Sujet Précédent Sujet Suivant

Rapport apres scanne

Fermé
husqui42 - 13 déc. 2009 à 10:07
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 - 20 déc. 2009 à 17:23
Bonjour,
======= RAPPORT D'AD-REMOVER 1.1.4.6_E | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 12.12.2009 à 22:46
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 9:40:34, 13/12/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: POMMIER-0278A92 | Utilisateur actuel: Pommier
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

C:\DOCUME~1\Pommier\APPLIC~1\EoRezo
C:\DOCUME~1\Pommier\APPLIC~1\ItsLabel
C:\Program Files\Live-Player
.
HKCU\software\32 Vegas Casino
HKCU\software\EoRezo
HKCU\software\ItsLabel
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
HKLM\software\32 Vegas Casino
HKLM\Software\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\software\EoRezo
HKLM\software\ItsLabel
HKLM\software\Live-Player
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SoftwareHelper
HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1
HKLM\software\microsoft\windows\currentversion\uninstall\vmneme
HKU\s-1-5-21-1935655697-73586283-839522115-1004\software\32 Vegas Casino
HKU\s-1-5-21-1935655697-73586283-839522115-1004\software\EoRezo
HKU\s-1-5-21-1935655697-73586283-839522115-1004\software\ItsLabel
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.5 [fr] *
.
Nom du profil: br5icvbq.default (Pommier)
.
(Pommier, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Pommier\Mes documents\Mes images
(Pommier, prefs.js) Browser.search.defaultenginename, Google
(Pommier, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(Pommier, prefs.js) Browser.search.selectedEngine, FireSearch
(Pommier, prefs.js) Browser.startup.homepage, hxxp://www.google.fr/
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.google.fr/
Default_Page_URL: hxxp://www.01net.com/telecharger/
Enable Browser Extensions: yes
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
520 Octet(s) - C:\Ad-Report-SCAN[1].log
3373 Octet(s) - C:\Ad-Report-SCAN[2].log
.
19 Fichier(s) - C:\DOCUME~1\Pommier\LOCALS~1\Temp
14 Fichier(s) - C:\WINDOWS\Temp
60 Fichier(s) - C:\WINDOWS\Prefetch
.
3 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 10:01:14 | 13/12/2009 - SCAN[2]
.
============== E.O.F ==============
.

37 réponses

  • 1
  • 2
Réponse 1 / 37
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
13 déc. 2009 à 10:08
Bonjour,


>Relance Ad-Remover :


Pour les ordinateurs équipés de Windows Vista et Windows 7, la désactivation du Contrôle des comptes utilisateurs est obligatoire
sous peine de ne pas pouvoir faire fonctionner correctement l'outil.
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

>Ad-Remover<

>Désactive ton antivirus le temps de la manip
>Déconnecte-toi d'Internet et ferme toutes applications en cours
>Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program Files).
>Au menu principal, choisis l'option L (Nettoyage)
>Poste le rapport généré (C:\Ad-Report-CLEAN.log).
>N'oublie pas de réactiver ton anti-virus
0
Réponse 2 / 37
husqui42
13 déc. 2009 à 11:19
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_E | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 12.12.2009 à 22:46
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 10:56:37, 13/12/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: POMMIER-0278A92 | Utilisateur actuel: Pommier
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

C:\DOCUME~1\Pommier\APPLIC~1\EoRezo
C:\DOCUME~1\Pommier\APPLIC~1\ItsLabel
C:\Program Files\Live-Player
.
HKCU\software\32 Vegas Casino
HKCU\software\EoRezo
HKCU\software\ItsLabel
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
HKLM\software\32 Vegas Casino
HKLM\Software\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\software\EoRezo
HKLM\software\ItsLabel
HKLM\software\Live-Player
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SoftwareHelper
HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1
HKLM\software\microsoft\windows\currentversion\uninstall\vmneme
HKU\s-1-5-21-1935655697-73586283-839522115-1004\software\32 Vegas Casino
HKU\s-1-5-21-1935655697-73586283-839522115-1004\software\EoRezo
HKU\s-1-5-21-1935655697-73586283-839522115-1004\software\ItsLabel
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.5 [fr] *
.
Nom du profil: br5icvbq.default (Pommier)
.
(Pommier, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Pommier\Mes documents\Mes images
(Pommier, prefs.js) Browser.search.defaultenginename, Google
(Pommier, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(Pommier, prefs.js) Browser.search.selectedEngine, FireSearch
(Pommier, prefs.js) Browser.startup.homepage, hxxp://www.google.fr/
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.google.fr/
Default_Page_URL: hxxp://www.01net.com/telecharger/
Enable Browser Extensions: yes
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
520 Octet(s) - C:\Ad-Report-SCAN[1].log
3739 Octet(s) - C:\Ad-Report-SCAN[2].log
520 Octet(s) - C:\Ad-Report-SCAN[3].log
3458 Octet(s) - C:\Ad-Report-SCAN[4].log
.
21 Fichier(s) - C:\DOCUME~1\Pommier\LOCALS~1\Temp
14 Fichier(s) - C:\WINDOWS\Temp
66 Fichier(s) - C:\WINDOWS\Prefetch
.
5 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 11:10:16 | 13/12/2009 - SCAN[4]
.
============== E.O.F ==============
.
0
Réponse 3 / 37
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
13 déc. 2009 à 11:22
>Telecharge RSIT ici et enregistre-le sur ton bureau :

http://images.malwareremoval.com/random/RSIT.exe

>Double-clique sur RSIT.exe qui se trouve sur le bureau

>Le programme se lance, choisi "1month" et clique sur "continue"

>Laisse faire l'outil et poste le rapport qui s'affiche.
0
Réponse 4 / 37
husqui42
13 déc. 2009 à 11:48
Logfile of random's system information tool 1.06 (written by random/random)
Run by Pommier at 2009-12-13 11:45:11
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 4 GB (9%) free of 40 GB
Total RAM: 1023 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:39, on 13/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PDMWorks Server\Vault\pdmwService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Documents and Settings\Pommier\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Pommier\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\Pommier.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Online_TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtor0.dll
O3 - Toolbar: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtor0.dll
O3 - Toolbar: Online_TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Pommier\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1935655697-73586283-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'JULIEN')
O4 - HKUS\S-1-5-21-1935655697-73586283-839522115-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'JULIEN')
O4 - HKUS\S-1-5-21-1935655697-73586283-839522115-1006\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'JULIEN')
O4 - HKUS\S-1-5-21-1935655697-73586283-839522115-1006\..\Run: [ecaqe] "c:\documents and settings\julien\local settings\application data\ecaqe.exe" ecaqe (User 'JULIEN')
O4 - HKUS\S-1-5-21-1935655697-73586283-839522115-1006\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'JULIEN')
O4 - HKUS\S-1-5-21-1935655697-73586283-839522115-1010\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe" (User 'MATHIEU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1935655697-73586283-839522115-1006 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'JULIEN')
O4 - S-1-5-21-1935655697-73586283-839522115-1006 User Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'JULIEN')
O4 - Startup: On-Screen Keyboard.lnk = C:\WINDOWS\system32\osk.exe
O4 - Global Startup: NkvMon.exe.lnk = F:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PDMWorks Server - SolidWorks Corporation - C:\Program Files\PDMWorks Server\Vault\pdmwService.exe
O23 - Service: Ray - Unknown owner - C:\Program Files\Satellits\rayserver.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 37
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
13 déc. 2009 à 11:50
Pour ceux qui on vista ou windows 7,desactivez l'UAC :
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac


>Toolbar S&D<


>Telecharge Toolbar S&D ici

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

>Enregistrer le logiciel sur le bureau
>Double-clique sur l'icone "l'icône ToolBarSD.exe"
>Accepte l'installation


>Une fois l'installation terminée, Double-clique sur la nouvelle icone avec écrit Toolbar S&D noir sur ton bureau
>Appuie sur "F" pour choisir la langue francais
>Choisi l'option 1 "recherche" le menu Démarrer et les icônes vont disparaitrent, c'est normal.
>Laisse l'outil faire, ne touche à rien
>Une fois l'analyse terminé, le rapport de recherche s'ouve sur le Bloc-Note. (Dans le cas où le rapport ne s'ouvre pas, ce dernier se trouve sur C:\TB.txt)

>Poste le rapport
0
Réponse 6 / 37
husqui42
13 déc. 2009 à 13:29
-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : Pommier ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1351 [VPS 091212-1] 4.8.1351 (Activated)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:3 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:109 Go (Free:54 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 13/12/2009|13:26 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(JULIEN) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(JULIEN) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Pommier) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Pommier) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Pommier) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Default_Page_URL"="https://www.01net.com/telecharger/"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkID=44406"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"


--------------------\\ Recherche d'autres infections

C:\Program Files\Live-Player
C:\Program Files\Live-Player\data
C:\Program Files\Live-Player\img
C:\Program Files\Live-Player\live-player.exe
C:\Program Files\Live-Player\live-player.log
C:\Program Files\Live-Player\SkinCrafterDll.dll
C:\Program Files\Live-Player\skins
C:\Program Files\Live-Player\sqlite3.dll
[b]==> EGDACCESS <==/b

--------------------\\ ROGUES ..

C:\DOCUME~1\Pommier\APPLIC~1\DriveCleaner 2006 Free

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Pommier\Recent\Catia v5r17 Crack.lnk



1 - "C:\ToolBar SD\TB_1.txt" - 13/12/2009|13:28 - Option : [1]

-----------\\ Fin du rapport a 13:28:19,40
0
Réponse 7 / 37
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
13 déc. 2009 à 13:58
Fait ceci :


/!\ Utilisateur de VISTA et SEVEN : il faudrait déactiver l’UAC juste le temps de désinfection de votre pc, Vous le réactiverez plus tard :

Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac



>Navilog<

>Telecharge et installe Navilog1 ici :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

>Double-clique sur navilog1.exe présent sur ton bureau

>Sélectionne la langue désirée dans le menu puis valide le choix par la touche « entrer »

>Petit message d’avertissement, appuie sur une touche pour passe à la suite

>un nouveau avertissement, appuie sur une touche pour suivre

>Vérification de l’installation de Navilog1 : si tout est bon, appuie sur une touche pour continuer

>Choisir option 1 : recherche/désinfection automatique

>La recherche va se lancer automatiquement et peut durée quelques minutes, patiente

>Une fois l’analyse terminée, appuie sur une touche pour que ton pc puisse redémarrer

>Au redémarrage du pc, Navilog va supprimer ce qu’il a trouvé, patiente quelques instants.

>Un rapport est gèneré par l'outil. Il se trouve à cette emplacement :

XP : demarrer/poste de travail/c:/cleannavi.txt
Vista : logo « demarrer »/ordinateur/c:/ cleannavi.txt

>Poste le rapport
0
Réponse 8 / 37
husqui42
13 déc. 2009 à 16:24
Fix Navipromo version 4.0.5 commencé le 13/12/2009 16:11:48,71

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 10.11.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : Pommier ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1351 [VPS 091212-1] 4.8.1351 (Activated)


C:\ (Local Disk) - NTFS - Total:39 Go (Free:3 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:109 Go (Free:54 Go)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


C:\Program Files\Live-Player supprimé !
C:\DOCUME~1\JULIEN\locals~1\applic~1\ecaqe.dat supprimé !
C:\DOCUME~1\JULIEN\locals~1\applic~1\ecaqe_nav.dat supprimé !
C:\DOCUME~1\JULIEN\locals~1\applic~1\ecaqe_navps.dat supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Pommier\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok




*** Scan terminé 13/12/2009 16:18:50,48 ***
0
Réponse 9 / 37
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
13 déc. 2009 à 16:28
>Telecharge malwarebytes ici :


https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

. sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
. enregistres le sur le bureau
/!\Utilisateur de Vista : Clique droit sur le logo de Malwarebytes' Anti-Malware, « exécuter en tant qu’Administrateur »

. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. Une fois la mise à jour terminé
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller


Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 10 / 37
husqui42
14 déc. 2009 à 20:12
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3353
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14/12/2009 20:09:44
mbam-log-2009-12-14 (20-09-44).txt

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 269328
Temps écoulé: 2 hour(s), 9 minute(s), 20 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
C:\documents and settings\MATHIEU\local settings\application data\vmneme.exe (Adware.Navipromo.H) -> Unloaded process successfully.
C:\Documents and Settings\Pommier\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b5141620-c2b2-4d95-9f0f-134d99c87ab0} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b5141620-c2b2-4d95-9f0f-134d99c87ab0} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\softwarehelper (Rogue.Eorezo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Pommier\Application Data\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pommier\Application Data\DriveCleaner 2006 Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Frag great bend logo (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\MATHIEU\Local Settings\Application Data\vmneme_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\MATHIEU\Local Settings\Application Data\vmneme_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\MATHIEU\Local Settings\Application Data\vmneme.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\MATHIEU\Local Settings\Application Data\vmneme.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pommier\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pommier\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\MusicMP3Get\uninst.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1935655697-73586283-839522115-1010\Dc99.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pommier\Application Data\DriveCleaner 2006 Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
0
Réponse 11 / 37
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
14 déc. 2009 à 20:16
Fait gaffe où tu telecharge, il y avait des rogues ( faux logiciels )sur ton pc :


1-> Télécharge Rkill ( de Grinler ) sur ton bureau :

https://download.bleepingcomputer.com/grinler/rkill.exe

/!\ Désactive toutes tes protections résidentes ( Antivirus, Antispyware, Pare-Feu ) /!\

> Double clique sur rkill ( présent sur ton bureau ) ou clique droit -> Executer en tant qu'administrateur ( utilisateurs de vista/7 )

> Une fenêtre sur fond noir s'ouvrira rapidement puis disparaîtra, c'est normal.


Puis :

2-> SuperAntiSpyware <


> Télécharge SuperAntiSpyware ici :

http://cdn.superantispyware.com/SUPERAntiSpyware.exe

> Installe le avec les paramètres par défaut.

> A la fin de l'installation, il se lancera et te demandera de choisir la langue du programme, choisis français.

> Le programme te proposera ensuite de le mettre à jour, fait le.

> Un assistant de configuration s'ouvrira, fais suivant en laissant les paramètres par défaut

> SuperAntiSpyware s'ouvrira. Clique sur " Scanner votre ordinateur ".

> Coche " Executer scan complet " et clique sur " Suivant ".

> Laisse le scan s'opérer.

> A la fin du scan, vérifie que tout est coché puis clique sur " Suivant "

> Clique ensuite sur terminer, puis clique sur " Préférences ".

> Va à l'onglet " Statistiques/Journaux de bord " , séléctionne celui en date d'aujourd'hui puis clique sur " Voir le journal de bord "

> Copie/Colle son contenu dans ton prochain message.

> Note : tu peux vider la quarantaine ( " La gestion de la quarantaine " au menu principal )
0
Réponse 12 / 37
husqui42
15 déc. 2009 à 15:38
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 12/15/2009 at 03:02 PM

Application Version : 4.31.1000

Core Rules Database Version : 4373
Trace Rules Database Version: 2214

Scan type : Complete Scan
Total Scan Time : 00:38:47

Memory items scanned : 634
Memory threats detected : 0
Registry items scanned : 6653
Registry threats detected : 22
File items scanned : 24844
File threats detected : 222

Adware.Tracking Cookie
C:\Documents and Settings\Pommier\Cookies\pommier@ww57.smartadserver[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@content.yieldmanager[3].txt
C:\Documents and Settings\Pommier\Cookies\pommier@bs.serving-sys[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@247realmedia[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@weba.cdiscount[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@www.smartadserver[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@weborama[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@advertising[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@atdmt[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@xiti[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@tracking.publicidees[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@cdiscount[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@bluestreak[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@serving-sys[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@adtech[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@tradedoubler[3].txt
C:\Documents and Settings\Pommier\Cookies\pommier@doubleclick[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@advertstream[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@virginmobile.solution.weborama[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@content.yieldmanager[4].txt
C:\Documents and Settings\Pommier\Cookies\pommier@www3.smartadserver[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@www.googleadservices[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@smartadserver[3].txt
C:\Documents and Settings\JULIEN\Cookies\julien@smartadserver[1].txt
C:\Documents and Settings\JULIEN\Cookies\julien@smartadserver[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@smartadserver[3].txt
C:\Documents and Settings\JULIEN\Cookies\julien@cdiscount[1].txt
C:\Documents and Settings\JULIEN\Cookies\julien@weba.cdiscount[1].txt
C:\Documents and Settings\JULIEN\Cookies\julien@ad.zanox[1].txt
C:\Documents and Settings\JULIEN\Cookies\julien@cetelem.solution.weborama[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@bouyguestelecom.solution.weborama[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@xiti[1].txt
C:\Documents and Settings\JULIEN\Cookies\julien@cetelem.solution.weborama[3].txt
C:\Documents and Settings\JULIEN\Cookies\julien@divx.112.2o7[1].txt
C:\Documents and Settings\JULIEN\Cookies\julien@atdmt[3].txt
C:\Documents and Settings\JULIEN\Cookies\julien@atdmt[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@ttbdurex.solution.weborama[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@cdn5.specificclick[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@stat.youku[1].txt
C:\Documents and Settings\JULIEN\Cookies\julien@boursoramabanque.solution.weborama[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@bnpparibasnet.solution.weborama[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@advertstream[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@lfstmedia[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@aimfar.solution.weborama[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@t.bbtrack[3].txt
C:\Documents and Settings\JULIEN\Cookies\julien@t.bbtrack[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@serving-sys[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@clients.cdiscount[1].txt
C:\Documents and Settings\JULIEN\Cookies\julien@gemeycolorsensational.solution.weborama[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@specificclick[1].txt
C:\Documents and Settings\JULIEN\Cookies\julien@msnportal.112.2o7[1].txt
C:\Documents and Settings\JULIEN\Cookies\julien@247realmedia[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@weborama[2].txt
C:\Documents and Settings\JULIEN\Cookies\julien@adserver.aol[1].txt
C:\Documents and Settings\JULIEN\Cookies\julien@weborama[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@ad2.doublepimp[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@t.bbtrack[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@fastclick[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@mediatis[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@stats.searchtrack[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@ad.zanox[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@boursoramabanque.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@youporn[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@banquepopulaire.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@richmedia.yahoo[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@bs.serving-sys[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@bs.serving-sys[3].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@ads-dev.youporn[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@stats.yme[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@adrevolver[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@weborama[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@fr.youporn[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@media.adrevolver[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@touchvibes.directtrack[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@sexyavenue[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@batiwebgroupe.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@adserver.aol[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@himedia.individuad[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@mediaplex[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@uk.at.atwola[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@adv.bewebmedia[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@ad.ieurop[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@www.googleadservices[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@ladynett.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@cdiscount[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@pornattitude[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@imrworldwide[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@aimfar.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@fl01.ct2.comclick[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@advertising[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@www3.smartadserver[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@www.googleadservices[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@autoscout24.112.2o7[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@atdmt[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@smartadserver[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@118218.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@atdmt[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@adviva[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@track.effiliation[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@server.iad.liveperson[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@specificclick[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@ad.caradisiac[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@747.stats.stats[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@ttbdurex.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@ads.aedgency[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@blancheporte.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@audiag.112.2o7[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@questionmarket[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@www.clickmanage[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@microsoftinternetexplorer.112.2o7[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@track.effiliation[3].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@adtech[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@karavel.112.2o7[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@a.websponsors[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@ad.yieldmanager[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@cetelem.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@a.websponsors[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@d2.advertserve[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@112.2o7[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@stats.equinoa[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@track.webgains[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@nestlecereals.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@lascad.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@interflora2.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@www.smartadserver[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@lorealparis.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@serving-sys[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@adserver.keltravo[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@media.photobucket[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@247realmedia[3].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@247realmedia[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@tradedoubler[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@serving-sys[4].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@westernunionglobal.112.2o7[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@creview.adbureau[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@www.sexyavenue[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@serving-sys[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@videoegg.adbureau[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@tracking.veille-referencement[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@virginmobile.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@nestlewaters.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@windowslivemessenger.solution.weborama[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@adserving.favorit-network[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@tacoda[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@eas.apm.emediate[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@bouyguestelecom.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@market1.the-adult-company[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@adserving.favorit-network[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@weba.cdiscount[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@xiti[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@zedo[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@iacas.adbureau[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@directtrack[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@ad.proxad[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@burstnet[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@fr.at.atwola[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@at.atwola[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@ads.us.e-planning[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@trackicollect.ibase[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@www.50discount[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@bluestreak[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@bluestreak[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@www.mediatis[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@content.yieldmanager[3].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@content.yieldmanager[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@discountmanga[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@doubleclick[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@gemey2009.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@tribalfusion[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@zanox[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@advertise.xs[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@cdn5.specificclick[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@2o7[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@lfstmedia[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@ww57.smartadserver[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@www.inteletrack[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@tracking.publicidees[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@msnportal.112.2o7[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@discount-moto[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@apmebf[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@ads.blogg[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@media6degrees[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@advertstream[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@ads.eorezo[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@bwincom.122.2o7[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@click-fr[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@media.sprice[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@track.webtrekk[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@samsung.solution.weborama[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@statse.webtrendslive[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@yourmedia[1].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@www.cdiscount[2].txt
C:\Documents and Settings\MATHIEU\Cookies\mathieu@movitex.122.2o7[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@clients.cdiscount[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@pointroll[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@ads.pointroll[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@boursoramabanque.solution.weborama[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@atdmt[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@smartadserver[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@cetelem.solution.weborama[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@xiti[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@tradedoubler[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@www.googleadservices[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@content.yieldmanager[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@weba.cdiscount[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@himedia.individuad[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@doubleclick[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@dc.tremormedia[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@adserver.adtechus[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@adtech[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@www.cdiscount[2].txt
C:\Documents and Settings\Pommier\Cookies\pommier@cdiscount[1].txt
C:\Documents and Settings\Pommier\Cookies\pommier@weborama[1].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000\LogConf

Adware.Vundo/Variant-MSFake
C:\PROGRAM FILES\NAVILOG1\REG.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8176F0CA-6457-4787-97F4-20D42BCA7CC2}\RP1022\A0126162.EXE

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8176F0CA-6457-4787-97F4-20D42BCA7CC2}\RP1023\A0126325.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8176F0CA-6457-4787-97F4-20D42BCA7CC2}\RP1023\A0126326.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8176F0CA-6457-4787-97F4-20D42BCA7CC2}\RP1023\A0126327.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8176F0CA-6457-4787-97F4-20D42BCA7CC2}\RP1023\A0126328.EXE

Rogue.Agent/Gen-Nullo[BIN]
C:\WINDOWS\O2CLICSTORE.BIN

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\WHLB32F.DLL
0
Réponse 13 / 37
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
15 déc. 2009 à 18:07
Bien, comment va le pc ?

Respote un nouveau rapport RSIT stp.
0
Réponse 14 / 37
husqui42
15 déc. 2009 à 18:29
Mon PC va nettement mieux super ce que tu fait flo-91 et merci.

Mon dernier rapport RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pommier at 2009-12-15 18:26:39
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 4 GB (11%) free of 40 GB
Total RAM: 1023 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:50, on 15/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PDMWorks Server\Vault\pdmwService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Pommier\Bureau\RSIT.exe
C:\Program Files\trend micro\Pommier.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Online_TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtor0.dll
O3 - Toolbar: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtor0.dll
O3 - Toolbar: Online_TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: On-Screen Keyboard.lnk = C:\WINDOWS\system32\osk.exe
O4 - Global Startup: NkvMon.exe.lnk = F:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PDMWorks Server - SolidWorks Corporation - C:\Program Files\PDMWorks Server\Vault\pdmwService.exe
O23 - Service: Ray - Unknown owner - C:\Program Files\Satellits\rayserver.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
0
Réponse 15 / 37
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
15 déc. 2009 à 18:37
Fait ceci :



1->
•/!\ Utilisateur de Vista : Ne pas oublier de désactiver l’UAC juste le temps de désinfection de ton pc, il sera à réactiver plus tard :
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
Télécharge OtmoveIT (de Old_Timer) sur ton Bureau
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
https://www.androidworld.fr/
(c est le numéro 7 en bas de la page) :

* Double-clique sur OTMoveIt.exe pour le lancer.
/!\Utilisateur de Vista : Clique droit sur le logo de OtmoveIT, « exécuter en tant qu’Administrateur »
* Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

* Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.



:processes
explorer.exe
:files
C:\Program Files\BitDownload\BitDownload.exe
:Commands
[emptytemp]
[purity]
[start explorer]
[Reboot]


# clique sur MoveIt! pour lancer la suppression.
# Le résultat apparaitra dans le cadre "Results".
# Clique sur Exit pour fermer.
# Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
# Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.



2-
/!\ Desactive ton antivirus le temps de la manip ainsi que ton parefeu et antispyware si présent /!\


> Télécharge List&Kill'em et enregistre le sur ton bureau ici :

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip

> dezippe-le , (clic droit/ extraire.....)

Il ne necessite pas d'installation

>double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

>laisse travailler l'outil

>Poste le contenu du rapport qui s'ouvre
0
Réponse 16 / 37
husqui42
15 déc. 2009 à 19:25
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Program Files\BitDownload\BitDownload.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: JULIEN
->Temp folder emptied: 664450497 bytes
->Temporary Internet Files folder emptied: 535006665 bytes
->Java cache emptied: 11878464 bytes
->FireFox cache emptied: 85060773 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 13891784 bytes

User: MATHIEU

User: NetworkService
->Temp folder emptied: 1181568 bytes
->Temporary Internet Files folder emptied: 49554 bytes

User: Pommier
->Temp folder emptied: 348363 bytes
->Temporary Internet Files folder emptied: 2442046 bytes
->Java cache emptied: 13680455 bytes
->FireFox cache emptied: 83425622 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4500257 bytes
%systemroot%\System32 .tmp files removed: 35409408 bytes
Windows Temp folder emptied: 77062 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23930166 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34313 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1407,11 mb


OTM by OldTimer - Version 3.1.2.2 log created on 12152009_185300

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_10c.dat moved successfully.

Registry entries deleted on Reboot...
0
Réponse 17 / 37
husqui42
15 déc. 2009 à 20:25
List'em by g3n-h@ckm@n 1.1.5.2

Thx to Chiquitine29.....& CCM team

User : Pommier (Administrateurs) # POMMIER-0278A92
Update on 14/12/2009 by g3n-h@ckm@n ::::: 00:00
Start at: 19:28:25 | 15/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) 4 CPU 3.00GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 091215-0] 4.8.1368 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 39,06 Go (5,46 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 109,98 Go (54,66 Go free) | NTFS

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 664
C:\WINDOWS\system32\csrss.exe 716
C:\WINDOWS\system32\winlogon.exe 740
C:\WINDOWS\system32\services.exe 788
C:\WINDOWS\system32\lsass.exe 800
C:\WINDOWS\system32\Ati2evxx.exe 972
C:\WINDOWS\system32\svchost.exe 992
C:\WINDOWS\system32\svchost.exe 1072
C:\Program Files\Windows Defender\MsMpEng.exe 1172
C:\WINDOWS\System32\svchost.exe 1244
C:\Program Files\Ahead\InCD\InCDsrv.exe 1272
C:\WINDOWS\system32\svchost.exe 1380
C:\WINDOWS\system32\svchost.exe 1468
C:\WINDOWS\system32\svchost.exe 1600
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1644
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1744
C:\WINDOWS\system32\spoolsv.exe 408
C:\WINDOWS\system32\svchost.exe 1792
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe 1864
C:\WINDOWS\system32\cisvc.exe 1884
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe 1944
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe 2000
C:\Program Files\PDMWorks Server\Vault\pdmwService.exe 160
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 208
C:\Program Files\SPAMfighter\sfus.exe 752
C:\WINDOWS\system32\SearchIndexer.exe 1588
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2192
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2232
C:\WINDOWS\System32\alg.exe 2496
C:\WINDOWS\system32\Ati2evxx.exe 3380
C:\WINDOWS\Explorer.EXE 3532
C:\WINDOWS\system32\cidaemon.exe 3984
C:\WINDOWS\notepad.exe 1980
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 3160
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 3204
C:\Program Files\SPAMfighter\SFAgent.exe 3576
C:\Program Files\Orange\Launcher\Launcher.exe 3392
C:\Program Files\Orange\Systray\SystrayApp.exe 3552
C:\WINDOWS\System32\svchost.exe 3780
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe 3856
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 268
C:\WINDOWS\system32\msiexec.exe 1160
C:\WINDOWS\system32\ctfmon.exe 860
C:\Program Files\Messenger\msmsgs.exe 4000
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 596
C:\Program Files\Outlook Express\msimn.exe 1932
F:\Program Files\Nikon\NkView6\NkvMon.exe 2268
C:\Program Files\Windows Desktop Search\WindowsSearch.exe 2412
C:\WINDOWS\system32\svchost.exe 2692
C:\Program Files\Orange\Deskboard\deskboard.exe 1100
C:\Program Files\Orange\connectivity\connectivitymanager.exe 1104
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe 1984
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe 3608
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe 3636
C:\WINDOWS\system32\wbem\wmiprvse.exe 3588
C:\WINDOWS\system32\wscntfy.exe 3740
C:\Program Files\Mozilla Firefox\firefox.exe 1844
f:\Program Files\WinRAR\WinRAR.exe 2324
C:\WINDOWS\system32\SearchProtocolHost.exe 1760
C:\WINDOWS\system32\SearchFilterHost.exe 3956
C:\Documents and Settings\Pommier\Bureau\List_Kill'em.exe 1372
C:\WINDOWS\system32\cmd.exe 2572
C:\WINDOWS\system32\wbem\wmiprvse.exe 4080
C:\Documents and Settings\Pommier\Local Settings\Temp\19B.tmp\pv.exe 428

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ORAHSSSessionManager REG_SZ C:\Program Files\Orange\SessionManager\SessionManager.exe
Google Desktop Search REG_SZ "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
SPAMfighter Agent REG_SZ "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
EoEngine REG_SZ
SystrayORAHSS REG_SZ "C:\Program Files\Orange\Systray\SystrayApp.exe"
Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_BINARY 95000000

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} REG_SZ Microsoft AntiMalware ShellExecuteHook
{56F9679E-7826-4C84-81F3-532071A8BCC5} REG_SZ
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
F:\Program Files\MSN Messenger\msnmsgr.exe REG_SZ F:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger
C:\WINDOWS\system32\dplaysvr.exe REG_SZ C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
C:\Documents and Settings\Pommier\Local Settings\Temp\Rar$EX00.016\eMule0.47c\emule.exe REG_SZ C:\Documents and Settings\Pommier\Local Settings\Temp\Rar$EX00.016\eMule0.47c\emule.exe:*:Enabled:eMule
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe REG_SZ C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil
C:\Program Files\TVAnts\Tvants.exe REG_SZ C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CNEXT.exe REG_SZ C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CNEXT.exe:*:Enabled:CATIA
C:\Program Files\Internet Explorer\iexplore.exe REG_SZ C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
F:\Program Files\PPLive\PPLive.exe REG_SZ F:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive
F:\Program Files\TVUPlayer\TVUPlayer.exe REG_SZ F:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
C:\Program Files\MioNet\MioNetManager.exe REG_SZ C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager
C:\Program Files\MioNet\jvm\bin\MioNet.exe REG_SZ C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:MioNet
F:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.EXE REG_SZ F:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.EXE:*:Enabled:Age of Empires II
C:\Program Files\Fichiers communs\PocketSoft\RTPatch\AutoRTP\artpschd.exe REG_SZ C:\Program Files\Fichiers communs\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd
F:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CNEXT.exe REG_SZ F:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CNEXT.exe:*:Enabled:CATIA
F:\Program Files\eMule\emule.exe REG_SZ F:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Data-Concept\Cyberlux Serveur Palladium\CyberluxServer.exe REG_SZ C:\Program Files\Data-Concept\Cyberlux Serveur Palladium\CyberluxServer.exe:*:Enabled:Gestion pour Cybercafés et Espaces multimédias
C:\Program Files\IncrediMail\bin\IncMail.exe REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\ImpCnt.exe REG_SZ C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\ImApp.exe REG_SZ C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
F:\Program Files\Dassault Systemes\B17\intel_a\code\bin\orbixd.exe REG_SZ F:\Program Files\Dassault Systemes\B17\intel_a\code\bin\orbixd.exe:*:Enabled:orbixd
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\orbixd.exe REG_SZ C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\orbixd.exe:*:Enabled:orbixd
C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe REG_SZ C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC
C:\Program Files\BitDownload\BitDownload.exe REG_SZ C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3
F:\Program Files\Zapu\Zapu\wDivi.exe REG_SZ F:\Program Files\Zapu\Zapu\wDivi.exe:*:Enabled:Zapu Control
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Orange\Connectivity\ConnectivityManager.exe REG_SZ C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4596013b-6c31-408b-a266-deae5c086dc2}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f14b0ccd-aa41-4406-ab68-c5de9d85b4a3}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
windefend : 0x2
wuauserv : 0x2

=========


C:\Autorun.inf :
----------------
[AutoRun]
open=loader.exe
icon=sw.ico
shell\langenglish\command=setup\i386\msetup.exe lang:english
shell\langenglish=Install in En&glish
[AutoRun.Alpha]
open=setup\alpha\msetup.exe
icon=setup\msetup\sw.ico
shell\langenglish\command=setup\alpha\msetup.exe lang:english
shell\langenglish=Install in En&glish

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
39,06 Go total, 5,46 Go libre (13%), 24% fragment‚ (fragmentation du fichier 45%)

Vous devriez d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\autorun.inf
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\System32\stera.log
C:\WINDOWS\System32\tmp.reg
C:\Documents and Settings\Pommier\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\Pommier\err.log
C:\Documents and Settings\Pommier\LOCAL Settings\Temp\SSUPDATE.EXE
C:\Documents and Settings\Pommier\RefEdit.exd

¤¤¤¤¤¤¤¤¤¤ Keys :

HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Eoengine"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{f14b0ccd-aa41-4406-ab68-c5de9d85b4a3}"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f14b0ccd-aa41-4406-ab68-c5de9d85b4a3}"
HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\ItsLabel
"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BitDownload"
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\SOFTWARE\ItsLabel
HKLM\software\Live-Player
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_NDISRD
HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_NDISRD
HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_NDISRD

=========
Rootkits
=========

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-15 19:31:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

Ad-Remover
Adobe
Ahead
Alcatel
Alwil Software
Apowersoft
Apple Software Update
ATI Technologies
AviSynth 2.5
CCleaner
Come2PlayK2P
Conduit
CyberLink
CyberLink DVD Solution
Dassault Systemes
Data-Concept
directx
DivX
DivXCodec
Feneris
Fichiers communs
Fraunhofer MP3 Codec Pro
Full Pack Codecs
Google
Hijackthis Version Fran‡aise
InstallShield Installation Information
Intel
Internet Explorer
Inventel
Java
Malwarebytes' Anti-Malware
Messager Wanadoo
Messenger
Micro Application
Microsoft
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio
Microsoft Visual Studio 8
Microsoft Works
Microsoft.NET
MioNet
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSN Messenger
MSN Pictures Displayer
MSXML 4.0
MusicMP3Get
NAVIGON
Navilog1
NetMeeting
Online Services
Online_TV
OpenOffice.org 2.3
Orange
Outlook Express
PDMWorks Server
PhotoBrush
QuickTime
Reference Assemblies
Registry Mechanic
SAGEM
Samsung
Satellits
Securitoo
Services en ligne
Share_Accelerator_MM
Skyline
SPAMfighter
Spybot - Search & Destroy
SUPERAntiSpyware
Symantec
SymNetDrv
SyncJEdit
TorrentSpeeder
torrent_search
trend micro
Uninstall Information
Uninstall_CDS.exe
Wanadoo
WD
Western Digital
Windows Defender
Windows Desktop Search
Windows Live
Windows Live Safety Center
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows Messaging
Windows NT
WindowsUpdate
Winmail Opener
wletmin
xerox

============
Lecteur C:
============

339044
Ad-Report-SCAN[1].log
Ad-Report-SCAN[2].log
Ad-Report-SCAN[3].log
Ad-Report-SCAN[4].log
AILog.txt
AUTOEXEC.BAT
autorun.inf
boot.ini
Bootfont.bin
Casino
ccsetup201.exe
cleannavi.txt
Config.Msi
CONFIG.SYS
conmgr.log
Documents and Settings
drwtsn32.log
ffastun.ffa
ffastun.ffl
ffastun.ffo
ffastun0.ffx
gendel32.exe
INSTALL.LOG
install_comp.txt
IO.SYS
JavaRa.log
Kill'em
List'em.txt
loader.ini
MSDOS.SYS
MSOCache
My Downloads
My Videos
mzhlpj.dat
Nous sommes le 24 novembre 2008 je me suis connecter sur l.doc
NTDETECT.COM
ntldr
orange.bmp
pagefile.sys
PERF.LOG
Program Files
rapport.txt
RCT3
RECYCLER
resultat.txt
rsit
setup
SETUP.BAT
Setup.log
spamfighter_web.exe
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmdata15.sqm
sqmdata16.sqm
sqmdata17.sqm
sqmdata18.sqm
sqmdata19.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
sqmnoopt17.sqm
sqmnoopt18.sqm
sqmnoopt19.sqm
Support
swdata4.id
swwi
System Volume Information
TB.txt
Temp
TEMP.TXT
Thumbs.db
ToolBar SD
TransfertBaseCarto_log.txt
UNWISE.EXE
VaultData
Virtual
WA6P
WESTWOOD
WINDOWS
WinNT
_OTM




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 18 / 37
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
15 déc. 2009 à 21:20
Ok,


1->Remance Kill"em :



/!\ Desactive ton antivirus le temps de la manip ainsi que ton parefeu et antispyware si présent /!\


>double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 2 = Mode Destruction

>laisse travailler l'outil

>Poste le contenu du rapport qui s'ouvre


Puis :


2-/!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

>Usbfix<

>Télécharge USBFIX de Chiquitine29, C_xx ici :

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

>/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

> Double clic sur le raccourci UsbFix présent sur le bureau .

>Choisir l'option 1 (Recherche) et laisser travailler l'outil

Ensuite poste le rapport UsbFix.txt qui apparaîtra.


• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
0
Réponse 19 / 37
husqui42
16 déc. 2009 à 06:37
Kill'em by g3n-h@ckm@n 1.1.5.2

User : Pommier (Administrateurs) # POMMIER-0278A92
Update on 14/12/2009 by g3n-h@ckm@n ::::: 00:00
Start at: 06:30:08 | 16/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) 4 CPU 3.00GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 091215-0] 4.8.1368 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 39,06 Go (5,43 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 109,98 Go (54,66 Go free) | NTFS


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 664
C:\WINDOWS\system32\csrss.exe 716
C:\WINDOWS\system32\winlogon.exe 740
C:\WINDOWS\system32\services.exe 788
C:\WINDOWS\system32\lsass.exe 800
C:\WINDOWS\system32\Ati2evxx.exe 972
C:\WINDOWS\system32\svchost.exe 992
C:\WINDOWS\system32\svchost.exe 1072
C:\Program Files\Windows Defender\MsMpEng.exe 1172
C:\WINDOWS\System32\svchost.exe 1244
C:\Program Files\Ahead\InCD\InCDsrv.exe 1272
C:\WINDOWS\system32\svchost.exe 1380
C:\WINDOWS\system32\svchost.exe 1468
C:\WINDOWS\system32\svchost.exe 1600
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1644
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1744
C:\WINDOWS\system32\spoolsv.exe 408
C:\WINDOWS\system32\svchost.exe 1792
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe 1864
C:\WINDOWS\system32\cisvc.exe 1884
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe 1944
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe 2000
C:\Program Files\PDMWorks Server\Vault\pdmwService.exe 160
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 208
C:\Program Files\SPAMfighter\sfus.exe 752
C:\WINDOWS\system32\SearchIndexer.exe 1588
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2192
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2232
C:\WINDOWS\System32\alg.exe 2496
C:\WINDOWS\system32\Ati2evxx.exe 3380
C:\WINDOWS\system32\cidaemon.exe 3984
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 3160
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 3204
C:\Program Files\SPAMfighter\SFAgent.exe 3576
C:\Program Files\Orange\Launcher\Launcher.exe 3392
C:\Program Files\Orange\Systray\SystrayApp.exe 3552
C:\WINDOWS\System32\svchost.exe 3780
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe 3856
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 268
C:\WINDOWS\system32\ctfmon.exe 860
C:\Program Files\Messenger\msmsgs.exe 4000
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 596
C:\Program Files\Outlook Express\msimn.exe 1932
F:\Program Files\Nikon\NkView6\NkvMon.exe 2268
C:\Program Files\Windows Desktop Search\WindowsSearch.exe 2412
C:\WINDOWS\system32\svchost.exe 2692
C:\Program Files\Orange\Deskboard\deskboard.exe 1100
C:\Program Files\Orange\connectivity\connectivitymanager.exe 1104
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe 1984
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe 3608
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe 3636
C:\WINDOWS\system32\wbem\wmiprvse.exe 3588
C:\WINDOWS\system32\wscntfy.exe 3740
C:\WINDOWS\explorer.exe 4052
C:\WINDOWS\system32\wbem\wmiprvse.exe 2848
C:\Documents and Settings\Pommier\Bureau\List_Kill'em.exe 2656
C:\WINDOWS\system32\cmd.exe 3076
C:\Documents and Settings\Pommier\Local Settings\Temp\AF3.tmp\pv.exe 3064

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\autorun.inf
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
C:\WINDOWS\System32\stera.log
"C:\WINDOWS\system32\tmp.reg"
"C:\Documents and Settings\Pommier\err.log"
C:\Documents and Settings\Pommier\LOCAL Settings\Temp\SSUPDATE.EXE
"C:\Documents and Settings\Pommier\RefEdit.exd"


¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

Quarantine :

autorun.inf.Kill'em
err.log.Kill'em
hosts.msn.Kill'em
RefEdit.exd.Kill'em
SSUPDATE.EXE.Kill'em
stera.log.Kill'em
tmp.reg.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Eoengine
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f14b0ccd-aa41-4406-ab68-c5de9d85b4a3}
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f14b0ccd-aa41-4406-ab68-c5de9d85b4a3}
Deleted : HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
Deleted : HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
Deleted : HKCU\SOFTWARE\EoRezo
Deleted : HKCU\SOFTWARE\ItsLabel
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BitDownload
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKLM\SOFTWARE\ItsLabel
Deleted : HKLM\software\Live-Player
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1

============
Disk Cleaned
============

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 20 / 37
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
16 déc. 2009 à 13:09
Ok, j'attends le rapport de usbfix.
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses
Scanneur ne scanne qu'une partie du doc
laura -
Adrien -

23 réponses