\Packard Bell
[05/12/2007|20:01] C:\Program Files\Packard Bell External HDD
[19/10/2007|14:33] C:\Program Files\Panasonic
[14/12/2007|13:31] C:\Program Files\PC Connectivity Solution
[12/08/2007|14:04] C:\Program Files\PROnetworks
[04/06/2008|18:24] C:\Program Files\PulsRadio
[09/06/2007|21:02] C:\Program Files\QuickPar
[10/04/2008|17:08] C:\Program Files\QuickTime
[01/07/2007|21:24] C:\Program Files\Rapid Solution Software AG
[24/05/2008|22:50] C:\Program Files\RayV
[11/05/2008|10:35] C:\Program Files\Real
[14/05/2008|16:18] C:\Program Files\RealArcade
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[20/05/2008|00:14] C:\Program Files\ReflexiveArcade
[21/03/2008|20:33] C:\Program Files\RegCleaner
[17/01/2008|17:58] C:\Program Files\Replay Media Catcher
[29/04/2008|17:02] C:\Program Files\Replay Music 3
[05/12/2007|21:44] C:\Program Files\Ripp-it_AM
[28/05/2007|21:20] C:\Program Files\RngInterstitial.dll
[02/01/2008|17:54] C:\Program Files\SAGEM
[06/06/2007|12:47] C:\Program Files\Screamer Radio
[19/04/2008|04:21] C:\Program Files\SereneScreen
[23/07/2007|13:39] C:\Program Files\Siber Systems
[29/12/2007|16:36] C:\Program Files\Simpli Software
[02/01/2008|17:42] C:\Program Files\Sitecom
[21/01/2008|23:25] C:\Program Files\SlySoft
[22/11/2007|18:33] C:\Program Files\Softland
[13/09/2007|12:01] C:\Program Files\Sony
[06/08/2007|12:32] C:\Program Files\Spybot - Search & Destroy
[29/05/2008|12:11] C:\Program Files\STOPzilla!
[31/03/2008|17:53] C:\Program Files\StudioLine Photo Classic
[04/06/2008|21:15] C:\Program Files\Sudden Strike 3
[10/06/2008|14:47] C:\Program Files\Teamspeak2_RC2
[12/04/2008|19:02] C:\Program Files\TF1Vision
[11/06/2008|11:27] C:\Program Files\Trend Micro
[16/01/2008|23:16] C:\Program Files\Tunebite
[19/11/2007|22:47] C:\Program Files\UltraISO
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[29/05/2008|10:44] C:\Program Files\VentSrv
[09/06/2007|21:27] C:\Program Files\VideoLAN
[19/11/2007|22:52] C:\Program Files\VirtualDubMOD
[01/07/2007|17:03] C:\Program Files\vso
[20/12/2007|14:14] C:\Program Files\vtplus
[06/06/2008|12:48] C:\Program Files\WarRock
[14/05/2008|16:17] C:\Program Files\Winamp
[31/12/2007|13:32] C:\Program Files\Winamp Toolbar
[30/08/2007|11:22] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[28/05/2007|19:18] C:\Program Files\Windows Defender
[27/02/2008|23:42] C:\Program Files\Windows Live
[15/05/2008|07:41] C:\Program Files\Windows Mail
[08/01/2008|18:41] C:\Program Files\Windows Media Player
[28/05/2007|16:26] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[10/01/2008|02:12] C:\Program Files\Windows Sidebar
[24/01/2008|02:06] C:\Program Files\WinHTTrack
[14/02/2008|17:37] C:\Program Files\WinRAR
[20/12/2007|14:14] C:\Program Files\WinTV
[17/01/2008|23:10] C:\Program Files\Yahoo!

------[ Listing des dossiers dans C:\Program Files\Common Files ]------

[31/03/2008|16:37] C:\Program Files\Common Files\ACD Systems
[12/05/2008|14:06] C:\Program Files\Common Files\Adobe
[08/07/2007|12:36] C:\Program Files\Common Files\Ahead
[10/12/2007|19:22] C:\Program Files\Common Files\Apple
[19/10/2007|14:40] C:\Program Files\Common Files\ArcSoft
[29/12/2007|12:53] C:\Program Files\Common Files\Canon
[25/01/2008|17:14] C:\Program Files\Common Files\Concord
[05/08/2007|23:56] C:\Program Files\Common Files\DESIGNER
[19/11/2007|22:47] C:\Program Files\Common Files\EZB Systems
[02/01/2008|17:59] C:\Program Files\Common Files\France Telecom
[31/03/2008|12:25] C:\Program Files\Common Files\InstallShield
[06/08/2007|23:57] C:\Program Files\Common Files\iS3
[20/12/2007|14:14] C:\Program Files\Common Files\IviSDK
[31/05/2007|14:54] C:\Program Files\Common Files\Java
[19/03/2008|20:17] C:\Program Files\Common Files\Logishrd
[18/10/2007|15:37] C:\Program Files\Common Files\Logitech
[04/06/2008|14:53] C:\Program Files\Common Files\Microsoft Games
[19/03/2008|20:20] C:\Program Files\Common Files\microsoft shared
[25/01/2007|03:52] C:\Program Files\Common Files\NMSAccessU.exe
[14/12/2007|13:33] C:\Program Files\Common Files\Nokia
[14/12/2007|13:33] C:\Program Files\Common Files\PCSuite
[02/09/2007|15:50] C:\Program Files\Common Files\PX Storage Engine
[11/05/2008|10:36] C:\Program Files\Common Files\Real
[17/01/2008|23:10] C:\Program Files\Common Files\Scanner
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[31/07/2007|15:30] C:\Program Files\Common Files\Sony Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[05/08/2007|23:47] C:\Program Files\Common Files\System
[10/11/2007|13:21] C:\Program Files\Common Files\WindowsLiveInstaller
[29/05/2008|10:42] C:\Program Files\Common Files\Wise Installation Wizard
[11/05/2008|10:36] C:\Program Files\Common Files\xing shared

---------------------------[ Process ]--------------------------

... 65

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 13:28:47
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack
=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack\SetupAnyDVD6160.exe
=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack.nfo
=> C:\Users\frederic\Favorites\5octo\This Site is LikeCrack.com -- Like Crack.url
=> C:\Users\frederic\Favorites\KEYGEN.url
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack\game
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack\game\dream2.exe

[F:5][D:1]-> C:\Users\frederic\AppData\Local\Temp
[F:27][D:1]-> C:\Users\frederic\AppData\Roaming\MICROS~1\Windows\Cookies
[F:33][D:4]-> C:\Users\frederic\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:60][D:4]-> C:\$Recycle.Bin

[ UAC => 1 ]

--------------------[ Fin du rapport a 13:30:21,34 ]----------------------

merci je continue :-)

Ajouter un commentaire

Réponse

geoffrey5 13786Messages postés 20 mai 2007Date d'inscription 21 mai 2010Dernière intervention 11 juin 2008 à 13:39

Télécharger sur le bureau malware bytes : http://www.besttechie.net/tools/mbam-setup.exe

= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection

un rapport s'ouvre le copier et le coller dans la réponse

Puis redémarrer le pc !!

Et refais un rapport hijackthis

Ajouter un commentaire - Site web

Réponse

jlpjlp 50302Messages postés 18 mai 2007Date d'inscription 1 juin 2012Dernière intervention 11 juin 2008 à 13:51

message 12

Ajouter un commentaire

Réponse

freddypark 48Messages postés 12 août 2007Date d'inscription 10 mars 2011Dernière intervention 11 juin 2008 à 14:09

re,

j'ai tenté 2 fois un scan malwarebytes mais j'ai eu droit 2 fois a un ecran BLEU :

Signature du problème :
Nom d’événement de problème: BlueScreen
Version du système: 6.0.6000.2.0.0.768.3
Identificateur de paramètres régionaux: 1036

Informations supplémentaires sur le problème :
BCCode: 1000007e
BCP1: C0000005
BCP2: 00000000
BCP3: 883D07B0
BCP4: 883D04AC
OS Version: 6_0_6000
Service Pack: 0_0
Product: 768_1

Fichiers aidant à décrire le problème :
C:\Windows\Minidump\Mini061108-02.dmp
C:\Users\frederic\AppData\Local\Temp\WER-278570-0.sysdata.xml
C:\Users\frederic\AppData\Local\Temp\WER6621.tmp.version.txt

Lire notre déclaration de confidentialité :
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x040c

je fait un hijackthis ...

Ajouter un commentaire

Réponse

freddypark 48Messages postés 12 août 2007Date d'inscription 10 mars 2011Dernière intervention 11 juin 2008 à 14:10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:43, on 11/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {27D486FB-15CB-40F9-BF92-13081CFB721A} - C:\Windows\system32\vtUopOhg.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {E49BA462-5C96-48C5-AEF9-A1A32BA1D3F1} - C:\Windows\system32\urqQhHyA.dll
O2 - BHO: {34448226-1e5f-dddb-6694-96842f55142f} - {f24155f2-4869-4966-bddd-f5e162284443} - C:\Windows\system32\rynbvksv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqQhHyA.dll,#1
O4 - HKLM\..\Run: [6cc17e98] rundll32.exe "C:\Windows\system32\lusrcdmk.dll",b
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SE946.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {3E9BAF2D-7A79-11D2-9334-0000F875AE17} - http://www.allocam.com/nm30.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: EPGService - Unknown owner - J:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

Ajouter un commentaire

Réponse

jlpjlp 50302Messages postés 18 mai 2007Date d'inscription 1 juin 2012Dernière intervention 11 juin 2008 à 14:11

ok relance hijakchits, fais do a system scan only, selectionne ces lignes et fais FIX CHEKED

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: (no name) - {27D486FB-15CB-40F9-BF92-13081CFB721A} - C:\Windows\system32\vtUopOhg.dll
O2 - BHO: (no name) - {E49BA462-5C96-48C5-AEF9-A1A32BA1D3F1} - C:\Windows\system32\urqQhHyA.dll
O2 - BHO: {34448226-1e5f-dddb-6694-96842f55142f} - {f24155f2-4869-4966-bddd-f5e162284443} - C:\Windows\system32\rynbvksv.dll
O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqQhHyA.dll,#1
O4 - HKLM\..\Run: [6cc17e98] rundll32.exe "C:\Windows\system32\lusrcdmk.dll",b
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab

_______________________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\Windows\system32\vtUopOhg.dll
C:\Windows\system32\urqQhHyA.dll
C:\Windows\system32\rynbvksv.dll
C:\Windows\system32\urqQhHyA.dll
C:\Windows\system32\lusrcdmk.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27D486FB-15CB-40F9-BF92-13081CFB721A}]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis , un rapport antivir et dis surtout si encore des soucis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Ajouter un commentaire

Réponse

freddypark 48Messages postés 12 août 2007Date d'inscription 10 mars 2011Dernière intervention 11 juin 2008 à 14:17

pour l'instant aucune fenetre de pub , si aucun autre souci d'ici la fin de l'apres midi je marquerai ce message en Résolu.

Merci beaucoup pour votre aide toujours très claire et rapide

Ajouter un commentaire

Réponse

jlpjlp 50302Messages postés 18 mai 2007Date d'inscription 1 juin 2012Dernière intervention 11 juin 2008 à 14:18

message 18 svp

Ajouter un commentaire

freddypark- 11 juin 2008 à 15:09

pour message 18 antivir en cours 40 %

Réponse

freddypark 48Messages postés 12 août 2007Date d'inscription 10 mars 2011Dernière intervention 11 juin 2008 à 15:12

pour combifix message d'erreur : une reference a ete renvoyé par le serveur

Ajouter un commentaire

1 2

Répondre au sujet

Posez votre question

Dossier à la une

Passage au tout numérique : quel coût pour les particuliers ?

Passage au tout numérique : quel coût pour les particuliers ?

Combien cela coûte-t-il au total ? Quelles aides apportent l'état et les acteurs du marché pour alléger cette charge non choisie ? Tous les détails sur Commentçamarche.net.

[virus] ouverture fenetre pub + ie tres lent [Résolu]

[virus] ouverture fenetre pub + ie tres lent »

Passage au tout numérique : quel coût pour les particuliers ?