> Tous les forumsSécurité

 divers trojans Zbot et impossible d'installer un aSujet résolu
3 pages : 1 [2] 3 ... Fin
Bas de la page Page Précédente Page Suivante 
Statut du sujet : RESOLU Imprimer
 nours 52  Posté le 29/10/2010 à 18:16  
Petit astucien

533 Messages

Bonsoir,

J'ai tenté 2 fois ta manipe indiquée ,mais je me suis retrouvé avec l'écran bleu m'indiquant un gros probleme (pas le temps de lire plus!!)avec redémarrage du pc.Donc pas insisté.

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 chrifleur  Posté le 29/10/2010 à 23:14  
  Groupe Sécurité


20758 Messages

avec laquelle zhpdiag ou combofix?

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 nours 52  Posté le 30/10/2010 à 06:00  
Petit astucien

533 Messages

Bonjour,

Avec ZHPDiag

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 chrifleur  Posté le 30/10/2010 à 12:01  
  Groupe Sécurité


20758 Messages

bonjour

recommence ZHPFix avec ce script et dis moi...

normalement il ne devrait faire d'écran bleu puisque nous ne supprimons que des lignes infectées et des reliquats d'antivirus et d'antispyware...

M2 - MFEP: prefs.js [nours - c24s1ep3.default\{E9A1DEE0-C623-4439-8932-001E7D17607D}] [] Ask Toolbar for Firefox 1.2.2 (.Ask.com.)
O4 - Global Startup: C:\Users\nours\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitDownload Downloads.lnk . (.Pas de propriétaire.) -- C:\Users\nours\Documents\BitDownload (.not file.)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} . (.not file.) - (.not file.)
[HKCU\Software\ALWIL Software]
[HKCU\Software\AppDataLow\AskBarDis]
[HKCU\Software\AppDataLow\Software\Fun Web Products]
[HKCU\Software\AppDataLow\Software\FunWebProducts]
[HKCU\Software\AppDataLow\Software\MyWebSearch]
[HKCU\Software\AppDataLow\Software\PriceGong]
[HKCU\Software\BitDefender]
[HKCU\Software\BitDownload]
[HKLM\Software\ALWIL Software]
[HKLM\Software\McAfee.com]
[HKLM\Software\Symantec]
[HKLM\Software\SymNRT]
[HKLM\Software\TrendMicro]
O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Symantec Shared
O43 - CFD:Common File Directory ----D- C:\ProgramData\Alwil Software
O43 - CFD:Common File Directory ----D- C:\ProgramData\Kaspersky Lab Setup Files
O43 - CFD:Common File Directory ----D- C:\ProgramData\Spybot - Search & Destroy
O43 - CFD:Common File Directory ----D- C:\ProgramData\SUPERAntiSpyware.com
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Symantec Shared
O53 - SMSR:HKLM\...\startupreg\SpybotSD TeaTimer [Key] . (.Pas de propriétaire - Pas de description.) -- C:\Users\nours\Documents\Spybot - Search & Destroy\TeaTimer.exe
O53 - SMSR:HKLM\...\startupreg\SUPERAntiSpyware [Key] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O64 - Services: CurCS - (.not file.) - aswFsBlk (aswFsBlk) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWFSBLK
O64 - Services: CurCS - (.not file.) - aswMonFlt (aswMonFlt) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWMONFLT
O64 - Services: CurCS - (.not file.) - aswRdr (aswRdr) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWRDR
O64 - Services: CurCS - (.not file.) - avast! Self Protection (aswSP) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWSP
O64 - Services: CurCS - (.not file.) - avast! Network Shield Support (aswTdi) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWTDI
O64 - Services: CurCS - (.not file.) - AVG Anti-Spyware Clean Driver (AvgAsCln) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVGASCLN
O64 - Services: CurCS - (.not file.) - AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVG_ANTI-SPYWARE_DRIVER
O64 - Services: CurCS - (.not file.) - Symantec Eraser Control driver (eeCtrl) .(.Pas de propriétaire - Pas de description.) - LEGACY_EECTRL
O64 - Services: CurCS - (.not file.) - SASDIFSV (SASDIFSV) .(.Pas de propriétaire - Pas de description.) - LEGACY_SASDIFSV
O64 - Services: CurCS - (.not file.) - SASENUM (SASENUM) .(.Pas de propriétaire - Pas de description.) - LEGACY_SASENUM
O64 - Services: CurCS - (.not file.) - SASKUTIL (SASKUTIL) .(.Pas de propriétaire - Pas de description.) - LEGACY_SASKUTIL
O69 - SBI: C:\Users\nours\Application Data\Mozilla\Firefox\Profiles\\c24s1ep3.default\searchplugins\Yoog Search.xml
O69 - SBI: prefs.js [nours - c24s1ep3.default] user_pref("browser.search.defaultenginename", "Yoog Search");
O69 - SBI: prefs.js [nours - c24s1ep3.default] user_pref("browser.search.defaulturl", "http://www27.yoog.com/search.php?q=");
O69 - SBI: prefs.js [nours - c24s1ep3.default] user_pref("browser.search.selectedEngine", "Yoog Search");
O69 - SBI: prefs.js [nours - c24s1ep3.default] user_pref("extensions.mywebsearch.prevKwdURL", "http://www27.yoog.com/search.php?q=");
O69 - SBI: prefs.js [nours - c24s1ep3.default] user_pref("extensions.snipit.askTbInstalled", true);
O69 - SBI: prefs.js [nours - c24s1ep3.default] user_pref("keyword.URL", "http://www27.yoog.com/search.php?q=");
O69 - SBI: SearchScopes [HKCU] {1951A8DB-CA2E-4783-B028-B74405033AE1} - (Yoog Search) - http://www27.yoog.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} - (Web Search) - http://search.imesh.com
O69 - SBI: SearchScopes [HKCU] {A68DE44D-5BA4-4F67-B4C9-F88A9C2739BB} - (Yoog Search) - http://www3.yoog.com
O69 - SBI: SearchScopes [HKCU] {CF739809-1C6C-47C0-85B9-569DBB141420} - (Ask Search) - http://toolbar.ask.com

dis moi si cela fonctionne

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 nours 52  Posté le 30/10/2010 à 17:17  
Petit astucien

533 Messages

Rebonjour,

Toujours l'écran bleu avec redémarrage apres nettoyage du rapport sur ZHPfix..

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 chrifleur  Posté le 30/10/2010 à 18:51  
  Groupe Sécurité


20758 Messages

il redémarre quand même ou pas ensuite?

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 nours 52  Posté le 31/10/2010 à 07:07  
Petit astucien

533 Messages

Bonjour,

Oui, il redémarre automatiquement,juste lui préciser un démarrage "normal" de windows.Et "ouf" pas de souci ensuite...

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 chrifleur  Posté le 31/10/2010 à 16:16  
  Groupe Sécurité


20758 Messages

ouf tu m'avais fait peur

donc tu as bien effectué les suppréssions avec ZHPFix {#}

maintenant fait Combofix avec le script indiqué puis poste le rapport

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 nours 52  Posté le 31/10/2010 à 16:36  
Petit astucien

533 Messages

Voici le rapport de Combofix:

par contre, il m'a encore retrouvé des traces des antivirus : Avira,AVG,et Avast...

ComboFix 10-10-26.01 - nours 31/10/2010 16:28:26.11.4 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2047.1207 [GMT 1:00]
Lancé depuis: c:\users\nours\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: avast! Antivirus *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: AVG Anti-Spyware *enabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-09-28 au 2010-10-31 ))))))))))))))))))))))))))))))))))))
.

2010-10-31 15:32 . 2010-10-31 15:32 -------- d-----w- c:\users\nours\AppData\Local\temp
2010-10-25 15:34 . 2010-10-25 15:34 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-10-25 03:42 . 2010-10-25 03:42 -------- d-----w- C:\_OTM
2010-10-24 13:31 . 2010-10-24 13:32 -------- d-----w- c:\programdata\MFAData
2010-10-24 13:29 . 2010-10-18 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-24 13:29 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-10-24 13:29 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-10-24 13:29 . 2010-01-17 15:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-10-24 13:29 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-10-24 13:29 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-10-24 07:50 . 2010-10-24 07:50 -------- d-----w- c:\program files\Steganos Safe One
2010-10-24 07:32 . 2010-10-24 07:32 22304 ----a-w- c:\windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys
2010-10-17 18:04 . 2010-10-17 18:04 -------- d-----w- c:\program files\Convar
2010-10-17 17:57 . 2010-10-17 17:58 -------- d-----w- c:\program files\Yitsoft Software
2010-10-17 15:23 . 2010-10-17 18:15 -------- d-----w- c:\program files\Stellar Phoenix Photo Recovery
2010-10-17 10:00 . 2010-10-17 10:00 -------- d-----w- c:\program files\Steganos Secure FileSharing 6
2010-10-17 07:52 . 2010-10-17 07:52 -------- d-----w- c:\program files\Conduit
2010-10-17 07:52 . 2010-10-21 16:28 -------- d-----w- c:\program files\Softonic_France
2010-10-16 06:30 . 2005-10-17 16:13 447488 ----a-w- c:\windows\system32\splus.cpl
2010-10-15 13:39 . 2010-10-15 13:47 -------- d-----w- c:\programdata\RapidSolution
2010-10-15 13:35 . 2010-10-15 13:35 -------- d-----w- c:\users\nours\AppData\Local\RapidSolution
2010-10-07 18:03 . 2010-10-07 18:03 -------- d-----w- c:\program files\Common Files\Skype
2010-10-07 16:08 . 2010-10-07 16:08 -------- d-----w- c:\program files\Digital Photo Software
2010-10-07 16:08 . 2009-12-16 02:30 66800 ----a-w- c:\windows\UnDeployV.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-11-29 07:24 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50 . 2010-05-23 05:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2008-06-02 19:08 . 2008-06-02 19:08 1953480 ----a-w- c:\program files\PPVIEWER.EXE
2007-12-06 16:14 . 2007-12-06 16:14 90112 ----a-w- c:\program files\mozilla firefox\components\FireDlmgrGate.dll
2008-08-29 18:21 . 2009-10-28 16:26 106496 ----a-w- c:\program files\mozilla firefox\components\FototaggerMGrab.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-10-26_17.44.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-03 08:30 . 2010-10-31 15:18 85708 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-10-31 15:18 78774 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-23 16:42 . 2010-10-31 15:18 13278 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1472984586-1855196343-460404620-1000_UserData.bin
- 2010-10-26 15:27 . 2010-10-26 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-10-31 15:17 . 2010-10-31 15:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-10-26 15:27 . 2010-10-26 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-10-31 15:17 . 2010-10-31 15:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 15:48 . 2010-10-23 12:58 690594 c:\windows\System32\perfh00C.dat
+ 2006-11-02 15:48 . 2010-10-31 15:21 690594 c:\windows\System32\perfh00C.dat
- 2006-11-02 10:33 . 2010-10-23 12:58 609944 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-10-31 15:21 609944 c:\windows\System32\perfh009.dat
- 2006-11-02 15:48 . 2010-10-23 12:58 117366 c:\windows\System32\perfc00C.dat
+ 2006-11-02 15:48 . 2010-10-31 15:21 117366 c:\windows\System32\perfc00C.dat
+ 2006-11-02 10:33 . 2010-10-31 15:21 103726 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-10-23 12:58 103726 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSof1.dll" [2010-10-21 2735200]

[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
2010-10-21 16:28 2735200 ----a-w- c:\program files\Softonic_France\tbSof1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSof1.dll" [2010-10-21 2735200]

[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-08-10 251264]
"Google Update"="c:\users\nours\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"DriverMax_RESTART"="" [BU]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALaunch"="c:\acer\ALaunch\AlaunchClient.exe" [2007-01-26 540672]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-09-07 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-09-11 187936]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2009-12-31 1134592]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2007-11-27 236520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-03 18:12 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2009-01-31 01:45 3399727 ----a-w- c:\users\nours\Documents\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glowria]
2009-02-26 12:56 933992 ----a-w- c:\users\nours\Documents\Glowria\Glowria.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 11:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 14:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-09-07 12:44 3100672 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2007-07-13 20:24 178280 ------w- c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1472984586-1855196343-460404620-1000]
"EnableNotificationsRef"=dword:00000002

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-08-08 14336]
R3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-08-08 17408]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S1 HMFAxCore8ca4fd17866cac11805503e882557762;HMFAxCore8ca4fd17866cac11805503e882557762;c:\windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys [2010-10-24 22304]
S1 ndasfat;NDAS FAT;c:\windows\system32\DRIVERS\ndasfat.sys [2007-11-27 372584]
S1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];c:\windows\system32\drivers\Sleen16.sys [2007-10-11 10:24 79104]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2007-08-31 39408]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]

.
Contenu du dossier 'Tâches planifiées'

2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb70c2ef39aa4c.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 04:49]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1472984586-1855196343-460404620-1000Core1cb6db12c43c658.job
- c:\users\nours\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 16:26]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
mStart Page = hxxp://www.ustart.org
uInternet Settings,ProxyOverride = *.local
IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\IEPage.html
IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\IELink.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Grab To Fototagger - c:\users\nours\Documents\FotoTagger\grab.htm
IE: Tout télécharger avec Free Download Manager - file://c:\users\nours\Documents\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\users\nours\Documents\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\users\nours\Documents\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\users\nours\Documents\Free Download Manager\dlfvideo.htm
IE: uStart Search - c:\users\nours\AppData\Local\addtoustart\addtoustart.dll/202
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - c:\program files\Tomato\YouTube Video Downloader\IEPage.html
Trusted Zone: glowria.fr
FF - ProfilePath - c:\users\nours\AppData\Roaming\Mozilla\Firefox\Profiles\c24s1ep3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www27.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - google.fr
FF - prefs.js: keyword.URL - hxxp://www27.yoog.com/search.php?q=
FF - component: c:\users\nours\AppData\Roaming\Mozilla\Firefox\Profiles\c24s1ep3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\users\nours\Documents\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\nours\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\nours\AppData\Roaming\Mozilla\Firefox\Profiles\c24s1ep3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\nours\AppData\Roaming\Mozilla\plugins\np-mswmp.dll

---- PARAMETRES FIREFOX ----

FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www27.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www27.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-SpybotSD TeaTimer - c:\users\nours\Documents\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-31 16:32
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(4660)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\IncrediMail\bin\B4ImApp.dll
.
Heure de fin: 2010-10-31 16:34:14
ComboFix-quarantined-files.txt 2010-10-31 15:34
ComboFix2.txt 2010-10-26 17:50
ComboFix3.txt 2010-01-09 12:13

Avant-CF: 70 745 411 584 octets libres
Après-CF: 70 815 207 424 octets libres

- - End Of File - - 070601764ED4242031501AEFA9E8D862

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 chrifleur  Posté le 31/10/2010 à 17:55  
  Groupe Sécurité


20758 Messages

recommence avec ce script stp

  • Ouvre le bloc-note (Démarrer>programmes>Accessoires>Bloc-notes),
  • Sélectionne et copie ce qui suit
KillAll::
SecCenter::
{AD166499-45F9-482A-A743-FDD3350758C7}
{7591DB91-41F0-48A3-B128-1A293FD8233D}
{48F2E28D-ED66-4646-9C11-B3055B0AF604}
{ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
Driver::
aswFsBlk
aswMonFlt
aswRdr
aswSP
aswTdi
AvgAsCln
AVG Anti-Spyware Driver
eeCtrl
SASDIFSV
SASENUM
SASKUTIL
File::
c:\program files\mozilla Firefox\components\FireDlmgrGate.dll
c:\program files\mozilla Firefox\components\FototaggerMGrab.dll
Folder::
C:\Program Files\Alwil Software
C:\Program Files\Spyware Doctor
C:\Program Files\Common Files\Symantec Shared
C:\ProgramData\Alwil Software
C:\ProgramData\Kaspersky Lab Setup Files
C:\ProgramData\Spybot - Search & Destroy
C:\ProgramData\SUPERAntiSpyware.com
C:\Program Files\Common Files\Symantec Shared
C:\Users\nours\Documents\Spybot - Search & Destroy
C:\Program Files\SUPERAntiSpyware
Firefox::
FireFox -: Profile - c:\users\nours\AppData\Roaming\Mozilla\Firefox\Profiles\c24s1ep3.default\
FF - ProfilePath - c:\users\nours\AppData\Roaming\Mozilla\Firefox\Profiles\c24s1ep3.default\
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.enabled - true
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[-HKCU\Software\ALWIL Software]
[-HKCU\Software\AppDataLow\AskBarDis]
[-HKCU\Software\AppDataLow\Software\Fun Web Products]
[-HKCU\Software\AppDataLow\Software\FunWebProducts]
[-HKCU\Software\AppDataLow\Software\MyWebSearch]
[-HKCU\Software\AppDataLow\Software\PriceGong]
[-HKCU\Software\BitDefender]
[-HKCU\Software\BitDownload]
[-HKLM\Software\ALWIL Software]
[-HKLM\Software\McAfee.com]
[-HKLM\Software\Symantec]
[-HKLM\Software\SymNRT]
[-HKLM\Software\TrendMicro]

Fichiers>Enregistrer sous.... En nom de fichier, tu indiques Fichiers>Enregistrer sous.... En nom de fichier, tu indiques CFScript.txt

  • Fais un glisser/déposer de ce fichier texte CFScript.txt sur le fichier ComboFix.exe comme sur la capture

  • Patiente le temps du scan, le Bureau va disparaître à plusieurs reprises: c'est normal !
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Ces instructions ne concernent que cette machine. Elles ne doivent pas être appliquées sur une autre machine.

essaie d'installer un antivirus et dis moi ce que cela donne

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 nours 52  Posté le 31/10/2010 à 18:49  
Petit astucien

533 Messages

Rebonsoir,

J'ai essayé d'enregistrer Antivir,mais sans succès.Toujours la meme fenetre m'indiquant un probleme..

Voici le rapport de CopmboFix:

a f..ComboFix 10-10-30.09 - nours 31/10/2010 18:11:55.12.4 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2047.952 [GMT 1:00]
Lancé depuis: C:\ComboFix.exe
Commutateurs utilisés
C:\CFScript (2).txt
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE
:: "c:\program files\mozilla Firefox\components\FireDlmgrGate.dll"
"c:\program files\mozilla Firefox\components\FototaggerMGrab.dll"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Alwil Software
c:\program files\Alwil Software\Avast4\DATA\log\aswAr.log
c:\program files\Alwil Software\Avast5\Setup\setup.ini
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\mozilla Firefox\components\FireDlmgrGate.dll
c:\program files\mozilla Firefox\components\FototaggerMGrab.dll
c:\program files\Spyware Doctor
c:\program files\Spyware Doctor\data\ER_SD_en.dat
c:\program files\Spyware Doctor\data\ER_SD_uk.dat
c:\program files\Spyware Doctor\data\ER_SDA_en.dat
c:\program files\Spyware Doctor\data\ER_SDA_uk.dat
c:\program files\Spyware Doctor\data\FU_SD_en.dat
c:\program files\Spyware Doctor\data\FU_SD_uk.dat
c:\program files\Spyware Doctor\data\FU_SDA_en.dat
c:\program files\Spyware Doctor\data\FU_SDA_uk.dat
c:\program files\Spyware Doctor\data\TB_SD_en.dat
c:\program files\Spyware Doctor\data\TB_SD_uk.dat
c:\program files\Spyware Doctor\data\TB_SDA_en.dat
c:\program files\Spyware Doctor\data\TB_SDA_uk.dat
c:\programdata\Alwil Software
c:\programdata\Alwil Software\Avast5\log\Chest.log
c:\programdata\Alwil Software\Avast5\log\Logging.log
c:\programdata\Alwil Software\Avast5\log\usntr.log
c:\programdata\Kaspersky Lab Setup Files
c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\kav.fr.msi
c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\setup.exe
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\ProcCache.sbc
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts100.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts101.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts102.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts103.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts104.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts105.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts106.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts107.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts108.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts109.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts110.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts111.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts112.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts113.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts114.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts115.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts116.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts117.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts118.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts119.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts120.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts14.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts15.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts16.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts17.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts18.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts19.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts20.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts21.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts22.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts23.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts24.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts25.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts26.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts27.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts28.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts30.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts31.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts32.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts33.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts34.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts35.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts36.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts37.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts38.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts39.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts40.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts41.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts42.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts43.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts44.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts45.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts46.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts47.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts48.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts49.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts50.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts51.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts52.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts53.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts54.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts55.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts56.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts57.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts58.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts59.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts60.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts61.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts62.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts63.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts64.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts65.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts66.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts67.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts68.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts69.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts70.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts71.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts72.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts73.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts74.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts75.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts76.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts77.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts78.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts79.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts80.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts81.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts82.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts83.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts84.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts85.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts86.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts87.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts88.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts89.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts90.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts91.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts92.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts93.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts94.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts95.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts96.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts97.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts98.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts99.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch100.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch101.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch102.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch103.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch104.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch105.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch106.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch107.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch108.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch109.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch110.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch111.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch112.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch113.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch114.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch115.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch116.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch117.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch118.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch119.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch120.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch121.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch122.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch123.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch124.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch125.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch126.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch127.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch128.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch129.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch130.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch131.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch132.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch133.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch134.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch135.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch136.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch137.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch138.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch139.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch14.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch140.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch141.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch142.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch143.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch144.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch145.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch146.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch147.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch148.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch149.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch15.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch150.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch151.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch152.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch153.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch154.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch155.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch156.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch157.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch158.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch159.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch16.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch160.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch161.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch162.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch163.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch164.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch165.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch166.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch167.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch168.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch169.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch17.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch18.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch19.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch20.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch22.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch23.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch24.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch25.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch26.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch27.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch28.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch29.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch30.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch31.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch32.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch33.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch35.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch36.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch37.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch38.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch39.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch40.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch41.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch42.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch43.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch44.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch45.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch46.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch47.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch48.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch49.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch50.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch51.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch52.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch53.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch54.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch55.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch56.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch57.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch58.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch59.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch60.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch61.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch62.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch63.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch64.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch65.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch66.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch67.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch68.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch69.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch70.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch71.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch72.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch73.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch74.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch75.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch76.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch77.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch78.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch79.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch80.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch81.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch82.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch83.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch84.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch85.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch86.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch87.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch88.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch89.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch90.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch91.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch92.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch93.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch94.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch95.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch96.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch97.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch98.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch99.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch14.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch15.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch16.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch17.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch18.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch19.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch20.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch9.zip
c:\programdata\Spybot - Search & Destroy\Recovery\Overview.ini
c:\programdata\Spybot - Search & Destroy\Recovery\WinAgentieu.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinFraudLoad.zip
c:\programdata\SUPERAntiSpyware.com
c:\users\nours\Documents\Spybot - Search & Destroy
c:\users\nours\Documents\Spybot - Search & Destroy\advcheck.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASWFSBLK
-------\Legacy_ASWMONFLT
-------\Legacy_ASWRDR
-------\Legacy_ASWSP
-------\Legacy_ASWTDI
-------\Legacy_AVGASCLN
-------\Legacy_AVG_ANTI-SPYWARE_DRIVER
-------\Legacy_EECTRL
-------\Legacy_SASDIFSV
-------\Legacy_SASENUM
-------\Legacy_SASKUTIL


((((((((((((((((((((((((((((( Fichiers créés du 2010-09-28 au 2010-10-31 ))))))))))))))))))))))))))))))))))))
.

2010-10-31 17:16 . 2010-10-31 17:17 -------- d-----w- c:\users\nours\AppData\Local\temp
2010-10-31 17:16 . 2010-10-31 17:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-10-31 17:16 . 2010-10-31 17:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-31 17:16 . 2010-10-31 17:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-25 15:34 . 2010-10-25 15:34 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-10-25 03:42 . 2010-10-25 03:42 -------- d-----w- C:\_OTM
2010-10-24 13:31 . 2010-10-24 13:32 -------- d-----w- c:\programdata\MFAData
2010-10-24 13:29 . 2010-10-18 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-24 13:29 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-10-24 13:29 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-10-24 13:29 . 2010-01-17 15:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-10-24 13:29 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-10-24 13:29 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-10-24 07:50 . 2010-10-24 07:50 -------- d-----w- c:\program files\Steganos Safe One
2010-10-24 07:32 . 2010-10-24 07:32 22304 ----a-w- c:\windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys
2010-10-17 18:04 . 2010-10-17 18:04 -------- d-----w- c:\program files\Convar
2010-10-17 17:57 . 2010-10-17 17:58 -------- d-----w- c:\program files\Yitsoft Software
2010-10-17 15:23 . 2010-10-17 18:15 -------- d-----w- c:\program files\Stellar Phoenix Photo Recovery
2010-10-17 10:00 . 2010-10-17 10:00 -------- d-----w- c:\program files\Steganos Secure FileSharing 6
2010-10-17 07:52 . 2010-10-17 07:52 -------- d-----w- c:\program files\Conduit
2010-10-17 07:52 . 2010-10-21 16:28 -------- d-----w- c:\program files\Softonic_France
2010-10-16 06:30 . 2005-10-17 16:13 447488 ----a-w- c:\windows\system32\splus.cpl
2010-10-15 13:39 . 2010-10-15 13:47 -------- d-----w- c:\programdata\RapidSolution
2010-10-15 13:35 . 2010-10-15 13:35 -------- d-----w- c:\users\nours\AppData\Local\RapidSolution
2010-10-07 18:03 . 2010-10-07 18:03 -------- d-----w- c:\program files\Common Files\Skype
2010-10-07 16:08 . 2010-10-07 16:08 -------- d-----w- c:\program files\Digital Photo Software
2010-10-07 16:08 . 2009-12-16 02:30 66800 ----a-w- c:\windows\UnDeployV.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-11-29 07:24 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50 . 2010-05-23 05:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2008-06-02 19:08 . 2008-06-02 19:08 1953480 ----a-w- c:\program files\PPVIEWER.EXE
.

((((((((((((((((((((((((((((( SnapShot_2010-10-26_17.44.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-03 08:30 . 2010-10-31 15:18 85708 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-10-31 15:18 78774 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-23 16:42 . 2010-10-31 15:18 13278 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1472984586-1855196343-460404620-1000_UserData.bin
+ 2010-10-31 17:17 . 2010-10-31 17:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-10-26 15:27 . 2010-10-26 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-10-26 15:27 . 2010-10-26 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-10-31 17:17 . 2010-10-31 17:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 15:48 . 2010-10-31 15:21 690594 c:\windows\System32\perfh00C.dat
- 2006-11-02 15:48 . 2010-10-23 12:58 690594 c:\windows\System32\perfh00C.dat
- 2006-11-02 10:33 . 2010-10-23 12:58 609944 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-10-31 15:21 609944 c:\windows\System32\perfh009.dat
- 2006-11-02 15:48 . 2010-10-23 12:58 117366 c:\windows\System32\perfc00C.dat
+ 2006-11-02 15:48 . 2010-10-31 15:21 117366 c:\windows\System32\perfc00C.dat
+ 2006-11-02 10:33 . 2010-10-31 15:21 103726 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-10-23 12:58 103726 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSof1.dll" [2010-10-21 2735200]

[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
2010-10-21 16:28 2735200 ----a-w- c:\program files\Softonic_France\tbSof1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSof1.dll" [2010-10-21 2735200]

[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-08-10 251264]
"Google Update"="c:\users\nours\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"DriverMax_RESTART"="" [BU]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALaunch"="c:\acer\ALaunch\AlaunchClient.exe" [2007-01-26 540672]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-09-07 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-09-11 187936]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2009-12-31 1134592]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2007-11-27 236520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-03 18:12 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2009-01-31 01:45 3399727 ----a-w- c:\users\nours\Documents\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glowria]
2009-02-26 12:56 933992 ----a-w- c:\users\nours\Documents\Glowria\Glowria.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 11:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 14:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-09-07 12:44 3100672 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2007-07-13 20:24 178280 ------w- c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1472984586-1855196343-460404620-1000]
"EnableNotificationsRef"=dword:00000002

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-08-08 14336]
R3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-08-08 17408]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S1 HMFAxCore8ca4fd17866cac11805503e882557762;HMFAxCore8ca4fd17866cac11805503e882557762;c:\windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys [2010-10-24 22304]
S1 ndasfat;NDAS FAT;c:\windows\system32\DRIVERS\ndasfat.sys [2007-11-27 372584]
S1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];c:\windows\system32\drivers\Sleen16.sys [2007-10-11 10:24 79104]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2007-08-31 39408]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]

.
Contenu du dossier 'Tâches planifiées'

2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb70c2ef39aa4c.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 04:49]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1472984586-1855196343-460404620-1000Core1cb6db12c43c658.job
- c:\users\nours\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 16:26]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
mStart Page = hxxp://www.ustart.org
uInternet Settings,ProxyOverride = *.local
IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\IEPage.html
IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\IELink.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Grab To Fototagger - c:\users\nours\Documents\FotoTagger\grab.htm
IE: Tout télécharger avec Free Download Manager - file://c:\users\nours\Documents\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\users\nours\Documents\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\users\nours\Documents\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\users\nours\Documents\Free Download Manager\dlfvideo.htm
IE: uStart Search - c:\users\nours\AppData\Local\addtoustart\addtoustart.dll/202
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - c:\program files\Tomato\YouTube Video Downloader\IEPage.html
Trusted Zone: glowria.fr
FF - ProfilePath - c:\users\nours\AppData\Roaming\Mozilla\Firefox\Profiles\c24s1ep3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www27.yoog.com/search.php?q=
FF - prefs.js: browser.startup.homepage - google.fr
FF - prefs.js: keyword.URL - hxxp://www27.yoog.com/search.php?q=
FF - component: c:\users\nours\AppData\Roaming\Mozilla\Firefox\Profiles\c24s1ep3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\users\nours\Documents\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\nours\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\nours\AppData\Roaming\Mozilla\Firefox\Profiles\c24s1ep3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\nours\AppData\Roaming\Mozilla\plugins\np-mswmp.dll

---- PARAMETRES FIREFOX ----

FF - user.js: browser.search.defaulturl - hxxp://www27.yoog.com/search.php?q=
FF - user.js: keyword.URL - hxxp://www27.yoog.com/search.php?q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-31 18:19
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\TEMP\TMP000000298A78C4DA580E98DA 524288 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(8724)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IncrediMail\bin\IMApp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Heure de fin: 2010-10-31 18:21:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-31 17:21
ComboFix2.txt 2010-10-31 15:34
ComboFix3.txt 2010-10-26 17:50
ComboFix4.txt 2010-01-09 12:13

Avant-CF: 70 857 515 008 octets libres
Après-CF: 75 734 962 176 octets libres

- - End Of File - - CACC40067DD3933494C479209FD241B8

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 chrifleur  Posté le 31/10/2010 à 19:00  
  Groupe Sécurité


20758 Messages

donne moi le message exactement que tu obtiens en essayant d'installer un antivirus car là il ne reste plus rien ou pas grand chose...et tu es sans protection aucune il faut absolument qu'on arrive à installer un antivirus sur cette machine!!

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 nours 52  Posté le 31/10/2010 à 22:33  
Petit astucien

533 Messages

Je viens donc de réessayer de lancer Avira Antivir et voici le message de défaut:

"Installation of the Microsoft Runtime Redistributable Kit has failed.

The probable cause is Windows update running in parallel.

Please check whether a Windows update is in progress and run Avira Antivir Personnal Free Antivirus again a little later.

If the installation fails again,please contact Avira support.

Set up will close."

Bonne soirée.

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 chrifleur  Posté le 01/11/2010 à 09:50  
  Groupe Sécurité


20758 Messages

donc si je comprends bien, il t'indique que windows update est en train de fonctionner en même temps et que c'est ce qui empêche l'installation.

désactive windows update et tente à nouveau l'installlation d'antivir

si cela ne fonctionne toujours pas, lance windows update et regarde quelle mise à jour t'est proposée et installe la, puis essaie à nouveau d'installer ton antivirus.

dis moi ...

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 nours 52  Posté le 01/11/2010 à 10:04  
Petit astucien

533 Messages

Bonjour,

Il y a vraiment toujours quelque chose sur ce satané pc.Effectivement ,je n'ai jamais pu effectuer de mises à jour ces derniers temps,mais ne m'en suis pas inquiété!!

A présent je ne peux enregistrer les mises à jour de Windows Update !!

Erreur affichée :Windows n'a pu rechercher les mises à jour.

Code erreur : 8007000B

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 chrifleur  Posté le 01/11/2010 à 10:18  
  Groupe Sécurité


20758 Messages

Pour réparer cette erreur regarde ici

http://www.vista-xp.fr/forum/topic382.html

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 chrifleur  Posté le 01/11/2010 à 10:21  
  Groupe Sécurité


20758 Messages

re

Bien important avant d'applique le fix pour l'erreur 8007000B!!!!!!!!!

REAMMORCER L'ORDINATEUR AVEC UNE SESSION NETTE! (REBOOT)

Ne pas ouvrir d'autres logiciels autre que le "Point de Commande" (cmd) en mode administrateur

Sinon vous allez voir le message suivant lorsque vous tenterez le fix:
FICHIER INTROUVABLE

Redémarrez et faites les mises à jour

source

http://www.commentcamarche.net/forum/affich-3103096-vista-erreur-8007000b



Modifié par chrifleur le 01/11/2010 10:22
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 nours 52  Posté le 01/11/2010 à 12:17  
Petit astucien

533 Messages

Rebonjour,

Et bien....TOUT est rentré dans l'ordre !!!Une fois installé windows update,j'ai pu installer aussi un antivirus (Avira antivir)...sans probleme..

Je suis vraiment désolé de t'avoir fait perdre pas mal de temps pour çà,mais ce qui à été éffectué, à quand meme été très utile je pense.On a pas mal "nettoyé" le système...

Aussi je te remercie sincèrement pour ton aide précieuse et surtout ...ta patience envers un neophite de mon genre !!

Je te souhaite une bonne journée et ...à une prochaine fois peut- etre (pas trop tot tout de meme ,celà voudrai dire que j'ai des soucis!!)

Merci encore.

JC

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 chrifleur  Posté le 01/11/2010 à 13:31  
  Groupe Sécurité


20758 Messages

attends un peu stp!! il reste quelques manips à faire

1/

1/ Ferme toutes les applications en cours, puis télécharge ToolsCleaner (de A.Rothstein et Dj Quiou) sur ton Bureau :

  • Double clique sur ToolsCleaner2.exe -> clique sur -> Recherche et laisse le scan se terminer.
  • Clique sur -> Suppression pour finaliser
  • Clique sur -> Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
  • Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :
    • Ctrl+Alt+Supp pour ouvrir le Gestionnaire des tâches.
    • Puis rends toi à l'onglet "Processus", clique en haut à gauche sur "Fichiers" et choisis "Exécuter"
    • Tape : explorer.exe et valide. Cela fera ré-apparaître ton Bureau.

2/

maintenant que tu as installé antivir, fais un scan de ton Pc et poste son rapport stp, il faut vérifier qu'aucune coch{#} n'est revenu s'installer pendant la période où tu as été sans antivirus!!

3/

installe ou réinstalle et mets à jour malwarebytes et scanne ton pc scan long, poste son rapport

4/

suis ce tutoriel et poste le rapport obtenu

http://forum.pcastuces.com/eset_online_scanner___nouvelle_version___tutoriel-f31s56.htm

5/

ensuite nous parlerons protection de ce PC!

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 nours 52  Posté le 01/11/2010 à 16:48  
Petit astucien

533 Messages

re,

Bon ,j'ai été un peu vite!!

Toolscleaner ne répond pas !!

Voici le rapport d'Avira Antivir:



Avira AntiVir Personal
Report file date: lundi 1 novembre 2010 14:12

Scanning for 2992847 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (plain) [6.0.6000]
Boot mode : Normally booted
Username : nours
Computer name : PC-DE-NOURS

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 19/04/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01/04/2010 12:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 18:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 19:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 17:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 16:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 11:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 11:02:18
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 11:02:23
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 11:02:31
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 11:02:39
VBASE009.VDF : 7.10.11.134 2048 Bytes 13/09/2010 11:02:39
VBASE010.VDF : 7.10.11.135 2048 Bytes 13/09/2010 11:02:39
VBASE011.VDF : 7.10.11.136 2048 Bytes 13/09/2010 11:02:39
VBASE012.VDF : 7.10.11.137 2048 Bytes 13/09/2010 11:02:39
VBASE013.VDF : 7.10.11.165 172032 Bytes 15/09/2010 11:02:39
VBASE014.VDF : 7.10.11.202 144384 Bytes 18/09/2010 11:02:40
VBASE015.VDF : 7.10.11.231 129024 Bytes 21/09/2010 11:02:41
VBASE016.VDF : 7.10.12.4 126464 Bytes 23/09/2010 11:02:41
VBASE017.VDF : 7.10.12.38 146944 Bytes 27/09/2010 11:02:42
VBASE018.VDF : 7.10.12.64 133120 Bytes 29/09/2010 11:02:42
VBASE019.VDF : 7.10.12.99 134144 Bytes 01/10/2010 11:02:43
VBASE020.VDF : 7.10.12.122 131584 Bytes 05/10/2010 11:02:43
VBASE021.VDF : 7.10.12.148 119296 Bytes 07/10/2010 11:02:43
VBASE022.VDF : 7.10.12.175 142848 Bytes 11/10/2010 11:02:43
VBASE023.VDF : 7.10.12.198 131584 Bytes 13/10/2010 11:02:44
VBASE024.VDF : 7.10.12.216 133120 Bytes 14/10/2010 11:02:44
VBASE025.VDF : 7.10.12.238 137728 Bytes 18/10/2010 11:02:44
VBASE026.VDF : 7.10.12.254 129536 Bytes 20/10/2010 11:02:44
VBASE027.VDF : 7.10.13.22 137728 Bytes 22/10/2010 11:02:45
VBASE028.VDF : 7.10.13.39 124416 Bytes 26/10/2010 11:02:46
VBASE029.VDF : 7.10.13.62 141312 Bytes 28/10/2010 11:02:47
VBASE030.VDF : 7.10.13.73 137216 Bytes 29/10/2010 11:02:47
VBASE031.VDF : 7.10.13.76 36864 Bytes 01/11/2010 11:02:47
Engineversion : 8.2.4.86
AEVDF.DLL : 8.1.2.1 106868 Bytes 01/11/2010 11:02:53
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 01/11/2010 11:02:53
AESCN.DLL : 8.1.6.1 127347 Bytes 01/11/2010 11:02:52
AESBX.DLL : 8.1.3.1 254324 Bytes 01/11/2010 11:02:54
AERDL.DLL : 8.1.9.2 635252 Bytes 01/11/2010 11:02:52
AEPACK.DLL : 8.2.3.11 471416 Bytes 01/11/2010 11:02:52
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 01/11/2010 11:02:51
AEHEUR.DLL : 8.1.2.37 2974072 Bytes 01/11/2010 11:02:51
AEHELP.DLL : 8.1.14.0 246134 Bytes 01/11/2010 11:02:49
AEGEN.DLL : 8.1.3.23 401779 Bytes 01/11/2010 11:02:49
AEEMU.DLL : 8.1.2.0 393588 Bytes 01/11/2010 11:02:49
AECORE.DLL : 8.1.17.0 196982 Bytes 01/11/2010 11:02:48
AEBB.DLL : 8.1.1.0 53618 Bytes 01/11/2010 11:02:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 12:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 12:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 16:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01/04/2010 12:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01/04/2010 12:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 01/04/2010 12:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 09:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 12:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 15:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 14:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 09/04/2010 14:14:29

Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: C:\program files\avira\antivir desktop\alldrives.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, G:, H:, I:, J:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: lundi 1 novembre 2010 14:12

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'IncMail.exe' - '1' Module(s) have been scanned
Scan process 'fdm.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'RpcAgentSrv.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'ymsgr_tray.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'IMApp.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ndasmgmt.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'nvraidservice.exe' - '1' Module(s) have been scanned
Scan process 'eDSLoader.exe' - '1' Module(s) have been scanned
Scan process 'SysMonitor.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'crypserv.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ALaunchSvc.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'CLMSServer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[INFO] In the drive 'J:\' no data medium is inserted!

Starting to scan executable files (registry).
The registry was scanned ( '686' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\ProgramData\MFAData\pack\GUIx.cab
[0] Archive type: CAB (Microsoft)
[DETECTION] Is the TR/Spy.ZBot.KR.1 Trojan
--> avgtray.exe
[DETECTION] Is the TR/Spy.ZBot.KR.1 Trojan
C:\ProgramData\MFAData\pack\bins\f10guix1144gk.bin
[0] Archive type: CAB (Microsoft)
[DETECTION] Is the TR/Spy.ZBot.KR.1 Trojan
--> data
[1] Archive type: BZ2
--> 0000000B-90893D4C
[2] Archive type: CAB (Microsoft)
--> avgtray.exe
[DETECTION] Is the TR/Spy.ZBot.KR.1 Trojan
C:\Qoobox\Quarantine\C\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts56.zip.vir
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Qoobox\Quarantine\C\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch19.zip.vir
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\pic.exe
[DETECTION] Is the TR/Dldr.FraudLoad.hda Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{23AA27CC-FAA2-4A6D-9221-EB6A7206BA4E}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{26A91944-6CAE-4741-B0A9-8475307D682C}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{53B6C1EF-0793-4FAB-BD4B-B5830EB8B4BE}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{73157563-0538-43D5-A74F-ACC44062F683}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{8A8C49AB-10E7-4A49-8FEF-19D8C13C8232}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{91E38F36-5D39-4697-B1CE-FD3299548740}\pic.exe
[DETECTION] Is the TR/Spy.ZBot.dmi Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{97B7323E-3E73-4BA3-9DAA-437CB91A83AB}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{CDA161AD-3A30-49E6-BAA7-197D4DDDEEDD}\pic.exe
[DETECTION] Is the TR/Oficla.BK Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{DD4EB4A9-EEDF-4262-BB20-EFEEC355D3CF}\pic.exe
[DETECTION] Is the TR/Spy.ZBot.dmi Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{E1E666C9-FF7F-432F-B4E6-EC87F15B58BA}\pic.exe
[DETECTION] Is the TR/Dldr.Genome.bbxc Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{F73155FD-A068-4C7F-B235-D467AB80E39B}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\nours\DoctorWeb\Quarantine\ComboFi0.exe
[DETECTION] Is the TR/PWS.110080.5 Trojan

[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\pev.exe
[DETECTION] Is the TR/PWS.110080.5 Trojan
Begin scan in 'D:\' <DATA>
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.

Beginning disinfection:
C:\Users\nours\DoctorWeb\Quarantine\ComboFi0.exe
[DETECTION] Is the TR/PWS.110080.5 Trojan
[NOTE] The file was moved to the quarantine directory under the name '49d06959.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{F73155FD-A068-4C7F-B235-D467AB80E39B}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '514d46f0.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{E1E666C9-FF7F-432F-B4E6-EC87F15B58BA}\pic.exe
[DETECTION] Is the TR/Dldr.Genome.bbxc Trojan
[NOTE] The file was moved to the quarantine directory under the name '03121c18.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{DD4EB4A9-EEDF-4262-BB20-EFEEC355D3CF}\pic.exe
[DETECTION] Is the TR/Spy.ZBot.dmi Trojan
[NOTE] The file was moved to the quarantine directory under the name '652553da.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{CDA161AD-3A30-49E6-BAA7-197D4DDDEEDD}\pic.exe
[DETECTION] Is the TR/Oficla.BK Trojan
[NOTE] The file was moved to the quarantine directory under the name '20a17ee4.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{97B7323E-3E73-4BA3-9DAA-437CB91A83AB}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5fba4c85.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{91E38F36-5D39-4697-B1CE-FD3299548740}\pic.exe
[DETECTION] Is the TR/Spy.ZBot.dmi Trojan
[NOTE] The file was moved to the quarantine directory under the name '130260cf.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{8A8C49AB-10E7-4A49-8FEF-19D8C13C8232}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6f1a209f.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{73157563-0538-43D5-A74F-ACC44062F683}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '42400fd2.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{53B6C1EF-0793-4FAB-BD4B-B5830EB8B4BE}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5b283448.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{26A91944-6CAE-4741-B0A9-8475307D682C}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '37741878.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{23AA27CC-FAA2-4A6D-9221-EB6A7206BA4E}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '46cd21ed.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\pic.exe
[DETECTION] Is the TR/Dldr.FraudLoad.hda Trojan
[NOTE] The file was moved to the quarantine directory under the name '48d7112a.qua'.
C:\Qoobox\Quarantine\C\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch19.zip.vir
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '0dea6858.qua'.
C:\Qoobox\Quarantine\C\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts56.zip.vir
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '04f86cf7.qua'.
C:\ProgramData\MFAData\pack\bins\f10guix1144gk.bin
[DETECTION] Is the TR/Spy.ZBot.KR.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5d7b75e2.qua'.
C:\ProgramData\MFAData\pack\GUIx.cab
[DETECTION] Is the TR/Spy.ZBot.KR.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '70660c73.qua'.


End of the scan: lundi 1 novembre 2010 15:23
Used time: 49:38 Minute(s)

The scan has been done completely.

23367 Scanned directories
472801 Files were scanned
15 Viruses and/or unwanted programs were found
2 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
17 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
472784 Files not concerned
4659 Archives were scanned
0 Warnings
17 Notes

Et le rapport de Malwarebyte:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5013

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

01/11/2010 15:36:53
mbam-log-2010-11-01 (15-36-53).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 149025
Temps écoulé: 6 minute(s), 31 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Eset online impossible d'enregistrer les lises a jour donc pas de lancement !!

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 nours 52  Posté le 01/11/2010 à 19:51  
Petit astucien

533 Messages

bonsoir,

J'ai enfin réussi a avoir le rapport d'ESETONLINE Scanner,le rapport est dans C Progammes Files,mais voilà ,impossible de retrouver ce dossier!!!....
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 nours 52  Posté le 01/11/2010 à 20:03  
Petit astucien

533 Messages

Re,

Il a fallu que j'aille dans "exécuter"%programfiles%,pour retrouver ce dossier !!!

Voici le rapport d'ESET OS:

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=66fab3210a9e2f4aa34c6f2625e4042e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-01 05:52:27
# local_time=2010-11-01 06:52:27 (+0100, Paris, Madrid)
# country="France"
# lang=1036
# osver=6.0.6000 NT
# compatibility_mode=512 16777215 100 0 684280 684280 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 94 13444 47718614 16079 0
# compatibility_mode=5892 16776573 100 100 29153278 126161849 0 0
# compatibility_mode=8192 67108863 100 0 2788 2788 0 0
# scanned=169617
# found=1
# cleaned=0
# scan_time=4826
C:\Downloads\install_5677.exe une variante probable de Win32/Agent.COUVVMQ cheval de troie 00000000000000000000000000000000 I

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 chrifleur  Posté le 01/11/2010 à 22:55  
  Groupe Sécurité


20758 Messages

recherche et supprime

C:\Downloads\install_5677.exe

démarrer / executer

copie colle


ComboFix /Uninstall

comme tu l'as constaté tu étais gravement infecté par divers trojans Zbot des adawres et autres joyeusetés, je te conseille de changer tous tes mots de passe et si tu payes par internet de changer tes codes, et bien surveiller tes comptes au cas où!

1/ Ferme toutes les applications en cours, puis télécharge ToolsCleaner (de A.Rothstein et Dj Quiou) sur ton Bureau :

  • Double clique sur ToolsCleaner2.exe -> clique sur -> Recherche et laisse le scan se terminer.
  • Clique sur -> Suppression pour finaliser
  • Clique sur -> Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
  • Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :
    • Ctrl+Alt+Supp pour ouvrir le Gestionnaire des tâches.
    • Puis rends toi à l'onglet "Processus", clique en haut à gauche sur "Fichiers" et choisis "Exécuter"
    • Tape : explorer.exe et valide. Cela fera ré-apparaître ton Bureau.

.
2/
Tu peux par contre, garder Malwarebytes'Anti-malware et CCleaner. Utilise CCleaner tous les soirs avant de couper le PC (ne prends que quelques secondes!).

N'oublie pas de vacicner tes clés USB, disques durs externes etc...

Cela permet d'éviter un certain nombre d'infections utilisant ce moyen pour se propager.

Tu peux lire cet article qui explique les risques d'infections par supports amovibles.
Tu peux télécharger USBSet de Loup Blanc. Voici un tuto pour configurer correctement l'outil préventif. Comment c'est le cas pour tout vaccin, il n'évitera pas toutes les infections par ce type de support mais permet de réduire le facteur de risques en configurant correctement la machine et la clé.

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.


3/ J'aimerais que tu fasses une petite chose pour moi; modifie le titre de ton sujet. Comme on connait l'infection,
je te propose de le modifier afin de faciliter la lecture et la recherche, pour tous les autres astuciens/nes.

Replace-toi sur ton premier message du sujet, clique sur ce bouton -> et modifie ton titre de cette manière :
divers trojans Zbot et impossible d'installer un antivirus et clique sur "Publier le message". Merci!


.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
4/

Il est fortement recommandé d'avoir tous ses logiciels de sécurité à jour, afin d'éviter les failles par lesquelles s'engouffrent les infections.
Cela englobe les mises à jour de windows, du navigateur, de Java, des lecteurs pdf, et notamment reader.

Pour Java, il est possible d'utiliser Javara. Cela permet d'installer la dernière version De Java et d'effacer les anciennes versions.

Pour le lecteur pdf, on peut utiliser des lecteurs alternatifs plus légers, comme Sumatra pdf, à la place de reader.

Pour tester les vulnérabilités et les logiciels non à jour, il est possible de se rendre sur le site de Secunia et de faire une analyse de la machine.

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
5/

/!\ Maintenant que ton PC n'est plus infecté, désactive la "Restauration du système" afin de créer un point de restauration sain.

Pour désactiver ou activer la Restauration du système, tu dois ouvrir une session Administrateur sous Windows XP.

Désactivation :
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok.

Ré-activation :
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok. Redémarre l'ordinateur.

Comment faire pour désactiver la Restauration du système sous XP

Vider les points de Restauration système sous Vista

Activer ou désactiver la Restauration du système sous Windows 7

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

6/ Il est très important d'adopter un logiciel permettant de créer des images de son système. En cas de gros plantage, de défaillance matérielle, d'infection incurable, on peut ainsi en quelques minutes remettre sa machine sur pied à partir d'un CD de démarrage spécialement conçu à cet effet. On peut alors conserver une image disque sur sa machine et sur un support extérieur (Disque dur externe). Il existe des solutions commerciales payantes de qualité (Acronis true type, Ghost, Paragon), mais aussi des versions bridées gratuites de ces outils.

Voici DiskWizard, qui est une version bridée gratuite du logiciel Acronis. Elle s'utilise pour les disques de marque Seagate.
Téléchargement : Diskwizard
Tuto : Diskwizard

Pour les disques Western Digital :
Téléchargement : Acronis True Image WD Edition
Tuto : Acronis True Image WD Edition

Pour les disques Maxtor :
Téléchargement : Maxblast
Tuto : Maxblast

Il y a aussi DriveImage, qui offre des fonctionnalités intéressantes. Voici un tuto bien sur le site libellule.
Enfin, on peut aussi citer Drive Backup 9 free edition.

Pour windows7, il y a l'outil natif intégré à cette architecture qui est décrit ici.

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

/!\ Pour améliorer la sécurité de ton PC, prends quelques instants pour lire...

Sécuriser son PC +WIFI (versions "hot" & "light") : http://forum.pcastuces.com/sujet.asp?f=25&s=25892

Prévention et protection - Comment vous prémunir : http://forum.pcastuces.com/sujet.asp?f=25&s=36131

Les risques sécuritaires du peer-to-peer en 10 points : http://www.libellules.ch/phpBB2/les-risques-securitaires-du-peer-to-peer-en-10-points-t28947.html

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

S'il te plait, note ton sujet [Résolu] en cliquant sur Marquer comme résolu, à gauche, en bas de la page ou

dans la barre de titre de ton sujet. Merci !

Prudence sur Internet et parle de PC Astuces autour de toi!

Bon surf et sois prudent !

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 nours 52  Posté le 02/11/2010 à 05:27  
Petit astucien

533 Messages

Bonjour,

Je vais effectuer toutes ces dernières manip ce soir au "calme"

Par contre je n'ai pas trop compris celle pour supprimer le Trojan:

install_5677.exe,,car tu parles de "demarrer/executer,et copie/colle

Effectivement je l'ai bien dans "dowload",mais dois- je le supprimer simplement ou à l'aide de Combofix?Je ne veux pas faire d'erreur juste à la fin...

Une autre et dernière question:depuis que j'ai enregistré les dernières versions de Windows update,je ne retrouve plus "Program Files" dans C.Pour le retrouver je dois passer par "executer" %programfiles%.

Comment le replacer dans C ?

Merci et bonne journée

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 chrifleur  Posté le 02/11/2010 à 08:43  
  Groupe Sécurité


20758 Messages

1/

démarrer / executer,

démarrer / executer

copie colle

ComboFix /Uninstall

c'est une autre manip que la suppression manuelle du fichier comme demandé au-dessus

2/

%programfiles% = C:\Progam Files

démarrer/ executer

tape regedit

suis l'arborescence et recherche cette hkey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion

sur le dernier dossier CurrentVersion regarde à droite, ProgramFilesDir

tu dois avoir cela

si non fais moi une image de ce que tu as



Modifié par chrifleur le 02/11/2010 08:45
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Haut de la page 
3 pages : 1 [2] 3 ... Fin
Haut de la page Page Précédente Page Suivante 

Inscrivez-vous au Forum PC Astuces !
  • Posez vos questions
  • Résolvez vos problèmes
  • Aidez les autres
  • Participez et créez vos discussions
  • Dialoguez en privé avec d'autres membres
  • Suivez vos sujets préférés
  • Affichez les signatures des membres
  • Suivez les mises à jour des logiciels proposés sur PC Astuces
  • Uploadez et partagez vos images
TOUT EST GRATUIT !

>> Je crée mon compte <<


Sur PC Astuces


 > Tous les forumsSécurité

 
Forum PC Astuces© 1997-2014 WebastucesAller en haut de la page