Sujet Précédent Sujet Suivant

[virus] ouverture fenetre pub + ie tres lent

Résolu/Fermé
freddypark Messages postés 56 Date d'inscription dimanche 12 août 2007 Statut Membre Dernière intervention 22 novembre 2019 - 11 juin 2008 à 12:21
 pascal - 17 févr. 2011 à 06:56
Bonjour,
Comme vous m'avez deja tres bien aidé pour le meme probleme il y a 6 mois je reviens vers vous. donc depuis 1 mois environ ie est tres lent et plante. et depuis une semaine des pages internet souvrent toutes seules avec en plus des pages de pubs :des jeux (tanoth ou Ikarian), des pub antispyware ...

et depuis 2 jours firefox a les meme symptomes

j'ai effectuer un nettoyage ccleaner

d'avance je vous remerci de vous occuper de mon cas ci joint une analyse hijackthis et une analyse
navilog1

que dois je faire ensuite svp


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:53, on 11/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Windows\system32\CISVC.EXE
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\NMSAccessU.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\JMAPP3.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\PowerSave.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUomjKc.dll,#1
O4 - HKLM\..\Run: [6cc17e98] rundll32.exe "C:\Windows\system32\rgxfdvsi.dll",b
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SE946.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\frederic\AppData\Local\Temp\urqPjGvt.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\vtUopOhg.dll,c
O4 - HKCU\..\Run: [6cc17e98] rundll32.exe "C:\Users\frederic\AppData\Local\Temp\wnejmijg.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {3E9BAF2D-7A79-11D2-9334-0000F875AE17} - https://www.allocam.com
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: EPGService - Unknown owner - J:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
A voir également:

35 réponses

  • 1
  • 2
Réponse 1 / 35
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
11 juin 2008 à 12:32
slt encore pas necessaire car rien dans navilog
1
Réponse 2 / 35
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
11 juin 2008 à 12:28
slt
relance hijakchits, fais do a system scan only et selectionne ces lignes et fais fix cheked


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUomjKc.dll,#1
O4 - HKLM\..\Run: [6cc17e98] rundll32.exe "C:\Windows\system32\rgxfdvsi.dll",b
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\frederic\AppData\Local\Temp\urqPjGvt.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\vtUopOhg.dll,c
O4 - HKCU\..\Run: [6cc17e98] rundll32.exe "C:\Users\frederic\AppData\Local\Temp\wnejmijg.dll",b
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O16 - DPF: {3E9BAF2D-7A79-11D2-9334-0000F875AE17} - http://www.allocam.com/nm30.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab

________________


télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Windows\system32\vtUomjKc.dll
C:\Windows\system32\rgxfdvsi.dll
C:\Users\frederic\AppData\Local\Temp\urqPjGvt.dll
C:\Windows\system32\vtUopOhg.dll
C:\Users\frederic\AppData\Local\Temp\wnejmijg.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

______________________
vire ce qui est dans movedfiles en allant dans poste de travail puis C puis OTMOVIT

C:\_OTMoveIt\MovedFiles

_________________


Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
0
Réponse 3 / 35
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
11 juin 2008 à 12:30
oups :s


- Double-Clic navilog1
- Choisir cette fois option 2 taper 2
note : le bureau disparaît
-Redémarrage du PC en mode normal

- mettre le rapport dans la réponse
0
Réponse 4 / 35
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
11 juin 2008 à 12:34
décidément je n ai vraiment pas fait attention !!

Pour les pubs fais ceci :

Télécharger et enregistrer sur le Bureau LopSD : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2



= Double-clic Lop S&D
= Faire l'installation
Fermer toutes les applications
= Le lancer par un double-clic sur le raccourci qui est sur le bureau
Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur
= Taper F pour français , puis presser entrée
= Taper 1
= Presser Entrée
= Le PC va redémarrer
Note= si l'antivirus annonce une infection dans TEMP , l'ignorer
= Attendre l'apparition du rapport
Copier le rapport et le coller dans la réponse
le rapport se trouve aussi à C:\lopR
---------
Relancer Lop S&D

= Choisir cette fois 2


note:
Si le Bureau ne réapparait pas
= Presser Ctrl Alt Suppr
= Dans Fichier => Nouvelle tâche
=> Ecrire: explorer => entrée

puis fait un rapport hijack
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 35
Utilisateur anonyme
11 juin 2008 à 12:35
non non geoffrey5 pas navi op2.

En plus pas de ligne O2 et O20 donc suspect pour une infection vundo.

Freddypark suit les instructions de jlpjlp. merci
0
Réponse 6 / 35
freddypark Messages postés 56 Date d'inscription dimanche 12 août 2007 Statut Membre Dernière intervention 22 novembre 2019
11 juin 2008 à 13:15
Voici le rapport de combofix


ComboFix 08-06-10.3 - frederic 2008-06-11 12:54:15.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1269 [GMT 2:00]
Endroit: C:\Users\frederic\Downloads\killbagle.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\config.ini
C:\Windows\fbdzj.exe
C:\Windows\ftebh.exe
C:\Windows\system32\cemkovlw.dll
C:\Windows\system32\ddcCUomk.dll
C:\Windows\system32\elgmepfq.dll
C:\Windows\System32\ENTDefhk.ini
C:\Windows\System32\ENTDefhk.ini2
C:\Windows\system32\ephukvfl.dll
C:\Windows\system32\evwexbea.dll
C:\Windows\System32\ghOpoUtv.ini
C:\Windows\System32\ghOpoUtv.ini2
C:\Windows\system32\hdrhxgtp.ini
C:\Windows\system32\isvdfxgr.ini
C:\Windows\system32\khfeDTNE.dll
C:\Windows\system32\kmdcrsul.ini
C:\Windows\system32\lusrcdmk.dll
C:\Windows\system32\obchytck.dll
C:\Windows\system32\rynbvksv.dll
C:\Windows\System32\UFNXayay.ini
C:\Windows\system32\urqQhHyA.dll
C:\Windows\system32\xfoykkvm.dll
C:\Windows\system32\yayaXNFU.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 11:03 --------- d-----w C:\ProgramData\STOPzilla!
2008-06-11 10:35 --------- d-----w C:\Program Files\Navilog1
2008-06-11 09:52 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-11 09:27 --------- d-----w C:\Program Files\Trend Micro
2008-06-10 14:00 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-06-10 12:47 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-06-10 10:05 --------- d-----w C:\ProgramData\Google Updater
2008-06-09 10:15 --------- d-----w C:\Users\frederic\AppData\Roaming\GrabIt
2008-06-06 10:48 --------- d-----w C:\Program Files\WarRock
2008-06-04 19:20 --------- d-----w C:\Program Files\GameSpy Arcade
2008-06-04 19:15 --------- d-----w C:\Program Files\Sudden Strike 3
2008-06-04 19:11 278,984 ----a-w C:\Windows\system32\drivers\atksgt.sys
2008-06-04 19:11 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys
2008-06-04 16:24 --------- d-----w C:\Program Files\PulsRadio
2008-06-04 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 12:53 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-06-04 11:58 --------- d-----w C:\Program Files\Microsoft Games
2008-06-04 11:28 --------- d-----w C:\Program Files\DivX
2008-06-04 11:20 --------- d-----w C:\Users\frederic\AppData\Roaming\DivX
2008-06-02 09:12 --------- d-----w C:\Program Files\IEDP2
2008-05-30 16:15 --------- d-----w C:\Users\frederic\AppData\Roaming\gtk-2.0
2008-05-29 10:11 --------- d-----w C:\Program Files\STOPzilla!
2008-05-29 09:13 --------- d-----w C:\Users\frederic\AppData\Roaming\teamspeak2
2008-05-29 08:44 --------- d-----w C:\Program Files\VentSrv
2008-05-29 08:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 09:41 --------- d-----w C:\Program Files\Micro Application
2008-05-24 20:50 --------- d-----w C:\Program Files\RayV
2008-05-23 14:49 --------- d-----w C:\Users\frederic\AppData\Roaming\tunebite
2008-05-20 18:01 --------- d-----w C:\ProgramData\SpinTop Games
2008-05-20 11:52 --------- d-----w C:\ProgramData\Zylom
2008-05-19 22:19 --------- d-----w C:\Program Files\Dream Chronicles 2
2008-05-19 22:14 --------- d-----w C:\Program Files\ReflexiveArcade
2008-05-19 21:58 --------- d-----w C:\ProgramData\PlayFirst
2008-05-19 21:13 --------- d-----w C:\Users\frederic\AppData\Roaming\PlayFirst
2008-05-15 20:41 --------- d-----w C:\Users\frederic\AppData\Roaming\EPSON
2008-05-15 05:41 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-15 05:41 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 14:18 --------- d-----w C:\Program Files\RealArcade
2008-05-14 14:17 --------- d-----w C:\Program Files\Winamp
2008-05-14 14:11 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-14 11:35 --------- d-----w C:\Program Files\Maxi-Motamo
2008-05-14 11:32 --------- d-----w C:\Users\frederic\AppData\Roaming\System
2008-05-13 06:29 --------- d-----w C:\Program Files\GIMP-2.0
2008-05-12 12:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-11 08:36 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-11 08:36 --------- d-----w C:\Program Files\Common Files\Real
2008-05-11 08:35 --------- d-----w C:\Program Files\Real
2008-05-05 21:48 --------- d-----w C:\ProgramData\HipSoft
2008-05-05 10:51 --------- d-----w C:\Program Files\Apple Software Update
2008-04-30 16:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-29 19:44 --------- d-----w C:\Program Files\Google
2008-04-29 15:02 --------- d-----w C:\Program Files\Replay Music 3
2008-04-29 15:01 737,280 ----a-w C:\Windows\iun6002.exe
2008-04-25 09:32 --------- d-----w C:\Users\Emilie\AppData\Roaming\Logitech
2008-04-23 16:16 --------- d-----w C:\Program Files\Freecorder Toolbar
2008-04-23 16:16 --------- d-----w C:\Program Files\Freecorder
2008-04-23 16:16 --------- d-----w C:\Program Files\Conduit
2008-04-23 10:15 --------- d-----w C:\Program Files\LogMeIn
2008-04-20 16:07 --------- d-----w C:\ProgramData\Aliasworlds
2008-04-19 09:29 --------- d-----w C:\ProgramData\Avira
2008-04-19 02:29 --------- d-----w C:\Program Files\Deep Space 3D Screensaver
2008-04-19 02:29 --------- d-----w C:\Program Files\3Planesoft Screensaver Manager
2008-04-19 02:21 --------- d-----w C:\Program Files\SereneScreen
2008-04-14 10:30 --------- d-----w C:\Program Files\Cheat 'O Matic
2008-04-12 17:02 --------- d-----w C:\Program Files\TF1Vision
2008-04-12 10:08 --------- d-----w C:\Program Files\CDex_170b2
2007-12-19 22:18 22,328 ----a-w C:\Users\frederic\AppData\Roaming\PnkBstrK.sys
2007-11-28 12:56 42 ----a-w C:\Program Files\Init
2007-08-31 15:10 174 --sha-w C:\Program Files\desktop.ini
2007-05-28 19:20 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-01-25 01:52 65,536 ----a-w C:\Program Files\Common Files\NMSAccessU.exe
2002-03-11 09:06 1,822,520 ----a-w C:\Users\frederic\instmsiw.exe
2002-03-11 08:45 1,708,856 ----a-w C:\Users\frederic\instmsia.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27D486FB-15CB-40F9-BF92-13081CFB721A}]
C:\Windows\system32\vtUopOhg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Packard Bell Software Suite"="C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2007-10-19 09:24 1790776]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-05-29 13:39 5724184]
"EPSON Stylus DX7400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 16:00 182272]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 21:39 68856]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-05-03 22:23 160592]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-04-14 19:41 262401]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\Windows\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"e-TF1"="C:\Program Files\TF1Vision\TF1vision.exe" [2008-03-05 12:47 397312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-11 10:35 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-19 20:16:46 789008]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-29 21:39:40 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnacVOD]
C:\Program Files\fnacVOD\fnacVOD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DDA51E78-7771-4E60-B0BD-0F909CC19315}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{23F7FA4B-30D2-4D5C-9D74-F99A26741094}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{16C0A37D-D82E-493F-8780-3B80C1DABA51}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{62EB5534-B5C1-452F-BE5E-CFDD57C458B2}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{699D9D3A-4053-4C32-AFE7-97D06CC37056}"= UDP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{F46F3874-B2DF-48C7-B2FE-9AA9A7BDFA47}"= TCP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{8EBC7797-3211-470B-BF78-8B4CAAF1C2DE}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{D597AEE9-2805-41C9-AC55-8756300A8C1A}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{B6CC8583-FBBA-4D90-8460-DFB5E0F8F73F}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{2DFFC29E-85AF-4B4C-B08A-8E4BCA225A4C}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{6E044BC1-3C3D-4A43-A36C-B9FA1F24C2F8}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{85565CB8-D766-4CE1-A1D7-EC2F06D56D0D}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{9E6271DA-D147-4D25-B8DB-4496680E1D2E}"= UDP:C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{6E95B806-4F8A-4BA7-9381-F24557389A3D}"= TCP:C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{13D787A6-DCF2-4651-83BD-D07DA13AC9CF}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{4EAEE5C2-CDA8-4255-99C8-D94DA4E1BCC5}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{DF763F49-9315-400D-828C-FD5B53BF2D13}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{F8F4AE8E-5D89-4FBE-849D-B6480125E811}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{72DCF2D9-2006-403F-813F-FA22245A991B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{EE600911-60C3-4C08-BF88-7FBC6D1784A7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CA211251-5672-4A84-BF2C-BC74450FFA21}"= UDP:C:\Program Files\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{117BA98D-97C1-4AE3-9648-3155F6B740A7}"= TCP:C:\Program Files\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{B186140F-19D9-4566-8F48-575FF5E3A23E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D3239B80-FBF6-40E9-8F48-C49AB64CD28A}C:\\users\\frederic\\desktop\\nexuiz-23\\nexuiz\\nexuiz.exe"= UDP:C:\users\frederic\desktop\nexuiz-23\nexuiz\nexuiz.exe:nexuiz.exe
"UDP Query User{CFCB1908-0B61-463D-94A9-905EE7E01255}C:\\users\\frederic\\desktop\\nexuiz-23\\nexuiz\\nexuiz.exe"= TCP:C:\users\frederic\desktop\nexuiz-23\nexuiz\nexuiz.exe:nexuiz.exe
"{47104578-6A78-4FAD-A71E-35354CC31E5E}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{8912BD10-9BD4-448F-B473-1AB1ECDEE71D}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{4DA9D651-C7B2-468C-831E-4E4B90DD307E}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{076F64E3-0829-4ED9-83D4-EA7996FE6BDC}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{2A38049E-8004-4395-9957-679A4FD2AC49}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{6E5710DE-16B3-4384-AC0E-923DA5C96295}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{79DE53FD-47DF-4EBF-BB8D-599BCCE8C242}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{C857DA63-0306-4D3F-830A-20A80ABB026B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{F19AF496-F1A4-4215-BE45-551EEC2295EA}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{14CE4F04-2D64-4E2E-B4A9-376046425F2C}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{CE89A6E4-3D87-450C-8D2A-6B37E1FAAED0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5A069EA-E9B4-4E8E-A377-430FEB888101}"= UDP:C:\Program Files\RealVNC\VNC4\winvnc4.exe:VNC Server
"{92397BC4-79E1-4FC7-949E-3A2F697953BD}"= TCP:C:\Program Files\RealVNC\VNC4\winvnc4.exe:VNC Server
"TCP Query User{DFDA3337-753C-4906-8AD3-E302ACA0A0AF}C:\\program files\\allocam multi visio\\allocam.exe"= UDP:C:\program files\allocam multi visio\allocam.exe:Multi Video
"UDP Query User{0027B833-14AB-402C-88EF-6BB2A721FB3D}C:\\program files\\allocam multi visio\\allocam.exe"= TCP:C:\program files\allocam multi visio\allocam.exe:Multi Video
"{A9EE2371-9F39-42D3-9468-BA7D3C57780D}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{C72BAA33-E96D-4531-9441-F0EB59A91051}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{111B2816-1B62-454A-9FE5-C5B2B47E107C}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9A8EAE1F-34D5-43F8-96E3-5C1E785BB9A4}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{B205DAAD-B42A-4333-A439-AB8693ACB72A}C:\\program files\\anti-leech\\alie_1.0.2.3\\alhlp.exe"= UDP:C:\program files\anti-leech\alie_1.0.2.3\alhlp.exe:Anti-Leech plugin helper program
"UDP Query User{E90F3CFE-45AF-486F-A62B-EC84DD144481}C:\\program files\\anti-leech\\alie_1.0.2.3\\alhlp.exe"= TCP:C:\program files\anti-leech\alie_1.0.2.3\alhlp.exe:Anti-Leech plugin helper program
"{6A0F86D2-2973-4164-A673-06C54933F0BD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{BB46A7FF-8203-4378-BDB0-D7810F943B6E}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{455C1855-25BA-4157-847A-36BDADDAC47B}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"TCP Query User{67E03889-E93C-4047-9BF5-0DFA6937C0B9}C:\\program files\\safari\\safari.exe"= UDP:C:\program files\safari\safari.exe:Safari Web Browser
"UDP Query User{607202CD-7C77-4A0F-BA58-DE499A85CC3D}C:\\program files\\safari\\safari.exe"= TCP:C:\program files\safari\safari.exe:Safari Web Browser
"{2538D5C3-8E2E-4872-9268-788A942B898C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B3E2F069-D82C-4EF9-ACD9-9CCDEE5BD28A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{065DF47C-B03A-48A9-B87A-16141A964B39}C:\\program files\\warrock\\system\\warrock.exe"= UDP:C:\program files\warrock\system\warrock.exe:WarRock
"UDP Query User{28EFD4CE-930B-4D0B-8B78-784BA7BE7774}C:\\program files\\warrock\\system\\warrock.exe"= TCP:C:\program files\warrock\system\warrock.exe:WarRock
"{F34B3DA7-43F6-4B23-85F6-FBC14F01A52D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{7467093A-3164-4E3F-8754-D25E7C52F8F8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{63037BD3-3934-43A2-8297-85C288F1F229}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{6F501AFF-DE91-4292-A487-8466EE07552B}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"{D456867E-EFB8-47F8-AA13-9F1A2CB859B6}"= UDP:C:\Program Files\RayV\RayV\RayV.exe:RayV
"{0156D569-342C-4AF2-A8D5-CED27026A6C8}"= TCP:C:\Program Files\RayV\RayV\RayV.exe:RayV
"TCP Query User{199AF94B-0162-4F36-9E52-8842FFF3BD07}C:\\program files\\ventsrv\\ventrilo_srv.exe"= UDP:C:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv
"UDP Query User{EBCF9274-59DC-4EF7-85FC-724CB9F00B6B}C:\\program files\\ventsrv\\ventrilo_srv.exe"= TCP:C:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv
"TCP Query User{EF92345B-6085-430B-B6AB-937235612DD4}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= UDP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"UDP Query User{A20B4E94-D633-4F7D-AB24-E0CB7F64C243}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= TCP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"{74DCB3D3-4180-4074-99EA-9B347CF84AF9}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{14A8A063-C4DD-4C4C-9AE6-8FBFFE341E36}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\PROGRA~1\\ALLOCA~1\\allocam.exe"= C:\PROGRA~1\ALLOCA~1\allocam.exe:*:Enabled:Multi Video
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"6667:UDP"= 6667:UDP:*:Enabled:TOTOCAM UDP
"6666:TCP"= 6666:TCP:*:Enabled:TOTOCAM TCP

R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-05-11 09:40]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-04-14 19:41]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-04-14 19:41]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 16:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-08-03 16:09]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 14:13]
R2 NMSAccessU;NMSAccessU;C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 03:52]
R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
S2 EPGService;EPGService;J:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe []
S3 netr73;Sitecom RT73 Wireless Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-05-11 17:40]
S3 USB28xxBGA;WinTV HVR-900;C:\Windows\system32\DRIVERS\emBDA.sys [2007-01-30 02:20]
S3 USB28xxOEM;WinTV OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-01-30 02:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
rsmsvcs REG_MULTI_SZ ntmssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8be4d5da-0d1e-11dc-9843-806e6f6e6963}]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7d92368-a33f-11dc-93d1-0018f3097dae}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-05 21:57:04 C:\Windows\Tasks\Auto Backup for frederic.job"
- C:\Program Files\Packard Bell\Packard Bell Software Suite\DSMsg.exe
"2008-06-11 10:45:25 C:\Windows\Tasks\User_Feed_Synchronization-{AF5C0371-3DE2-44D7-8718-0ABBC62C52B3}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 13:03:35
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\CISVC.EXE
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\System32\conime.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\dllhost.exe
C:\Windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-11 13:12:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 11:11:45

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.

324 --- E O F --- 2008-05-30 09:25:22
0
Réponse 7 / 35
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
11 juin 2008 à 13:18
Télécharger et enregistrer sur le Bureau LopSD : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2



= Double-clic Lop S&D
= Faire l'installation
Fermer toutes les applications
= Le lancer par un double-clic sur le raccourci qui est sur le bureau
Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur
= Taper F pour français , puis presser entrée
= Taper 1
= Presser Entrée
= Le PC va redémarrer
Note= si l'antivirus annonce une infection dans TEMP , l'ignorer
= Attendre l'apparition du rapport
Copier le rapport et le coller dans la réponse
le rapport se trouve aussi à C:\lopR
---------
Relancer Lop S&D

= Choisir cette fois 2


note:
Si le Bureau ne réapparait pas
= Presser Ctrl Alt Suppr
= Dans Fichier => Nouvelle tâche
=> Ecrire: explorer => entrée

puis fait un rapport hijack
0
Réponse 8 / 35
freddypark Messages postés 56 Date d'inscription dimanche 12 août 2007 Statut Membre Dernière intervention 22 novembre 2019
11 juin 2008 à 13:22
-----------------------[ Lop S&D 4.2.1-3 XP/Vista ]---------------------

[ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
[ USER : frederic ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 11/06/2008 | 13:18:35,56 ] [ PC : PC-DE-FREDERIC ]
[ MAJ : 07-06-2008 | 22:15 ]
[ UAC => 0 ]

-------------[ Listing des dossiers dans Application Data ]------------


[31/03/2008|16:37] C:\Users\frederic\AppData\Roaming\ACD Systems\ACDSeePhotoEditor

[14/12/2007|17:13] C:\Users\frederic\AppData\Roaming\Adobe\Flash Player
[01/06/2007|17:46] C:\Users\frederic\AppData\Roaming\Adobe\Linguistics
[01/06/2007|17:45] C:\Users\frederic\AppData\Roaming\Adobe\Acrobat

[17/09/2007|23:45] C:\Users\frederic\AppData\Roaming\Ahead\NeroVision
[02/09/2007|15:39] C:\Users\frederic\AppData\Roaming\Ahead\Nero Recode
[09/07/2007|17:26] C:\Users\frederic\AppData\Roaming\Ahead\Nero Burning ROM

[21/05/2008|16:30] C:\Users\frederic\AppData\Roaming\AntiVir PersonalEdition Premium\MCACHEDB
[21/11/2007|19:39] C:\Users\frederic\AppData\Roaming\AntiVir PersonalEdition Premium\MAIL
[25/10/2007|12:36] C:\Users\frederic\AppData\Roaming\AntiVir PersonalEdition Premium\MCACHE

[07/06/2008|12:57] C:\Users\frederic\AppData\Roaming\Apple Computer\iTunes
[12/05/2008|14:35] C:\Users\frederic\AppData\Roaming\Apple Computer\Safari

[19/10/2007|14:44] C:\Users\frederic\AppData\Roaming\Arcsoft\Arcsoft PhotoImpression 5
[19/10/2007|14:43] C:\Users\frederic\AppData\Roaming\Arcsoft\ArcRegister
[19/10/2007|14:43] C:\Users\frederic\AppData\Roaming\Arcsoft\PhotoBase

[07/12/2007|01:15] C:\Users\frederic\AppData\Roaming\Datalayer\353946012526221

[04/06/2008|13:20] C:\Users\frederic\AppData\Roaming\DivX\DivX Player
[02/09/2007|16:26] C:\Users\frederic\AppData\Roaming\DivX\DivX Codec

[22/09/2007|22:28] C:\Users\frederic\AppData\Roaming\dvdcss\-0000000000000000
[06/09/2007|15:49] C:\Users\frederic\AppData\Roaming\dvdcss\-0ab928000ab97c00-0000000000
[04/09/2007|12:30] C:\Users\frederic\AppData\Roaming\dvdcss\-0d7320000d73d500-0000000000
[02/09/2007|14:27] C:\Users\frederic\AppData\Roaming\dvdcss\MERCENARY_FOR_JUSTICE-2006090117542100
[02/09/2007|14:22] C:\Users\frederic\AppData\Roaming\dvdcss\OVER_THE_HEDGE-3230303730393032
[02/09/2007|13:45] C:\Users\frederic\AppData\Roaming\dvdcss\OVER_THE_HEDGE-2006100613471900
[30/07/2007|21:36] C:\Users\frederic\AppData\Roaming\dvdcss\POLTERGAY-2007031316250800
[28/07/2007|16:48] C:\Users\frederic\AppData\Roaming\dvdcss\ECOLE_POUR_TOUS-2007022616390300-07aef40a64
[09/07/2007|16:09] C:\Users\frederic\AppData\Roaming\dvdcss\BANLIEUE_13-0000000000000000-0000000001
[01/07/2007|17:24] C:\Users\frederic\AppData\Roaming\dvdcss\WAIKA_DVD1-2006091411581600

[15/05/2008|22:41] C:\Users\frederic\AppData\Roaming\EPSON\ESCNDV
[31/03/2008|12:30] C:\Users\frederic\AppData\Roaming\EPSON\Creativity Suite

[16/06/2007|14:12] C:\Users\frederic\AppData\Roaming\F-Secure\System Control
[28/05/2007|20:51] C:\Users\frederic\AppData\Roaming\F-Secure\Spam Control



[11/06/2008|11:52] C:\Users\frederic\AppData\Roaming\Google\Local Search History
[13/07/2007|15:32] C:\Users\frederic\AppData\Roaming\Google\GoogleEarth

[09/06/2008|12:15] C:\Users\frederic\AppData\Roaming\GrabIt\Articles
[09/06/2008|12:15] C:\Users\frederic\AppData\Roaming\GrabIt\Temp
[26/04/2008|13:28] C:\Users\frederic\AppData\Roaming\GrabIt\Groups


[29/09/2007|00:26] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-JM9C-24JLMUCREVUJ}
[18/09/2007|16:45] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-LH31-23G9CBQV6VVM}
[18/09/2007|16:11] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG1-FP6A-248DTTL0QVVP}
[14/09/2007|21:59] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-4A90-24BL1LF8IVV6}
[14/09/2007|21:36] C:\Users\frederic\AppData\Roaming\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVIP}
[28/05/2007|17:04] C:\Users\frederic\AppData\Roaming\Identities\{AA352D25-1FA1-4C11-98C9-F59EE5CC16B8}

[26/08/2007|00:12] C:\Users\frederic\AppData\Roaming\InstallShield\ISEngine12.0

[25/03/2008|23:11] C:\Users\frederic\AppData\Roaming\iWin\PollyPride

[20/03/2008|02:16] C:\Users\frederic\AppData\Roaming\Logitech\SetPoint

[11/06/2008|11:56] C:\Users\frederic\AppData\Roaming\Macromedia\Flash Player


[10/06/2008|14:23] C:\Users\frederic\AppData\Roaming\Microsoft\Excel
[10/06/2008|13:30] C:\Users\frederic\AppData\Roaming\Microsoft\Word
[29/05/2008|21:36] C:\Users\frederic\AppData\Roaming\Microsoft\Office
[18/05/2008|23:57] C:\Users\frederic\AppData\Roaming\Microsoft\Templates
[14/05/2008|16:12] C:\Users\frederic\AppData\Roaming\Microsoft\Installer
[24/04/2008|08:58] C:\Users\frederic\AppData\Roaming\Microsoft\Credentials
[14/04/2008|17:39] C:\Users\frederic\AppData\Roaming\Microsoft\Publisher
[25/01/2008|17:12] C:\Users\frederic\AppData\Roaming\Microsoft\digital locker
[04/01/2008|17:29] C:\Users\frederic\AppData\Roaming\Microsoft\Windows
[13/12/2007|01:20] C:\Users\frederic\AppData\Roaming\Microsoft\InfoPath
[23/11/2007|01:11] C:\Users\frederic\AppData\Roaming\Microsoft\CLR Security Config
[22/11/2007|18:28] C:\Users\frederic\AppData\Roaming\Microsoft\CLView
[21/11/2007|19:41] C:\Users\frederic\AppData\Roaming\Microsoft\Outlook
[15/09/2007|12:01] C:\Users\frederic\AppData\Roaming\Microsoft\MSN Messenger
[15/09/2007|00:25] C:\Users\frederic\AppData\Roaming\Microsoft\UProof
[30/08/2007|12:56] C:\Users\frederic\AppData\Roaming\Microsoft\Internet Explorer
[22/08/2007|18:14] C:\Users\frederic\AppData\Roaming\Microsoft\Speech
[12/08/2007|14:10] C:\Users\frederic\AppData\Roaming\Microsoft\MMC
[06/08/2007|00:02] C:\Users\frederic\AppData\Roaming\Microsoft\Proof
[06/08/2007|00:02] C:\Users\frederic\AppData\Roaming\Microsoft\Document Building Blocks
[06/08/2007|00:02] C:\Users\frederic\AppData\Roaming\Microsoft\AddIns
[06/08/2007|00:01] C:\Users\frederic\AppData\Roaming\Microsoft\OIS
[11/07/2007|14:26] C:\Users\frederic\AppData\Roaming\Microsoft\Windows Live Call
[11/07/2007|14:26] C:\Users\frederic\AppData\Roaming\Microsoft\IdentityCRL
[28/06/2007|17:29] C:\Users\frederic\AppData\Roaming\Microsoft\Media Player
[22/06/2007|18:11] C:\Users\frederic\AppData\Roaming\Microsoft\eHome
[30/05/2007|16:24] C:\Users\frederic\AppData\Roaming\Microsoft\HTML Help
[29/05/2007|16:35] C:\Users\frederic\AppData\Roaming\Microsoft\SystemCertificates
[29/05/2007|16:34] C:\Users\frederic\AppData\Roaming\Microsoft\Crypto
[28/05/2007|17:04] C:\Users\frederic\AppData\Roaming\Microsoft\Protect

[28/03/2008|19:43] C:\Users\frederic\AppData\Roaming\Mozilla\Firefox


[13/06/2007|13:53] C:\Users\frederic\AppData\Roaming\NCH Swift Sound\SoundTap

[10/12/2007|00:30] C:\Users\frederic\AppData\Roaming\Nokia\Music Manager
[09/12/2007|22:43] C:\Users\frederic\AppData\Roaming\Nokia\LaunchApplication
[09/12/2007|22:43] C:\Users\frederic\AppData\Roaming\Nokia\GetConnectedWizard
[09/12/2007|22:38] C:\Users\frederic\AppData\Roaming\Nokia\ContactsEditor
[07/12/2007|01:12] C:\Users\frederic\AppData\Roaming\Nokia\PCSync


[29/07/2007|13:09] C:\Users\frederic\AppData\Roaming\OpenOffice.org2\user

[06/08/2007|10:42] C:\Users\frederic\AppData\Roaming\Paltalk\profile repository
[20/07/2007|11:41] C:\Users\frederic\AppData\Roaming\Paltalk\overlays
[20/07/2007|11:37] C:\Users\frederic\AppData\Roaming\Paltalk\groups

[25/11/2007|13:56] C:\Users\frederic\AppData\Roaming\Panasonic\phdb

[09/12/2007|23:06] C:\Users\frederic\AppData\Roaming\PC Suite\353946012526221
[09/12/2007|22:36] C:\Users\frederic\AppData\Roaming\PC Suite\Settings

[20/05/2008|13:42] C:\Users\frederic\AppData\Roaming\PlayFirst\dreamchronicles2
[17/01/2008|02:00] C:\Users\frederic\AppData\Roaming\PlayFirst\dreamchronicles
[09/07/2007|21:40] C:\Users\frederic\AppData\Roaming\PlayFirst\chocolatier
[15/06/2007|01:44] C:\Users\frederic\AppData\Roaming\PlayFirst\mysteryofsharkisland



[11/06/2008|11:52] C:\Users\frederic\AppData\Roaming\Real\RealPlayer
[11/05/2008|10:36] C:\Users\frederic\AppData\Roaming\Real\Msg
[11/05/2008|10:35] C:\Users\frederic\AppData\Roaming\Real\rnadmin
[30/08/2007|18:02] C:\Users\frederic\AppData\Roaming\Real\RealMediaSDK


[29/11/2007|22:43] C:\Users\frederic\AppData\Roaming\SecuROM\UserData

[29/11/2007|22:44] C:\Users\frederic\AppData\Roaming\Sierra Entertainment\Empire Earth III


[06/08/2007|10:35] C:\Users\frederic\AppData\Roaming\SlySoft\AnyDVD

[13/09/2007|12:13] C:\Users\frederic\AppData\Roaming\Sony Corporation\SonicStage
[31/07/2007|15:40] C:\Users\frederic\AppData\Roaming\Sony Corporation\OpenMG Jukebox




[06/02/2008|23:07] C:\Users\frederic\AppData\Roaming\Thunderbird\Profiles


[02/01/2008|19:19] C:\Users\frederic\AppData\Roaming\U3\00001871157015B2
[02/01/2008|19:17] C:\Users\frederic\AppData\Roaming\U3\temp

[10/06/2007|14:23] C:\Users\frederic\AppData\Roaming\UseNeXT\cache

[18/03/2008|19:47] C:\Users\frederic\AppData\Roaming\vlc\cache



[29/09/2007|00:26] C:\Users\frederic\AppData\Roaming\Zylom\2092
[18/09/2007|16:45] C:\Users\frederic\AppData\Roaming\Zylom\147
[18/09/2007|16:11] C:\Users\frederic\AppData\Roaming\Zylom\38
[14/09/2007|21:59] C:\Users\frederic\AppData\Roaming\Zylom\43
[14/09/2007|21:36] C:\Users\frederic\AppData\Roaming\Zylom\106

----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

[05/06/2008 23:57][--a------] C:\Windows\tasks\Auto Backup for frederic.job
[11/06/2008 12:45][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{AF5C0371-3DE2-44D7-8718-0ABBC62C52B3}.job
[11/06/2008 13:01][--ah-----] C:\Windows\tasks\SA.DAT
[11/06/2008 13:00][--a------] C:\Windows\tasks\SCHEDLGU.TXT

------[ Listing des dossiers dans C:\ProgramData ]------

[22/01/2008|21:47] C:\ProgramData\.zreglib
[31/03/2008|16:37] C:\ProgramData\ACD Systems
[25/08/2007|13:03] C:\ProgramData\addr_file.html
[05/02/2008|21:56] C:\ProgramData\Adobe
[29/06/2007|16:42] C:\ProgramData\Age of Empires 3
[02/09/2007|15:33] C:\ProgramData\Ahead
[20/04/2008|18:07] C:\ProgramData\Aliasworlds
[06/11/2007|17:05] C:\ProgramData\Apple
[10/04/2008|17:09] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[19/04/2008|11:29] C:\ProgramData\Avira
[23/08/2007|19:58] C:\ProgramData\BC Soft Games
[28/05/2007|16:26] C:\ProgramData\Bureau
[01/07/2007|21:26] C:\ProgramData\C9B086CE-4A3B-11DB-8373-B622A1EF5492
[28/05/2007|15:30] C:\ProgramData\CanonBJ
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[09/12/2007|22:37] C:\ProgramData\Downloaded Installations
[02/09/2007|14:28] C:\ProgramData\DVD Shrink
[30/09/2007|10:02] C:\ProgramData\Enkord
[16/03/2008|18:06] C:\ProgramData\EPSON
[28/05/2007|16:26] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[25/08/2007|13:05] C:\ProgramData\F-Secure
[28/05/2007|19:31] C:\ProgramData\fssg
[29/04/2008|21:40] C:\ProgramData\Google
[11/06/2008|13:13] C:\ProgramData\Google Updater
[05/05/2008|23:48] C:\ProgramData\HipSoft
[14/12/2007|13:26] C:\ProgramData\Installations
[28/05/2007|21:36] C:\ProgramData\JollyBear
[18/08/2007|12:34] C:\ProgramData\Lavasoft
[19/03/2008|20:21] C:\ProgramData\LogiShrd
[19/03/2008|20:16] C:\ProgramData\Logitech
[28/05/2007|16:26] C:\ProgramData\Menu D‚marrer
[02/01/2008|17:58] C:\ProgramData\Microsoft
[15/05/2008|07:41] C:\ProgramData\Microsoft Help
[28/05/2007|16:26] C:\ProgramData\ModŠles
[10/09/2007|23:17] C:\ProgramData\n7-89-o9-3r-4t-r9
[19/11/2007|19:38] C:\ProgramData\NCH Software
[08/07/2007|12:31] C:\ProgramData\Nero
[10/06/2008|18:25] C:\ProgramData\ntuser.pol
[05/12/2007|16:45] C:\ProgramData\NVIDIA
[14/06/2007|23:56] C:\ProgramData\Oberon Media
[09/12/2007|22:45] C:\ProgramData\PC Suite
[19/05/2008|23:58] C:\ProgramData\PlayFirst
[18/08/2007|12:53] C:\ProgramData\PopCap Games
[05/12/2007|21:44] C:\ProgramData\RapidSolution
[23/07/2007|13:40] C:\ProgramData\RoboForm
[16/03/2008|16:56] C:\ProgramData\SITEguard
[06/08/2007|10:34] C:\ProgramData\SlySoft
[31/07/2007|15:40] C:\ProgramData\SonicStage
[31/07/2007|15:40] C:\ProgramData\Sony Corporation
[20/05/2008|20:01] C:\ProgramData\SpinTop Games
[11/06/2008|11:52] C:\ProgramData\Spybot - Search & Destroy
[28/06/2007|15:56] C:\ProgramData\SRS Labs
[02/11/2006|15:02] C:\ProgramData\Start Menu
[11/06/2008|13:17] C:\ProgramData\STOPzilla!
[30/06/2007|19:10] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[14/09/2007|17:42] C:\ProgramData\tunebite
[16/03/2008|13:30] C:\ProgramData\UDL
[31/12/2007|13:32] C:\ProgramData\Winamp Toolbar
[30/05/2007|14:14] C:\ProgramData\Windows Genuine Advantage
[04/09/2007|12:23] C:\ProgramData\WindowsLiveInstaller
[10/11/2007|13:16] C:\ProgramData\WLInstaller
[31/05/2007|14:11] C:\ProgramData\Yahoo! Companion
[20/05/2008|13:52] C:\ProgramData\Zylom

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[19/04/2008|04:29] C:\Program Files\3Planesoft Screensaver Manager
[16/03/2008|13:26] C:\Program Files\ABBYY FineReader 6.0 Sprint
[02/09/2007|16:00] C:\Program Files\AC3Filter
[31/03/2008|16:37] C:\Program Files\ACD Systems
[05/02/2008|21:56] C:\Program Files\Adobe
[29/11/2007|22:32] C:\Program Files\AGEIA Technologies
[21/11/2007|22:26] C:\Program Files\Alex Feinman
[05/05/2008|12:51] C:\Program Files\Apple Software Update
[19/10/2007|14:37] C:\Program Files\ArcSoft
[22/10/2007|23:33] C:\Program Files\Avira
[14/05/2008|16:11] C:\Program Files\AviSynth 2.5
[21/03/2008|20:22] C:\Program Files\CCleaner
[12/04/2008|12:08] C:\Program Files\CDex_170b2
[14/04/2008|12:30] C:\Program Files\Cheat 'O Matic
[04/06/2008|14:53] C:\Program Files\Common Files
[23/04/2008|18:16] C:\Program Files\Conduit
[19/04/2008|04:29] C:\Program Files\Deep Space 3D Screensaver
[31/08/2007|17:10] C:\Program Files\desktop.ini
[09/12/2007|22:36] C:\Program Files\DIFX
[04/06/2008|13:28] C:\Program Files\DivX
[20/05/2008|00:19] C:\Program Files\Dream Chronicles 2
[30/07/2007|22:01] C:\Program Files\DVD Shrink
[16/03/2008|13:28] C:\Program Files\epson
[28/05/2007|16:26] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[13/11/2007|00:00] C:\Program Files\FLVPlayer
[01/03/2008|13:22] C:\Program Files\Free Audio Pack
[23/04/2008|18:16] C:\Program Files\Freecorder
[23/04/2008|18:16] C:\Program Files\Freecorder Toolbar
[04/06/2008|21:20] C:\Program Files\GameSpy Arcade
[25/01/2008|17:16] C:\Program Files\Ghost Navigator
[13/05/2008|08:29] C:\Program Files\GIMP-2.0
[29/04/2008|21:44] C:\Program Files\Google
[02/02/2008|21:04] C:\Program Files\GrabIt
[02/06/2008|11:12] C:\Program Files\IEDP2
[20/07/2007|18:10] C:\Program Files\iGO POI Explorer beta
[28/11/2007|14:56] C:\Program Files\Init
[04/06/2008|14:53] C:\Program Files\InstallShield Installation Information
[10/04/2008|16:49] C:\Program Files\Internet Explorer
[10/04/2008|17:09] C:\Program Files\iPod
[13/06/2007|13:19] C:\Program Files\i-Sound Pro
[10/04/2008|17:09] C:\Program Files\iTunes
[25/03/2008|23:05] C:\Program Files\Java
[18/08/2007|12:34] C:\Program Files\Lavasoft
[19/03/2008|20:16] C:\Program Files\Logitech
[23/04/2008|12:15] C:\Program Files\LogMeIn
[16/07/2007|20:57] C:\Program Files\Macrogaming
[14/05/2008|13:35] C:\Program Files\Maxi-Motamo
[24/01/2008|17:52] C:\Program Files\Metaboli Player
[27/05/2008|11:41] C:\Program Files\Micro Application
[04/06/2008|13:58] C:\Program Files\Microsoft Games
[30/05/2007|16:12] C:\Program Files\Microsoft LifeCam
[05/08/2007|23:56] C:\Program Files\Microsoft Office
[30/04/2008|18:42] C:\Program Files\Microsoft Silverlight
[28/10/2007|13:55] C:\Program Files\Microsoft SQL Server Compact Edition
[05/08/2007|23:56] C:\Program Files\Microsoft Visual Studio
[05/08/2007|23:47] C:\Program Files\Microsoft Visual Studio 8
[05/08/2007|23:58] C:\Program Files\Microsoft Works
[05/08/2007|23:52] C:\Program Files\Microsoft.NET
[20/07/2007|14:24] C:\Program Files\Mio Technology
[02/09/2007|14:54] C:\Program Files\MKVToolnix
[02/11/2006|14:42] C:\Program Files\Movie Maker
[22/04/2008|16:44] C:\Program Files\Mozilla Firefox
[21/03/2008|19:35] C:\Program Files\Mozilla Thunderbird
[05/08/2007|23:57] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[30/06/2007|00:34] C:\Program Files\MSXML 4.0
[22/06/2007|17:47] C:\Program Files\MuvExToE
[11/06/2008|12:35] C:\Program Files\Navilog1
[01/07/2007|17:08] C:\Program Files\NCH Swift Sound
[08/07/2007|12:31] C:\Program Files\Nero
[14/12/2007|13:33] C:\Program Files\Nokia
[26/08/2007|01:33] C:\Program Files\OpenAL
[05/12/2007|20:00] C:\Program Files\Packard Bell
[05/12/2007|20:01] C:\Program Files\Packard Bell External HDD
[19/10/2007|14:33] C:\Program Files\Panasonic
[14/12/2007|13:31] C:\Program Files\PC Connectivity Solution
[12/08/2007|14:04] C:\Program Files\PROnetworks
[04/06/2008|18:24] C:\Program Files\PulsRadio
[09/06/2007|21:02] C:\Program Files\QuickPar
[10/04/2008|17:08] C:\Program Files\QuickTime
[01/07/2007|21:24] C:\Program Files\Rapid Solution Software AG
[24/05/2008|22:50] C:\Program Files\RayV
[11/05/2008|10:35] C:\Program Files\Real
[14/05/2008|16:18] C:\Program Files\RealArcade
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[20/05/2008|00:14] C:\Program Files\ReflexiveArcade
[21/03/2008|20:33] C:\Program Files\RegCleaner
[17/01/2008|17:58] C:\Program Files\Replay Media Catcher
[29/04/2008|17:02] C:\Program Files\Replay Music 3
[05/12/2007|21:44] C:\Program Files\Ripp-it_AM
[28/05/2007|21:20] C:\Program Files\RngInterstitial.dll
[02/01/2008|17:54] C:\Program Files\SAGEM
[06/06/2007|12:47] C:\Program Files\Screamer Radio
[19/04/2008|04:21] C:\Program Files\SereneScreen
[23/07/2007|13:39] C:\Program Files\Siber Systems
[29/12/2007|16:36] C:\Program Files\Simpli Software
[02/01/2008|17:42] C:\Program Files\Sitecom
[21/01/2008|23:25] C:\Program Files\SlySoft
[22/11/2007|18:33] C:\Program Files\Softland
[13/09/2007|12:01] C:\Program Files\Sony
[06/08/2007|12:32] C:\Program Files\Spybot - Search & Destroy
[29/05/2008|12:11] C:\Program Files\STOPzilla!
[31/03/2008|17:53] C:\Program Files\StudioLine Photo Classic
[04/06/2008|21:15] C:\Program Files\Sudden Strike 3
[10/06/2008|14:47] C:\Program Files\Teamspeak2_RC2
[12/04/2008|19:02] C:\Program Files\TF1Vision
[11/06/2008|11:27] C:\Program Files\Trend Micro
[16/01/2008|23:16] C:\Program Files\Tunebite
[19/11/2007|22:47] C:\Program Files\UltraISO
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[29/05/2008|10:44] C:\Program Files\VentSrv
[09/06/2007|21:27] C:\Program Files\VideoLAN
[19/11/2007|22:52] C:\Program Files\VirtualDubMOD
[01/07/2007|17:03] C:\Program Files\vso
[20/12/2007|14:14] C:\Program Files\vtplus
[06/06/2008|12:48] C:\Program Files\WarRock
[14/05/2008|16:17] C:\Program Files\Winamp
[31/12/2007|13:32] C:\Program Files\Winamp Toolbar
[30/08/2007|11:22] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[28/05/2007|19:18] C:\Program Files\Windows Defender
[27/02/2008|23:42] C:\Program Files\Windows Live
[15/05/2008|07:41] C:\Program Files\Windows Mail
[08/01/2008|18:41] C:\Program Files\Windows Media Player
[28/05/2007|16:26] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[10/01/2008|02:12] C:\Program Files\Windows Sidebar
[24/01/2008|02:06] C:\Program Files\WinHTTrack
[14/02/2008|17:37] C:\Program Files\WinRAR
[20/12/2007|14:14] C:\Program Files\WinTV
[17/01/2008|23:10] C:\Program Files\Yahoo!

------[ Listing des dossiers dans C:\Program Files\Common Files ]------

[31/03/2008|16:37] C:\Program Files\Common Files\ACD Systems
[12/05/2008|14:06] C:\Program Files\Common Files\Adobe
[08/07/2007|12:36] C:\Program Files\Common Files\Ahead
[10/12/2007|19:22] C:\Program Files\Common Files\Apple
[19/10/2007|14:40] C:\Program Files\Common Files\ArcSoft
[29/12/2007|12:53] C:\Program Files\Common Files\Canon
[25/01/2008|17:14] C:\Program Files\Common Files\Concord
[05/08/2007|23:56] C:\Program Files\Common Files\DESIGNER
[19/11/2007|22:47] C:\Program Files\Common Files\EZB Systems
[02/01/2008|17:59] C:\Program Files\Common Files\France Telecom
[31/03/2008|12:25] C:\Program Files\Common Files\InstallShield
[06/08/2007|23:57] C:\Program Files\Common Files\iS3
[20/12/2007|14:14] C:\Program Files\Common Files\IviSDK
[31/05/2007|14:54] C:\Program Files\Common Files\Java
[19/03/2008|20:17] C:\Program Files\Common Files\Logishrd
[18/10/2007|15:37] C:\Program Files\Common Files\Logitech
[04/06/2008|14:53] C:\Program Files\Common Files\Microsoft Games
[19/03/2008|20:20] C:\Program Files\Common Files\microsoft shared
[25/01/2007|03:52] C:\Program Files\Common Files\NMSAccessU.exe
[14/12/2007|13:33] C:\Program Files\Common Files\Nokia
[14/12/2007|13:33] C:\Program Files\Common Files\PCSuite
[02/09/2007|15:50] C:\Program Files\Common Files\PX Storage Engine
[11/05/2008|10:36] C:\Program Files\Common Files\Real
[17/01/2008|23:10] C:\Program Files\Common Files\Scanner
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[31/07/2007|15:30] C:\Program Files\Common Files\Sony Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[05/08/2007|23:47] C:\Program Files\Common Files\System
[10/11/2007|13:21] C:\Program Files\Common Files\WindowsLiveInstaller
[29/05/2008|10:42] C:\Program Files\Common Files\Wise Installation Wizard
[11/05/2008|10:36] C:\Program Files\Common Files\xing shared

---------------------------[ Process ]--------------------------

... 75

iexplore.exe ~ [4876]

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 13:18:58
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack
=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack\SetupAnyDVD6160.exe
=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack.nfo
=> C:\Users\frederic\Favorites\5octo\This Site is LikeCrack.com -- Like Crack.url
=> C:\Users\frederic\Favorites\KEYGEN.url
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack\game
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack\game\dream2.exe


[F:4][D:1]-> C:\Users\frederic\AppData\Local\Temp
[F:27][D:1]-> C:\Users\frederic\AppData\Roaming\MICROS~1\Windows\Cookies
[F:113][D:4]-> C:\Users\frederic\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:60][D:4]-> C:\$Recycle.Bin

[ UAC => 1 ]

--------------------[ Fin du rapport a 13:19:30,66 ]----------------------
0
Réponse 9 / 35
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
11 juin 2008 à 13:27
ok ensuite :

Télécharger sur le bureau malware bytes : https://www.besttechie.com/resources/malwarebytes/


= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection

un rapport s'ouvre le copier et le coller dans la réponse

Puis redémarrer le pc !!

Et refais un rapport hijackthis
0
Réponse 10 / 35
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
11 juin 2008 à 13:28
vires ces cracks suspects:

=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack
=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack\SetupAnyDVD6160.exe
=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.­Incl-Crack.nfo
=> C:\Users\frederic\Favorites\5octo\This Site is LikeCrack.com -- Like Crack.url
=> C:\Users\frederic\Favorites\KEYGEN.url
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack\game
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack\game\dream2.exe

_________________



télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27D486FB-15CB-40F9-BF92-13081CFB721A}
C:\Windows\system32\vtUopOhg.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

______________________
vire ce qui est dans movedfiles en allant dans poste de travail puis C puis OTMOVIT

C:\_OTMoveIt\MovedFiles

_______________________

recolle un rapport hijackthis et colle un rapport antivir et dis tes soucis actuels
0
Réponse 11 / 35
freddypark Messages postés 56 Date d'inscription dimanche 12 août 2007 Statut Membre Dernière intervention 22 novembre 2019
11 juin 2008 à 13:34
-----------------------[ Lop S&D 4.2.1-3 XP/Vista ]---------------------

[ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
[ USER : frederic ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 11/06/2008 | 13:27:47,06 ] [ PC : PC-DE-FREDERIC ]
[ MAJ : 07-06-2008 | 22:15 ]
[ UAC => 0 ]


//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


-------------[ Listing des dossiers dans Application Data ]------------


[31/03/2008|16:37] C:\Users\frederic\AppData\Roaming\ACD Systems\ACDSeePhotoEditor

[14/12/2007|17:13] C:\Users\frederic\AppData\Roaming\Adobe\Flash Player
[01/06/2007|17:46] C:\Users\frederic\AppData\Roaming\Adobe\Linguistics
[01/06/2007|17:45] C:\Users\frederic\AppData\Roaming\Adobe\Acrobat

[17/09/2007|23:45] C:\Users\frederic\AppData\Roaming\Ahead\NeroVision
[02/09/2007|15:39] C:\Users\frederic\AppData\Roaming\Ahead\Nero Recode
[09/07/2007|17:26] C:\Users\frederic\AppData\Roaming\Ahead\Nero Burning ROM

[21/05/2008|16:30] C:\Users\frederic\AppData\Roaming\AntiVir PersonalEdition Premium\MCACHEDB
[21/11/2007|19:39] C:\Users\frederic\AppData\Roaming\AntiVir PersonalEdition Premium\MAIL
[25/10/2007|12:36] C:\Users\frederic\AppData\Roaming\AntiVir PersonalEdition Premium\MCACHE

[07/06/2008|12:57] C:\Users\frederic\AppData\Roaming\Apple Computer\iTunes
[12/05/2008|14:35] C:\Users\frederic\AppData\Roaming\Apple Computer\Safari

[19/10/2007|14:44] C:\Users\frederic\AppData\Roaming\Arcsoft\Arcsoft PhotoImpression 5
[19/10/2007|14:43] C:\Users\frederic\AppData\Roaming\Arcsoft\ArcRegister
[19/10/2007|14:43] C:\Users\frederic\AppData\Roaming\Arcsoft\PhotoBase

[07/12/2007|01:15] C:\Users\frederic\AppData\Roaming\Datalayer\353946012526221

[04/06/2008|13:20] C:\Users\frederic\AppData\Roaming\DivX\DivX Player
[02/09/2007|16:26] C:\Users\frederic\AppData\Roaming\DivX\DivX Codec

[22/09/2007|22:28] C:\Users\frederic\AppData\Roaming\dvdcss\-0000000000000000
[06/09/2007|15:49] C:\Users\frederic\AppData\Roaming\dvdcss\-0ab928000ab97c00-0000000000
[04/09/2007|12:30] C:\Users\frederic\AppData\Roaming\dvdcss\-0d7320000d73d500-0000000000
[02/09/2007|14:27] C:\Users\frederic\AppData\Roaming\dvdcss\MERCENARY_FOR_JUSTICE-2006090117542100
[02/09/2007|14:22] C:\Users\frederic\AppData\Roaming\dvdcss\OVER_THE_HEDGE-3230303730393032
[02/09/2007|13:45] C:\Users\frederic\AppData\Roaming\dvdcss\OVER_THE_HEDGE-2006100613471900
[30/07/2007|21:36] C:\Users\frederic\AppData\Roaming\dvdcss\POLTERGAY-2007031316250800
[28/07/2007|16:48] C:\Users\frederic\AppData\Roaming\dvdcss\ECOLE_POUR_TOUS-2007022616390300-07aef40a64
[09/07/2007|16:09] C:\Users\frederic\AppData\Roaming\dvdcss\BANLIEUE_13-0000000000000000-0000000001
[01/07/2007|17:24] C:\Users\frederic\AppData\Roaming\dvdcss\WAIKA_DVD1-2006091411581600

[15/05/2008|22:41] C:\Users\frederic\AppData\Roaming\EPSON\ESCNDV
[31/03/2008|12:30] C:\Users\frederic\AppData\Roaming\EPSON\Creativity Suite

[16/06/2007|14:12] C:\Users\frederic\AppData\Roaming\F-Secure\System Control
[28/05/2007|20:51] C:\Users\frederic\AppData\Roaming\F-Secure\Spam Control



[11/06/2008|11:52] C:\Users\frederic\AppData\Roaming\Google\Local Search History
[13/07/2007|15:32] C:\Users\frederic\AppData\Roaming\Google\GoogleEarth

[09/06/2008|12:15] C:\Users\frederic\AppData\Roaming\GrabIt\Articles
[09/06/2008|12:15] C:\Users\frederic\AppData\Roaming\GrabIt\Temp
[26/04/2008|13:28] C:\Users\frederic\AppData\Roaming\GrabIt\Groups


[29/09/2007|00:26] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-JM9C-24JLMUCREVUJ}
[18/09/2007|16:45] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-LH31-23G9CBQV6VVM}
[18/09/2007|16:11] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG1-FP6A-248DTTL0QVVP}
[14/09/2007|21:59] C:\Users\frederic\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-4A90-24BL1LF8IVV6}
[14/09/2007|21:36] C:\Users\frederic\AppData\Roaming\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVIP}
[28/05/2007|17:04] C:\Users\frederic\AppData\Roaming\Identities\{AA352D25-1FA1-4C11-98C9-F59EE5CC16B8}

[26/08/2007|00:12] C:\Users\frederic\AppData\Roaming\InstallShield\ISEngine12.0

[25/03/2008|23:11] C:\Users\frederic\AppData\Roaming\iWin\PollyPride

[20/03/2008|02:16] C:\Users\frederic\AppData\Roaming\Logitech\SetPoint

[11/06/2008|11:56] C:\Users\frederic\AppData\Roaming\Macromedia\Flash Player


[10/06/2008|14:23] C:\Users\frederic\AppData\Roaming\Microsoft\Excel
[10/06/2008|13:30] C:\Users\frederic\AppData\Roaming\Microsoft\Word
[29/05/2008|21:36] C:\Users\frederic\AppData\Roaming\Microsoft\Office
[18/05/2008|23:57] C:\Users\frederic\AppData\Roaming\Microsoft\Templates
[14/05/2008|16:12] C:\Users\frederic\AppData\Roaming\Microsoft\Installer
[24/04/2008|08:58] C:\Users\frederic\AppData\Roaming\Microsoft\Credentials
[14/04/2008|17:39] C:\Users\frederic\AppData\Roaming\Microsoft\Publisher
[25/01/2008|17:12] C:\Users\frederic\AppData\Roaming\Microsoft\digital locker
[04/01/2008|17:29] C:\Users\frederic\AppData\Roaming\Microsoft\Windows
[13/12/2007|01:20] C:\Users\frederic\AppData\Roaming\Microsoft\InfoPath
[23/11/2007|01:11] C:\Users\frederic\AppData\Roaming\Microsoft\CLR Security Config
[22/11/2007|18:28] C:\Users\frederic\AppData\Roaming\Microsoft\CLView
[21/11/2007|19:41] C:\Users\frederic\AppData\Roaming\Microsoft\Outlook
[15/09/2007|12:01] C:\Users\frederic\AppData\Roaming\Microsoft\MSN Messenger
[15/09/2007|00:25] C:\Users\frederic\AppData\Roaming\Microsoft\UProof
[30/08/2007|12:56] C:\Users\frederic\AppData\Roaming\Microsoft\Internet Explorer
[22/08/2007|18:14] C:\Users\frederic\AppData\Roaming\Microsoft\Speech
[12/08/2007|14:10] C:\Users\frederic\AppData\Roaming\Microsoft\MMC
[06/08/2007|00:02] C:\Users\frederic\AppData\Roaming\Microsoft\Proof
[06/08/2007|00:02] C:\Users\frederic\AppData\Roaming\Microsoft\Document Building Blocks
[06/08/2007|00:02] C:\Users\frederic\AppData\Roaming\Microsoft\AddIns
[06/08/2007|00:01] C:\Users\frederic\AppData\Roaming\Microsoft\OIS
[11/07/2007|14:26] C:\Users\frederic\AppData\Roaming\Microsoft\Windows Live Call
[11/07/2007|14:26] C:\Users\frederic\AppData\Roaming\Microsoft\IdentityCRL
[28/06/2007|17:29] C:\Users\frederic\AppData\Roaming\Microsoft\Media Player
[22/06/2007|18:11] C:\Users\frederic\AppData\Roaming\Microsoft\eHome
[30/05/2007|16:24] C:\Users\frederic\AppData\Roaming\Microsoft\HTML Help
[29/05/2007|16:35] C:\Users\frederic\AppData\Roaming\Microsoft\SystemCertificates
[29/05/2007|16:34] C:\Users\frederic\AppData\Roaming\Microsoft\Crypto
[28/05/2007|17:04] C:\Users\frederic\AppData\Roaming\Microsoft\Protect

[28/03/2008|19:43] C:\Users\frederic\AppData\Roaming\Mozilla\Firefox


[13/06/2007|13:53] C:\Users\frederic\AppData\Roaming\NCH Swift Sound\SoundTap

[10/12/2007|00:30] C:\Users\frederic\AppData\Roaming\Nokia\Music Manager
[09/12/2007|22:43] C:\Users\frederic\AppData\Roaming\Nokia\LaunchApplication
[09/12/2007|22:43] C:\Users\frederic\AppData\Roaming\Nokia\GetConnectedWizard
[09/12/2007|22:38] C:\Users\frederic\AppData\Roaming\Nokia\ContactsEditor
[07/12/2007|01:12] C:\Users\frederic\AppData\Roaming\Nokia\PCSync


[29/07/2007|13:09] C:\Users\frederic\AppData\Roaming\OpenOffice.org2\user

[06/08/2007|10:42] C:\Users\frederic\AppData\Roaming\Paltalk\profile repository
[20/07/2007|11:41] C:\Users\frederic\AppData\Roaming\Paltalk\overlays
[20/07/2007|11:37] C:\Users\frederic\AppData\Roaming\Paltalk\groups

[25/11/2007|13:56] C:\Users\frederic\AppData\Roaming\Panasonic\phdb

[09/12/2007|23:06] C:\Users\frederic\AppData\Roaming\PC Suite\353946012526221
[09/12/2007|22:36] C:\Users\frederic\AppData\Roaming\PC Suite\Settings

[20/05/2008|13:42] C:\Users\frederic\AppData\Roaming\PlayFirst\dreamchronicles2
[17/01/2008|02:00] C:\Users\frederic\AppData\Roaming\PlayFirst\dreamchronicles
[09/07/2007|21:40] C:\Users\frederic\AppData\Roaming\PlayFirst\chocolatier
[15/06/2007|01:44] C:\Users\frederic\AppData\Roaming\PlayFirst\mysteryofsharkisland



[11/06/2008|11:52] C:\Users\frederic\AppData\Roaming\Real\RealPlayer
[11/05/2008|10:36] C:\Users\frederic\AppData\Roaming\Real\Msg
[11/05/2008|10:35] C:\Users\frederic\AppData\Roaming\Real\rnadmin
[30/08/2007|18:02] C:\Users\frederic\AppData\Roaming\Real\RealMediaSDK


[29/11/2007|22:43] C:\Users\frederic\AppData\Roaming\SecuROM\UserData

[29/11/2007|22:44] C:\Users\frederic\AppData\Roaming\Sierra Entertainment\Empire Earth III


[06/08/2007|10:35] C:\Users\frederic\AppData\Roaming\SlySoft\AnyDVD

[13/09/2007|12:13] C:\Users\frederic\AppData\Roaming\Sony Corporation\SonicStage
[31/07/2007|15:40] C:\Users\frederic\AppData\Roaming\Sony Corporation\OpenMG Jukebox




[06/02/2008|23:07] C:\Users\frederic\AppData\Roaming\Thunderbird\Profiles


[02/01/2008|19:19] C:\Users\frederic\AppData\Roaming\U3\00001871157015B2
[02/01/2008|19:17] C:\Users\frederic\AppData\Roaming\U3\temp

[10/06/2007|14:23] C:\Users\frederic\AppData\Roaming\UseNeXT\cache

[18/03/2008|19:47] C:\Users\frederic\AppData\Roaming\vlc\cache



[29/09/2007|00:26] C:\Users\frederic\AppData\Roaming\Zylom\2092
[18/09/2007|16:45] C:\Users\frederic\AppData\Roaming\Zylom\147
[18/09/2007|16:11] C:\Users\frederic\AppData\Roaming\Zylom\38
[14/09/2007|21:59] C:\Users\frederic\AppData\Roaming\Zylom\43
[14/09/2007|21:36] C:\Users\frederic\AppData\Roaming\Zylom\106

----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

[05/06/2008 23:57][--a------] C:\Windows\tasks\Auto Backup for frederic.job
[11/06/2008 12:45][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{AF5C0371-3DE2-44D7-8718-0ABBC62C52B3}.job
[11/06/2008 13:25][--ah-----] C:\Windows\tasks\SA.DAT
[11/06/2008 13:24][--a------] C:\Windows\tasks\SCHEDLGU.TXT

------[ Listing des dossiers dans C:\ProgramData ]------

[22/01/2008|21:47] C:\ProgramData\.zreglib
[31/03/2008|16:37] C:\ProgramData\ACD Systems
[25/08/2007|13:03] C:\ProgramData\addr_file.html
[05/02/2008|21:56] C:\ProgramData\Adobe
[29/06/2007|16:42] C:\ProgramData\Age of Empires 3
[02/09/2007|15:33] C:\ProgramData\Ahead
[20/04/2008|18:07] C:\ProgramData\Aliasworlds
[06/11/2007|17:05] C:\ProgramData\Apple
[10/04/2008|17:09] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[19/04/2008|11:29] C:\ProgramData\Avira
[23/08/2007|19:58] C:\ProgramData\BC Soft Games
[28/05/2007|16:26] C:\ProgramData\Bureau
[01/07/2007|21:26] C:\ProgramData\C9B086CE-4A3B-11DB-8373-B622A1EF5492
[28/05/2007|15:30] C:\ProgramData\CanonBJ
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[09/12/2007|22:37] C:\ProgramData\Downloaded Installations
[02/09/2007|14:28] C:\ProgramData\DVD Shrink
[30/09/2007|10:02] C:\ProgramData\Enkord
[16/03/2008|18:06] C:\ProgramData\EPSON
[28/05/2007|16:26] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[25/08/2007|13:05] C:\ProgramData\F-Secure
[28/05/2007|19:31] C:\ProgramData\fssg
[29/04/2008|21:40] C:\ProgramData\Google
[11/06/2008|13:13] C:\ProgramData\Google Updater
[05/05/2008|23:48] C:\ProgramData\HipSoft
[14/12/2007|13:26] C:\ProgramData\Installations
[28/05/2007|21:36] C:\ProgramData\JollyBear
[18/08/2007|12:34] C:\ProgramData\Lavasoft
[19/03/2008|20:21] C:\ProgramData\LogiShrd
[19/03/2008|20:16] C:\ProgramData\Logitech
[28/05/2007|16:26] C:\ProgramData\Menu D‚marrer
[02/01/2008|17:58] C:\ProgramData\Microsoft
[15/05/2008|07:41] C:\ProgramData\Microsoft Help
[28/05/2007|16:26] C:\ProgramData\ModŠles
[10/09/2007|23:17] C:\ProgramData\n7-89-o9-3r-4t-r9
[19/11/2007|19:38] C:\ProgramData\NCH Software
[08/07/2007|12:31] C:\ProgramData\Nero
[10/06/2008|18:25] C:\ProgramData\ntuser.pol
[05/12/2007|16:45] C:\ProgramData\NVIDIA
[14/06/2007|23:56] C:\ProgramData\Oberon Media
[09/12/2007|22:45] C:\ProgramData\PC Suite
[19/05/2008|23:58] C:\ProgramData\PlayFirst
[18/08/2007|12:53] C:\ProgramData\PopCap Games
[05/12/2007|21:44] C:\ProgramData\RapidSolution
[23/07/2007|13:40] C:\ProgramData\RoboForm
[16/03/2008|16:56] C:\ProgramData\SITEguard
[06/08/2007|10:34] C:\ProgramData\SlySoft
[31/07/2007|15:40] C:\ProgramData\SonicStage
[31/07/2007|15:40] C:\ProgramData\Sony Corporation
[20/05/2008|20:01] C:\ProgramData\SpinTop Games
[11/06/2008|11:52] C:\ProgramData\Spybot - Search & Destroy
[28/06/2007|15:56] C:\ProgramData\SRS Labs
[02/11/2006|15:02] C:\ProgramData\Start Menu
[11/06/2008|13:27] C:\ProgramData\STOPzilla!
[30/06/2007|19:10] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[14/09/2007|17:42] C:\ProgramData\tunebite
[16/03/2008|13:30] C:\ProgramData\UDL
[31/12/2007|13:32] C:\ProgramData\Winamp Toolbar
[30/05/2007|14:14] C:\ProgramData\Windows Genuine Advantage
[04/09/2007|12:23] C:\ProgramData\WindowsLiveInstaller
[10/11/2007|13:16] C:\ProgramData\WLInstaller
[31/05/2007|14:11] C:\ProgramData\Yahoo! Companion
[20/05/2008|13:52] C:\ProgramData\Zylom

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[19/04/2008|04:29] C:\Program Files\3Planesoft Screensaver Manager
[16/03/2008|13:26] C:\Program Files\ABBYY FineReader 6.0 Sprint
[02/09/2007|16:00] C:\Program Files\AC3Filter
[31/03/2008|16:37] C:\Program Files\ACD Systems
[05/02/2008|21:56] C:\Program Files\Adobe
[29/11/2007|22:32] C:\Program Files\AGEIA Technologies
[21/11/2007|22:26] C:\Program Files\Alex Feinman
[05/05/2008|12:51] C:\Program Files\Apple Software Update
[19/10/2007|14:37] C:\Program Files\ArcSoft
[22/10/2007|23:33] C:\Program Files\Avira
[14/05/2008|16:11] C:\Program Files\AviSynth 2.5
[21/03/2008|20:22] C:\Program Files\CCleaner
[12/04/2008|12:08] C:\Program Files\CDex_170b2
[14/04/2008|12:30] C:\Program Files\Cheat 'O Matic
[04/06/2008|14:53] C:\Program Files\Common Files
[23/04/2008|18:16] C:\Program Files\Conduit
[19/04/2008|04:29] C:\Program Files\Deep Space 3D Screensaver
[31/08/2007|17:10] C:\Program Files\desktop.ini
[09/12/2007|22:36] C:\Program Files\DIFX
[04/06/2008|13:28] C:\Program Files\DivX
[20/05/2008|00:19] C:\Program Files\Dream Chronicles 2
[30/07/2007|22:01] C:\Program Files\DVD Shrink
[16/03/2008|13:28] C:\Program Files\epson
[28/05/2007|16:26] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[13/11/2007|00:00] C:\Program Files\FLVPlayer
[01/03/2008|13:22] C:\Program Files\Free Audio Pack
[23/04/2008|18:16] C:\Program Files\Freecorder
[23/04/2008|18:16] C:\Program Files\Freecorder Toolbar
[04/06/2008|21:20] C:\Program Files\GameSpy Arcade
[25/01/2008|17:16] C:\Program Files\Ghost Navigator
[13/05/2008|08:29] C:\Program Files\GIMP-2.0
[29/04/2008|21:44] C:\Program Files\Google
[02/02/2008|21:04] C:\Program Files\GrabIt
[02/06/2008|11:12] C:\Program Files\IEDP2
[20/07/2007|18:10] C:\Program Files\iGO POI Explorer beta
[28/11/2007|14:56] C:\Program Files\Init
[04/06/2008|14:53] C:\Program Files\InstallShield Installation Information
[10/04/2008|16:49] C:\Program Files\Internet Explorer
[10/04/2008|17:09] C:\Program Files\iPod
[13/06/2007|13:19] C:\Program Files\i-Sound Pro
[10/04/2008|17:09] C:\Program Files\iTunes
[25/03/2008|23:05] C:\Program Files\Java
[18/08/2007|12:34] C:\Program Files\Lavasoft
[19/03/2008|20:16] C:\Program Files\Logitech
[23/04/2008|12:15] C:\Program Files\LogMeIn
[16/07/2007|20:57] C:\Program Files\Macrogaming
[14/05/2008|13:35] C:\Program Files\Maxi-Motamo
[24/01/2008|17:52] C:\Program Files\Metaboli Player
[27/05/2008|11:41] C:\Program Files\Micro Application
[04/06/2008|13:58] C:\Program Files\Microsoft Games
[30/05/2007|16:12] C:\Program Files\Microsoft LifeCam
[05/08/2007|23:56] C:\Program Files\Microsoft Office
[30/04/2008|18:42] C:\Program Files\Microsoft Silverlight
[28/10/2007|13:55] C:\Program Files\Microsoft SQL Server Compact Edition
[05/08/2007|23:56] C:\Program Files\Microsoft Visual Studio
[05/08/2007|23:47] C:\Program Files\Microsoft Visual Studio 8
[05/08/2007|23:58] C:\Program Files\Microsoft Works
[05/08/2007|23:52] C:\Program Files\Microsoft.NET
[20/07/2007|14:24] C:\Program Files\Mio Technology
[02/09/2007|14:54] C:\Program Files\MKVToolnix
[02/11/2006|14:42] C:\Program Files\Movie Maker
[22/04/2008|16:44] C:\Program Files\Mozilla Firefox
[21/03/2008|19:35] C:\Program Files\Mozilla Thunderbird
[05/08/2007|23:57] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[30/06/2007|00:34] C:\Program Files\MSXML 4.0
[22/06/2007|17:47] C:\Program Files\MuvExToE
[11/06/2008|12:35] C:\Program Files\Navilog1
[01/07/2007|17:08] C:\Program Files\NCH Swift Sound
[08/07/2007|12:31] C:\Program Files\Nero
[14/12/2007|13:33] C:\Program Files\Nokia
[26/08/2007|01:33] C:\Program Files\OpenAL
[05/12/2007|20:00] C:\Program Files\Packard Bell
[05/12/2007|20:01] C:\Program Files\Packard Bell External HDD
[19/10/2007|14:33] C:\Program Files\Panasonic
[14/12/2007|13:31] C:\Program Files\PC Connectivity Solution
[12/08/2007|14:04] C:\Program Files\PROnetworks
[04/06/2008|18:24] C:\Program Files\PulsRadio
[09/06/2007|21:02] C:\Program Files\QuickPar
[10/04/2008|17:08] C:\Program Files\QuickTime
[01/07/2007|21:24] C:\Program Files\Rapid Solution Software AG
[24/05/2008|22:50] C:\Program Files\RayV
[11/05/2008|10:35] C:\Program Files\Real
[14/05/2008|16:18] C:\Program Files\RealArcade
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[20/05/2008|00:14] C:\Program Files\ReflexiveArcade
[21/03/2008|20:33] C:\Program Files\RegCleaner
[17/01/2008|17:58] C:\Program Files\Replay Media Catcher
[29/04/2008|17:02] C:\Program Files\Replay Music 3
[05/12/2007|21:44] C:\Program Files\Ripp-it_AM
[28/05/2007|21:20] C:\Program Files\RngInterstitial.dll
[02/01/2008|17:54] C:\Program Files\SAGEM
[06/06/2007|12:47] C:\Program Files\Screamer Radio
[19/04/2008|04:21] C:\Program Files\SereneScreen
[23/07/2007|13:39] C:\Program Files\Siber Systems
[29/12/2007|16:36] C:\Program Files\Simpli Software
[02/01/2008|17:42] C:\Program Files\Sitecom
[21/01/2008|23:25] C:\Program Files\SlySoft
[22/11/2007|18:33] C:\Program Files\Softland
[13/09/2007|12:01] C:\Program Files\Sony
[06/08/2007|12:32] C:\Program Files\Spybot - Search & Destroy
[29/05/2008|12:11] C:\Program Files\STOPzilla!
[31/03/2008|17:53] C:\Program Files\StudioLine Photo Classic
[04/06/2008|21:15] C:\Program Files\Sudden Strike 3
[10/06/2008|14:47] C:\Program Files\Teamspeak2_RC2
[12/04/2008|19:02] C:\Program Files\TF1Vision
[11/06/2008|11:27] C:\Program Files\Trend Micro
[16/01/2008|23:16] C:\Program Files\Tunebite
[19/11/2007|22:47] C:\Program Files\UltraISO
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[29/05/2008|10:44] C:\Program Files\VentSrv
[09/06/2007|21:27] C:\Program Files\VideoLAN
[19/11/2007|22:52] C:\Program Files\VirtualDubMOD
[01/07/2007|17:03] C:\Program Files\vso
[20/12/2007|14:14] C:\Program Files\vtplus
[06/06/2008|12:48] C:\Program Files\WarRock
[14/05/2008|16:17] C:\Program Files\Winamp
[31/12/2007|13:32] C:\Program Files\Winamp Toolbar
[30/08/2007|11:22] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[28/05/2007|19:18] C:\Program Files\Windows Defender
[27/02/2008|23:42] C:\Program Files\Windows Live
[15/05/2008|07:41] C:\Program Files\Windows Mail
[08/01/2008|18:41] C:\Program Files\Windows Media Player
[28/05/2007|16:26] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[10/01/2008|02:12] C:\Program Files\Windows Sidebar
[24/01/2008|02:06] C:\Program Files\WinHTTrack
[14/02/2008|17:37] C:\Program Files\WinRAR
[20/12/2007|14:14] C:\Program Files\WinTV
[17/01/2008|23:10] C:\Program Files\Yahoo!

------[ Listing des dossiers dans C:\Program Files\Common Files ]------

[31/03/2008|16:37] C:\Program Files\Common Files\ACD Systems
[12/05/2008|14:06] C:\Program Files\Common Files\Adobe
[08/07/2007|12:36] C:\Program Files\Common Files\Ahead
[10/12/2007|19:22] C:\Program Files\Common Files\Apple
[19/10/2007|14:40] C:\Program Files\Common Files\ArcSoft
[29/12/2007|12:53] C:\Program Files\Common Files\Canon
[25/01/2008|17:14] C:\Program Files\Common Files\Concord
[05/08/2007|23:56] C:\Program Files\Common Files\DESIGNER
[19/11/2007|22:47] C:\Program Files\Common Files\EZB Systems
[02/01/2008|17:59] C:\Program Files\Common Files\France Telecom
[31/03/2008|12:25] C:\Program Files\Common Files\InstallShield
[06/08/2007|23:57] C:\Program Files\Common Files\iS3
[20/12/2007|14:14] C:\Program Files\Common Files\IviSDK
[31/05/2007|14:54] C:\Program Files\Common Files\Java
[19/03/2008|20:17] C:\Program Files\Common Files\Logishrd
[18/10/2007|15:37] C:\Program Files\Common Files\Logitech
[04/06/2008|14:53] C:\Program Files\Common Files\Microsoft Games
[19/03/2008|20:20] C:\Program Files\Common Files\microsoft shared
[25/01/2007|03:52] C:\Program Files\Common Files\NMSAccessU.exe
[14/12/2007|13:33] C:\Program Files\Common Files\Nokia
[14/12/2007|13:33] C:\Program Files\Common Files\PCSuite
[02/09/2007|15:50] C:\Program Files\Common Files\PX Storage Engine
[11/05/2008|10:36] C:\Program Files\Common Files\Real
[17/01/2008|23:10] C:\Program Files\Common Files\Scanner
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[31/07/2007|15:30] C:\Program Files\Common Files\Sony Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[05/08/2007|23:47] C:\Program Files\Common Files\System
[10/11/2007|13:21] C:\Program Files\Common Files\WindowsLiveInstaller
[29/05/2008|10:42] C:\Program Files\Common Files\Wise Installation Wizard
[11/05/2008|10:36] C:\Program Files\Common Files\xing shared

---------------------------[ Process ]--------------------------

... 65

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 13:28:47
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack
=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack\SetupAnyDVD6160.exe
=> C:\Users\frederic\Desktop\divers\dvd divx\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack\SlySoft.AnyDVD.HD.v6.1.6.0.FR.JiNo22.Incl-Crack.nfo
=> C:\Users\frederic\Favorites\5octo\This Site is LikeCrack.com -- Like Crack.url
=> C:\Users\frederic\Favorites\KEYGEN.url
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack\game
=> C:\ProgramData\PlayFirst\Games\dreamchronicles2\Crack\game\dream2.exe


[F:5][D:1]-> C:\Users\frederic\AppData\Local\Temp
[F:27][D:1]-> C:\Users\frederic\AppData\Roaming\MICROS~1\Windows\Cookies
[F:33][D:4]-> C:\Users\frederic\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:60][D:4]-> C:\$Recycle.Bin

[ UAC => 1 ]

--------------------[ Fin du rapport a 13:30:21,34 ]----------------------

merci je continue :-)
0
Réponse 12 / 35
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
11 juin 2008 à 13:39
Télécharger sur le bureau malware bytes : https://www.besttechie.com/resources/malwarebytes/


= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection

un rapport s'ouvre le copier et le coller dans la réponse

Puis redémarrer le pc !!

Et refais un rapport hijackthis
0
Réponse 13 / 35
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
11 juin 2008 à 13:51
message 12
0
Réponse 14 / 35
freddypark Messages postés 56 Date d'inscription dimanche 12 août 2007 Statut Membre Dernière intervention 22 novembre 2019
11 juin 2008 à 14:09
re,

j'ai tenté 2 fois un scan malwarebytes mais j'ai eu droit 2 fois a un ecran BLEU :

Signature du problème :
Nom d’événement de problème: BlueScreen
Version du système: 6.0.6000.2.0.0.768.3
Identificateur de paramètres régionaux: 1036

Informations supplémentaires sur le problème :
BCCode: 1000007e
BCP1: C0000005
BCP2: 00000000
BCP3: 883D07B0
BCP4: 883D04AC
OS Version: 6_0_6000
Service Pack: 0_0
Product: 768_1

Fichiers aidant à décrire le problème :
C:\Windows\Minidump\Mini061108-02.dmp
C:\Users\frederic\AppData\Local\Temp\WER-278570-0.sysdata.xml
C:\Users\frederic\AppData\Local\Temp\WER6621.tmp.version.txt

Lire notre déclaration de confidentialité :
https://privacy.microsoft.com/fr-fr/microsoft-error-reporting-privacy-statement

je fait un hijackthis ...
0
Réponse 15 / 35
freddypark Messages postés 56 Date d'inscription dimanche 12 août 2007 Statut Membre Dernière intervention 22 novembre 2019
11 juin 2008 à 14:10
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:43, on 11/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {27D486FB-15CB-40F9-BF92-13081CFB721A} - C:\Windows\system32\vtUopOhg.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {E49BA462-5C96-48C5-AEF9-A1A32BA1D3F1} - C:\Windows\system32\urqQhHyA.dll
O2 - BHO: {34448226-1e5f-dddb-6694-96842f55142f} - {f24155f2-4869-4966-bddd-f5e162284443} - C:\Windows\system32\rynbvksv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqQhHyA.dll,#1
O4 - HKLM\..\Run: [6cc17e98] rundll32.exe "C:\Windows\system32\lusrcdmk.dll",b
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SE946.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {3E9BAF2D-7A79-11D2-9334-0000F875AE17} - https://www.allocam.com
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: EPGService - Unknown owner - J:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
0
Réponse 16 / 35
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
11 juin 2008 à 14:11
ok relance hijakchits, fais do a system scan only, selectionne ces lignes et fais FIX CHEKED

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: (no name) - {27D486FB-15CB-40F9-BF92-13081CFB721A} - C:\Windows\system32\vtUopOhg.dll
O2 - BHO: (no name) - {E49BA462-5C96-48C5-AEF9-A1A32BA1D3F1} - C:\Windows\system32\urqQhHyA.dll
O2 - BHO: {34448226-1e5f-dddb-6694-96842f55142f} - {f24155f2-4869-4966-bddd-f5e162284443} - C:\Windows\system32\rynbvksv.dll
O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqQhHyA.dll,#1
O4 - HKLM\..\Run: [6cc17e98] rundll32.exe "C:\Windows\system32\lusrcdmk.dll",b
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab





_______________________



Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


File::
C:\Windows\system32\vtUopOhg.dll
C:\Windows\system32\urqQhHyA.dll
C:\Windows\system32\rynbvksv.dll
C:\Windows\system32\urqQhHyA.dll
C:\Windows\system32\lusrcdmk.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27D486FB-15CB-40F9-BF92-13081CFB721A}]



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis , un rapport antivir et dis surtout si encore des soucis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 17 / 35
freddypark Messages postés 56 Date d'inscription dimanche 12 août 2007 Statut Membre Dernière intervention 22 novembre 2019
11 juin 2008 à 14:17
pour l'instant aucune fenetre de pub , si aucun autre souci d'ici la fin de l'apres midi je marquerai ce message en Résolu.

Merci beaucoup pour votre aide toujours très claire et rapide
0
Réponse 18 / 35
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
11 juin 2008 à 14:18
message 18 svp
0
freddypark Messages postés 56 Date d'inscription dimanche 12 août 2007 Statut Membre Dernière intervention 22 novembre 2019
11 juin 2008 à 15:09
pour message 18 antivir en cours 40 %
0
Réponse 19 / 35
freddypark Messages postés 56 Date d'inscription dimanche 12 août 2007 Statut Membre Dernière intervention 22 novembre 2019
11 juin 2008 à 15:12
pour combifix message d'erreur : une reference a ete renvoyé par le serveur
0
Réponse 20 / 35
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
11 juin 2008 à 15:23
desactive ton compte utilisateur puis refais

http://www.vic38.fr/...


___________________


Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


File::
C:\Windows\system32\vtUopOhg.dll
C:\Windows\system32\urqQhHyA.dll
C:\Windows\system32\rynbvksv.dll
C:\Windows\system32\urqQhHyA.dll
C:\Windows\system32\lusrcdmk.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27D486FB-15CB-40F9-BF92-13081CFB721A}]



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis , un rapport antivir et dis surtout si encore des soucis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Prélèvement Google Ireland Limited
jaffa1961 -
gill34051 -

32 réponses
Facture de google 380€ !
Misternet -
okapi -

61 réponses